IoT devices and requiring some level of security validation before we allow manufacturers to continue to put out products with such poor protection. Big companies with big brands and a lot to lose are already taking it seriously, and they form our current market at Lexumo. That discipline won’t, however, find its way into low-cost commodity providers selling big-brand knockoffs or smaller companies who don’t have as much to lose. It will take regulations or the threat of them to motivate such a variety of companies to take action in terms of how their products are built, protected, and updated. Security recalls on IoT/embedded systems are going to become common in our near future.
The other area I believe many security professionals are missing is that government is going to drive how we protect ourselves. It was popular to think of government and their cybersecurity teams as slow and plodding versus the cutting-edge teams deployed, for example, at major financial services firms. While there may have been a time when that was true, it’s almost the inverse today. With the rise of nation-state cyber threats, our government and, particularly, our military, are deploying and managing some of the most advanced protection in the world. It’s in our national interest for their technology, techniques, and best practices to flow back to the people who are paying for it.
X: What’s one thing cybersecurity companies should be doing better?
DM: In the past, it was enough for a cybersecurity company to identify problems for their customers. If you left open ports on your firewall and exposed a vulnerable application, we could point it out and be heroes. We could find many, many flaws in your networks, your applications, and the configuration of your infrastructure.
That game has changed. Customers today don’t want, and in some cases don’t need, to know about another problem—especially if you can’t help them fix it. So two must-haves if you are in the business of finding problems: 1) helping customers prioritize their issues and 2) helping them fix those issues. I would be remiss if I didn’t say those are two core elements of our value proposition!