happy malware

In the two weeks leading up to RSA, a major security conference in San Francisco, corporate giants such as Microsoft, Apple, Facebook, Twitter, The New York Times, and others admitted that they were hacked.  Cyber attacks are wreaking havoc on nations, businesses, and consumers alike. But just the fact that people are paying attention might be a bright spot in our fight against this adversary.

President Obama stated that cyber-crime itself is a $1 trillion problem. Even if the amount is only in the hundreds of billions – Sony alone incurred $171m in damages related to its 2011 PlayStation Network breach – it is clear that the threat is at an all-time high.  The “bad guys” are more organized and better-funded than ever before, and their methods of attack are growing more and more sophisticated.

The good news, it seems, is that chief security officers (CSOs), chief information officers (CIOs), and more importantly, chief executives and corporate boards, have finally moved from denial to rage to facing up to the magnitude of the problem.

Industry leaders are recognizing that traditional approaches, technologies and solutions are insufficient. RSA Chairman Art Coviello, for example, acknowledged the shortcomings of the standard firewall and intrusion detection/prevention systems when he said “perimeter-based security reached its limits.”

As a partner at venture capital firm Jerusalem Venture Partners, which focuses on investments in cyber-security in a country known for its cyber-prowess, I watch developments in the industry very closely in an effort to locate the startups that can address security problems as they emerge – in what seems to be a dizzying pace.

What I see is that the industry does seem to be rising to the challenge in an effort to provide better solutions for governments, enterprises, and consumers. But those answers are not necessarily coming from established security vendors and so aren’t surfacing as quickly as they should.

A new favorite attack vector: BYOD

One attack vector being used more and more by hackers is through our mobile devices. Smartphone sales surpassed PC sales two years ago and, according to industry sources, 80 percent of employees use personal devices for work purposes. That compares with the 60 percent of enterprises that allow it. This BYOD (bring your own device) phenomenon allows cyber-criminals easy access to contact lists, critical enterprise information, transactions, and credentials.

Many of the current solutions to the BYOD problem rely on problematic rooting, or kernel-level access, or crippled user experience offered by dual-persona or container models. No wonder the winner of the RSA Conference 2013 Innovation Sandbox was a young start-up, Remotium, which tackles BYOD by using a virtual machine to run your “work phone,” which you can remotely access through your personal phone.

Its innovative approach has a real shot at making our smartphones more secure by essentially taking both data and processing to the cloud. Other similarly innovative approaches which attempt to protect our data rather than the personal devices themselves may better equip organizations for the BYOD phenomenon as well as burgeoning trends towards virtual organizations.

The shift to cloud-based enterprise infrastructure and apps creates even more attack vectors. Organized cyber-crime is taking advantage of the cloud and becoming a real revenue source for many rogue organizations. Cyber-attack infrastructure is already offered as a service by many of these groups. For example, botnets-for-hire, or a string of zombie computers used to launch attacks on healthy computers, can create damages in excess of half of a billion dollars a year (especially related to AdClick fraud).

Is anti-virus software cutting it?

What about anti-viruses – the classic cyber-defense? Unfortunately, existing anti-virus solutions has fallen out of favor with many given that it can only block malware it knows. Because it looks at digital signatures and stops those it recognizes to be malware, it misses a lot of the new threats that come through. According to Bret Hartman, CTO of the security technology group at Cisco, organizations have lost control of their end-points. The cat and mouse game is becoming more difficult and expensive to play.

We see many of the most promising end-point security solutions are moving away from signature-based approaches, like anti-virus software, and focusing on heuristics-based or behavior-based white-listing methodologies. While these solutions are not quite ready to take the place of current anti-virus solutions, especially not on the consumer level, they certainly act as a much-needed complement to available protection and will certainly one day vie for a place as the industry standard.

In parallel, industry-wide collaborative efforts helping cyber-intelligence systems to ferret out insidious malware, hand-in-hand with big-data based analytics and solutions are gaining significant ground in this ongoing battle. According to RSA’s Coviello, adaptive machine-learning and predictive analytics based on big-data are the secrets to success.

Where the startups really stand

Interestingly, many of the innovative new solutions being provided today are actually coming from the more nimble and dynamic startups in the field. The problem is, these startups often have a tough time convincing CISOs of their value. Unproven track records and prematurely released enterprise solutions offered by these unknown (and often under-financed or unstable) companies are problematic for large enterprises.

Startups also seem to form in clusters, latching on to the latest buzzwords. This makes it hard to explain exactly how they do things differently.

But none of that takes CISOs off the hook. To succeed in their jobs, they must engage with these innovative startups to help themselves and the industry find the right set of solutions. The enormous scope of the problem and its continuously evolving nature dictates the need to work with innovative startups, side-by-side with incumbent players.

In the end, it takes a global village. As the intensity and ferocity of cyber-attacks continue to grow, the “good guys” must understand that only through a concentrated, collaborative, cross-industry effort can we rise to meet these very serious challenges. Such partnership-based models joining VCs, strategic enterprises, academia and government will allow the industry to create a robust, proactive eco-system which can foster breakthrough technologies and approaches capable of meeting today’s cyber threats — and tomorrow’s. This multi-disciplinary, collaborative approach is the only way to stay one step ahead of the bad guys.

Yoav Tzruya is a partner at JVP, Israel’s leading venture capital firm. Yoav brings more than 20 years of executive-level experience in the IT industry, with extensive experience in cyber security, digital media, and enterprise software verticals.

Happy code image via Shutterstock