Why One Cybersecurity Investor Says No Company Is Safe

In March 2015, addressing a crowd at Innovation Project 2015, retired four-star General Keith Alexander, the former director of the National Security Agency, quieted the crowd with his rather sober reality of the future of cybercrime and cybersecurity.

Over the next two years, cyberattacks will get worse before they get better.

Now, heading into 2016, that seems to be the same sentiment in the cybersecurity industry. Speaking to VentureBeat, Ted Schlein — a general partner at Kleiner Perkins Caufield & Byers and an investor in the cybersecurity space — explained how, as also mentioned by Dow Jones CEO William Lewis, “no company is immune” to breaches.

“There are only two types of companies in the world: those that have been breached and know it and those that don’t,” Schlein said in the VentureBeat interview. “There’s not a company around that if a bad guy wants to get in, they won’t. You can try and make a high and mighty argument that ‘you can’t touch me,’ but it won’t happen. You have to change the method and make the breaches irrelevant.”

As the cybersecurity industry continues — and as more breaches occur — the concept of staying in touch with the latest cybersecurity trends and threats have become even more critical. Staying on top of security trends is an obvious benefit for businesses, but that’s a concept that’s easier said than done.

“No one wants to be less secure,” Schlein said in the interview. “The innovation of the bad guys is rapid. They have unlimited amounts of time and capital. Our ability to combat is lacking. It’s where a lot of IT budgets get spent, or it’s one of the areas that doesn’t get cut and for good reason,” Schlein said, but then aired on the side of caution for what this means for the industry that’s in competition to keep firms safer.

“I don’t think that means more cybersecurity startups will be successful,” he noted.

What Schlein said is needed is a focus on breach detection security in order to address the hacks as soon as possible after they occur. Because it’s been assumed that prevention measures can’t always be effective, ensuring that attack remediation is effective is key for today’s cyberattack-filled world. And then from there, it’s about understanding how the attack happened.

“You have to change the game,” he explained in the interview. “You’re moving from a way of prevention to detection. What the real job is is to detect and then remediate as fast as possible.”

That also means studying cyberattack behavior trends and having the ability to analyze data.

“The more holistic point is: How do you gather data — network, endpoint, log, event and all the data you can — aggregate it, correlate it, run it through some models and be able to say, ‘Something isn’t right; this endpoint isn’t behaving in the way it normally does’ … as a way to localize and identify where the problem is,” he told VentureBeat. “That’s the big new approach. There’s a lot of people doing this, including IronNet, which is run by General [Keith] Alexander [former director of the National Security Agency]. It’s a large undertaking and a huge approach.”