Companies to Watch - November 2019

Five New York Cybersecurity Companies to Watch

View this email in your browser

There were 2.5 million data breaches worldwide in 2017 alone and it’s estimated that $170 billion will be spent on cybersecurity by 2020. As cyber threats ramp up, so does the need for new ideas to protect our data, and New York is a growing hub for where they’ll come from. It’s no surprise that the city is well-suited to meet growing cybersecurity demands — it’s home to the headquarters of 45 Fortune 500 companies, a massive workforce, dozens of academic institutions, and a healthy startup ecosystem. And working to bring them altogether is Cyber NYC, a new $100 million public-private investment operated by a robust network of community and industry partners with the goal to create 10,000 jobs in the space and catalyze the next billion-dollar company.The initiative couldn’t be better timed — new research we released with Accenture last month forecasts significant increases in tech hiring in 2020, particularly for workers with cybersecurity expertise. The industry, by design, has to move fast to respond to ever-evolving threats, and new startups are popping up all over the city to take on the important and challenging task of keeping up with the threats that put the data of individuals, businesses and governments at risk.That’s why, this month, we’re showcasing five NYC cybersecurity companies that are strengthening our infrastructure against all kinds of breaches. Get a peek at their work below, and read more about them here. 

oso

What does your company do?oso co-founder and CEO Graham Neray: oso makes backend infrastructure security simple for devops and invisible for developers. We do this by automating core security controls in our customers’ infrastructure in less than three minutes.What do you consider good security? GN: Security that 1) prioritizes user experience so that 2) it actually gets used. 

Atakama

What does your company do?Atakama co-founder and CEO Daniel H. Gallancy: Atakama provides an encryption platform that mitigates attacks.  With perimeters constantly breached, enterprises need a deeper level of security, in which an attack is rendered harmless.  With Atakama’s encryption platform, enterprises can have granular protection, with each object encrypted with its own unique key.  When attackers breach a network, cloud storage or a local endpoint, what they’ll steal will be valueless, as it is fully encrypted. The system uses no passwords, enables seamless sharing of encrypted data among users and enables users to search through data without decrypting it.What’s a common misconception about data privacy and security that you've found?DG: People – including cybersecurity professionals – think their data is already encrypted when, in fact, that isn’t the case, at least not on a functional basis. For example, full-disk encryption protects you if your laptop is stolen but it doesn’t help whatsoever if your laptop gets hit with malware, the latter being a more likely scenario. Most cloud providers encrypt user data, but the encryption is accomplished using keys derived from user credentials. Consequently, if an attacker can spoof your identity, the attacker can steal your data. That sort of encryption is more security theater than true protection. We can do better. Atakama is built to provide true encryption-based security without compromising usability. 

Fraud.net

What does your company do? Fraud.net co-founder and president Cathy Ross: Fraud.net operates a real-time fraud detection and analytics platform, helping companies with high volumes of digital transactions to quickly identify transactional anomalies and pinpoint fraud using big data and live-streaming visualizations. Our first-of-its-kind platform allows enterprises to monitor their end-to-end fraud program’s performance, identify process improvement opportunities, and gain new insights into developing fraud trends in minutes instead of months.So many parts of our lives are managed online, from banking to shopping to entertainment.  Does it surprise you at all how trusting people can be with their information online? How do we get people to consider potential risks more seriously? CR: As someone who has worked in tech for a long time, it does surprise me. More and more often we hear about data breaches occurring at larger and larger companies, but there seems to be no rising urgency to address that issue for them or the consumer. I think people have gotten so comfortable with how easy the online experience is that they’ve simply become complacent, and that it would be hard to tell people anything more than they already know in order to take their information seriously. People know that they should be considering the risks more seriously, but many don’t seem to care until they can’t log in to their email one day, and realize they’ve become a victim. 

Edwin

What does your company do?Edwin co-founder and CEO Amit Lubling: Edwin is a behavioral cybersecurity company that uses proven learning and behavior change techniques to keep employees and their organizations secure. And, in turn, individuals can use their new skills of security habits to keep their family and home secure. Each Edwin program is customized for an organization and then delivered to employees via interactive “missions” that change security behavior in real time — behavior that is measurable and shareable to security officers, auditors, regulators, and clients as needed.In this day and age of tech, does it feel like the human side of security often gets lost along the way? If so, what’s the impact of that direction?AL: Absolutely. Despite how important the human side of security is, it is either ignored entirely, or only given cursory attention. Part of the problem is that the security industry doesn’t really have a good model for thinking about security and human behavior the way they do with security systems. Security expertise is not about influencing or changing human behavior, it is about technical systems and vulnerabilities. The security training and awareness industry is designed to solve a problem for CISOs and CTOs, not to actually change the security culture of an organization — which makes sense. Because it’s hard for one security person to take responsibility for the behaviors of all the people in an organization. That sounds like a nightmare. And that is why we want to take responsibility for that on their behalf.

Dispel

What does your company do? Dispel CEO Ethan Schmertzler: Dispel is an industrial control system access and operations service for utilities and businesses. With Dispel, you get a complete platform to grant, monitor, and control operator and third-party access to critical infrastructure through a non-persistent Moving Target Defense SD-WAN.What does innovation look like for you and Dispel’s team? Does it require thinking like bad actors to see potential risks?ES: Innovation at Dispel revolves around friction and usability. We want to cost an attacker their time and money. We find that taking immensely complex security technologies and making them simple or invisible for users requires clever thinking and careful focus. 

Join Us

If you’ve been thinking about joining Tech:NYC as a member, now’s the time.

Check out our membership page

, and let us know if you have any questions.

All illustrations by

Elly Rodgers