Recently, the Ocean Tomo Cybersecurity Report was front and center in an interview on the Peggy Smedley Show. During the podcast interview, we were able to dissect a variety of important topics related to industry trends, dynamic threats, capital markets, and intellectual property (IP) in the cybersecurity industry. More specifically, our discussion covered:
- Paradigm shifts in a post-COVID environment & how rising tensions between foreign nations have increased the threat surface for governments and ordinary citizens alike
- Trade secrets’ vulnerability to cyberattacks and the risks associated
- The dynamic relationship between Cybercriminals and Cybersecurity firms
- Ransomware
- The recent influx of related Intellectual Property litigation
- Industry partnerships
- Hardships that private equity firms and strategic acquirers face during the due diligence process with cybersecurity targets
You can hear our full conversation around these topics by listening to the whole episode of The Peggy Smedley Show here.
One topic we did not cover in the episode, however, is that of increased competition from non-traditional cybersecurity firms. From small start-ups to the largest corporate and government entities, the industry has experienced investments across the board in both hardware and software. Over the past four years alone, cyber-related patents have doubled. Non-traditional cybersecurity firms are transitioning and now have competing interests.
For example, IBM has built one of the world’s largest cyber patent portfolios and is an active participant in the race to create useful cybersecurity IP. They are unique for their role as an unorthodox competitor and an untraditional cybersecurity firm. Yet, they are investing heavily in research and development to not only gain a large footprint in a lucrative market, but also to help protect their own business from cyber threats through creations of their own cybersecurity solutions. As one of the largest players in the broad IP market, the resources IBM has deployed toward Cybersecurity innovation also show vital signs for harmonization within the cybersecurity market.
Relative to other industries, cybersecurity is a young and constantly evolving industry where licensing culture hasn’t gained solid traction. The market is composed of thousands of cybersecurity vendors and more than 60 open-source software security platforms. The industry’s exponential growth in market size, aggressive entrants, and open-source software models has diluted opportunity and created high barriers to entry. Established cybersecurity firms seek to impair these growth drivers using IP.
Additionally, the impact of geopolitics on cybersecurity is another topic we did not discuss during the podcast interview but is one of growing concern. The concept of executing a cyber-attack in response to geopolitical events is not new. The implied connection between malicious cyber actors and geopolitical events will be studied for years to come. Future use of cyber vulnerabilities as an attack vector presents a real and present danger. We have seen ransomware attacks against hospitals and infrastructure elements, including power and water. It is not out of the realm of possibility that successful attacks such as these could be easily converted from their current purposeful intent of extortion for financial gain, to malicious destruction of the enterprise being attacked.
In the cybersecurity landscape, malicious actors only have to be right once, while cybersecurity professionals have to get it right consistently. Malicious actors do not play by the same rules, putting cybersecurity professionals at a persistent disadvantage in the back-and-forth struggle of attack and defend.
When thinking about how we change this equation, there are many potential areas of consideration, but it can be done. It is critical to continue to innovate, advance, and improve technology if we are to lead in the future. However, security has often not been included early in the development process. Although it can be slow to adopt at times, transition is occurring where security is incorporated earlier into the development lifecycle. This movement to enhance development is an important element of success in the future.
Large corporations and government entities looking to establish a robust Cybersecurity framework must proactively plan, prepare, prioritize, establish accountability, and lead proactively instead of follow. We have seen that a holistic focus on cybersecurity, prioritized within the organization and led from the top down, will build a culture of willing participation and investment.