Security companies now average valuations of more than a half billion dollars, and the venture capital industry has poured $12.2 billion of funding into them so far in 2021, as VentureBeat reports. Despite that, attacks on SolarWinds, Kaseya, Microsoft Exchange, the Colonial Pipeline and other high-profile targets have some industry veterans feeling gloomy.
Jadee Hanson, chief information security officer at cybersecurity firm Code42, told VentureBeat, “It’s depressing.” said Dave Furneaux, CEO of security firm Virsec. “We’re at a worse point now than we [ever] were.” The prevailing sentiment seems to be that while security has indeed improved over the past decade, with the rise of multi-factor authentication and zero-trust technologies, technology is simply moving too fast.
Wall Street certainly isn’t concerned. The BUG cybersecurity ETF’s 20% climb in the three months ending September 4 was more than double the rise in the benchmark Standard & Poor’s 500 index, as CNBC reports. Barron’s points out that Reddit forum users appear to have seized on cybersecurity company IronNet as their next high-flying “meme stock.”
To be sure, another massive attack does not seem to have occurred over Labor Day weekend, despite warnings from the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. But the larger picture of mounting security breaches remains.
As The Washington Post reports, more than 400 cities and counties in the United States have suffered ransomware or similar attacks in recent years. Massachusetts lawmakers were holding a hearing on how to improve cybersecurity. Dallas’ public school district recently became the latest to suffer a data breach. The health sector, too, remains under fire.
All of this is tough on cybersecurity workers themselves, of course. ZDNet reports that people in the industry should take small steps, like marking lunchtime and breaks on their calendars, in order to reduce burnout.
Governing.com observes that state and local governments, which may struggle to hire cybersecurity pros given the ongoing talent gap, are increasingly turning to managed security service providers, or MSSPs.