Cyberattacks are happening more frequently because software applications are now running our world. While we used to say this about software, technology has continued to evolve, and software applications are more prevalent than ever within our society.
Each time a person or company deploys a new application, there is additional surface for attackers to hack into systems. In turn, this leads to greater risk for data breaches and a loss of privacy for some of the most important industries and companies, including critical infrastructure, healthcare organizations, financial services and more. By shifting our focus to a world that views cybersecurity as a social issue, we have the potential to positively impact the massive amount of people that interact with applications on a regular basis. Cyber threats will only get more invasive and sophisticated, so it’s important that companies are on board with protecting their applications and infrastructure in new and innovative ways. After all, the way our society operates is at stake if we aren’t willing to make necessary changes to defend against these attacks.
As a part of my series about “Big Ideas That Might Change The World In The Next Few Years” I had the pleasure of interviewing Dave Furneaux, CEO of Virsec.
Dave Furneaux has been a driving force behind Virsec since its inception, as an investor and active board member, prior to becoming CEO in 2020. He has spent his 25-year career as an entrepreneur and venture investor, forming, building and investing in numerous high growth companies in information technology, including successful cybersecurity companies, such as Watchfire (acquired by IBM), Skystone (acquired by Cisco), Application Security (acquired by Symantec) and Aironet (acquired by Cisco).
Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Can you please tell us a story about what brought you to this specific career path?
I was lucky as a kid that my father exposed me to the world of high technology and venture capital. In the 1970s and 1980s, he participated in the personal computer revolution and raised billions of dollars for or invested in companies such as Apple, Compaq, Intel and many other companies that became global successes. I entered the business world in the 1990s and took part in the Internet revolution for the next 2+ decades. I found early on that I loved building companies and solving deep technical and science-related challenges.
Can you please share with us the most interesting story that happened to you since you began your career?
I learned early on that many times I was “on to something” in forming a new company when the consensus from the people around me was that whatever I had an instinct about was a “bad idea.” A great example of this was when we were starting the first WIFI company. I clearly remember many people telling me that it was a bad idea and that people would not care about connecting their computers to the Internet. But then search engines emerged, e-commerce exploded and computer networks grew. Now, WIFI is relied on every day by the entire developed world and much of the developing world.
Ok thank you for that. Let’s now move to the main focus of our interview. Can you tell us about your “Big Idea That Might Change The World”?
There are so many social issues facing our world, but one detrimental problem impacting almost all global citizens is cyberattacks. Although there is a seemingly endless amount of cyberattacks, cybersecurity is often thought of as a business issue, rather than a societal issue.
I beg to differ. I strongly believe that cybersecurity should be treated as a social issue based on the number of people it impacts on a daily basis. A business issue is one that companies can address by creating products and solutions to make money off of. Cybersecurity does that, but with the number of attacks occurring around the world on a daily basis, there is a need for a shift in our mindsets. Even more, there is a need to stop these attacks from happening altogether. A social issue is one that significantly impacts many people within a society, and cyberattacks do that regularly. Cyberattacks keep businesses and critical infrastructure from being operational and can lead to devastating consequences for a company and its end users if not detected and defended against quickly enough.
Cyberattacks are happening more frequently because software applications are now running our world. While we used to say this about software, technology has continued to evolve, and software applications are more prevalent than ever within our society.
Each time a person or company deploys a new application, there is additional surface for attackers to hack into systems. In turn, this leads to greater risk for data breaches and a loss of privacy for some of the most important industries and companies, including critical infrastructure, healthcare organizations, financial services and more. By shifting our focus to a world that views cybersecurity as a social issue, we have the potential to positively impact the massive amount of people that interact with applications on a regular basis. Cyber threats will only get more invasive and sophisticated, so it’s important that companies are on board with protecting their applications and infrastructure in new and innovative ways. After all, the way our society operates is at stake if we aren’t willing to make necessary changes to defend against these attacks.
How do you think this will change the world?
By treating cybersecurity as the detrimental societal issue it is, rather than downplaying its significance, I see a real opportunity to change the future of the way we do business, which in turn will change the way we detect and defend critical applications against cyberattacks for the better.
Our society is already changing drastically in the wake of the pandemic, and it’s inevitable that this new tech-centered, cloud-based world we live in will continue to shift to a remote-centric workforce. COVID-19 has only accelerated the timeline in which we need to address this problem. The pandemic has forced companies to move their employees to remote work. This has presented a great influx in the number of security vulnerabilities because remote employees don’t always have secure networks protecting them.
The issue of cybersecurity is a global issue that any company has the potential to face. In fact, COVID-specific cyberattacks have increased over 30 percent throughout the course of the pandemic. One of the major problems right now with cybersecurity is that there are plenty of companies protecting endpoints, including devices like phones and laptops, and they use ‘sexy’ technology like artificial intelligence to do so.
Unfortunately, this means there aren’t many companies protecting critical workloads and applications. The attack surface of apps has grown exponentially from the more traditional on-premise server to serverless environments and containerless environments and cloud environments, and it’s time for a much-needed shift in the industry to address this glaring issue. By protecting applications, no matter the size or number of people it reaches, we have the opportunity to protect individuals from a loss of privacy, as well as keep massive data breaches from negatively impacting the influential products and services companies produce on a daily basis.
