From: The Hill’s Congress Blog
By Brian E. Finch
The recent theft of approximately $45 million from ATMs across the globe made for a series of splashy, cringe-inducing headlines. The thought that a network of criminals could maneuver their way through sophisticated security programs to quickly syphon tens of millions of dollars out of bank accounts has prompted more than a few people to sneak a look at their checking account to make sure it is all there.
Fortunately, committing a crime that requires you to go to dozens of ATMs in a short time span is going to give law enforcement officials a pretty good idea of who you are. On top of that, the decision of those same criminals to spend their newfound fortune wildly – not to mention document it on social media – means that they (a) were not exactly criminal masterminds and (b) never watched “Goodfellas”, where similar behavior of those involved the large robberies earned them a one-way trip into a freezer truck.
The high-profile nature of this attack, however, is an excellent illustration of how much damage a determined cyber attacker can do with a little knowledge. The $45 million ATM hack was not the first big cyber attack, and it surely will not be the last.
Similar news stories about cyber attacks abound, and there is an emerging consensus that the federal government is going to keep funding for cybersecurity products and services steady or even increase it despite other massive cuts. Investors have taken note, and have been pouring dollars into cybersecurity companies. According to the National Venture Capital Association, venture capitalists alone invested $1 billion in cybersecurity startups in 2012.
Investors – especially institutional investors – as well as market analysts, need to start thinking bigger about cybersecurity. Specifically, they cannot focus solely on companies offering cybersecurity solutions. They also need to look at what companies are doing to protect themselves from cyber threats.
The real cyber dangers we face are not ATM hacks, but the theft of intellectual property, trade secrets, and other valuable business information, along with the potential use of cyber tools to disrupt or destroy data and physical assets. Such attacks are growing exponentially as cyber criminals and state-level actors have figured out that the money isn’t in cash, but in valuable business information that can quietly be stolen and then used at their leisure.
So, what does that mean for the investment community? Put simply, start asking questions – lots of questions – about a company’s cybersecurity posture, especially if part of the investment calculation is based on whether the company has some sort of “secret sauce.”
Leave a Reply