As people rapidly adapted to virtual work environments across the globe in response to the COVID-19 pandemic, cybersecurity concerns quickly gained attention. While incidences like “Zoom bombing” made headlines, numerous other cyber threats lurk behind the pixels of virtual work. Many experts predict that the COVID-19 lockdown will forever change the ways and the places in which we work, meaning that cybersecurity will remain a top priority for companies as an increasing number of people move to remote work. The partners at Blu Venture Investors, who have decades of experience starting, managing, and investing in cutting-edge technology and security companies, and the founders of two BVI portfolio companies – Botdoc and HighSide – provided their insights and predictions about the post-COVID-19 cybersecurity trends.
Here are five trends that are reshaping cybersecurity and how companies respond to new and changing cyber threats:
Trend 1: The prioritization of security for small businesses and MSPs
Many small businesses were caught off guard by the onset of remote work, with 72 percent of surveyed IT decision makers citing inadequate technology as the primary pain point. For businesses looking to gain an initial and thorough understanding of their company’s cybersecurity posture, Mike Denning, partner at BVI and former COO at ScienceLogic, the leading hybrid IT monitoring software company, recommends that “companies should start with a good holistic assessment of their governance and technology infrastructure as a baseline. From there, they need to initiate an integrated risk management solution, so that they can identify gaps in their security. Beyond that, they need to implement some type of identity management solution to authenticate consumers and employees who are logging from remote locations.”
As the needs of customers change, it is critical for a managed service provider (MSP), who remotely manages a business’s IT infrastructure and end-user systems, to adapt. While companies operating under an MSP would normally work from an office, their employees are now working from home, creating a potential security gap for the MSP and all of its customers. Kim Nguyen, partner at BVI and managing partner at Brilliant Keypoint Investment, believes there is opportunity for cybersecurity companies to fill this gap. “Companies, such as Huntress in our portfolio, are now extending their solutions to see how they can protect an MSP and their clients.”
It is also important for MSPs and companies to reexamine their pricing strategy and the services they provide during these times, according to Kim. “It may be as simple as customers can’t afford to pay as much as they are paying now. Or how can I modify my service to the changing needs. For example, how can I extend coverage of MSPs to the homes of their employees, which is going to include the challenge of adapting to many different home environments. This may induce new costs and require price changes, but ultimately you must tailor your service, products, and price to your customer and the markets.”
Trend 2: The acceleration toward virtual work
While virtual work was more accessible than ever before COVID-19 because of advances in telecommunications technology, most cases of virtual work were the exception rather than the norm. Only 7 percent of private sector workers and 4 percent of government workers, primarily in the highest income brackets, had access to a “flexible workplace” benefit pre-COVID.
The pandemic increased remote work to unprecedented levels as even sectors that were slow to adopt work-from-home policies in the past, like the government and financial sectors, have to accept the new circumstances. “COVID-19 has been a huge shot of adrenaline to accelerate the migration to virtual work,” says Michael Sutton, partner at BVI and former CISO at Zscaler, a company that has pioneered security-as-a-service. “Suddenly companies, especially those in finance, healthcare, and government, have been forced overnight to figure this stuff out and a lot of the rules have been thrown out the window to make it work.”
While companies may have originally thought that virtual work would only be temporary, the reality of more long-term change has become evident. “Now companies are really scrambling to identify and invest in technologies, like cybersecurity, that are going to allow them to do this for the long-term,” Michael adds.
Moreover, businesses are realizing the benefits, both personal and financial, of moving from office space to virtual work. “There's going to be a lot less emphasis on commercial business space,” says Karl Falk, founder and CEO of Botdoc, the secure “FedEx” of data. “Companies are realizing that they can transact business digitally without people coming into the office and that it’s cheaper to do so. And for that reason, even when they open back up, they are going to have digital solutions moving forward.”
But what will the new norm look like in two years? Seventy-four percent of surveyed CFOs anticipate moving a portion of their workforce to permanently remote positions after the pandemic, creating persistent cyber threats and opportunities for security companies in the longer term.
Tarun Upaday, BVI partner and former co-founder and CTO at hCentive, a health insurance software company acquired by Optum, says, “The new normal will not be 100 percent remote, but will be somewhat or much more remote than before because companies will most likely find their new comfort zone somewhere in between. Nonetheless, cybersecurity companies, by and large, are going to continue to gain from this trend.”
As companies settle into the new normal, Mike Denning, says they should “prioritize their cybersecurity and digital transformation strategy, hand in hand.” Mike adds that businesses should start accelerating the budget timeline for these security solutions.
Trend 3: The need for secure methods of communication and file sharing
The move to virtual work requires new investments in at-home security infrastructure. The FBI reported that cyber crimes quadrupled during the course of the pandemic. Prior to COVID, companies invested heavily in their office security infrastructures, which were not designed to protect personal computers from employees' homes. As a result, the threat surface has expanded in two vulnerable areas: communication, such as video conferencing, email, and chat room applications, and file transfer, especially of confidential documents.
Kim Nguyen says, “There's a much greater risk now than before. Employees are now in less protected environments at home. Companies need to be diligent about securing teleconferencing between employees and the channels used to transfer documents. A dispersed workforce is going to continue and therefore require these solutions.”
Beyond internal company communications, external communications have also become an area of focused cyber attacks. For instance, phishing attacks and counterfeit webpages targeted small businesses attempting to get Paycheck Protection Program loans through their banks with the intent of collecting banking and personal identifiable information. So, companies must find a way to ensure their entire communications and data infrastructure is secure.