There is also a need for cybersecurity companies to protect applications from the inside, rather than at the perimeter, which is what my company Virsec does. Attacks are becoming more sophisticated in nature. Rather than attacking at the perimeter, hackers are getting into the deepest levels of an application — the memory-level — and doing more damage to applications than ever before. By allowing automation into the cybersecurity process, critical applications will be defended more effectively to ensure crucial data and information is not exploited.
Keeping “Black Mirror” and the “Law of Unintended Consequences” in mind, can you see any potential drawbacks about this idea that people should think more deeply about?
One area that I think people need to think more deeply about when it comes to this topic is that every company is susceptible to attack. Many people see attacks on large organizations, such as the Equifax security breach and Garmin ransomware attack, and assume that this only happens to the “big players” in every industry.
Unfortunately, this is not the case at all. Every company has private data and information that can be exploited, and attackers know that smaller organizations don’t always have the same security measures in place to defend against an attack. If every company doesn’t take this idea seriously, attacks will continue to become more sophisticated, and it will only become harder to protect against them.
Another potential drawback that people should take into consideration is that whenever problem-solving technology evolves, bad technology will inevitably evolve as well. In the case of cybersecurity, attacks will always find savvy and complex ways to hack into systems and take critical information. To this point, it’s even more important for every company to treat cybersecurity as a social issue, because the longer they wait to upgrade their technology and fight back against attackers, the harder it will be to do so.
What do you need to lead this idea to widespread adoption?
Across every industry, leaders need to start thinking about the paradigm shift in security, opening themselves up to a new perspective and approach to handling potential cyber threats. This change is not an instantaneous process by any means, but is an extremely important one nonetheless. Cybersecurity best practices are continually evolving as attacks become longer and harder to defend against, and leadership teams need to be willing to shift their security protocols to fight back against these evolving threats.
To lead this idea to widespread adoption, I believe it’s a matter of educating companies about the cybersecurity risks they face, no matter the size of their business. Many companies believe attackers only go after large organizations, but in reality, every application has vulnerabilities that hackers want to exploit.
All organizations need to buy into the idea that their business is at risk on a daily basis, and these attacks have the ability to impact their operations and a large number of their customers. Attacks are only becoming more sophisticated over time, and the longer companies wait to protect their applications, the harder it gets to identify and defend against these attacks. With cyberattacks on the rise, it’s more important than ever for companies to take a hard look at their application’s security and be willing to spend money to protect it.
One option for companies who may not have the time or budget to spend on a full security team is implementing a security solution that automates the entire process. By automating the process, companies have more time to respond to genuine threats, rather than spending a majority of their time sifting through each potential threat to see if it has the potential to exploit critical information.
We have to stop thinking that it’s good enough to secure the world the way we have been. Consumers, government and business leaders must embrace the idea that security technologies must be integrated into the infrastructures and workloads that power our lives. By integrating security inside application workloads, we safeguard our assets, our privacy, our capital and our well-being.
What are your “5 Things I Wish Someone Told Me Before I Started” and why.
Early on in my career, I wish that someone had told me that life is not supposed to be easy, and great things happen over time. I learned these two lessons with time and once I did, these lessons set me free to think longer term, to have context for decisions and to enjoy each day as it comes.
Can you share with our readers what you think are the most important “success habits” or “success mindsets”?
Success is a mindset more than a destination. Being grateful, living in the moment and seeking ways to be of service all lead to happiness for me. Happiness is the definition of success. Part of being successful is living a life with balance and to consciously invest in our minds, our bodies and our spirits every day. We also need to have empathy for others and to find ways to ignite other people’s happiness.
Some very well known VCs read this column. If you had 60 seconds to make a pitch to a VC, what would you say? He or she might just see this if we tag them 🙂
Cybersecurity is a top five global issue according to the World Economic Forum. The problem is the worst it has ever been and it gets worse every day. The first wave of cybersecurity companies focused on protecting the networks we developed with the emergence of the Internet. Companies like Symantec, Checkpoint and McAfee became the leaders. In the last decade, the security entered a second wave to protect the laptops, computers and phones that exploded in use as the Internet matured. Companies like Crowdstrike, Z-Scaler and Fortinet led this wave. We now have been forced into a third wave, to protect the applications that power the world we have created. This is ultimately the most important wave to get right because in the last 30+ years,cyber attacks have gone from being a business issue to now becoming one of the top societal issues in our world. Enough is enough! Virsec’s mission is to protect critical application workloads from the inside and in doing so to restore trust in our businesses, governments and the critical infrastructure companies that power our world.
How can our readers follow you on social media?
Readers can find me on LinkedIn or follow Virsec on Twitter (@virsecsystems).
Thank you so much for joining us. This was very inspirational.
Dave Furneaux’s Big Idea That Might Change The Tech World was originally published in Authority Magazine on Medium, where people are continuing the conversation by highlighting and responding to this story.
