Data/Cyber

Cyber security M&A climbs as attacks increase

BY Richard Summerfield

Cyber security M&A is on the rise, as a result of the increasing number of successful, high-profile cyber attacks, the continued digitalisation of businesses and the proliferation of new regulations, such as the European Union’s General Data Protection Regulation (GDPR), according to Hampleton Partners’ 2018 Cybersecurity M&A Market Report.

“Hacking is the newest form of warfare against businesses as well as nation states. The average cost of a single data breach is now € 3 million, up by six percent in a year, plus the reputational damage which can be catastrophic,” said Henrik Jeberg, a director at Hampleton Partners. “Given the increasing market demand for cybersecurity solutions due to regulation, digitisation, high profile hacks and new technologies requiring security, we are not surprised to see a highly active M&A market for cybersecurity assets at high valuations. I expect cybersecurity to remain a hot topic in M&A, even if we go into a period of more volatile financial markets.”

There have been a number of notable M&A deals in the tech space this year, particularly in H2. The report identifies the identity and access management subsector as one of the most notable areas of activity. The space saw a number of large deals, including acquisitions by Verimatrix and Cisco.

The private equity (PE) industry has also become an active participant in the cyber security market. Indeed, PE investors have become top bidders for a number of large cyber security assets. Thoma Bravo, TPG Capital, Francesco Partners and Vista Equity Partners have all increased their investments in the cyber security space this year.

The importance of cyber security is becoming increasingly evident, particularly as the average cost of a cyber breach continues to rise. In 2017, the average cost of a single data breach rose 6 percent to €3m per breach. Moving forward, it seems likely that the cyber security space will remain a key target for acquirers in the months ahead.

Report: 2018 Cybersecurity M&A Market Report

The evolving threat

BY Richard Summerfield

While cyber security threats are gaining in exposure and media coverage, many companies remain unprepared for a breach — a fact which is particularly worrying when one considers that cyber attackers are gaining vastly greater scale through new techniques, such as killchain compression and attack automation, according to Alert Logic’s ‘Critical Watch Report: The State of Threat Detection 2018’.

The report, which was completed following the analysis of more than 1 billion security anomalies, 7 million events and over 250,000 verified incidents, found that the traditional killchain has evolved. Today, 88 percent of killchain attacks are gaining efficiency and speed by combining what was formerly identified as the first five phases of such an attack — recon, weaponisation, delivery, exploitation and installation — into a single action. As a result, the new killchain is capable of creating near-instantaneous attacks that bypass many established security practices.

Automation has also emerged as an important and effective tool for cyber criminals who are able to launch random and recursive attacks which force organisations to alter the ways they asses risk. Cryptojacking has also become a major concern for organisations. Eighty-eight percent of recent WebLogic attacks were cryptojacking attempts. Worryingly, as cryptojacking attacks are highly automated and hit small, medium and enterprise-sized organisations indiscriminately and at similar rates, industry and size may no longer be reliable predictors of threat risk.

The report also found that web application attacks remain the most frequent and dominant type, with SQL injection attempts comprising 43 percent of all attacks observed.

“It’s no secret that attackers push the envelope and innovate attacks to abuse weaknesses anywhere they find them—in cloud and hybrid deployments, containerised environments, and on-premises systems,” said Rohit Dhamankar, vice president of Threat Intelligence Products at Alert Logic. “What is troublesome is the use of force-multipliers like automation to scale attacks for increased financial gain. This report demonstrates that attackers are gaining increasing sophistication in their ability to weaponise trusted techniques to exploit common vulnerabilities and misconfigurations for purposes such as cryptomining.”

Report: Critical Watch Report: State of Threat Detection 2018

UK C-suite cyber confidence concerns

BY Richard Summerfield

Despite recent growth in the number of recorded data breaches, senior management at a number of UK companies believe that their cyber security provisions are above average – a sign that some UK firms may be overconfident in their defences, according to the ‘United Kingdom – Views from the C-Suite Survey 2018’ report released by FICO.

Executives at three out of four UK firms believe that their company is better prepared than its competitors. Among UK industries, financial services firms were the most confident of all, with 55 percent of respondents saying their organisation is a top performer, and 41 believe that their defences are above average. Forty-two percent of telecommunications providers believe that their firm is a top performer. The least confident executives were in the retail and e-commerce sectors, with 38 percent of respondents saying that their firm is a top performer, and only 19 percent rating it as above average.

This overconfidence among UK executives is particularly jarring as only 36 percent of organisations are carrying out regular cyber security risk assessments.

“These numbers suggest that many firms just don’t understand how they compare to their competitors, and that could lead to a lack of investment,” said Steve Hadaway, FICO’s general manager for Europe, the Middle East and Africa.

The UK is not alone in its overconfidence, however. Firms from all eight jurisdictions surveyed, including the US, believe they are well placed to resist a cyber attack. Canadians were more likely to rate their firm a top performer for cyber security.

Ovum conducted the survey for FICO through telephone interviews with 500 senior executives, mostly from the IT function, in businesses from the UK, the US, Canada, Brazil, Mexico, Germany, India, Finland, Norway, Sweden and South Africa. Respondents represented firms in the financial services, telecommunications, retail and e-commerce and power and utilities sectors.

