The Issue of Cyber Crime: Selling Cyber Security…or Missing a Major Market?
Question: “What do security integrators, defense contractors, major IT firms, international risk consultancies, and start up companies all have in common?”
Answer: They are selling cyber security solutions and services.
“Last year the FBI announced that revenues from cyber-crime, for the first time ever, exceeded drug trafficking as the most lucrative illegal global business, estimated at reaping more than $1 trillion annually in illicit profits.”
— Edward Amoroso, chief security officer of AT&T (2009)
The cyber crime problem is huge and involves many disciplines from across the information technology (IT) department, human resources, legal and traditional physical security. The threat vector is so vast that companies must collaborate more effectively internally to coordinate their defenses. It is not an “IT only” problem, but an opportunity for various departments to play to their strengths. Pure play information security solutions should reside in the IT department. Monitoring real time packet traffic to identify malware and botnet profiles is a specialty best left to computer science — where they are overwhelmed with data.
However, insider theft of company assets — information in this case — is an area where corporate security has investigative experience and contacts with law enforcement agencies that are valuable. This internal investigation capability is an area where physical security integrators can enter the cyber security market quickly. The ability to track problem employees and monitor, via access control systems and video surveillance, specific physical locations and information sources is absolutely critical today. Expertise in this area and consulting services for educating the company regarding its supply chain partner security is desperately needed.
A Verizon report in 2010 stated that 34 percent of “partners” had access to a host company’s proprietary data! This data did not include part time contractors.
Additionally, a recent survey conducted by the Ponemon Institute found that insider crime is amongst the most costly cybercrimes a company or organization can be subjected to. On average, the Ponemon survey found that insider crime took up to 42 days or more to resolve, with an average cost to an organization of nearly $18,000 per day, or up to $750,000 or more for every incident. Additional data show that small, medium business (SMB) are targets of cyber criminals based on the fact they do not typically employ computer security expertise. Businesses are getting breached from both sides, internal and external.
I attend many cyber security events (RSA Security Conference, Black Hat, GovSec, etc.) and know many vendors with products that physical security integrators could resell. Cyber compliance software, integrated tracking solutions, and mobile device security tools are a few examples. These are solutions to current market needs and complement a portfolio of video surveillance, access control and biometric monitoring capabilities. However, I rarely see the firms that attend ASIS or ISC East & West at these events? At least review the exhibitor listings of these shows and contact potential partners directly. If your customers are not buying these services from a vendor today, they will be tomorrow.
Cyber security requires point solutions that a physical security integrator is very capable of providing. The security threat now blends the physical and digital domains. It makes sense to sell cyber security solutions!
Cyber crime is a HUGE problem that is not clearly understood by the market today. I believe the cyber crime issue will mirror the Y2K scenario. It will be ignored until it cannot be, and then an avalanche of need will hit the market all at once. Security integrators that address this opportunity today will reap the benefits. Those that don’t will miss a major market.