BBC: Cluetraining Disruption

Has technology, convinced of its own rectitude, lost its sense of moral direction? 

Disruptive innovation is one of those terms that worms its way into our vocabulary, a bit like built-in obsolescence or upselling. It’s become the mantra of the tech world, awhich sees its author Clayton Christensen, as a sort of messiah of the changes we’re seeing in industries from taxis, hotels and media. Briefly put the theory goes: existing companies are undercut and eventually replaced by competitors who leverage technology to come up with inferior but good enough alternatives — think the transistor radio displacing vacuum tube radios — or come up with wholly new products that eventually eclipse existing markets — think the iPhone killing off the MP3 player (and radios, and watches, and cameras, and guitar tuners etc.) 

Backlash 

A backlash has emerged against this theory, partly because it’s somewhat flawed — even Prof Christensen himself has misapplied it, as in the case of the iPhone — but also because it’s scary. Uber may be a great idea if you’re looking for a ride, but not if you’re an old-style cabbie. Airbnb is great for a place to crash, but feels like a car crash if you’re running a real b’n’b. And don’t get me started on being a journalist.   But there’s a much bigger problem here. The tech world is full of very inspiring, bright, charismatic people and that’s one reason I choose to write about it for a living. But it has changed in the past decade or so, undeniably. 15 years ago, just before the last dot.com crash, a tome appeared: The Cluetrain Manifesto, and you’d either read it or you hadn’t. It was a collection of writings by some fine thinkers, the great bloggers of the day like Doc Searls and Dave Weinberger. The main thesis: the Internet is unlike ordinary, mass media, because it allows human to human conversations — and that this would transform marketing, business, the way we think. Markets are conversations, it said.   For a while we were giddy with the power this gave us over corporations. We could speak back to them — on blogs, and later on what became known as social media. Even Microsoft hired a blogger and let him be a tiny bit critical of things at Redmond.

Last blast

Looking back, it was probably the last naive blast of the old dying Internet rather than a harbinger of the new. The language, if not the underlying philosophy, lives on in conferences and marketing pitches. Most social media conversations are harsh, mostly inhuman — we refer to deliberate online baiters as trolls, which I suppose makes them subhuman — and we’ve largely given up influencing the companies we do business with except in the occasional diatribe or flash hashtag full frontal mob assault.

And more importantly, there is no longer any of that idealism or utopianism in any startup movement that I can see. For sure, we cheer on these players because they seem to offer something very seductive, from free email, calendars, spreadsheets to cheaper rides, stays, music, video and goodies, to shinier bling, gadgets, wearables and cars. And they all sing the same mantra: we’re disruptive, we’re disintermediating, we’re leveraging technology, we’re removing friction, we’re displacing old cozy cartels, we’re doing it all for you.

The problem is that underneath this lies an assumption, an arrogance, that technology is a natural ally of good, that disruption is always a good thing, that the geeks parlaying it into products are natural leaders, and that those opposing it are reactionaries, doomed to the scrapheap.

Rapid cycle

The result: we’re just getting into a more rapid cycle of replacing one lot of aloof, cloth-eared giants with another lot, who in short order will be replaced by another. Microsoft, IBM, and HP, the giants of when Cluetrain was written, have been replaced by Amazon, Apple, Alibaba, Facebook and Google, all of them as hard to hold a conversation with as Microsoft ever was. And the big players of tomorrow, which may or may not be Uber, Airbnb, Tencent and Twitter, don’t seem particularly interested in a conversation either.

We need to recover some of that old Cluetrain idealism, naivety, when we thought that what we were doing was building a new platform for anyone to use, to talk back to authority, to feel heard and appreciated — and not just a cult-like celebration of the rugged individuals who dismantled Babel only to build a bigger, shinier and more remote one its place.

This was a piece I wrote and recorded for the BBC World Service. It’s not Reuters content – JW

BBC: Beyond the Breach

The script of my Reuters story on cybersecurity. Podcast available here (

Audio clip: Adobe Flash Player (version 9 or above) is required to play this audio clip. Download the latest version here. You also need to have JavaScript enabled in your browser.

)

If you’re getting tired of internet security companies using images of padlocks, moats, drawbridges and barbed wire in their ads, then chances are you won’t have to put up with them much longer.

Turns out that keeping the bad guys out of your office network has largely failed. All those metaphors suggesting castles, unassailable battlements, locked doors are being quietly replaced by another shtick: the bad guys are in your network, but we’ll find them, watch what they do, and try to ensure they don’t break anything or steal anything valuable.

Which is slightly worrying, if you thought firewalls, antivirus and the like were going to save you.

You’re probably tired of the headlines about cybersecurity breaches: U.S. insurer Anthem Inc saying hackers may have made off with some 80 million personal health records, while others raided Sony Pictures’ computers and released torrents of damaging emails and employee data.

Such breaches, say people in the industry, show the old ways have failed, and now is the chance for younger, nimbler companies selling services to protect data and outwit attackers. These range from disguising valuable data, diverting attackers up blind alleys, and figuring out how to mitigate breaches once the data has already gone. It’s a sort of cat and mouse game, only going on inside your computers.

Cybersecurity, of course, is big business. $70 billion was spent on it last year.

Of course, we’re partly to blame. We insist on using our tablets and smartphones for work; we access Facebook and LinkedIn from the office. All this offers attackers extra opportunities to gain access to their networks.

But it’s also because the attackers and their methods have changed. Cyber criminals and spies are being overshadowed by politically or religiously motivated activists, and these guys don’t want to just steal stuff, they want to hurt their victim. And they have hundreds of ways of doing it.

