On October 16, I attended the Cyber Security Finance Forum in Washington, D.C., and received quite a wakeup call. Speakers such as Jay Cohen, US Navy Rear Admiral (retired) and former DHS under Secretary for Science & Technology, gave insights into the problems we are faced with. Admiral Cohen reminded us that "we are at war [and] for the first time everyone is on the front line."
During the forum, we heard several stories about how in many cases small businesses and individuals were being targeted by hackers and identity thieves instead of big companies, because they are "soft targets." One story talked about how a small industrial business in the middle of Maine was hacked. Its bank records were compromised, and its bank was tricked into wiring $25,000 to an account in Russia.
While individuals and small businesses may be the new front line in the cybersecurity war, the explosion of the cloud, tablets, smartphones, and other networked mobile electronics certainly makes us all more vulnerable.
As data and software continue their migration to the cloud, accessed by mobile devices, the possible threats are infinite. These days I think even my stapler has an IP address, a 10-megapixel video camera, and can turn itself into a WiFi hotspot. I am now suspicious of the stapler, so I powered it down and put it in the desk drawer so it will not spy on me or attempt to hack into my bank records. But jokes aside, cybersecurity of mobile electronics is starting to become a big problem -- and a tremendous technology business opportunity for those that tackle it.
Typically these threats come in four main types:
Fraud:
Someone is trying to steal money
Data theft:
Someone seeks to steal data for industrial or state-sponsored espionage, or simply to embarrass the target
Probing attacks:
Someone seeks vulnerabilities for future bigger attacks, and performs probes without harming anything (yet)
Nuisance attacks:
Hackers often launch a denial-of-service attack to shut down some service or business just because they don't agree with its philosophy or politics
Clearly, there is an enormous market opportunity for enterprise software that performs tasks ranging from intrusion detection and prevention, data backup and protection, malware identification, forensics, and data recovery. But what about opportunities in the electronics software space? The trend is clear that applications and data are moving to the cloud, to be accessed by a tablet, a smartphone, or other wireless device. Often the mobile device is the weak link in the chain, leading to the most vulnerable path to corporate or personal data. And in this new era of Bring Your Own Device (BYOD), these devices are uncontrolled.
There are many opportunities in the mobile electronics market for cybersecurity solutions. As with any requirement in the electronics space, these functions may be implemented in software, hardware, or a combination of both. The trade-off is usually the flexibility of software versus offloading some key functions such as encryption to a dedicated co-processor.
Key needs include the following, with varying degrees of maturity in today's mobile platforms:
Data encryption and authentication: How do I know my Facebook chat conversation is not being intercepted at Starbucks? How do I know that my Yahoo email password is not being passed in clear text?
Payment card processing:
How do I make sure my credit card number is not compromised when I buy something? How do I make sure that I don't get improperly charged when using near field communication (NFC)?
Voice encryption:
How do I make sure my wireless or VoIP call is not intercepted? How does law enforcement ensure that it can be intercepted?
Malware prevention:
How do I know whether my smartphone does have malware, and what do I do about it?
Prevention of denial of service attacks:
What happens when a critical mobile device is targeted by a packet flood attack?
Digital rights management:
How does Marvell Studios know whether the copy of The Avengers I am watching on my tablet is legit?
Data protection and theft recovery:
If my device is stolen, how do I prevent theft of my data and retain my data for my future use? How do I find my stolen device?
Forensic triage:
If law enforcement or intelligence agencies seize the device in an investigation, how do they determine quickly whether there are illegal materials on the device?
User authentication:
How does my phone or tablet know that it's really me?
Spyware:
How can companies be sure that Bob the delivery man is really driving his truck instead of sitting at home?
Network monitoring and policy enforcement:
How can I determine what wireless devices (mobile and WiFi) are in my office? How do I know if they are approved or rogue? How do I find and shut them down if they are not approved?
Application testing:
How do we know for sure that the latest update to the free smash-the-pig game didn't actually install malware?
It really is like the wild, wild, west for security in mobile devices. Since this is an M&A column, I would be remiss if I didn't mention the acquisition environment for companies in these spaces. In short, the outlook is very good.
Several of the panelists in the cybersecurity conference talked about the fiscal cliff, sequestration, and eventual cuts to defense spending. But the overriding sentiment is that spending on cybersecurity will not be cut and in fact will probably increase. With government spending cuts in other areas increasing, this should cause more integrators and contractors to grow their businesses by acquiring expertise in the cybersecurity arena. This will trickle down into the embedded space as well. We will continue to see chip and hardware companies buying security software and IP companies for one reason: they have to.
If your company would like to understand its prospects for an M&A transaction, feel free to reach out to me at blorenz@mcleanllc.com. The McLean Group was recently named by Global Security Finance as one of the top 10 financial advisors (investment banks) for M&A transactions in the cybersecurity space. You can download the entire report here.
First the simple viruses, then spyware and malware, then the Bot nets and so on.. The cyber attackers are always on the move as the protection mechanisms -such as firewalls, Anti-virus software, the secure protocols or the data encryption algorithms get developed.
