Now's the Time to Make Cyber Crime Pay for their Crimes

Our security partners Sophos have recently announced their intention to float on the London Stock Exchange, targeting a valuation of £1bn. The company has transformed itself from being the brainchild of two Oxford graduates in 1985, into a global operation; including a 10% rise in turnover from 2013 – 2014.

We’ve been working closely with Sophos for many years, and found them to be an energetic, engaging company with a fantastic product line. They have had a few unsuccessful attempts to float on previous occasions. So why is this time different?

Put very simply, it’s a very good time to look at investing your hard earned cash into an IT security company. Sophos’ own Chief Executive recently said, “You can’t open any publication at the moment without reading about a cyber-attack or breach – it’s the number one priority for every IT executive.”

The amount and significance of recent high profile attacks has resulted in a real transformation in many business’ mindsets. It’s less “We’ll keep motoring along until something happens,” and more, “Something will happen unless we do something about it.”

On the vendor side, as TechMarketView says, “All too often UK tech companies are criticised for being parochial, lacking global ambition and incapable of ‘scaling up’.” I don’t think I could ever accuse Sophos of being parochial, but their timing couldn’t be better.

When I look back to my early days with Adidas, we talked a lot about ‘risk’ to the business at board level, but IT Security was never really on the agenda. It was more about threats to our brand reputation, and market share.

I suppose we had the belief that as long as we had a firewall, we’d be fine. Plus, at a user level we didn’t have anything like the amount of IT systems which even the smallest business can have access to today. I can remember a time when I ran my own business – my ledger was handwritten in a Collins accounts book! (And now I’m feeling my age!)

The truth is that today’s computing environments extend far beyond the reach of any firewall. We’re mobile, we’re using IT for pretty much everything, and we’re processing huge amounts of data. Data that hackers want, and can get a lot of money for. Hacking is now more profitable than the drug trade.

Yet it’s been that way for a number of years. So why is Sophos’ floatation news this month so significant? (The Register’s headline was, “Could this be the UK’s biggest floatation yet?”)

Well, America are eating security start-ups for breakfast. In their article, “Investors Flock to Cyber Security Start-ups’ the Financial Times listed three companies of note who had recently gained venture capitalist funding, including Shape Security (who raised $40m) – a business set up to prevent automated website attacks.

Shape Security acknowledged that cyber criminals tend to change their patterns a lot, and so their tool (the ‘Shapeshifter’) works by changing a website’s code on a constant basis, keeping the attacker guessing. A ‘botwall’ is how they describe it.

US investment in security firms has soared, whilst in the UK we’re taking more of a cautious approach. Take this quote from Ashley Owen, head of investment at AES International (from thisismoney.co.uk):

“As with any investment theme, if you get involved at the start you are more likely to benefit from high growth rates. So while we wouldn’t recommend savers go out and buy shares in cyber security start-ups, looking for well-managed funds with exposure to this burgeoning theme would be sensible.’”

Typically British – following not leading!

Could Sophos’s floatation be the catalyst needed to get the UK to invest more in protecting their businesses from cyber-crime?

Things look to be heading that way. And if our IT systems look complicated now (and therefore more difficult to protect), it’s nowhere near how complicated they’re going to look when the Internet of Things starts to become more popular in the next few years.

Cyber-crime started to escalate dramatically when the internet became common in most businesses. And that was just when we used it for things like email and websites. Now its watches, security cameras, kettles, even children’s dolls.

The more we connect, the more the chances we are giving the hackers. There are a lot of benefits and opportunities to the Internet of Things trend which will make our lives easier. But if we don’t handle them in a controlled way, or are ignorant of the fact that these can provide multipe and potentially unprotected entry points, then that puts us in a very vulnerable position.

Thanks to the state of play, IT Security should no longer be sitting ring-fenced in the IT department, off the table at board discussions when looking at risk to the business.

It should be the top priority, and if it’s not, it needs to be. According to Forbes, “Organisations must be willing to integrate security into every aspect of operations in order to better address the complexity of today’s cyber threats.”

Sophos’ floatation news seems to be an indicator on the UK changing its mindset about IT Security.

And not a second too soon.