On October 16, I attended the Cyber Security Finance Forum in Washington, D.C., and received quite a wakeup call. Speakers such as Jay Cohen, US Navy Rear Admiral (retired) and former DHS under Secretary for Science & Technology, gave insights into the problems we are faced with. Admiral Cohen reminded us that "we are at war [and] for the first time everyone is on the front line."
During the forum, we heard several stories about how in many cases small businesses and individuals were being targeted by hackers and identity thieves instead of big companies, because they are "soft targets." One story talked about how a small industrial business in the middle of Maine was hacked. Its bank records were compromised, and its bank was tricked into wiring $25,000 to an account in Russia.
While individuals and small businesses may be the new front line in the cybersecurity war, the explosion of the cloud, tablets, smartphones, and other networked mobile electronics certainly makes us all more vulnerable.
As data and software continue their migration to the cloud, accessed by mobile devices, the possible threats are infinite. These days I think even my stapler has an IP address, a 10-megapixel video camera, and can turn itself into a WiFi hotspot. I am now suspicious of the stapler, so I powered it down and put it in the desk drawer so it will not spy on me or attempt to hack into my bank records. But jokes aside, cybersecurity of mobile electronics is starting to become a big problem -- and a tremendous technology business opportunity for those that tackle it.
Typically these threats come in four main types:
Fraud:
Someone is trying to steal money
Data theft:
Someone seeks to steal data for industrial or state-sponsored espionage, or simply to embarrass the target
Probing attacks:
Someone seeks vulnerabilities for future bigger attacks, and performs probes without harming anything (yet)
Nuisance attacks:
Hackers often launch a denial-of-service attack to shut down some service or business just because they don't agree with its philosophy or politics
Clearly, there is an enormous market opportunity for enterprise software that performs tasks ranging from intrusion detection and prevention, data backup and protection, malware identification, forensics, and data recovery. But what about opportunities in the electronics software space? The trend is clear that applications and data are moving to the cloud, to be accessed by a tablet, a smartphone, or other wireless device. Often the mobile device is the weak link in the chain, leading to the most vulnerable path to corporate or personal data. And in this new era of Bring Your Own Device (BYOD), these devices are uncontrolled.
There are many opportunities in the mobile electronics market for cybersecurity solutions. As with any requirement in the electronics space, these functions may be implemented in software, hardware, or a combination of both. The trade-off is usually the flexibility of software versus offloading some key functions such as encryption to a dedicated co-processor.
Key needs include the following, with varying degrees of maturity in today's mobile platforms:
Data encryption and authentication: How do I know my Facebook chat conversation is not being intercepted at Starbucks? How do I know that my Yahoo email password is not being passed in clear text?
Payment card processing:
How do I make sure my credit card number is not compromised when I buy something? How do I make sure that I don't get improperly charged when using near field communication (NFC)?
Voice encryption:
How do I make sure my wireless or VoIP call is not intercepted? How does law enforcement ensure that it can be intercepted?
Malware prevention:
How do I know whether my smartphone does have malware, and what do I do about it?
Prevention of denial of service attacks:
What happens when a critical mobile device is targeted by a packet flood attack?
Digital rights management:
How does Marvell Studios know whether the copy of The Avengers I am watching on my tablet is legit?
Data protection and theft recovery:
If my device is stolen, how do I prevent theft of my data and retain my data for my future use? How do I find my stolen device?
Forensic triage:
If law enforcement or intelligence agencies seize the device in an investigation, how do they determine quickly whether there are illegal materials on the device?
User authentication:
How does my phone or tablet know that it's really me?
Spyware:
How can companies be sure that Bob the delivery man is really driving his truck instead of sitting at home?
Network monitoring and policy enforcement:
How can I determine what wireless devices (mobile and WiFi) are in my office? How do I know if they are approved or rogue? How do I find and shut them down if they are not approved?
Application testing:
How do we know for sure that the latest update to the free smash-the-pig game didn't actually install malware?
It really is like the wild, wild, west for security in mobile devices. Since this is an M&A column, I would be remiss if I didn't mention the acquisition environment for companies in these spaces. In short, the outlook is very good.
Several of the panelists in the cybersecurity conference talked about the fiscal cliff, sequestration, and eventual cuts to defense spending. But the overriding sentiment is that spending on cybersecurity will not be cut and in fact will probably increase. With government spending cuts in other areas increasing, this should cause more integrators and contractors to grow their businesses by acquiring expertise in the cybersecurity arena. This will trickle down into the embedded space as well. We will continue to see chip and hardware companies buying security software and IP companies for one reason: they have to.
