The Next Big Thing In Consumer Security
Don't Call It a Comeback
Let’s go through a timeline of some of the prominent companies started in consumer security.
Antivirus software: McAfee was started in 1987 (Norton in 1991)
VPN: Nord VPN was started in 2012
Password Managers: 1Password was started in 2005
Personal Fraud Protection: Lifelock was started in 2005
Mobile Security: Lookout was started in 2007
What’s the newest company started in consumer security some of you might ask? I would guess Aura which started in 2019.
If I’m missing any that are more recent please send me a note/comment.
The natural next question is what about all the privacy players? Well I would bucket them a bit different than security but still let’s look at them.
Delete Data on Internet: DeleteMe was started in 2010
Browser Privacy: DuckDuckGo was started in 2008
Private Messages: Signal was started in 2018, Telegram in 2013
Why Have We Had Very Few New Consumer Security Companies?
Well as we know phase shifts trigger new attack vectors and new data repositories for consumers. So the PC, internet, mobile, etc all trigger new waves of security needs for consumers.
The cloud wave put consumer security mostly into the hands of the SaaS providers so there wasn’t as much of an immediate need for new companies to emerge around user security as the trust was inherently on the SaaS product.
So for that reason, we’ve had a bit of a gap in consumer security. Even as generally consumers are being more conscious of the risks, the need hasn’t been as readily apparent.
Why We’re About to See a New Wave
AI will bring about the new wave of consumer security companies.
With AI, your voice, video, text and everything can be trained and made to feel like it’s actually you. This leaves everyone vulnerable to attacks such as family members, colleagues, and much more.
The prevalence we have on devices and the closeness to them is expanding everyday. Phones in pockets to eyeglasses that we wear daily. “Trusted” voices giving us answers to medical questions and financial questions.
The need is becoming apparent again and the market is opening up for new entrants. So what might these new entrants look like?
Deep Fake Protection: Companies like Reality Defenders are already helping enterprises be aware of voice, video, image, and text fakes. There’s an opportunity on the consumer side too. Imagine your grandma receiving a video of her grandchild being kidnapped. Certainly people would be open to using an app to verify the content. Each of these modalities is potentially a product on their own depending on how metadata can be gathered and analyzed amongst them.
Multi-Party Authentication: I’m not sure what this would look like but the FBI has sent out warnings about AI Scams happening already. While a codeword is certainly best practice now, that may not be good enough. What if there was a way to get some sort of multi-party auth between two users that confirms that they are in fact who they say they are. Biometric auth needed before both accept a phone call or video call. That sort of friction may be too hard to work but maybe there is a form factor.
Sim Jacking Protection: Right now the best protection in this area is getting a consumer to set up notifications and alerts with their carrier with call-in required for changes. The challenge is of course as AI gets better at training on voice and video, this could fool many carrier employees. Given the only increasing prevalence of phones and connected devices, is there a better way to secure consumers against this risk?
There’s other areas that we’re not even thinking about right now. But needless to say, consumer security is about to to be back.
For anyone building in this space, of course reach out :)