And they’re usually successful. All these new services operate on the assumption that the bad guy is already inside your house, as it were. And may have been there months. Research by IT security company FireEye found that “attackers are bypassing conventional security deployments almost at will.” Across industries from legal to healthcare it found nearly all systems had been breached.

Where there’s muck there’s brass, as my mother would say. Funding these start-ups are U.S- and Europe-based venture capital firms which sense another industry ripe for disruption.

Google Ventures and others invested $22 million in ThreatStream in December, while Bessemer Venture Partners last month invested $30 million in iSIGHT Partners.

Companies using these services aren’t your traditional banks and  whatnot. UK-based Darktrace, which uses maths and machine learning to spot abnormalities in a network that might be an attack, has a customers like a British train franchise and a Norwegian shipping insurer.

But it’s early days. Most companies still blithely think they’re immune, either because they think they don’t have anything worth stealing or deleting, or because they think a firewall and an antivirus program are enough.

And of course, there’s another problem. As cyber breaches get  worse, and cybersecurity becomes a more valuable business, expect the hype, marketing and dramatic imagery to grow, making it ever more confusing for the lay person to navigate.

I’ve not seen them yet, but I’m guessing for these new companies the shield and helmet images will be replaced by those of SAS commandos, stealthily patrolling silicon corridors. Or maybe it’ll be Tom, laying mousetraps for his nemesis. Might be apt: Jerry the cheese thief always seemed to win.

Reuters: Beyond the Breach

My piece on disruption in the cybersecurity space. Too many companies and ideas to mention in Reuter-space, but it’s a start.  Thanks to Ian Geohegan, as ever, for his editing touch.  

Beyond the breach: cyberattacks force a defense strategy re-think | Reuters

(Reuters) – A barrage of damaging cyberattacks is shaking up the security industry, with some businesses and organizations no longer assuming they can keep hackers at bay, and instead turning to waging a guerrilla war from within their networks.

U.S. insurer Anthem Inc last week said hackers may have made off with some 80 million personal health records. Also, Amy Pascal said she would step down as co-chairman of Sony Pictures Entertainment, two months after hackers raided the company’s computers and released torrents of damaging emails and employee data.

Such breaches, say people in the industry, offer a chance for younger, nimbler companies trying to sell customers new techniques to protect data and outwit attackers. These range from disguising valuable data, diverting attackers up blind alleys, and figuring out how to mitigate breaches once the data has already gone.

“Suddenly, the music has completely changed,” said Udi Mokady, founder of U.S.-based CyberArk. “It’s not just Sony, it’s a culmination of things that has turned our industry around.”

Worldwide spending on IT security was about $70 billion last year, estimates Gartner. ABI Research reckons cybersecurity spending on critical infrastructure alone, such as banks, energy and defense, will reach $109 billion by 2020.

Several things are transforming the landscape. Corporations have been forced to allow employees to use their own mobile phones and tablets for work, and let them access web-based services like Facebook and Gmail from office computers. All this offers attackers extra opportunities to gain access to their networks.

And the attackers and their methods have changed.

Cyber criminals and spies are being overshadowed by politically or religiously motivated activists, says Bryan Sartin, who leads a team of researchers and investigators at Verizon Enterprise Solutions, part of Verizon Communications. “They want to hurt the victim, and they have hundreds of ways of doing it,” he said in a phone interview.

CLOSING THE DOOR

The result: companies can no longer count on defending themselves with decades-old tools like firewalls to block traffic and antivirus software to catch malware, and then assume all traffic that does make it within the network is legitimate.

Research by IT security company FireEye last month, for example, found that “attackers are bypassing conventional security deployments almost at will.” Across industries from legal to healthcare it found nearly all systems had been breached.

“Once an attacker has made it past those defenses they’re in the gooey center, and getting around is relatively simple,” said Ryan Wager, director of product management at vArmour.

Attackers can lurk inside a network for half a year before being detected. “That’s like having a bad guy inside your house for six months before you know about it,” says Aamir Lakhani, security strategist at Fortinet Inc, a network security company.

Security start-ups have developed different approaches based on the assumption that hackers are already, or soon will be, inside the network.

Canada-based Camouflage, for example, replaces confidential data in files that don’t need it, like training databases, with fictitious but usable data. This makes attackers think they have stolen something worthwhile. U.S.-based TrapX Security creates traps of ‘fake computers’ loaded with fake data to redirect and neutralize attacks.

California-based vArmour tries to secure data centers by monitoring and protecting individual parts of the network. In the Target Corp breach during the 2013 holiday shopping season, for example, attackers were able to penetrate 97 different parts of the company’s network by moving sideways through the organization, according to vArmour’s Wager.

“You need to make sure that when you close the door, the criminal is actually on the other side of the door,” he said.

‘THREAT INTELLIGENCE’

Funding these start-ups are U.S- and Europe-based venture capital firms which sense another industry ripe for disruption.

Google Ventures and others invested $22 million in ThreatStream in December, while Bessemer Venture Partners last month invested $30 million in iSIGHT Partners. Both companies focus on so-called ‘threat intelligence’ – trying to understand what attackers are doing, or plan to do.

Clients are starting to listen.

Veradocs‘ CEO and co-founder Ajay Arora says that while his product is not officially live, his firm is already working with companies ranging from hedge funds to media entertainment groups to encrypt key documents and data.

UK-based Darktrace, which uses math and machine learning to spot abnormalities in a network that might be an attack, has a customer base that includes Virgin Trains, Norwegian shipping insurer DNK and several telecoms companies.

But it’s slow going. Despite being open for business since 2013, it’s only been in the past six months that interest has really picked up, says Darktrace’s director of technology Dave Palmer. 

“The idea that indiscriminate hacking would target all organizations is only starting to get into the consciousness.”