Is the cybersecurity industry keeping up with cybercrime? Absolutely not. Cyberwarfare is at an all-time high, and cybersecurity is just unable—unequipped—to keep up. We’re seeing a convergence of three major vectors—devices, data, and a shortage of talent—coming to a head. That’s causing an explosion of what I’ll refer to as “cybercrime opportunity.”
Let me elaborate on those three vectors.
Devices: There’s an exponential proliferation of devices. If you go back thirty years, to the start of my career, I think there were probably about 750 million network devices around the world. In 2012 there were maybe 10 times that. With the advent of smartphones, it’s projected that by 2020 there will about 75 billion network devices around the world. So, we have more devices available to infiltrate.
Data: With that mountain of devices, comes an avalanche of data. There’s a huge proliferation of data today, and it’s only growing with the increasing number of people who use smartphones, sensors, the internet of things, etc. The more data, the more difficult it becomes to ensure that all of it is protected.
Lastly, we have a severe shortage of skilled workers in the cybersecurity industry. There just aren’t enough properly trained minds working on securing information. There are currently well over a million open positions for cybersecurity professionals. Realistically, we won’t be able to train enough people to fill those roles in time, much less keep up with growing demand.
It’s the last vector that I think is the biggest unsolved—but solvable—problem in cybersecurity. The best solution, in my opinion, is to implement artificial intelligence and machine learning to redress the acute shortage of workers. Here, I’ll mention the relevant work of Respond Software, which I led the investment in for Foundation Capital.
Respond is essentially using AI to give enterprise businesses as many trained analysts as they need for security defense systems. The software performs complex system checks and determines the severity of a threat, the likelihood of an incident, if it should be escalated… and because it’s a machine and not a person, it performs every security check, every time.