For Aaron Lee, problems with his JP Morgan Chase business bank account started in mid-September, just a few weeks before the nation's largest bank announced to the world that information related to 80 million of its consumer accounts and 7 million business accounts had been hacked.
Lee, the chief executive of 18-person digital advertising firm Illmunati Studios, based in Miami, got a phone call from Chase's fraud department, which was trying to verify some of his personal information. Lee suspected something was awry, so he went to his nearest Chase branch to check into things personally.
"I had heard this before, that hackers sometimes call you to get your personal information," Lee says.
It turns out that actual hackers had changed the email associated with Lee's business account, and had been trying to make a series of $10,000 wire transfers to other accounts within the U.S. While the bank successfully stopped that fraud, it had to freeze Lee's account in order to fend off the attack. That in turn prevented Lee from accepting payments from his clientele, a problem that lasted about two weeks.
Welcome to the new world. Small businesses are at the nexus of hack attacks because their bank accounts tend to have more money in them than the typical consumer account. Small businesses are also in the vanguard, as dozens of new startups are gearing up to create the next generation of systems that will fend off attacks in the future.
Security startups are helping banks--and other large companies--target two problems. One is that big companies have sprawling systems to monitor. Another is that they tend to have numerous employees and contractors, who often inadvertently introduce hacker malware into networks simply by clicking on loaded links in email or plugging an infected device into a local computer.
"A key challenge for the banks is that they have multiple security systems in place, each of which has a specialized function," says Julie Conroy McNelly, a senior analyst for Aite Group. "Each of these systems produces a fair amount of false positives, and it can be a real challenge to prioritize and properly analyze all of these alerts to determine which are just noise, and which signal an imminent or in-process attack."
A number of Silicon Valley startups are working on solutions, including some that have developed behavioral analytics tools that can crunch big data to do things like identify normal worker behavior, and flag abnormal activity that could be related to a security breach. Among those hard at work now are Bay Dynamics, Exabeam, Fortscale, and Securonix, says Avivah Litan, a security expert and analyst for research firm Gartner.
"Their systems will be supplementing existing systems, and will be used to leverage the work already being done," Litan says.
Fortscale, for example, which has offices in Tel Aviv and San Francisco, looks for compromised users by examining historical behavior and comparing it to current computer logs. It raised $10 million in series B funding from Intel Capital and Blumberg Capital in June.
In fact, many of the people who start these new companies hail from federal entities such as the National Security Agency and Central Intelligence Agency, says Ray Rothrock, a venture capitalist who jumped ship from Venrock Ventures to run security company RedSeal Networks in February.
For its part, RedSeal software creates maps of networks, and then conducts fire drills with dummy viruses and other malware to see where potential holes are, as well as the likely migration path of system threats once they've been discovered.
RedSeal, which has 72 employees, has monitored corporate systems with as many as 10,000 connected devices and 130,000 employees, and it counts among its customers Cisco and Walmart.
"Security has been front and center here in the Valley for the past several years," Rothrock says, adding that about 1,000 security software companies have gotten venture capital investments in the past five years in Silicon Valley. Mobile security software companies alone have netted about $500 million of venture money in the last seven years, Rothrock says.
At the same time, small businesses caught up in the recent hack attack at Chase aren't taking things lying down either. Lee says the whole experience of being hacked has taught him he needs to change the way he banks. Among the things Lee is now considering--setting up multiple bank accounts at different institutions, so if one is compromised, the others won't be.
"You can limit the damage, by just building in layers of protection," Lee says. "You have to be smarter today."