Cybersecurity Concerns Lead to Research and Investment, Business and Industry Trends Analysis

One of the fastest growing segments in the technology world is cybersecurity.  Hacking, phishing, online fraud and threats to national security and vital infrastructure are real concerns that are attracting some of the best minds and smartest investors in the world.  Some of the hottest companies in this field include Palo Alto Networks, Inc.; FireEye, Inc.; Check Point Software Technologies, Ltd.; Proofpoint, Inc.; and Fortinet, Inc.

Giant enterprises such as government agencies, banks, airlines, electric utilities and manufacturing firms are all prime prospects for the sale of security products and services.  At the same time, however, small businesses and individual consumers are equally concerned about protecting their digital assets and online activities.  Major segments of the cybersecurity industry include mobile security (smartphones, tablets, mobile apps, mobile workers), network security (data networks, intranets, the Internet), cloud and virtual server security, enterprise (large organizations), intellectual property protection, financial transaction security and consumer identity protection.

Governments are not only purchasing firewalls, security services and security software from commercial vendors, they are also investing heavily in their own research, development and employee training.  In the U.S., for example, agencies including Homeland Security, the CIA, the FBI and DARPA (the Defense Advanced Research Projects Agency) are all heavily involved and investing in cybersecurity projects, including intrusion detection and prevention.  Analysts at Gartner estimated the global information security market at $76.9 billion for 2015.

Any computer user who surfs the Internet or sends and/or receives e-mail is vulnerable to viruses, worms, Trojan horses and unwanted other unwanted malware intrusions such as spyware.  Along with access to a plethora of information, the Internet brings with it exposure to harmful code written by hackers, or code that is not intended to be harmful but may perform unwanted actions without the users’ knowledge or consent.

In early 2015, President Obama announced the establishment of a new federal office as a boost to efforts to restrain hacking, corporate data theft and consumer information.  The Cyber Threat Intelligence Integration Center is intended to make security efforts more collaborative and efficient.  It will aggregate information regarding threats, cures and best practices from such agencies as the CIA, the FBI and the National Security Agency.

Malicious programs (“malware”) such as viruses, worms and Trojan horses are written to damage computers or the information residing on them.  A virus is code that spreads from computer to computer by e-mail or by shared files.  Some Internet links and pages are embedded with malware or viruses, and files ending with the .zip or .rar extension that have been attached to emails are notorious carriers of viruses and other problems.

Unfortunately, many types of malware have been developed that attack mobile devices, especially smartphones.  Apps are a common method used by hackers to attack smartphones and tablets.

Anti-virus software such as the Norton brand made by Symantec and the products made by McAfee scan computer files for known viruses and unwanted programs.  When files are found, they are isolated and disabled.  There are many kinds of different protection programs designed to safeguard everything from single desktops to enterprise-level networks.  The companies that make the software are constantly updating their products to be able to detect more of the latest threats.  Many firms offer extremely sophisticated anti-virus, anti-hacker security products, which may include both software and hardware, aimed at corporate and government clients.  These manufacturers include IBM, Trend Micro and EMC.

Firewalls are hardware or hardware/software combination barriers to unauthorized users.  They protect systems from attack, track potential threats and scan all incoming and outgoing data for problems, alerting users when anything suspicious is found.

Many Internet developers and researchers have been working on Secure DNS (or DNSSEC, short for DNS Security Extensions).  It is a suite of specifications for securing data provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks.  Based on specifications by the Internet Engineering Task Force (IETF), it provides origin authentication of DNS data and data integrity.  A group of network and software engineers have deployed a security system housed in three data centers located in Singapore, Zurich and San Jose, California in the U.S.  The three locations are heavily secured structures with five layers of physical, electronic and cryptographic security.  Secure DNS could even render passwords and other measures obsolete by verifying and authenticating user credentials.  Secure DNS is backed by a number of world governments, the Internet Corporation for Assigned Names and Numbers (ICANN) and corporate Internet firms such as Verisign. 

Any time an Internet browser, such as Google Chrome, is used to access an Internet address or network address, a technology called DNS is used to direct the browser to the correct Internet address.  The danger lies in accessing a DNS that has been hacked or modified in a way that can introduce malware or direct the user to a rogue Internet site.  The more that a user is likely to be asked for critical information by the site, such as bank account information, the higher the potential abuse.  Industry standards have been developed and accepted for DNS Security Extensions, called DNSSEC for short.  Such systems provide a higher level of security, where a user’s Internet browser can ascertain that the web site or network address you are opening is correct, secure and unmodified.