2021 Problem Statements

Problem Statement: How do we reduce or eliminate password sharing?

More about the problem:

• This is a human nature problem. There are plenty of tools trying to prevent sharing now, but they can still be hacked around. For example:

  • SMS or Email verification codes can be hacked or shared

  • Security questions can be hacked or shared

  • The same IP address can be used (i.e. someone else logins in from the same computer)

• Ultimately, because we cannot change human nature, how do we start moving away from passwords as a means of authentication? Biometrics are being used for phone logins and purchases. How can more physical computers and digital software embrace a similar model that consumers will also enjoy.

What companies are doing now to solve the issue:

• Basic cybersecurity training

• Password rotations

• 2 factor authentication

Additional Resources:

• Password Security Policy: Managing the threat of shared passwords in enterprises https://www.isdecisions.com/blog/it-security/password-security-policy-managing-the-threat-of-shared-password/#:~:text=If%20a%20password%20is%20shared,falsely%20accused%20of%20the%20violation.

• Get the latest cybersecurity news and updates sent straight to your inbox: https://www.keepersecurity.com/blog/2021/07/06/4-rules-for-safe-password-sharing-in-the-workplace/

• Netflix testing a new feature to curtail password sharing: https://www.cbsnews.com/news/netflix-password-sharing-crackdown-feature/

Problem Statement: How do we have visibility of cyber risks when companies primarily run their business via 3rd party cloud services?

More about the problem:

• Companies can do a good job standardizing company equipment, including internal servers, PCs, etc. However, more and more small businesses are running applications from the cloud.

• How do companies running on AWS, Google cloud services, and cloud SaaS monitor threats? In other words, how do they know if a threat is coming in via AWS or a 3rd party SaaS?

• Companies have process in place when threats occur - but this is more of a visibility issue. In addition, this is more a centralized cloud monitoring situation for SMBs with a smaller budget.

What companies are doing now to solve the issue:

• If they can afford it, companies are hiring a cybersecurity employee to help manually monitor attacks. However, most SMBs (especially in the early stages) do not have the budget for a full time cyber employee.

• There are other tools that can help monitor a specific cloud service, but not a centralized tool that auto-tracks all at the same time.

Key Stakeholders:

• Dan Decloss, Founder/CEO, PlexTrac

Additional Resources:

Problem Statement: How can we streamline legal work for our cybersecurity company?

Business Impact: Because the legal paperwork is not streamlined, it takes businesses a longer time to actually close sales. Also, each legal team is different, and there is not a standardized process (even though many of the legal paperwork itself is pretty standard). As a result, sales cycle times become less predictable - which impacts business forecasting plans (which impacts staffing, resources needed, and investments).

More about the problem:

• To be clear, this a problem many companies have, including cybersecurity companies themselves.

• The bigger the deal ($ sales amount), the more legal paperwork there is.

• Generally, both companies have lawyers and send drafts back and forth to each other, asking for revisions and changes. There is a formal process often used called "red lining"

• This cybersecurity company is trying to speed up the process by doing the following:

  • Make it easier for both lawyer teams to collaborate and make changes quickly - ideally reducing email chains as much as possible

  • Make it easier to identify which changes are small (nevertheless required) and some changes that are deal breakers (non-negotiable or significantly change the spirit of the agreement).

What companies are doing now to solve the issue:

• There are lawyer collaboration tools (think Google docs for lawyers).

Key Stakeholders:

• Dan Decloss, Founder/CEO, PlexTrac

Additional Resources:

Problem Statement: How can digital cybersecurity tools integrate more with physical security?

More about the problem:

• In some companies, physical security and digital cybersecurity don't coordinate. For example, if John's keycard is used to open a door at 2 a.m., there is software that will notify the digital team. But then communication usually stops until someone manually sends a message to the physical security team.

• How can a cybersecurity system integrate better with a physical security team. So the logic would detect "John never comes at 2 a.m. Send a message to the security guard to investigate?"

Key Stakeholders:

• Sam Evans, CSO, Micron

Problem Statement: How can companies reduce the white noise of constant cybersecurity warnings?

More about the problem:

• Some cybersecurity monitoring tools do a great job of logging and monitoring every digital activity. But with so much data, it's hard to sift through what really matters.

• The same logic holds true for notifications. When notifications are sent for every possible cybersecurity threat, the notifications become white noise because the cyber team sees too many and everything is "always a threat."

• With limited bandwidth, how do we let teams and employees know what they should be doing or monitoring now, based on business priorities.

Key Stakeholders:

• Ryan Larson, Director, Head of Security, Here.com

Problem Statement: How do we balance insider threat detection with data privacy laws?

More about the problem:

• Cyber threats are easier to detect as a company has more data about the individual or actor.

• However, legislation is becoming more strict, which blocks or prevents cyber teams from collecting, storing, or sharing information.

• There is a current conflict of interest between the direction of legislative laws and the needs of a cybersecurity team.

Key Stakeholders:

• Sam Evans, CSO, Micron

Problem Statement: How do we remove much of the manual effort needed to monitor cybersecurity now?

More about the problem:

• Even with A.I. and M.L on the rise, much of cybersecurity is still manual. Examples include:

  • A human has to teach the cyber software what to look for. Because dynamics are always changing, it can take a full time employee to adjust the algorithm.

  • Notifications are often manual. For example, a cyber software can create a flag for a human to read. Once the human reads the data, they can create a customer care ticket, or manually start the communication process. But most cyber software are not taking action. They monitor and alert - they don't communicate and try to resolve.

• As a result, cyber becomes very expensive very fast. You have to pay for the software and the employees to understand and run it. Even if they have the capital, the need (and delay) of using a human, gives threats more time to do damage than if there was an automated process.

Key Stakeholders:

• Ryan Larson, Director, Head of Security, Here.com & Sam Evans, CSO, Micron

Problem Statement: How can we prevent the soon-to-come ransomware attacks on individuals?

More about the problem:

• Ransomware has plagued businesses for $100,000's to even millions of dollars.

• Most experts agree that ransomware tactics will be attacking normal individuals before long.

• Companies life LifeLock can prevent unwanted purchases, but what's preventing hackers from stealing sensitive info, photos, etc. and using them for ransomware.

• Because consumers have some many products (PC, phone, laptop, tablet, smart home devices), how are they going to prevent attacks?