Cyber Security is Everyone’s Concern
18 Jul, 2016
An explosion of cyber security companies clamoring for workforce as cyber threats are becoming harder to detect and avoid
By David Hodes
Cyber security is one of the fastest growing industries in the country, quickly turning into a top priority for all users — military and commerce, large and small — as more and more operational assets are migrated to the cloud and more hackers are compromising operations.
The global cyber security market is valued at $75 billion now, and projected to grow to $170 billion by 2020, according to a study by Gartner Inc., an IT analyst company based in Stamford, Connecticut.
Yong-Gon Chon, CEO of Tampa-based Cyber Risk Management Companies, a consortium of cyber security management companies, says that the industry trend in cyber security has been focused on threat hunting, trying to identify the enemy and isolate where that individual or group of “actors” are in order to stop their behavior. “It’s complicated by the fact that we have laws in place that really only allow us to play defense,” Chon says.
“The analogy in football is that we are actually playing prevent defense, and prevent defense only prevents you from winning,” he says. “That is indicative of the industry today. There is no ability to actually defend yourself and hack back. So the threats that do us harm have all of the time in the world without us playing offense.”
He recounted the hacking of MedStar in Washington, D.C., a $5 billion health care institution operating 10 hospitals and more than 250 outpatient medical centers. It was reportedly attacked by a ransomware virus where perpetrators demanded payment in bitcoin to release files it had taken from hacked computers.
In the MedStar attack, cyber hackers targeted the “soft” points of the organization, Chon says. “Attacking areas of an organization where users are not tech savvy can happen in a finance organization, or an HR organization or maybe even a group of doctors that are going to click on a link and don’t understand that there could be something out there that could harm them,” he says. “The threats themselves are invisible and ultimately your data is invisible. Your data is not going to burn you like a hot cup of coffee until its already been stolen or infiltrated or published for the world to see or even ransomed against you.”
Trends to understand
Chon says that there are three cyber security trends to understand: workforce development to find cyber security professionals, information sharing and collaboration, and threat intelligence and situational awareness.
Organizations and businesses need to understand that their customers or clients will never want to be blind to the next attack, he says. “So you are going to see a general trend of improving situational awareness, and improve the ability to identify when there are anomalies on computer networks,” he says.
Everyone needs to be engaged
There needs to be a convergence or cross functional area of responsibility within an organization to deal with data breach issues, Chon says. “So no longer will it be just a CIO or chief security officer responsibility, but you will also see a general counsel be more proactively engaged, as well as corporate compliance people as well as CEOs.
“You will see the entire executive level being much more accountable for protecting the organization’s assets. Organizations have to make it a cultural priority. It’s a business problem that is pervasive through every single person in the organization that clicks a link that they shouldn’t have.”
Some of the strongest economic development activity related to cyber security is happening in three areas of the country: the Washington D.C. area, Silicon Valley and Florida.
There is a huge health care industry in Florida, which means managing millions of patient records that are all electronic now. “The hospitals and health care institutions have really struggled with keeping up on their cyber efforts,” Molly Egloff, manager of business development for Enterprise Florida, says.
The state also has some of the biggest defense contractors in the country – Raytheon, Boeing, Northrop Grumman and General Dynamics, just to name a few – making cyber security a big business here as these high-tech companies seek to protect more of their data and stay ahead of hackers.
The state is one of the top five locations for domestic data centers as well. It has a large fiber network, which was recently mapped out, and includes two international fiber lines (in Miami and Jacksonville). “We are very well connected,” Egloff says. “So the cyber security companies can come here and plug in very quickly.”
Andrea Moore, regional manager of international trade development for Enterprise Florida, says that most of the cyber security companies in the state are small shops with ten full-time employees. “What most of them have in common is that they don’t want to be trailblazers,” Moore says. “They want to look at the existing business density and the existing support infrastructure in terms of fiber and power redundancy,” she says.
Cyber security companies also keep an eye on workforce development, which has been an ongoing concern for years and one that is being addressed in academia such as University of Central Florida, where students can study cyber security towards getting their masters of digital forensics degree. “We also have a lot of military installations close to each other, and a lot of those exiting military people are looking for a secondary career,” Moore says.
The biggest user of cyber security in the Osceola County, Florida area, which is part of the Orlando MSA, is Walt Disney World, according to Bill Martin, president of the Greater Osceola Partnership for Economic Prosperity (GOPEP). “Think about that for a minute,” he says. “Disney World stores and has access to the personal information of millions of visitors each year, along with the data infrastructure needed to run rides and customer service operations. They probably have the most sophisticated IT and cyber security operations in the world.”
Other big players include software developer Oracle, with two locations in the Orlando area; Science Applications International Corporation (SAIC), a technology integrator in technical, engineering, intelligence, and enterprise information technology; and Deloitte and Touche, one of the world’s largest accounting firms that opened a new tech center in Lake Mary, Florida, in late 2015.
Martin says that the school system in Osceola has also introduced science, technology, engineering and math (STEM) curriculum into elementary, middle and high schools. “We are also building a $75 million STEM school,” he says.
Valencia College in the city just opened a 17,000-square-foot advanced manufacturing education and training center. “So the idea is to start young and fill that workforce pipeline so that they are ready when opportunities are here,” he says.
Another emerging cyber hub
That is exactly what is happening in San Antonio, according to Tom Long, executive vice president of business recruitment for the San Antonio Economic Development Foundation (SAEDF).
He says the SAEDF is working on growing talent in the city of young, motivated individuals. They worked recently with root 9B, a top-rated cyber security training and cyber security provider headquartered in Colorado Springs that does cyber security training for both the military and private sector. “What we are trying to do here is work with our existing cyber security companies and workforce here to position San Antonio as a hub for cyber security in the U.S.,” he says.
San Antonio is home to the second largest cyber security eco system in the U.S., he says, with nearly 100 IT and cyber security-related companies. The Air Force Cyber Command, at Lackland Air Force Base, and the National Security Agency (NSA), both have a presence in the city. In fact, there are four NSA Centers of Excellence in San Antonio. “We have the talent, the education, the incubator space that these folks need to start up and be operational here,” Long says. “We got the foundation put in place.
“Cyber security touches so many different areas that it’s more than just people looking for threats,” he says. “It’s mission critical to corporate success these days.”
The demand for better trained cyber security experts is growing every day, because the cat-and-mouse game between data owners and data stealers is getting more and more harmful to industries across the world. “When you are dealing with a faceless threat as you do in the cyber world, you don’t necessarily know who is operating it and with what anonymous handle,” Chon says. “With this function of anonymity, it makes it very easy to operate in a nefarious manner because you cannot arrest what you cannot see.”
For complete details about the organizations and people featured in this article, visit: