No chance of a cybersecurity bubble

Investment experts at the Globes Cybersecurity Conference agreed that money was pouring into the sector because there is a growing and vital need for data protection.

"What happened in the dot.com bubble isn't happening in the cybersecurity world. It hasn't happened and it won't happen," SOMV venture capital fund managing partner Pinhas Buchris told the "Where is the money going" panel discussion chaired by Uri Berkovitz at the "Globes" Cybersecurity Conference.

We have seen a lot of investment in cybersecurity with large financing rounds. Is it easier for startups to raise money today. What has the Covid-19 crisis done to companies in this sector?

Buchris: "The cybersecurity field is dynamic regardless of Covid-19. This is because most organizations are based on IT software and so the ground is fertile for cyberattacks. What Covid-19 has done is that we have started to work in a hybrid way - from home - and everything is going onto the cloud and you have to understand that the cloud is one of the biggest revolutions on the global market but it is also the most fertile ground for cyberattacks. It is generally handled by development people. The world of cybersecurity is dynamic because organizations are upgrading their networks all the time."

Are Israeli startups keeping up?

Buchris: "I think they are keeping up. In every field in the world there is at least one Israeli startup and usually they are leading in these fields."

Elron Electronic Industries Ltd. (TASE: ELRN) VP cyber investments Zohar Rosenberg a former head of cybersecurity in the IDF's 8200 Intelligence Unit said, "I think that Covid-19 with its shift to working from home and shift to the cloud, has been a super dramatic story."

Why is it so hard to secure things, why is it such a challenge?

Rosenberg: "It's difficult because it's something so different. In fact, without paying attention to it most organizations do not now have their data themselves, it's on the cloud. Everybody who uses Salesforce, for example, the data is there. It's very difficult to understand what this means that my data is there and so how do I protect data that isn't with me at all."

"I'll give you an example. A high percentage of Office 365 users, the absolute majority, haven't got a clue how many software add-ons are there. There are dozens or even hundreds of software add-ons from all sorts of third parties and these add-ons are permitted to access data and the organizations has no idea about this. You must understand that it is there and give it visibility. If you fire an employee from the company, does his account still exist? Do all the add-ons exist? What does that mean in terms of exposure? It's a new word that we have been talking about for some years but the big story is SaaS, but until this year almost nobody paid attention and so we see an increased rate of investments with people running after this."

"Part of the story about SaaS is also that some of the cybersecurity solutions are SaaS themselves. It makes sales more rapid and you don't have to send a person to the customer's site and everything gets done much more quickly. The entire market accelerates."

Buchris: "There is a very substantial issue of managing authorization on the cloud. When it was on premises the situation was under control but when it moved to the cloud, managing authorizations became anc almost impossible task."

Dr. Tiran Rothman, VP and managing director Israel of the international market analysis and business consultancy firm Frost & Sullivan. "Regarding the issue of investments, the is ultimately created from a global situation. Covid has only increased the online lives of all of us and the cloud is a major part of this. According to research by Frost & Sullivan, every person will have 20 online devices in the coming years. As long as there are more options for more major attacks, and the arms race between devices that are being developed, the pace of investment will only increase and Covid-19 was only a catalyst."

There is also an increase in the challenges and perhaps a l;ack of companies in certain areas?

Rosenberg: "There is a trend in the past two years of a lot less investments in seed rounds, and the early rounds, and far less new companies are managing to raise money. There is indeed a gap in the market. I am concerned because I want that in another five years there will be the companies that are the next big thing in innovation, and in order for that to happen, new companies must be founded. It is impossible to grown organically with the changing pace of the market and in order for the market to develop, there needs to be more new companies."

Bucharis: "I am a seed fund and there are no few companies competing with me in the seed sector. Zohar is right that they have moved in the direction of Series A but that stems from the fact that in the first half of 2020, many investments were halted because of the coronavirus and so a misunderstanding was created. In the second half of 2020, the pace of investments grew in a significant way and a good cybersecurity startup, even in the seed stage, will be able to find money because there is a lot of money in the market that is looking for areas of investment."

