Technology is more pervasive in our lives than ever before. Because of that, we’ve seen increases in productivity, and efficiency in both the business world and in our personal lives. Time-consuming errands like banking or purchasing groceries can now be completed at the push of a button. However, the rapid pace of technological changes and the interconnected nature of modern tech has also created a world in which our most sensitive information is at constant threat of potentially devastating hacks.
Common sense tells us that hacks are simply a part of life, and that businesses need to factor inevitable losses due to hacking into their bottom line. However, Dr. Aleksandr Yampolskiy believes companies can get ahead of hacks by investing in cybersecurity, specifically with his company SecurityScorecard, which he founded in late 2013 with Sam Kassoumeh.
SecurityScorecard operates from the perspective that a company’s highest security risks can be diagnosed and treated before a hack takes place. Further still, companies can promote themselves based on the security score they receive from the company. It’s a business strategy that appears to be working, as SecurityScorecard raised $12.5 million in funding led by Sequoia Capital in March of last year, and recently completed a Series B fundraising round of $20 million, led by Google Ventures.
Recently, Equities.com had the chance to speak with Dr. Yampolskiy regarding the recent fundraising round, his views on cybersecurity, and where he’d like to see SecurityScorecard go from here.
Equities: Why don’t you start by giving a brief overview of what SecurityScorecard is, and how you can help businesses with cybersecurity.
Yampolskiy: Sure. At SecurityScorecard, we compute a security rating for any company in the world. So from the outside without knowing anything about that company, we’re able to unobtrusively gauge and answer questions like: How good is the company's overall security posture? How good a job is the company doing at training its employees on security awareness? Are they making sure that their systems are up to date, mitigating the malware infections when they occur in the company's networks?
What is unique about SecurityScorecard is that we provide the broadest, the best and the most accurate cybersecurity rating. Our algorithm takes in hundreds of data points across 10 critical security categories that are necessary to assess the true risk of a company such as application security, network security, patching cadence, leaked credentials and social engineering, and we're the only company in the market to look at all these hundreds of indicators that are necessary to compute an accurate picture of the company's risk. Our security rating evaluates over 500% more data points and over 300% more critical security categories than other rating service.
Today, we work with over a hundred different customers. Some of them are multibillion-dollar banks and financial institutions who are using SecurityScorecard to gain insight into the security of their supply chain. Some of them are cyber-insurance companies who are using us to more accurately underwrite the insurance applicants who apply to them for cyber-insurance, so there's a whole variety of reasons.
Equities: And at the end of the day, companies get a simple letter grade, like a credit rating based on their cybersecurity?
Yampolskiy: An overall credit rating is important, but it’s also too one dimensional to make intelligent decisions on its own. The problem with a credit rating type of approach is that security, just like investment decisions, is much more multidimensional than just a single number. Basically, you could have different types of financial metrics about a company. Similarly, there are different types of security metrics for any given company.. I do not like to describe it as a credit rating, because that’s just a single number. We give a much broader assessment which we call a scorecard. A scorecard consists of different types of critical security categories.
Equities: You recently went through a successful series B fundraising round with Google Ventures, and it looks like you have quite a few high profile venture capital firms involved, as well. How did you find yourselves partnered with GV?
Yampolskiy: For us, it's not just about the money, it's also about the strategic partnerships that the investors can provide. In general, if you think about what we're trying to do in terms of measuring security, if you're able to do it for a company like Google (GOOG), which has probably the most complicated infrastructure and architecture out there, then you should be able to do it for anybody. That was definitely the reason we partnered with Google Ventures, because of their deep expertise in scaling and creating long lasting companies.
Equities: Have you noticed that having names like Google and Sequoia backing you has legitimized your company in the minds of people in Silicon Valley?
Yampolskiy: I think people care a lot about the expertise of the founders. Both my cofounder and I were security CISOs. They care about the product. We have a great product that a lot of companies and people derive value from. Definitely, having great investors does help legitimize what we do, but a lot It definitely helps legitimize, but a lot of it is also about the product. Ultimately, you can have a lot of it is also about the product. Ultimately, you can have a lot of different amazing investors, but it's all up to the company to make sure that you deliver great value.
Equities: It sounds like you're in a good place right now. You have the funding, you have a strong product and platform that people are taking notice of, and have a lot of recognizable name clients as well. What does the next year have in store for SecurityScorecard?
Yampolskiy: We're already seeing the rapid adoption of SecurityScorecard in the market. We’re seeing rapid adoption of SecurityScorecard by many businesses, many companies, so we are already well on our way to becoming a leader, towards becoming the number one company for measuring security. We’re going to continue improving the products. We plan to continue expanding and building amazing value for our company.
Equities: In the long run, where do you ultimately see SecurityScorecard’s place in the cybersecurity world?
Yampolskiy: I see us becoming a “must have” instead of a “nice to have” for many companies. In other words, SecurityScorecard is really necessary for companies when they make critical business decisions. If you're thinking about mergers and acquisitions, then you need to know that you're not flushing your money down the drain. If you were thinking of selecting a partner or a supplier, then you need to know how they're doing. So I see us really continuing our leadership position.
Equities: What are some easy-to-implement cybersecurity measures that you find people often overlook?
Yampolskiy: There are a couple of things that I would recommend. Number one, security awareness is everything. Make sure that you train your people in security awareness. That would probably be number one, because that is always the weakest link. People can spend all kinds of money on any security product but if you don’t train your people about security awareness, that is a real issue.
Number two, make sure that you change the default passwords. A lot of time companies get hacked because they basically just forgot to change the passwords. They’re using default passwords and they get hacked.
Number three, don’t neglect the security of your suppliers. You’re only as strong as your weakest link. If one of your suppliers, if one of your vendors gets hacked, then you are in trouble.
DISCLOSURE: The views and opinions expressed in this article are those of the authors, and do not represent the views of equities.com. Readers should not consider statements made by the author as formal recommendations and should consult their financial advisor before making any investment decisions. To read our full disclosure, please go to: http://www.equities.com/disclaimer