If your company would like to understand its prospects for an M&A transaction, feel free to reach out to me at blorenz@mcleanllc.com. The McLean Group was recently named by Global Security Finance as one of the top 10 financial advisors (investment banks) for M&A transactions in the cybersecurity space. You can download the entire report here.
@WB: It is one of the most important event, this year and topics you have summarized within the post, are critical, definitely. The only question is about what will be the real follow up, in the sense that several of us are wondering how and when each Gov will apply possible rules outlined as output of the session in Dubai. Rules and regulators are good, speaking for myself, I would say an agreed timeplan related to rules to apply, could act as strong incentive in cyber war's mitigation.
There are topical issues coming up in December this year in Dubai - World Conference on International Telecommunications ( WCIT12). The International telecommunication regulations (ITRs) might probably be revised to handle the cyber problems, some of the issues to address are:
If we are all in warfront, who then are we battling against? One thing remains - we are yet to identify where the cyber problem is. All these attacks are originated from somewhere, hosted by some servers, passing through some exchanges and routed finally to their destinations. What's the point of spending huge money on machine guns and missiles, if insufficient qualify persons to man then unavailable?
@_hm: ops ! you are opening an innovative and fascinating horizon which could be named "socials for spying". After all, in a such way, it is already started ?!?
@mfbertozzi: This espionage on privacy may be done by our own organization like facebook, google and sold to enemies knowingly or or by mistake. This may be just begining of much more intricate world of cyber war. We may look it as opportunity!
Following up with the army's analogy, we are all in the front line with 4 or 5 new, shiny guns -- visible from miles away.
Also, as important as prevention is being able to locate hackers and prosecute them... for that, we will need to establish better relationships with countries such as Russia and China.
@_hm: great post! If we would like to restrict the focus you have described, not necessary on crime, but on privacy, we could say each one of us is, potentially, really monitored about his on line activities; especially OTT players are not totally agreeing with the rules about privacy. Going further, privacy and then individual security are not fully assured. Maybe the "cyberwar" starts exactly from this topic.
Interesting blog. I have a question: of the must-have list for software, do all packages have to have all those features? If so, are they easily downloaded? Are these enterprise-based or device based? The reason I ask: I can't imagine going down that list and finding a solution that meets each need. If it can be downloaded and automatically set, even better. But how much does a typical consumer need to have?
EBN Dialogue enables and encourages you to participate in live chats with notable leaders and luminaries. Not only editors and journalists, but the entire EBN community is able to comment and ask questions. Listed below are upcoming and archived chats.
Archived Dialogues
Thailand Stages a Comeback Join EBN contributor Jennifer Baljko on Thursday August 23, 2012, at 11:00 a.m. EST for a live chat on how electronic manufacturers in Thailand have shored up their supply chain to reduce the impact of future natural disasters.
Euro-Crisis: What It Means for High-Tech Firms Join EBN Editor in Chief Bolaji Ojo and Contributing Editor Jennifer Baljko on Thursday, July 12, at 10:00 a.m. EDT for a Live Chat on high-tech and Europe's economic difficulties.
Microsoft Surface: Potential Winners & Losers What are the implications for the electronics industry supply chain of Microsoft Corp.'s decision to launch its own tablet PC? Join industry veteran and EE Times' systems and OEM expert Rick Merritt on Tuesday, July 3, at 12:00 pm EDT for a Live Chat on this subject.
Join EBN contributor Jennifer Baljko on Thursday August 23, 2012, at 11:00 a.m. EST for a live chat on how electronic manufacturers in Thailand have shored up their supply chain to reduce the impact of future natural disasters.
Peter Drucker famously said "Trying to predict the future is like trying to drive down a country road at night with no lights while looking out the back window." Yet in the razor's-edge world of electronics—with a lean supply chain and just-in-time demands—the need to know the future is vital.
While no one really can accurately predict the future, we can take guidance from another Drucker saying which is the best way to predict the future is to create it.
You've heard the saying "the No. 1 supply chain risk is your people." That hasn't always been the case. But today's complex global supply chain requires a new type of multitalented employee. It's one who understands, finance, marketing, economics, is savvy with technology, graceful with relationships and can think analytically.
Where are these people? Are universities properly preparing the next generation supply chain professionals? How do train your existing workforce for these new, demanding positions?
Brian Fuller, editor-in-chief of EBN, will lead a 60-minute Avnet Velocity panel discussion that will ask and answer these and other questions swirling around today's supply-chain talent challenges.
To save this item to your list of favorite EBN content so you can find it later in your Profile page, click the "Save It" button next to the item.
If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This