Nobody will take security seriously until they're hurt 'in new ways,' says investor

  • Americans have yet to take personal data security as seriously as they need to, said Greylock Partners' Sara Guo.
  • Once consumers feel threats in a more personal way, their behaviors will change, she said.
Sarah Guo speaking at the 2017 Cyber Summit in Cambridge, Mass., on Oct. 4, 2017.
David A. Grogan | CNBC
Sarah Guo speaking at the 2017 Cyber Summit in Cambridge, Mass., on Oct. 4, 2017.

For Sarah Guo, an investor at venture capital firm Greylock Partners, some of the future dangers of an ever-more-connected world are already here -- in China.

There, ransomware attacks on individual Android phones are a common problem.

Someone could find their phone suddenly seized, and then a message pops up saying -- "I want 1,000 bucks or you can't have your phone anymore," Guo said, in an interview last week at the Cyber Summit in Boston.

It's a scary prospect, and while Guo believes that sort of criminality will become a problem at some point in the U.S., most consumers still have a passive attitude about keeping their data safe.

Even after a hack the size of Equifax or Yahoo, it's surprising how few people take steps to secure their data, she said.

For example, Equifax CEO Richard Smith said last month that 11.5 million people have taken advantage of the company's offer of free credit monitoring in the wake of the hack.

That's a fraction of the 145 million people likely impacted by the attack, said Guo.

"If it actually hurts [consumers] in new ways, their behavior will change," she said.

Guo said the vast number of online accounts that most people have — sometimes numbering in the hundreds — makes it understandably difficult for the average person to practice good "data hygiene."

"There's no I way understand all of my accounts," Guo said.

Guo's investments at Greylock include data security companies Obsidian Security and Awake Security — the former of which is still in stealth. She said that Awake, while examining the databases of some of its clients, was able to find a shocking amount of bad behavior that the companies were completely unaware of — including corporate espionage and insider threats.

"There wasn't a single [company] where we didn't find bad behavior already," she said.

Correction -- An earlier version of this story misstated the status of Awake.


Cambridge Cyber Summit Videos


Latest Special Reports

  • Tips on the best-performing portfolio strategies and global market trends that can help you become a smarter investor.

  • Financial Advisor

    Featuring CNBC's Financial Advisor Council, this video series will aim to educate investors with straightforward financial advice.

  • NYSE Trader on the floor

    The buzz on the trading floor

For sponsorship opportunities, please contact: Alisha Hathaway.

For all press and media inquiries, please contact: Jennifer Dauble.

For all speaker and editorial inquiries, please contact: Dennis O'Brien.