Mobile Cyber Security War: We are All on the Frontlines
Lots of Room for Innovation on Security. M&A Pros: Here’s What to Watch!
What’s an important sector to keep an eye on in terms of M&A? Mobile Security. Mobile devices face at least four threats: Fraud (stealing $$), data theft, and probing and nuisance attacks. There’s room for innovation on everything from voice encryption, payment card processing, digital rights management, user authentication, application testing, and network monitoring to forensic triage, malware prevention, and more. Brent Lorenz, McLean VP, explains.
Last fall, Cyber Security Finance Forum attendees in Washington, DC, received quite a wakeup call as national authorities on Cyber Security addressed the challenges we face. Retired Navy Rear Admiral Jay Cohen, a former DHS under the Secretary for Science and Technology, warned his audience, “For the first time we are at war, and everyone is on the frontline.”Â
Throughout the forum, attendees and presenters shared accounts of hackers and identity thieves targeting small businesses, individuals and large companies alike, because all too many of them presented “soft targets.” In one case, hackers gained access to the bank records of a small industrial business in Maine and used the information they gathered to wire $25,000 to an account in Russia.Â
Even as individuals and small businesses are becoming the new frontline in the cyber security war, our rapidly accelerating adoption of the cloud, tablets, smartphones, and other networked mobile electronics make us increasingly more vulnerable. Potential threats become infinite as data and software, continuing their migration to the cloud, are accessed by mobile devices. At the same time, unprecedented opportunities arise for technology firms that can counter cyber security threats.
Typically, cyber security threats operate on one (or more) of four fronts:
- Fraud (stealing money)
- Data theft in support of industrial or state-sponsored espionage (or simply to embarrass the target)
- Probing attacks seeking to identify vulnerabilities to be exploited in future larger attacks, but without harming anything (yet)
- Nuisance attacks launched to deny service, or to shut down a service or business on the basis of philosophical or political disparity
Clearly, there is an enormous market opportunity for enterprise software that performs tasks ranging from intrusion detection and prevention, data backup and protection, malware identification, forensics and data recovery. But what of opportunities in the mobile electronics software space?
The trend is clear: applications and data are moving to the cloud to be accessed by tablets, smartphones, and other wireless devices. Too often, those mobile devices are the weak link in the chain, creating the most vulnerable path for corporate or personal data. In this Bring Your Own Device (BYOD) era, such devices are uncontrolled, enabling users to download new applications with a finger swipe.Â
There are many opportunities in the mobile electronics market for cyber security solutions. As with any requirement in the electronics space, these functions may be implemented in software, hardware, or a combination of both. The trade-off usually involves the flexibility of software versus the efficiency of offloading such key functions as encryption to a dedicated co-processor. This trade-off creates opportunities for companies providing software tools, middleware, or silicon intellectual property (IP).
Security requirements for mobile platforms include:
- Data encryption and authentication: How do I know my Facebook chat conversation is not being intercepted at Starbucks? How do I know that my Yahoo! e-mail password is not being passed in clear text?Â
- Payment card processing: How do I make sure my credit card number is not compromised when I make a purchase? How do I make sure that I don’t get improperly charged when using near field communications (NFC)?
- Voice encryption: How do I make sure my wireless or VoIP call is not intercepted? How does law enforcement ensure that it can be intercepted?
- Malware prevention: How do I know if my smartphone has malware and what do I do about it?
- Prevention of denial of service attacks: What happens when a critical mobile device is targeted by a packet flood attack?
- Digital Rights Management: How does Marvell Studios know if the copy of Avengers I am watching on my tablet is legit?
- Data protection and theft recovery: If my device is stolen, how do I prevent theft of my data and retain my data for my future use? How do I find my stolen device?Â
- Forensic triage: If law enforcement or intelligence agencies seize a device in an investigation, how do they determine quickly if actionable intelligence or illegal materials exist on the device?
- User authentication: How does my phone or tablet know that it’s really me?
- Spyware: How can companies be sure that Bob the deliveryman is really driving his truck instead of sitting at home? How do companies ensure that employees are not using company-provided equipment to access forbidden websites?
- Network monitoring and policy enforcement: How can I determine what wireless devices (mobile and WiFi) are in my office? How do I know whether they are approved or rogue? How do I identify and shut down those that are not approved?
- Application testing: How do we know for sure that the free Smash-The-Pig game’s latest update didn’t install malware?
The M&A outlook for companies in the cyber security market is very promising. Several of the Cyber Security Finance Forum’s speakers discussed the fiscal cliff, sequestration, and eventual defense spending cuts. But the overriding sentiment was that cyber security spending will not be cut and, in fact, will probably increase, causing more integrators and contractors to grow their businesses by acquiring expertise in the cyber security arena. This will trickle down into the mobile electronics space as well. We will continue to see chip and hardware companies buy security software and IP companies for one reason: they have to.
The McLean Group recently was named by Global Security Finance as one of the top 10 Financial Advisors (Investment Banks) for M&A transactions in the Cyber Security space. You can download the entire report here.  Reach Brent Lorenz as blorenz@mcleanllc.com.