By Dave Hendrick
Marriott announces that as many as 500 million guest accounts could be compromised by a data breach.
Facebook says a breach may have exposed as many as 50 million account details.
Google says the personal data of nearly 53 million users of the now-defunct Google Plus had been exposed.
One doesn’t need to glance beyond the daily headlines to see evidence of the growing breadth and depth of hacks, breaches and assorted other technology-enabled attacks.
In a 2018 report, The White House Council of Economic Advisers pegged the costs of “malicious cyber activity” to the U.S. economy at as much as $109 billion in 2016, the most recent year studied. The threats are ever-evolving, the report notes, with bad actors ranging from nation-states, rogue corporate competitors, organized crime outfits and lone actors.
Amid the swirl of breaches and hacks, tech startup veterans and University of Virginia Darden School of Business alumni Jim Zuffoletti (MBA ’05) and Otavio Freire (MBA ’05) noticed the potentially complicating trend of companies conducting more and more of their business outside the traditional confines of their servers and firewalls, with significant activity on platforms such as WhatsApp, WeChat, Slack and Facebook, among scores of others.
The pair, who started the medical compliance software company OpenQ after Darden, launched SafeGuardCyberin 2014, and the Charlottesville-based digital risk protection company has grown at a clip, evidence of the hunger for data security services.
“If you were to go back in time, companies were very much focused on securing your endpoints and securing your gateways,” said Zuffoletti. “The new reality is business is taking place outside of the walls of the company in all of these different digital and social platforms, and we enable companies to secure them.”
Freire said one inspiration for the company was the Russian annexation of Crimea in 2014, a campaign that relied in part on the creation of a slew of false news stories and impersonations to foment antagonism across a range of social media channels. Watching the coverage, Freire said he and Zuffoletti realized it was not a large leap to imagine that sort of malfeasance turned against corporations.
“The reality is the social internet is bigger than the actual internet,” Freire said. “Antivirus was built to protect from attacks from the internet. The nature of the attacks on the social web are just different.”
SafeGuardCyber offers a software platform for companies to “manage the full lifecycle of digital risk protection,” fending off cyber threats that include traditional foes, such as malware and spyware, alongside emerging threats on external channels, such as fake accounts, account takeovers, brand impersonation and unauthorized accounts. The company promises protection coverage across a suite of social media, enterprise and mobile apps as well as collaboration networks.
Since launching the venture, Freire and Zuffoletti have scaled quickly, employing more than 50 people and recently attracting an $11 million series B funding round from AllegisCyber and NightDragon Security. The company also received venture funding from Harbert Growth Partners, where alumnus Brian Carney (MBA ’07) serves as general partner.
Client lists are confidential, but Freire says they include large governments, financial institutions, five of the Top 10 pharmaceutical companies and one “well-known cybersecurity company.”
“We’ve been involved in protecting companies or investigations around all of the major breaches,” Freire said. “We’ve become a de facto go-to company to understand what took place, how to remediate it and how to put a platform in place so it doesn’t happen again.”
The appetite for the company’s services reflect a growing trend.
Worldwide spending on information security products and services exceeded $124 billion in 2018, according to the research firm Gartner, a double-digit increase over the prior year.
In addition to the seemingly daily news of new and ever-larger hacks, Zuffoletti said the Russian interference in the 2016 presidential election played a role in raising awareness of the vulnerabilities in many communications tools consumers and companies use every day.
“The 2016 election was definitely instrumental in raising the power of social media and its risks in the public consciousness,” said Zuffoletti. “One of the things from the 2016 elections to appreciate is what was being hacked was in some ways the views and perceptions of individuals, and the spread of disinformation, or the use of disinformation for state actors or private actors, got on the radar.”
In May, a report by the company showing the range of misinformation campaigns directed at European Union member states ahead of parliamentary elections drew international headlines.
Freire said business leaders should keep in mind three trends as they considered their cyber security positions:
- Attacks by a range of actors are growing.
- Existing business leaders should know that their security teams are probably overwhelmed, with a queue of security issues that grows faster than it decreases.
- There is a critical shortage of cybersecurity professionals.
“There is a cyber war, and we are on the receiving end of it,” said Freire.
Zuffoletti said the first step in protecting critical areas of operations may be to fully understand vulnerabilities.
“Remember that the crown jewels of your business are not hidden behind a wall, you need to know where they are to protect them,” said Zuffoletti. “Your most valuable asset is your brand and you need to think about how you protect your brand.”
While it’s a scary world populated by evolving threats from a host of actors, Zuffoletti said their pitch to clients is less about frightening and more about enabling a path to innovation.
“There is an awful lot of fear around. We have worked very hard to make sure that people are aware but also to indicate that this is the new way people do business, and that we give businesses a way to say ‘yes’ to Facebook, to Slack or to WhatsApp because we figured out the difficult challenge of securing them,” said Zuffoletti.
In addition to remaining in Charlottesville, Zuffoletti and Freire have remained close to Darden, returning as lecturers and remaining vocal advocates for Professor Saras Sarasvathy’s principals of venture effectuation.
“We love Saras,” said Zuffoletti. “We were in her first class at Darden. We are huge believers in her approach to entrepreneurship, and we continue to embrace her principles even in our later stages.”
About the University of Virginia Darden School of Business
The University of Virginia Darden School of Business delivers the world’s best business education experience to prepare entrepreneurial, global and responsible leaders through its MBA, Ph.D., MSBA and Executive Education programs. Darden’s top-ranked faculty is renowned for teaching excellence and advances practical business knowledge through research. Darden was established in 1955 at the University of Virginia, a top public university founded by Thomas Jefferson in 1819 in Charlottesville, Virginia.