Rotman: "In the first half of 2020, everybody sat on the fence, in the world of IT there were about 660 deals in the world and there was a fall in 2020 because people continued sitting on the fence, about 10% were sitting, but now we identify a renewed rise and I believe that we will return to the average rate of annual growth of 18% and the gap will be closed."

If I ask you if there is a bubble in cybersecurity, you'll surely tell me no

Buchris: "What happened in the dot.com bubble isn't happening in the cybersecurity world. It hasn't happened and it won't happen. Let me explain. As long as mankind exists and there are mechanized systems the cyber world will be fertile ground for protection. Here is a relatively complicated statement. There isn't any organization in the world that can protect itself 100% from cyberattack. Today hackers are more sophisticated than ever. There is no bubble in cybersecurity. In the cloud, what is happening now is that they are trying to integrate R&D people with security people so that they will go hand in hand so that the new product being built will cut the risks of penetrating it."

Rosenberg: "It's not possible to say bubble because there is a genuine need here. Over the past year, even in Israel we have suffered no small amount. Shirbit, Mekorot water company, and it will increase. It has become a political tool for conflicts between countries. So it really isn't a bubble. In Israel, there is a great lack of skilled hands in cybersecurity. One thirds of all the investments in cybersecurity are in Israel and we want to continue to grow and there are major gaps."

Who can help? International funds? The Chief Scientist

Rosenberg: "It's also in the hands of the government because it must begin with education. Large companies like Check Point are also doing a lot , training people to go into the high-tech sector, as well as the NGO sector."

Rotman: "Every tech company ultimately needs three elements: entrepreneurship, technology and funding. Israel is blessed with entrepreneurship and the technology and what is missing is much more significant financing than there is today. The question is where can the money be found. When a company is selling a dream and is not yet mature enough for sales, to my understanding the main investments from the big funds needs to be in the stages after the seed round."

Buchris: "To my delight, most of the training in this field is done by the military. It begins there but it must be started earlier in high schools. The education system needs to change. These subjects must be brought to outlying regions. The Ministry of Education must be part of this."

Rosenberg: "The star of this thing, the military misses a part of the population - Israeli Arabs, haredim, women - so there is a lot of room for the education system and other frameworks."

If we wait for the state maybe we'll wait forever. Do you have any advice for young people, parents and decision makers?

Rosenberg: There are certainly solutions today, course that are free and some that need paying for, there are companies doing it. The thing is that it is a matter of individual initiative and personal perseverance. I don't know how many 14 year-olds have the discipline to do this alone. You don't need the education system just for the academic knowledge but the education system has other functions - how to learn, discipline, organization, other values."

Buchris: "Covid has opened up for us a world called Zoom. Thios allows an additional infrastructure to bring quality instruction to every part of the country."

To sum up as people with a broad perspective, we saw the SolarWinds attack, which very much indicates the contemporary threat. How concerned should we be?

Buchris: "You need to understand the supply chain and in every company there is a tail of suppliers. With fireEye the shoemaker went barefoot. They began with it and then continued. There is concern for everybody, no organization has any special privileges."

Rosenberg: "Most of the world is still lagging behind and has not invested sufficiently in protection. There is never 100% but the big banks in the US made huge investments and have seen virtually no major breaches because investment in protection over time pays off. There are those who haven't done it and are being left behind. You have to start."

Rotman: Everybody says psychologically that it won't happen. The very fact that you know that you are exposed means you need to operate differently. In economic terms, people contact so that we can price how much is worth investing in cybersecurity and the question is the extent to which the organization is exposed. The combination of economics and psychology in organizations is what will improve the situation of companies that will understand that they must invest. It's an arms raise with no end.

Buchris: "People talk about investment in technology. Most of the attacks happen because of human error within the organization itself. Training about the cybersecurity world to make attacks tangible is almost non-existent. The educational issue is very significant. There is a lack of collaboration between organizations on cyberattacks and there are also here regulatory aspects."

The Globes Cybersecurity Conference was sponsored by Elron, Shibolet & Co Law Firm, GlobalX, Microsoft Israel, and Orchestra Group

Published by Globes, Israel business news - en.globes.co.il - on February 25, 2021

© Copyright of Globes Publisher Itonut (1983) Ltd. 2021

Twitter Facebook Linkedin RSS Newsletters גלובס Israel Business Conference 2018