The increasing frequency, sophistication, severity ─ and success ─ of cybersecurity attacks on large, well-heeled corporations is roiling the cybersecurity landscape, said a group of industry experts during a panel discussion on Tuesday at the Michigan Growth Capital Symposium. More important, they said, the growing demand for greater protection of corporate intellectual property and assets is creating lucrative opportunities for both cybersecurity start-ups and established companies offering risk assessment, monitoring and mitigation services.
“We are at an unprecedented point in the security landscape where a number of factors are converging,” said Ted Shorter, the CTO of Certified Security Solutions. “Anytime new disruptive technology trends come along, such as the cloud and the Internet of Things, they bring a new set of security issues and vulnerabilities. There’s also been a realization in the hacker community that large targets yield bigger payoffs, and we’re seeing sophisticated nation-state attacks now.”
“It’s not a question of if, but when ─ and what will be the magnitude of the breach and the amount of data that will go out,” said Marc Dominus, senior manager and U.S. ERM Solution Leader at Crowe Horwath. “There’s not only concern about the value of lost data and intellectual property, but also about the brand impact, which can be severe. Reputational value can be eroded quickly.” Target, Home Depot and eBay are still wiping egg off their corporate faces months after breaches resulted in the theft of credit card information on millions of customers.
In the past, cybersecurity was strictly considered an IT function at most companies. Not so anymore, said Jim Goldman, chief trust and security officer at CloudOne. He reported cybersecurity is “being rolled up” from the basement shop to the boardroom suite, where it is receiving high-level attention from Fortune 500 corporate boards. “Traditionally, companies were worried about protecting the personal data of their clients,” Goldman observed. “Now they are worried about protecting their own intellectual property.”
Different security service providers are deploying various strategies to help clients defend against and recover from cybersecurity attacks, said the panelists. These measures include “proactive forensics,” where a client company stages a mock breach-and-response event, and “ethical hacking,” where experts make penetration attempts and develop patches to close cyber loopholes. Protective measures are being taken in many cases to prevent data leakage and loss perpetrated by company employees and third-party vendors. “There’s also greater emphasis on prioritizing data to protect what’s most critical,” Dominus said. “You can’t mitigate everything.”
The prospects for cybersecurity revenue growth and expansion are bright at both the industry and the investment levels, the panelists agreed. “Earlier, the greatest concern about cybersecurity risk was in the financial industry, but now there is concern across all businesses,” Dominus noted. “We’ve seen significant growth in demand for our services and more regulatory guidance.”
Goldman commented: “We’re increasing our revenue by offering enhanced security controls. We’re able to customize our services and add special security features, and then up-charge for these enhancements.”