At a glance.
- Gutsy emerges from stealth with $51 million in seed funding.
- Determining the materiality of a cyber incident.
- Implications of AI for municipal governments.
- Perspectives on security for the corporate board.
- Job churn in the cyber sector.
Investments and exits.
Security governance startup Gutsy has emerged from stealth with $51 million in seed funding from YL Ventures LLC and Mayfield Fund, SiliconANGLE reports. SDxCentral quotes the company's cofounder and CTO John Morello as saying, "If you want to get...the really aspirational idea of what we want to do: really the most transformative thing that we can do in the security industry is to give leaders a way to really understand how their organizations work to set clear goals to have those goals automatically measured, and to be able to have strategic accountability."
Prove Identity has secured $40 million in a funding round led by MassMutual Ventures and Capital One Ventures. The company says the funds "will be used to launch new commerce enablement and fraud-fighting use cases, continue Prove’s global expansion, and address the evolving threats faced by all public and private institutions operating in the digital economy."
Digital security and fraud prevention platform Darwinium has raised $18 million in a Series A round led by US Venture Partners (USVP), with participation from existing investors Blackbird, Airtree Ventures, and Accomplice. The company will use the funds "to scale its edge-based solution across global geographies, where it is quickly gaining traction across multiple vertical industries including fintech, eCommerce, financial services and gaming/gambling."
Biometric authentication startup Anonybit has secured an additional $3 million funding round led by JAM FINTOP, with participation from Connecticut Innovations and 4S Bay Partners, bringing the company's total funding to $8 million. The company added, "Alongside the funding, joining the team as Chief Revenue Officer is another industry veteran with significant cryptography, cybersecurity, and startup experience, Limor Elbaz, best known for her sales leadership at Imperva and Peerlyst; and joining as a new member of the Advisory Board is Cybercrime and Fraud Expert Al Pascual, former industry analyst at Javelin Research and co-founder of Breach Clarity that was recently acquired by TransUnion."
Vera, a privacy and security enforcement startup, has raised $2.7 million in a pre-seed round led by Differential Venture Partners, with participation from Betaworks, Everywhere VC, Essence VC, SaaS Ventures, Greycroft, and ATP Ventures, FinSMEs reports. The company will "use the funds to expand operations and its development efforts, and begin the onboarding process for a growing waitlist of customers."
Executive moves.
Illumio has named Ben Verghese as Chief Technology Officer.
IOActive has hired Gunter Ollmann as Chief Technology Officer.
Salt Security has hired Matt Quarles as Chief Revenue Officer and Michael Callahan as Chief Marketing Officer.
Tenable has appointed Meg O’Leary as its Chief Marketing Officer.
Coalfire has named Ashley Hart as its new Chief Marketing Officer.
stackArmor has added Suzette Kent, former Federal Chief Information Officer for the United States, to its AI Risk Management Center of Excellence.
Commvault has hired Alex Janas as Field Chief Technology Officer for Security.
Raytheon has appointed retired U.S. Army Col. Candice Frost, former commander of US Cyber Command's Joint Intelligence Operations Center, as the company’s director of Integrated Department of Defense Account Cybersecurity, Intelligence and Services, MeriTalk reports.
Mitek has hired Gillian Channer as Vice President of Identity Product Management.
Entrust has appointed John Sorensen as Americas Sales Leader for Digital Security Solutions.
Iron Bow has named Don Cook as Vice President of Sales for state and local governments and educational institutions.
Cyware has hired Boyar Naito as Senior Director of Partnerships and Business Development.
James Wallace has been appointed Chief Legal Officer and General Counsel at Forcepoint Global Governments and Critical Infrastructure, now part of TPG.
Goldilock has added General Sir Chris Deverell as Senior Advisor for Defence and Security.
Lantronix has announced that Paul Folino, Chairman of the Lantronix Board of Directors, passed away on Saturday, October 14, 2023. Jeremy Whitaker, Lantronix CFO and Interim CEO, stated, "We are deeply saddened by the passing of Paul Folino, who served on the Lantronix Board since 2012. During his tenure, Paul’s leadership, profound business insight and ability to drive management to deliver measurable results while building consensus helped Lantronix become a major player in the industrial IoT market. Paul was also a key contributor to the substantial growth the Company has experienced during the last several years."
