Earlier this month I wrote about lessons businesses can learn from the Facebook data breach that affected millions of users. News has now surfaced that Facebook is rumored to be shopping for a cybersecurity company to help boost their security operations and prevent another major hack.
I reached out to Bryce Austin, CEO at TCE Strategy, and Vijay Pullur, CEO at ThumbSignIn to see what they thought of this potential acquisition and whether acquiring a cybersecurity company makes sense for Facebook as the company tries to rebuild its reputation after recent security lapses.
Editor’s note: The following transcript has been edited for clarity and length.
If it moves forward with the acquisition of a cybersecurity company, what will it mean for Facebook?
Bryce Austin: It is an interesting idea for Facebook to purchase a cybersecurity company, as their cybersecurity issues appear to be a failure of imaginative thinking rather than a lack of the fundamentals of cybersecurity. People are using Facebook’s tools/features in combinations that Facebook never conceived of, and it was the combination of three different tools that led to the latest breach Facebook announced. If the purchase of an outside firm can help with that, then I’m all for it, but I hope they are looking for the equivalent of Disney’s Imagineers rather than a more traditional cybersecurity outfit.
Facebook has larger reputational issues with the fundamentals of their business model as opposed to issues with their cybersecurity. Facebook’s users do not fully understand the ways that their personal data is being analyzed and sold for Facebook’s profit. The recent discovery that Facebook is sending targeted advertising to the phone number provided by cyber-aware users for multi-factor authentication is a prime example.
Facebook needs to be open and transparent about their behavior and business ethics. Facebook has a choice to be an ethical beacon (similar to Volvo’s commitment to safety) or an ethical nightmare (similar to Volkswagen’s blatant hacking of U.S. diesel emission standards). They can use sensitive analytical information they are able to glean from their users for customers’ benefit, or to their detriment.
Vijay Pullur: The need for Facebook to make an acquisition has become imminent. It shows that they are taking security very seriously and that helps with improving the public perception. I see it as a sincere effort to fix security.
It’s not that Facebook doesn’t have security experts — they must have an army of security specialists –but this acquisition will help them bring in more competence, focus and deeper knowledge to the security domain.
But as bad actors become more sophisticated, it’s important to remember that security is not a one-time fix. You have to constantly ward off threats preemptively and with the use of machine learning, AI and new generation of software technologies.