What we look for when sourcing investments
Last year was huge for the cybersecurity market, fueled by increasing incidents of cyberattacks, especially ransomware that disrupted services and held businesses hostage.
The numbers are striking: According to a recent report from investment bank Momentum Cyber, investments in the space have more than doubled from the previous year to $29.3 billion. In fact, two recent rounds of funding, in November and February, have exceeded $1 billion. A record 286 mergers and acquisitions, worth $77.5 billion, were closed, 14 of which were over $1 billion each. This year starts promisingly with Google’s $5.4 billion acquisition of Mandiant in March.
The market is responding to the changing threat landscape. As new types of attacks emerge, security vendors respond with new tools in what has become a cat-and-mouse game. These dynamics have driven the market for decades, but things are getting more tense as the stakes mount with hits on critical infrastructure and the US backing Ukraine in the Russian invasion.
One area of security that has received a lot of attention lately is operational technology.
Many attacks last year targeted businesses providing basic necessities, and consumers felt the pain. In February 2021, someone gained unauthorized access to the water treatment system in Oldsmar, Florida, and tried unsuccessfully to add more lye to the water supply.
And last May, drivers on the East Coast panicked when they couldn’t get gas after a ransomware attack disrupted Colonial Pipeline’s distribution network. That month, a ransomware attack on Brazilian meat supplier JBS caused beef shortages in South America, North America and Australia. JBS ended up paying $11 million in ransom.
The transportation sector has also been hit hard in recent years, with an 186% increase in weekly attacks from 2020 to 2021 and a 900% increase in maritime attacks since 2017. Recent incidents include attacks on the New York Metropolitan Transportation Authority and the CSX Class I freight railway.
Critical Infrastructure Attacks and Regulations
All of these attacks on critical sectors have led to a slew of federal action plans and regulations affecting the water sector, pipeline operators and other critical industries.
In one example, the Department of Homeland Security’s industry-specific transportation systems plan identifies a number of heightened risks, including cyber and legacy equipment, in guiding the industry’s efforts to strengthen infrastructure security and resilience.
As Russian attacks on Ukraine have intensified, the US government is increasingly concerned that Russia is carrying out cyber attacks on US companies, especially critical infrastructure. On March 15, President Joe Biden signed the Cyber Incident Reporting Act, which requires critical infrastructure providers to report cyber attacks to the Cybersecurity and Infrastructure Security Agency within 72 hours and payments for ransomware within 24 hours.
Then on March 21, the president reiterated previous warnings, citing “evolving information that the Russian government is exploring options for potential cyberattacks”.
Subsequently, on March 24, the US Justice Department denied the charges, accusing four Russians working for the Russian government of hacking operational technology (OT) from companies in the energy sector around the world for six years.
Old equipment in a modern world
For decades, cybercriminals focused on stealing information that could help them monetize, but now that OT environments are increasingly connected to the Internet, attackers try to shut down the infrastructure and carry out cyber-physical attacks, such as in Oldsmar.
The advent of ransomware and targeted attacks on critical infrastructure have changed the game and put operational technology security in the spotlight. Ultimately, OT security is a matter of national security.