Over the last six weeks, I had strategic discussions and meetings with four separate companies across the security market about establishing a cyber consulting practice. In New York, I met the former police commissioner of three major U.S. cities, now the chairman of the board for a $1.5 billion firm specializing in digital forensic investigations. I also met with a global risk consultancy based in the United Kingdom providing strategic security advice to senior executives across various industries. I chatted with a huge defense contractor making cyber acquisitions to complement existing physical security deployments at border crossings and international ports. Lastly, I spoke with a security integrator operating as a division within a larger defense firm, interested in selling cyber solutions to the commercial market.
What do these firms, ranging from $20 billion to $100 million in annual revenues, have in common? A clear view of the future. They understand that cyber crime and espionage is a threat to our national security and impacts both enterprises and small, medium businesses (SMB).
Gen. Keith Alexander, director of The National Security Agency (NSA) and head of U.S. Cyber Command, called cyber crime “the greatest transfer of wealth in history.”
Gen. Alexander went on to state, “Symantec placed the cost of IP theft to United States companies at $250 billion a year, global cybercrime at $114 billion annually ($388 billion when you factor in downtime), and McAfee estimates that $1 trillion was spent globally under remediation.”
That’s our future disappearing in front of us. So, let me put this (threat) in context, if I could. We’re going mobile, but we’re not secure. Tremendous vulnerabilities exist. Our companies use these devices, our kids, we all use these devices, and they’re not secure. Given the state of the economy, where else in the security industry do you see a golden opportunity like cyber?
Cyber crime and espionage is international, and represents a huge problem of scale and scope. However, integrators can address the issue by solving small and manageable problems in their customer base. Everyone has a vulnerable mobile device; the issue is education and protection. Hackers are focusing effort on penetrating these platforms, especially iPads, readers, and phones. Simply deploying security measures in this threat vector can pay big dividends.
There are numerous providers of mobile security tools looking for partners to go to market (Google “mobile malware vendors”). Why not start in this space to educate — through consulting services — and protect your clients?
Cyber security tends to conjure up images of overly complex network diagrams and packet diagnostics. However, in this example it’s user education and device security. The problem exists in your client base today. Find a partner and address it for everyone’s sake. Security is security. Integrators secure the physical perimeter with video surveillance and access controls to protect property. Why not add a layer of security at the mobile device?
Many of these handhelds already download video surveillance from the central monitoring station. Eventually, these command centers will converge physical and cyber security solutions into a centralized system. Keystroke monitoring software will alert on unusual (anomaly) machine behavior, such as a download of secure information to a thumb drive, triggering a video camera on a laptop or in a hallway, and deploy a G.P.S. location to a handheld device for a guard response.
This is all a matter of integrating software, networks, and databases. We will monitor at risk employees internally, and third party vendors/contractors in geographic areas of concern within our global supply chains. Mobile device security is a simple starting point, but cyber security solutions can expand to meet your support capabilities and business plan. Get an early start. The cyber gold rush has arrived. Are you ready?