×

Nobody will take security seriously until they're hurt 'in new ways,' says investor

  • Americans have yet to take personal data security as seriously as they need to, said Greylock Partners' Sara Guo.
  • Once consumers feel threats in a more personal way, their behaviors will change, she said.
Sarah Guo speaking at the 2017 Cyber Summit in Cambridge, Mass., on Oct. 4, 2017.
David A. Grogan | CNBC
Sarah Guo speaking at the 2017 Cyber Summit in Cambridge, Mass., on Oct. 4, 2017.

For Sarah Guo, an investor at venture capital firm Greylock Partners, some of the future dangers of an ever-more-connected world are already here -- in China.

There, ransomware attacks on individual Android phones are a common problem.

Someone could find their phone suddenly seized, and then a message pops up saying -- "I want 1,000 bucks or you can't have your phone anymore," Guo said, in an interview last week at the Cyber Summit in Boston.

It's a scary prospect, and while Guo believes that sort of criminality will become a problem at some point in the U.S., most consumers still have a passive attitude about keeping their data safe.

Even after a hack the size of Equifax or Yahoo, it's surprising how few people take steps to secure their data, she said.

For example, Equifax CEO Richard Smith said last month that 11.5 million people have taken advantage of the company's offer of free credit monitoring in the wake of the hack.

That's a fraction of the 145 million people likely impacted by the attack, said Guo.

"If it actually hurts [consumers] in new ways, their behavior will change," she said.

Guo said the vast number of online accounts that most people have — sometimes numbering in the hundreds — makes it understandably difficult for the average person to practice good "data hygiene."

"There's no I way understand all of my accounts," Guo said.

Guo's investments at Greylock include data security companies Obsidian Security and Awake Security — the former of which is still in stealth. She said that Awake, while examining the databases of some of its clients, was able to find a shocking amount of bad behavior that the companies were completely unaware of — including corporate espionage and insider threats.

"There wasn't a single [company] where we didn't find bad behavior already," she said.

Correction -- An earlier version of this story misstated the status of Awake.

Cyberthreats

Cambridge Cyber Summit Videos

Tech

Latest Special Reports

  • A logo sits on a sign at the World Economic Forum in Davos, Switzerland, on Thursday, Jan. 23, 2014.

    Coverage of the World Economic Forum’s annual meeting in Davos, Switzerland.

  • Take an in-depth look at the world of modern medicine - examining the treatments, companies and people making a difference in the way we treat illness and injuries today, and laying the foundation for the medical treatments of tomorrow.

  • Watch investments

    Covering the full set of tools and strategies for long-term investors: How to take everyday market fluctuations in stride, and when to know it’s time to take action or protect against a major economic shifts.

For sponsorship opportunities, please contact: Alisha Hathaway.

For all press and media inquiries, please contact: Jennifer Dauble.

For all speaker and editorial inquiries, please contact: Dennis O'Brien.