To bridge the security gap, Hal Shelton, partner at BVI and former CFO & SVP for USEC Inc., a NYSE-listed alternative energy company, says, “Using existing technologies is the low hanging fruit, but chief security officers are looking at new products, particularly more cloud-based products.” As remote workers continue to increase their use of cloud, it’s imperative that those channels are secure.
Two BVI portfolio companies are leading the charge in facilitating the move to a remote work environment: Botdoc, a secure file transfer service, and HighSide, an ultra-secure collaboration and communications platform.
Botdoc
Convenience is often the enemy of security, according to Karl Falk, Botdoc CEO. Companies must juggle the misalignment of goals between the security side of the business, which prioritizes the avoidance of a data breach or exposure, and the operational side, which seeks to increase convenience for the customer. “A lot of companies decrease security to increase convenience, but then they’re getting into risk. [Employees] always find unsecured technical workarounds, like ‘Just text me a picture of it to my personal device.’”
Botdoc overcomes this risk by providing users with both a secure and convenient cloud encryption service to transport sensitive documents. Botdoc allows users to send and receive data quickly and securely via email or text/SMS messages. All the user has to do is upload their files, documents, and other data to the encrypted file container — no passwords, logins, pins, or software to download.
HighSide
HighSide provides users a secure platform to collaborate and communicate without risk, developing the reputation as the “secure Slack.” HighSide offers end-to-end encryption, user identity authentication, and cryptographically signs each message or file, among many other security benefits. Drawing inspiration from the government intelligence world, “HighSide” refers to classified information, according to Brendan Diaz, CEO of HighSide.
While HighSide found some of its earliest customers securing government and military communications, financial institutions and other sectors that need high levels of security are looking for the type of solutions the company offers. BVI, internally, uses HighSide as its messaging and collaboration platform.
Trend 4: An opportunity to secure the defense industrial base
One area where cybersecurity companies may find a wealth of opportunity is in the defense industrial base — small, defense-contracting companies that do not have the capacity for robust cybersecurity infrastructure or staff. Bikram Bakshi, BVI partner and former CEO of QSSI, which led the turnaround of healthcare.gov, says, “These companies are usually the source of leaks to foreign bad actors. Companies in our portfolio like Attila [Security] and HighSide are offering cost effective, enterprise software solutions to these companies that allow them to work, communicate, and collaborate effectively and securely.”
HighSide CEO Brendan Diaz, who has been on the frontline of the increased demand for collaborative work software, says, “The number of users using programs like Slack or Microsoft Teams just exploded overnight. And now we’re able to demonstrate to CEOs, who may have never heard of those programs before COVID-19, where their security gaps are with their current software solutions and how HighSide can provide much better security coverage.”
For defense contractors, the highest levels of security are required, and companies may now be finding that their current work collaboration software is not up to the task. Cybersecurity companies offering solutions that replace the need for a full security staff are likely to find quickly growing opportunities now and in the long term.
Trend 5: The convergence of healthcare and security
Perhaps most impactful are the effects of the COVID-19 outbreak on the healthcare industry. Beyond handling the pandemic, the industry has also been forced to rethink how it deals with its normal operations. “Doctors and hospitals have been reluctant to make technological changes, and doctors also tend to want to work face-to-face,” says Tarun Upaday. “We can already see some simple changes like waiting rooms being eliminated. And doctors and patients are figuring out that it's much easier if you do not have to see a doctor in person for basic check ups.”
However, with such a move to digital interfaces, security becomes a major concern, especially concerning Health Insurance Portability and Accountability Act (HIPAA) regulations. If doctors and patients are interacting and transferring documents online, that data must be secured. If telemedicine indeed becomes the norm not only now but in the future, companies providing solutions to data security challenges will find great opportunity in the healthcare industry.
“The healthcare market opportunity has just become so massive and imminent,” says Bikram Bakshi. “And that's driven in combination with changes in public policy that make it conducive for reimbursements to be done for telemedicine consultations. These interactions now require more security and privacy, which implies that cybersecurity has a much bigger role to play. That is a significant trend that's going to continue because as people get used to more remote consoles, it's going to be hard to go back.”
Paths forward
As a way forward for overcoming the new cybersecurity challenges facing us, Kim Nguyen believes that transparency will be a key tool. “Companies and individuals are often embarrassed that they’ve been hacked and try to hide the details,” Kim says. “However, with less transparency, the greater the chances are that these attacks will victimize other people and companies. Better transparency and communication on cyber vulnerabilities is an important way to protect society as a whole.”
Hal Shelton reflects on his own experiences and cautions on user fatigue with security solutions going forward. “I have about five email accounts, three primary, two Dropbox accounts, among other accounts. And even though they're all coordinated, it's getting complicated. What we and companies need to be careful about is user pushback from growing complexities. Systems or solutions that will simplify security will be key going forward.”
“Secure by Default” may actually be the way forward, a strategy in which systems are built to address the root security problems rather than simply addressing the symptoms of poor security and in turn creating more complexities. Product designers in cybersecurity may do well to heed a philosophy that emphasizes simplicity as a means to tackle the most pressing challenges ahead of us.
The way society interacts online has changed so rapidly over the past few months that many of us are still playing catch up. It seems clear that while today’s working environment may not be the exact image of the future we will be living in, it will certainly share similarities. In that future, cybersecurity will be evermore important and the companies that can react quickly to address the changing security demands of the market will ultimately be successful.