Watching the (Digital) Detectives Rout Out Cyber Fraudsters
What do a car crash, a sexual harassment claim, and a food supply route have in common? They all leave data trails, and sometimes those trails need to be uncovered and analyzed for reasons ranging from effective prosecutions to creating more efficient processes.
Enter digital forensics, an already billion-dollar market that's growing fast. People with the technical ability to recover data from physical devices (or the cloud) or track it through an ever more complex series of networks will be in high demand, making the category a fixture on Inc.'s list of best industries of 2014.
Because we live in a digital world, there are many different ways to go with digital forensics. The big market opportunity lies in computer security, which is fast evolving from a system in which cyber-criminals are blocked (an increasingly fruitless approach) to one in which their data fingerprints are captured and analyzed in order to track them down.
Here are three companies that can give you a sense of the possibilities:
Malcovery Security, a startup that co-founder Gary Warner launched as a research project at the University of Alabama at Birmingham's Computer Forensics Research Laboratory, helps companies and law enforcement agencies spot the root sources of cyberattacks from email-based malware schemes. The company analyzes phishing and spam campaigns and malware attacks and provides businesses with actionable intelligence and information on who is attacking them, why, and what information is being compromised.
While at the university, Warner landed UPS and Facebook as corporate clients in 2006; as demand escalated he realized he needed to create a separate company to keep up, so he cofounded Malcovery in 2012. Now, with 22 employees, Malcovery boasts clients including the FBI, Bank of America, and Google.
Malcovery's Spam Data Mine, which is a collection of 500 million spam emails he started 10 years ago, has helped the FBI arrest 100 cybercriminals, Warner says. One of Warner's biggest claims to fame was in 2010, when his forensics work helped the FBI arrest the Ukrainian cybercriminals behind the ZeuS Trojan botnet, which stole $70 million from 400 U.S. businesses.
Computer security is pivoting toward forensics, Warner says, because "Big data breaches aren't due to bad security; most companies that suffered them were following the industry's best practices." According to Malcovery's statistics, 37.3 million Internet users experienced phishing attacks in 2013, an 87 percent increase from 2012. One out of every 200 attacks is successful, costing a company, on average, $150,000.
"The weakest component of your cyber security is your humans. If a crook can get that email in--and criminals are very good at bypassing standard spam filters--then your last hope is that your humans are smart enough not to click on it," Warner says. "But, guess what? They do. We call it ‘the inevitable click.'"
Agari, a San Mateo, California-based cyber security startup, says 2013 was the "year of the cybercriminal" thanks to a string of attacks, including the data breaches at Target and Neiman Marcus that affected 110 million customers, to the Syrian Electronic Army gaining control of the Associated Press' Twitter handle, claiming two bombs exploded in the White House causing the stock market to plummet $136 billion in three minutes.
Agari offers a broad set of services, including the ability to sift through all the emails sent from your company to make sure hackers aren't using your brand to send phishing emails. The company, founded by CEO Patrick Peterson, analyzes 4.5 billion emails every day with the goal of identifying and building profiles of cybercriminals.
Peterson learned his business while working as the head of technology at Cisco's IronPort before founding Agari, which has $7.5 million in funding from four Silicon Valley VCs.
"As the security mentality matures," he says, "we are moving away from thinking that we are going to be able to provide perfect protection to being cognizant of the fact that bad things are going to happen and we have to be capable of responding after the fact, learning from it, and going after the bad guys." That's where forensics comes in, finding the digital DNA that can identify cybercriminals.
"People are realizing that, just as forensics is integral to solving crimes in the physical world, so too does digital forensics solve crimes in cyber," he says.
Insecurity Hits Home
Giovanni Vigna, one of three cofounders of Lastline, a Redwood City, California-based cyber security startup, says that digital forensics is growing for several reasons, but one of the biggest is that hackers are now targeting smaller businesses instead of big ones.
"A few years ago, small companies thought all they needed was a firewall and anti-virus software, because they didn't have the visibility," he says. "Now, after the Target breach, more people are exposed and realizing there is a problem."
A recent report from the California state attorney general found that businesses with fewer than 250 employees were the victims of 31 percent of all cyberattacks in the state last year.
Digital forensics may become even more critical down the road, because Vigna believes that, "in the future we'll see more inside jobs"--hackers will pay an employee with access to bring in a memory stick and infect the system, versus relying on cyberattacks to break into the system from the outside.
As digital forensics companies learn who, and how, various kinds of attacks are perpetrated, criminals will inevitably come up with new techniques. "They're like water," Vigna says. "You put an obstacle in their way and they'll flow around it." That's bad news for pretty much everyone, but it certainly promises job security for those who can help fight the good fight.