“IT leaders have greater funding than ever to protect organisations from the continuously evolving threat landscape and meet complex compliance demands,” said Maxine Holt, research director at Ovum. “These same IT leaders are undoubtedly keen to believe that the money being spent provides their organisation with a better security posture than any other – but the rapid pace of investment, often in point solutions, rarely takes an organisation-wide view of security.”

Report: United Kingdom – Views from the C-Suite Survey 2018

Coin-mining malware multiplies

BY Richard Summerfield

The types of malware utilised by cyber criminals grew by 629 percent in the first quarter of 2018, according to the McAfee Labs Threat Report: June 2018.

‘Cryptojacking’ and other forms of cryptocurrency mining experienced remarkable growth, climbing from around 400,000 total known samples in Q4 2017 to more than 2.9 million in Q1 2018.

“Cybercriminals will gravitate to criminal activity that maximises their profit,” said Steve Grobman, chief technology officer at McAfee. “In recent quarters we have seen a shift to ransomware from data-theft, as ransomware is a more efficient crime. With the rise in value of cryptocurrencies, the market forces are driving criminals to crypto-jacking and the theft of cryptocurrency. Cybercrime is a business, and market forces will continue to shape where adversaries focus their efforts."

Furthermore, on average, McAfee detected five new malware samples per second, down from eight per second recorded in Q4 2017.

 “There were new revelations this quarter concerning complex nation-state cyber-attack campaigns targeting users and enterprise systems worldwide,” said Raj Samani, chief scientist at McAfee. “Bad actors demonstrated a remarkable level of technical agility and innovation in tools and tactics. Criminals continued to adopt cryptocurrency mining to easily monetise their criminal activity.”

McAfee recorded 313 publicly disclosed security incidents in Q1 2018, a 41 percent increase over Q4 2017. One of the most frequently targeted industries was healthcare, which saw a 47 percent increase in recorded incidents. Cyber criminals targeted the sector with the SAMSA ransomware.

Education and finance also recorded increases of 40 percent and 39 percent respectively. Ransomware was frequently deployed against schools. In total, there were 313 publically disclosed security incidents in Q1, a 41 percent increase on the previous quarter.

According to McAfee, cryptocurrency mining campaigns may overtake the use of ransomware in the future, as it is as simpler and less risky form of cyber crime. Sophisticated Bitcoin-stealing phishing campaigns, such as ‘HaoBao’, which was launched by the Lazarus cyber crime ring, may become more commonplace, targeting global financial organisations and Bitcoin users.

Mobile malware has seen significant growth of late. Total known malware samples grew 42 percent over the last four quarters. Malware has also grown; the total number of malware samples grew 37 percent over the past four quarters to more than 734 million samples.

In January, McAfee reported an attack targeting organisations involved in the Winter Olympics in South Korea. The attack was executed using a malicious Word attachment containing a hidden PowerShell implant script. The script was embedded within an image file and executed from a remote server. The attack, dubbed ‘Gold Dragon’, involved a fileless implant which encrypted stolen data and sent the data to the attackers’ command and control servers. The implant then performed reconnaissance functions, monitoring the use of anti-malware solutions in order to evade them.

Report: McAfee Labs Threat Report: June 2018

DHS unveils new cyber security strategy

BY Richard Summerfield

This week the US Department of Homeland Security unveiled a new national strategy for addressing the growing threat of cyber security risks.

According to the report, by 2020 more than 20 billion devices are expected to be connected to the internet, and a result of this growth and the increasing variety of these devices, a new approach to cyber security is required. The new strategy was released in compliance with the fiscal 2017 National Defence Authorisation Act, the DHS noted, and has been designed to prioritise and harmonise the department’s programming, planning, operational and budgeting efforts.

The DHS, which is responsible for securing federal networks and critical infrastructure from cyber sabotage, has identified five key areas of risk, or ‘pillars’, that it hopes to manage though the strategy, including risk identification, vulnerability reduction, consequence mitigation, enablement of cyber outcomes and threat reduction. These risk areas are particularly noteworthy given the evolution of cyber criminality in recent years. In particular, the strategy refers to the breadth of attempted cyber attacks on US government networks, which increased more than tenfold between 2006 and 2015.

Homeland Security secretary Kirstjen Nielsen said: “The cyber threat landscape is shifting in real-time, and we have reached a historic turning point. Digital security is now converging with personal and physical security, and it is clear that our cyber adversaries can now threaten the very fabric of our republic itself. That is why DHS is rethinking its approach by adopting a more comprehensive cybersecurity strategy. In an age of brand-name breaches, we must think beyond the defence of specific assets — and confront systemic risks that affect everyone from tech giants to homeowners. Our strategy outlines how DHS will leverage its unique capabilities on the digital battlefield to defend American networks and get ahead of emerging cyber threats.”

The announcement of the new strategy came on the same day that the White House removed the cybersecurity coordinator position from the National Security Council (NSC), as it felt that the role was no longer necessary.

NSC spokesman Robert Palladino said: “The National Security Council’s cyber office already has two very capable Senior Directors. Moving forward, these Senior Directors will coordinate cyber matters and policy. As they sit six feet apart from one another, they will be able to coordinate in real time. Today’s actions continue an effort to empower National Security Council Senior Directors. Streamlining management will improve efficiency, reduce bureaucracy and increase accountability.”

Report: US Department Of Homeland Security Cybersecurity Strategy

©2001-2019 Financier Worldwide Ltd. All rights reserved.