Cybersecurity Pioneer: Corporate Leaders Continue to Ignore Threats

Getty Images/iStockphoto

Serial cybersecurity entrepreneur Amit Yoran has seen it all.

Founding director of the United States Computer Emergency Readiness Team (US-CERT) program in the U.S. Department of Homeland Security, the West Point grad served executive stints at Symantec (SYMC) and RSA before joining Tenable Network Security as CEO in early 2017. Yoran has seen cyberthreats from the vantage point of the federal government, a publicly traded company, and two private firms.

"It's been a schizophrenic career," he says, laughing. "But it's given me the balance and view of cybersecurity from several perspectives."

Some things still haven't changed, to his chagrin. A significant slice of corporate executives continues to neglect pervasive digital threats. "After the Equifax data breach [in 2017] and the WannaCry [ransomware] attack [in 2017], there needs to be more emphasis [on the topic]," Yoran tells Barron's.

A treasure trove of data-Social Security numbers, birthdays, addresses, driver's licenses, and other personal information-was swiped from 146.6 million consumers in the Equifax (EFX) breach, the company disclosed in a filing with the Securities and Exchange Commission last month.

Corporate executives have often coped with cybersecurity by ignoring it until they absolutely had to address it. "They need to bring a new discipline and process to managing, measuring, and reducing cyber risk," Yoran says. "They need to know,'What is the state of [company] security? How exposed am I?'"

It's one of the reasons Yoran joined Tenable, a 16-year-old company that sells technology that scans a company's computer system for security vulnerabilities. The privately-held company, which does not disclose revenue figures, is one of several vendors in the market for vulnerability-management software.

It says its differentiation is, a cloud-based platform that lets customers monitor their computing environments, across the cloud, the Internet of Things, containers, and web apps. The platform shows customers where their network may be exposed and to what extent, a company spokeswoman tells Barron's. Today, for instance, it added support to Google Cloud Platform and Microsoft Azure. It already supports Amazon Web Services.

Boiled down, Tenable's philosophy is to ensure a company's security foundation is sound before tackling the fancy stuff like artificial intelligence and mixed reality, he says.

A recent poll of 1,600 security decision makers in six countries by information-security company Trustwave underlines Yoran's point. It found 17% of the respondents lacked the budget and 16% lacked the expertise to address the problem.

NTT Security, meanwhile, discovered in a risk-value report of 1,800 companies in 12 countries that one-third said they would pay a hacker's ransom rather than invest in cybersecurity because of cost concerns or "blindness" to the threat, NTT Chief Security Strategist Don Gray tells Barron's.

It's that kind of fundamental cyberthreat, coupled with consumer outcry over data protection and privacy, that brought Yoran to Tenable, he says. "People gave me a strange look when I left RSA, which is a billion-dollar company," he says. "But the security attack landscape requires companies like Tenable."

Sign up to Review & Preview, a new daily email from Barron's. Every evening we'll review the news that moved markets during the day and look ahead to what it means for your portfolio in the morning.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

More Related Articles

Info icon

This data feed is not available at this time.

Sign up for Smart Investing to get the latest news, strategies and tips to help you invest smarter.