As one of the nation’s cybersecurity hotbeds, Maryland is also a key place to be when analyzing what trends professionals in the field need to be alert to as they attempt to move their companies to the next level.
Locally, we are seeing acceleration in five critical areas in the industry. They include cyberdamages increasing in severity, government contractors diversifying into commercial markets, Department of Defense (DoD) experts launching cyber startups, non-cyber commercial companies adding cybersecurity solutions and online shopping.
Trend No. 1: Commercial cyberdamages are increasing
Most business executives are well aware that they should obtain better cybersecurity protection, with daily media announcements of yet more data breaches at companies and government agencies — which we assumed were relatively well protected. As a society, we’ve opted for convenient connectivity with a proliferation of devices, software and services, with inadequate attention paid to security. The flaw inherent in unchecked connectivity has now come home to roost, and it’s a bitter pill to swallow.
We’ve come to expect high speed and instant connectivity, and as a society, assumed that the manufacturers and regulators would protect us. So far, that hasn’t happened. In the face of increasingly sophisticated and relentless efforts by a growing array of bad actors, experts now expect financial damages from cybersecurity incidents and breaches to quadruple from $500 billion per year to more than $2 trillion per year during the next few years.
Trend No. 2: Federal government cybersecurity contractors go commercial
A growing number of Maryland’s 600-plus cybersecurity companies are moving into commercial markets, and more individuals with intelligence community (IC) and DoD experience are expanding commercially-focused entities. The combination of a slowing federal market, a shortage of experienced workers with clearances and lower profit margins in conjunction with strong commercial market demand for cybersecurity services has numerous federal contractors planning for significant futures outside of the IC and DoD.
“Over the past six years, Washington has taken a hatchet to the National Defense budget,” said InfoTek Corp. CEO Jacky Kimmel. “In this, we have seen the mission, especially the highly specialized areas we focus on in cybersecurity, suffer as we have lost staff to the commercial arena and struggled to recruit new graduates into the space. It has often taken several years to see awards for work which proposals are submitted against. As a result, InfoTeK has chosen to take our talents into the more agile commercial sector.
“The government will eventually take notice, but as a small business, we must think of our employees and their families. Fortunately (or unfortunately, to be honest), our talents are versatile, and every industry can benefit from what we used to provide exclusively to the federal government,” she said.
Trend No. 3: Commercial market startups by Department of Defense experts
Addressing complex challenges in the IC/DoD environment, in conjunction with a growing trend towards entrepreneurism, is driving numerous cybersecurity experts to make a leap of faith and launch their own businesses, focusing on challenges they feel they are uniquely qualified to address.
For example, in July 2014, former NSA security expert Evan Dornbush formed Point3 Security, a company that detects intruders on the computers of small and mid-sized businesses. “Headlines cite breaches at mega corporations, and it is the middle market that is most targeted by sophisticated attackers,” said Dornbush. “We saw an opportunity and incorporated to serve an overlooked market.”
Trend No. 4: Commercial market service providers add cybersecurity solutions
The cybersecurity war has precipitated changes in a number of commercial industries, with many businesses adding cybersecurity products and services to their portfolios. For instance, Edwards Performance Solutions, a Howard County company, provides services to improve operational performance and has added complementary cybersecurity capabilities to its offerings. “Cybersecurity is the most important element of IT [information technology] security and process — permeating every part of operational performance,” said President and CEO Gina Abate. “We expanded our solution set because you cannot achieve performance excellence without addressing cyber vulnerabilities.”
Some area law firms have developed deep expertise in cybersecurity because issues like privacy, liability and damages are dynamic, uncertain and complex. “The reputational and financial repercussions associated with a data breach can be catastrophic for a business. We are regularly engaged to provide prophylactic services to clients to ensure that they comply with the ever-growing complex web of state, federal and foreign laws and regulations related to data and privacy compliance,” said Joe Mezzanotte, a partner in the Columbia office of Whiteford, Taylor & Preston. “In the event of a data breach, mitigating damages, assisting with investigations, communicating with law enforcement and determining the notifications to be made to government authorities and those that may be impacted by the data breach are critical services that can be provided by a business’s legal counsel.”
Accounting firms also offer specific cybersecurity solutions as they seek to help their clients address this pressing need. “Security is no longer only a concern for the IT staff. Everyone who works with client information needs to have at least a basic idea of what not to do. Every business process must have information security at its core,” said Bill Walter, principal with Gross Mendelsohn’s Technology Solutions Group.
Trend No. 5: Online shopping for Maryland cybersecurity experts can be found at www.MDcyber.com
Online shopping has grown in popularity due to its convenience and timesaving benefits. Those benefits are now extended to shopping for quality cybersecurity solutions.
Businesses of every size, in every industry, need cybersecurity protection. On that note, this nonprofit organization, the Cybersecurity Association of Maryland Inc. (CAMI), has created an online directory at www.MDcyber.com with key information about more than 230 of the state’s cybersecurity product and service providers, many of which are located in the BWI Business District. The directory is searchable by keywords, as well as by industry focus, general categories and special designations.
The directory is being marketed globally, with the intention of showcasing Maryland’s cybersecurity companies — and bringing billions of sales dollars and thousands of new jobs to the state.
Stacey Smith is the executive director for the Cybersecurity Association of Maryland. She can be contacted at 443-844-0047, 443-844-0047 and [email protected].