Determining the materiality of a cyber incident.
Cooley outlines considerations for Form 8-K cybersecurity materiality determinations under the SEC's new cybersecurity disclosure requirements. Cooley explains, "While the final rules require 8-K reporting only upon a determination of materiality, rather than detection of an incident, such determinations must be made “without unreasonable delay after discovery of the incident.” Materiality judgments must consider both impacts already experienced and reasonably likely future impacts; however, the SEC has indicated determinations may not be delayed until such future impacts have emerged. For example, an incident that gives rise to reasonably likely material litigation risk would be reportable when the company determines that the factors giving rise to such a risk are implicated in an incident, not when actual litigation claims are first raised. The adopting release cites as other examples the foreseeable impacts of reputational damage or stolen intellectual property, even if such harms are not yet experienced."
The FAIR Institute has launched "How Material Is that Hack," a resource designed to help organizations "understand and quantify the materiality of recent cybersecurity breaches." The resource is based on the FAIR Materiality Assessment Model, and "was developed in response to the new Cyber rule proposed by the U.S. Securities and Exchange Commission (SEC) that mandates 8-K reporting of material cybersecurity incidents." Gary Barlet, Federal Field Chief Technology Officer at Illumio, believes these types of tools are a step toward mandated reporting:
"According to a survey of cyber leaders from Hiscox, respondents’ top concern in the event of a cyberattack was the cost of notifying customers (30 percent) – not losing customers (21 percent). In general, companies care more about their finances than losing customers — you don't fear losing customers if you don't plan on telling them. This is why mandatory reporting of cyberattacks is necessary.
"I hope that running the FAIR Institute’s calculator and model will encourage CEOs and CFOs to pay attention to the potential costs of a breach and force them to work more closely with CISOs to manage cybersecurity risks and build resilience to cyberattacks."
Implications of AI for municipal governments.
Moody's Investor Service has published a report looking at how municipal governments can harness AI to increase productivity while managing the cyber risk that accompanies these tools. The researchers believe that only large municipalities will have the resources necessary to manage the risk while benefiting from AI tools:
"For all but the most sophisticated and best funded local governments...the overall impact may well be net negative. Firstly, leveraging AI-powered tools to enhance cybersecurity would require that vast amounts of sensitive information about municipalities' cyber posture be aggregated and shared across many jurisdictions and entities, something most governments are hesitant to do. Moreover, AI models intended to thwart cybercriminals utilize the same methods that cybercriminals will harness to circumvent a local government's defenses. Municipalities would have to stay at the forefront of emergent technologies, attack trends, and best-practice defensive techniques in order to remain one step ahead of cybercriminals. This would require substantial investments that will remain out of reach for most municipalities. Accordingly, while the largest local governments will have budgets large enough to keep their cyber defense in step, medium-size and small governments may be left with weaker protection."
Perspectives on security for the corporate board.
Google Cloud has released its third Perspectives on Security for the Board Report, outlining questions board members should ask their CISOs, CIOs, and CTOs:
- "What is our strategy to deploy tokens or other forms of authentication to reduce a wider array of risks?
- "Can our approach to authentication be bypassed and how are we monitoring that risk?
- "How are we keeping our systems up to date against the latest threats?
- What are we doing to appropriately prioritize, track, and patch the most critical vulnerabilities in our network?
- "Are any necessary security enhancements being held back by operational, commercial, or budget constraints?
- "Are security measures interfering with usability and needed business agility and what are the CIO and CISO doing to resolve that so we’re getting good security outcomes without having to compromise customer support?"
Job churn in the cyber sector.
Tines has published its Voice of the SOC report for 2023, finding that 63% of security professionals experience some level of burnout, while 55% are likely to switch jobs within the next year. Respondents said that time spent on manual work is the most frustrating part of their jobs. Still, 99% of respondents are satisfied with their jobs, 98% are engaged with their work, and 96% feel that they are fairly compensated.
Tines asked security professionals what organizations could do to improve retention: "The top answer was to simply pay more — no surprises there. Despite over 96% of respondents reporting they feel fairly compensated, they still feel a pay increase would help keep them around. But security teams also pointed to other factors: supplying more modern tools with advanced capabilities; hiring more people; and providing tools that automate the tedious manual tasks that have them looking elsewhere."