Last week reports surfaced that Uber suffered a data breach compromising the private information of 57 million customers and drivers, hid the breach for more than a year, and paid a $100 million ransom to the hackers to keep quiet.
The Uber hack got me thinking about the overall culture of Silicon Valley. One of the common characteristics of many Silicon Valley companies is the singular goal of getting to an exit. But another common thread is the low value these companies give to IT security.
When Cyber Security is an Afterthought
When you think about Silicon Valley culture, and the products these companies create, there is little weight given to the security of the product. Instead, the focus is on the number of customers, the growth rate, and the coolness factor. For many hyper-growth companies, security is a consequence of the acquiring company or the shareholders who bought into the next big thing.
As a cyber security platform company, we sell very little software into Silicon Valley because the general rule is that security does not improve the valuation of the company. Therefore, security is an unnecessary expense, and a waste of time. Part of the problem with new hot startups is that security is seen as a late stage problem – after the key initial players have exited with their winnings from the game.
The greatest irony is that companies planning to go IPO do go through an IT security audit. However, the inadequacy of the audit and its depth of coverage were clearly inadequate for Uber.
The biggest surprise to me was not the breach itself, the cover up, or all the political machinations. The big surprise was that Uber got caught and spilled the beans on how their breach was swept under the table.
I don’t believe the Uber breach will change any behavior in Silicon Valley, nor will it likely have any effect on the value or operation of Uber. The Uber hack is yet another wake-up call to consumers to keep an eye on their credit cards, email, and personal information that may be compromised. The best advice is to not trust any company with your contact information and to expect your information to be stolen and misused.
We are not expecting an uptick in business in Silicon Valley for our cyber security platform, even after a dozen of these breaches. We make great software that can significantly reduce losses from cyber attacks. But security is considered an unnecessary expense for most Silicon Valley companies because it is not mandated and there are few (if any) personal consequences for massive data breaches.
Only by government mandate and personal consequence to the executives running these companies will laws and regulations be implemented to better protect consumers and their employees.
By Philip Lieberman, President and CEO, Lieberman Software
Mr. Lieberman is an astute entrepreneur able to perceive shortcomings in the cyber security market, and fill those gaps with innovative solutions. He developed the first products for the privileged identity management space, and continues to introduce new solutions for this burgeoning security field.
If you like this topic, please subscribe to our Cyber Defense Newsletter.