So it is technology business Vs Technology anti-business.
And like other physical stealing and robbing techniques are improving day by day , the soft technological hacking techniques are getting developed at much faster rate than the actual applications themselves.
One of the key reasons for the vulnerability to the cyber attacks is the inability of the software community to guarantee a bug free software - the bugs which the developer community is unable to unearth, the hacker community gets hands onto them in no time . It is like those smart lawyers who find the loopholes in the newly made laws before the general public finds out the exact use for them.
Yes we are at war and all of us have to be on the Front Line
This is new point to ponder. Both government and business are equally worried. It may be able to control part of crime. But when it is state sponsored crime, it will be very difficult. With advent of this cyberwar, espionage will become more simplified and less riskky.
Thanks for the 12-point questionairre about the cybersecurity self-assessment.
I was really moved by the list as I have never concentrated on these points (which are also relevant to the individuals) despite the fact that these threats contain a high likelihood to endanger my system. If I as an individual should work on these security measures, a SMB or a corporate should definitely work on it.
Due to cyber-war between countries, we as individuals can get affected when a government website such as government taxation portal or a national identity record system gets hacked. Directly we might not get affected as in such a war, individuals' accounts are not a target as impact is too small.
Also, usually this is done without disclosing identity and is like a cold war therefore we can see presidents of 2 fighting countries (fighting on cyber platform only) warmly shaking hands at a conference while at the same time agencies grabbing each other's neck. The point is that we might never know who was really behind the attack.
I agree we are all on the warfront in the cyber war but are we all equally prepared for this? Are we all able to fight and can we all adapt to the dangers involved?
I guess in the olden days you'd hear about the odd bank being robbed of 100k by masked axe weilding hardmen. Nowadays it is the silent robber who steals 10 bucks here and 1 buck there from millions of accounts unbeknown to anyone. This crime is far more insidious and difficult to counter.
Interesting blog. I have a question: of the must-have list for software, do all packages have to have all those features? If so, are they easily downloaded? Are these enterprise-based or device based? The reason I ask: I can't imagine going down that list and finding a solution that meets each need. If it can be downloaded and automatically set, even better. But how much does a typical consumer need to have?
@_hm: great post! If we would like to restrict the focus you have described, not necessary on crime, but on privacy, we could say each one of us is, potentially, really monitored about his on line activities; especially OTT players are not totally agreeing with the rules about privacy. Going further, privacy and then individual security are not fully assured. Maybe the "cyberwar" starts exactly from this topic.
Following up with the army's analogy, we are all in the front line with 4 or 5 new, shiny guns -- visible from miles away.
Also, as important as prevention is being able to locate hackers and prosecute them... for that, we will need to establish better relationships with countries such as Russia and China.
EBN Dialogue enables and encourages you to participate in live chats with notable leaders and luminaries. Not only editors and journalists, but the entire EBN community is able to comment and ask questions. Listed below are upcoming and archived chats.
Archived Dialogues
Thailand Stages a Comeback Join EBN contributor Jennifer Baljko on Thursday August 23, 2012, at 11:00 a.m. EST for a live chat on how electronic manufacturers in Thailand have shored up their supply chain to reduce the impact of future natural disasters.
Euro-Crisis: What It Means for High-Tech Firms Join EBN Editor in Chief Bolaji Ojo and Contributing Editor Jennifer Baljko on Thursday, July 12, at 10:00 a.m. EDT for a Live Chat on high-tech and Europe's economic difficulties.
Microsoft Surface: Potential Winners & Losers What are the implications for the electronics industry supply chain of Microsoft Corp.'s decision to launch its own tablet PC? Join industry veteran and EE Times' systems and OEM expert Rick Merritt on Tuesday, July 3, at 12:00 pm EDT for a Live Chat on this subject.
Join EBN contributor Jennifer Baljko on Thursday August 23, 2012, at 11:00 a.m. EST for a live chat on how electronic manufacturers in Thailand have shored up their supply chain to reduce the impact of future natural disasters.
Peter Drucker famously said "Trying to predict the future is like trying to drive down a country road at night with no lights while looking out the back window." Yet in the razor's-edge world of electronics—with a lean supply chain and just-in-time demands—the need to know the future is vital.
You've heard the saying "the No. 1 supply chain risk is your people." That hasn't always been the case. But today's complex global supply chain requires a new type of multitalented employee. It's one who understands, finance, marketing, economics, is savvy with technology, graceful with relationships and can think analytically.
Where are these people? Are universities properly preparing the next generation supply chain professionals? How do train your existing workforce for these new, demanding positions?
Brian Fuller, editor-in-chief of EBN, will lead a 60-minute Avnet Velocity panel discussion that will ask and answer these and other questions swirling around today's supply-chain talent challenges.
To save this item to your list of favorite EBN content so you can find it later in your Profile page, click the "Save It" button next to the item.
If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This