On October 16, I attended the Cyber Security Finance Forum in Washington, D.C., and received quite a wakeup call. Speakers such as Jay Cohen, US Navy Rear Admiral (retired) and former DHS under Secretary for Science & Technology, gave insights into the problems we are faced with. Admiral Cohen reminded us that “we are at war [and] for the first time everyone is on the front line.”
During the forum, we heard several stories about how in many cases small businesses and individuals were being targeted by hackers and identity thieves instead of big companies, because they are “soft targets.” One story talked about how a small industrial business in the middle of Maine was hacked. Its bank records were compromised, and its bank was tricked into wiring $25,000 to an account in Russia.
While individuals and small businesses may be the new front line in the cybersecurity war, the explosion of the cloud, tablets, smartphones, and other networked mobile electronics certainly makes us all more vulnerable.
As data and software continue their migration to the cloud, accessed by mobile devices, the possible threats are infinite. These days I think even my stapler has an IP address, a 10-megapixel video camera, and can turn itself into a WiFi hotspot. I am now suspicious of the stapler, so I powered it down and put it in the desk drawer so it will not spy on me or attempt to hack into my bank records. But jokes aside, cybersecurity of mobile electronics is starting to become a big problem — and a tremendous technology business opportunity for those that tackle it.
Typically these threats come in four main types:
- Data theft:
- Probing attacks:
- Nuisance attacks:
Someone is trying to steal money
Someone seeks to steal data for industrial or state-sponsored espionage, or simply to embarrass the target
Someone seeks vulnerabilities for future bigger attacks, and performs probes without harming anything (yet)
Hackers often launch a denial-of-service attack to shut down some service or business just because they don't agree with its philosophy or politics
Clearly, there is an enormous market opportunity for enterprise software that performs tasks ranging from intrusion detection and prevention, data backup and protection, malware identification, forensics, and data recovery. But what about opportunities in the electronics software space? The trend is clear that applications and data are moving to the cloud, to be accessed by a tablet, a smartphone, or other wireless device. Often the mobile device is the weak link in the chain, leading to the most vulnerable path to corporate or personal data. And in this new era of Bring Your Own Device (BYOD), these devices are uncontrolled.
There are many opportunities in the mobile electronics market for cybersecurity solutions. As with any requirement in the electronics space, these functions may be implemented in software, hardware, or a combination of both. The trade-off is usually the flexibility of software versus offloading some key functions such as encryption to a dedicated co-processor.
Key needs include the following, with varying degrees of maturity in today's mobile platforms:
- Data encryption and authentication: How do I know my Facebook chat conversation is not being intercepted at Starbucks? How do I know that my Yahoo email password is not being passed in clear text?
- Payment card processing:
- Voice encryption:
- Malware prevention:
- Prevention of denial of service attacks:
- Digital rights management:
- Data protection and theft recovery:
- Forensic triage:
- User authentication:
- Network monitoring and policy enforcement:
- Application testing:
How do I make sure my credit card number is not compromised when I buy something? How do I make sure that I don't get improperly charged when using near field communication (NFC)?
How do I make sure my wireless or VoIP call is not intercepted? How does law enforcement ensure that it can be intercepted?
How do I know whether my smartphone does have malware, and what do I do about it?
What happens when a critical mobile device is targeted by a packet flood attack?
How does Marvell Studios know whether the copy of The Avengers I am watching on my tablet is legit?
If my device is stolen, how do I prevent theft of my data and retain my data for my future use? How do I find my stolen device?
If law enforcement or intelligence agencies seize the device in an investigation, how do they determine quickly whether there are illegal materials on the device?
How does my phone or tablet know that it's really me?
How can companies be sure that Bob the delivery man is really driving his truck instead of sitting at home?
How can I determine what wireless devices (mobile and WiFi) are in my office? How do I know if they are approved or rogue? How do I find and shut them down if they are not approved?
How do we know for sure that the latest update to the free smash-the-pig game didn't actually install malware?
It really is like the wild, wild, west for security in mobile devices. Since this is an M&A column, I would be remiss if I didn't mention the acquisition environment for companies in these spaces. In short, the outlook is very good.
Several of the panelists in the cybersecurity conference talked about the fiscal cliff, sequestration, and eventual cuts to defense spending. But the overriding sentiment is that spending on cybersecurity will not be cut and in fact will probably increase. With government spending cuts in other areas increasing, this should cause more integrators and contractors to grow their businesses by acquiring expertise in the cybersecurity arena. This will trickle down into the embedded space as well. We will continue to see chip and hardware companies buying security software and IP companies for one reason: they have to.
If your company would like to understand its prospects for an M&A transaction, feel free to reach out to me at . The McLean Group was recently named by Global Security Finance as one of the top 10 financial advisors (investment banks) for M&A transactions in the cybersecurity space. You can download the entire report .