LAPTOPS WILL BE THE ARTILLERY OF THE FUTURE
By David J. O’Reilly, Managing Director, Hampton Court Capital
Every political and military conflict now has a cybersecurity aspect to it, which has led to governments treating the build-up of highly advanced defenses in this area with the same importance as they would the acquisition of a new aircraft carrier or fleet of warships or jet fighters.
In the UK, we have seen the recent formal opening of a National Cyber Security Centre (NCSC) by the Queen this month, where GCHQ staff will work closely with the best and the brightest private sector experts to help identify and counter cybersecurity threats against UK assets.
A perfect storm of events and developments are driving exponential growth in the Cyber Security sector globally: the growing rise of cyber attacks and the proliferation of new malware technology such as ransomware, as well as the widespread use of multiple devices as part of the internet of things such as intelligent domestic appliances and mobile devices.
Gartner estimate that worldwide IT security spending will more than double from $77 billion in 2015 to $170 billion by 2020.
Investors are eagerly deploying capital into new companies in the cybersecurity sector, many of which make use of artificial intelligence and machine learning to grapple with the epic task of interpreting and responding to the truly mammoth volume of data that spews forth from servers and networks globally each second.
Small to medium-sized companies often think that because high profile cybersecurity news stories usually refer to governments or large global companies being hacked, such as the US election hacking rumors or the well-documented attack on TalkTalk here in the UK, they do not need to worry as they are too small to be a worthwhile target – nothing could be further from the truth.
Cyber attacks are not someone else’s problem – they are your problem and they need to be viewed as a potential spear in your side that is tackled head-on and skillfully deflected, not as a gaping wound that is stitched up and patched over after the attack.
Regardless of the size of your company, household, government department, hospital, university or police force, you are a potential target and you need to mitigate the risks.
Ransomware was the biggest growing malware variant in 2016, and it represents a highly disturbing evolution in the cybersecurity landscape that should make everyone, from households to the largest international companies and government agencies, sit up and take note. This is malicious software that blocks access to a computer until you pay to fix it.
Black market prices have fallen for large batches of personal data such as addresses and credit card numbers, forcing malevolent individuals to switch their attention onto extorting money from personal victims.
The bulk of these attacks are through malicious email attachments, and the ingenuity and skill involved by the hackers to extort money are truly breathtaking.
The risks have never been as severe: there were 188 cyber attacks classed by the NCSC as Category 2 or 3 during the last three months, although the UK has not yet experienced a Category 1 attack, the highest level (for example, the attack on the US Office Of Personnel Management was a Category 1 attack, with millions of confidential American public service personnel records stolen).
Hackers managed to steal $81 million from the Bangladesh Central Bank according to media reports in 2016, promoting others to upgrade their security, but I am still not convinced that C-suite teams understand that cybersecurity permeates every aspect of a company’s DNA and is the responsibility of every individual, not just the IT department.
I fear that hacks, cyber-attacks and digital heists similar to the experience of the unfortunate Bangladesh Central Bank will increase in coming years and become an increasingly common occurrence.
Threats such as ransomware will be even more dangerous due to the number of interconnected devices and smartphones in our homes and offices.
The internet of things may well end up being re-named the internet of weaknesses or the internet of vulnerabilities.
Quite often, the biggest threat comes from inside a business, where poor internal controls and dangerous internal practices are dangerous Achilles’ heels for many companies.
For example, a study of leaked passwords last year that analyzed 10 million leaked passwords found that 17% of accounts sampled were secured with the password “123456”.
This all goes to demonstrate how much IT security is a make or break business issue – traditionally, companies, government departments, and security agencies have treated this area as a matter for their IT department. It requires a leader who reports directly to a senior executive, if not to the board directly itself.
The specific job title of this individual is not important, but rather their ability to bring key IT security issues to the C-suite directly with clarity, authority and sufficient gravitas to help the management team think through and discuss how security affects every single business decision.
Effective cybersecurity leaders are those who can demonstrate the linkages between security and the company’s strategic objectives and goals.
They are effective at reminding the rest of the management team that cybersecurity is a strategic matter, not an IT department matter.
The most successful companies of the future will be those who invest in cybersecurity systems and in the right experts, both internal staff and external consultants and cybersecurity specialists, who are able to effectively detect, analyze and resolve a vast plateau of international cybersecurity threats in real-time using cutting-edge systems.
Companies are increasingly making use of cutting-edge cybersecurity products and advice on a managed security services basis, with the result being that this market is expected to be worth $34 billion by 2021 according to Markets And Markets research.
The key to success will be the ability to proactively plan for attacks and detect them as they occur.
Companies and government agencies need to be able to move from a “situation calm” status to an “initial alert” status to an “attack defeated / matter resolved” status in a matter of seconds or minutes (not hours, days or weeks) in today’s environment.
By catching an incident early, security teams can reduce the overall impact (costly fixes, threats to human life and to property, disrupted business, reputational damage, stolen IP, financial loss).
For governments, this approach will be vital when it comes to protecting their citizens – cybersecurity is no longer a matter of protecting merely a few servers with some personal details, but it is a matter of, quite often, life and death, and of national security, with critical pieces of national infrastructure frequently being discreetly measured up and assessed by those who would do us harm, such as energy grids, hospital networks, educational institutions, government departments, water systems, gas/oil pipelines, air traffic control networks, and nuclear facilities.
About The Author
David O’Reilly is a Managing Director at Hampton Court Capital, an award-winning international TMT (Technology, Media and Telecoms) Boutique Investment Bank based in London, and a senior board advisor and non-executive director to several charities, non-profit discussion forums, and privately owned TMT companies. He is head of the UK alumni chapter for University College Dublin.
David can be reached online at firstname.lastname@example.org and at his company website http://www.hamptoncourtcapital.com/.