The Cyber Security Mega Cycle Aftermath

By Dave DeWalt, General (Ret.) David Petraeus ·
0 Shares

During the past decade, we have witnessed a virtual explosion in the cyber security world. While serving as CEO of McAfee and FireEye, and a U.S. Army commander and CIA director, respectively, we have lived through and witnessed first-hand exponential growth in: threats, threat actors, reported breaches, security vendors, investments in security companies and probably most significantly, private and public sector security spending.

cyber-security-exploision

Our estimated numbers are simply staggering:

  2007 2017
Threat Actors <50 >1,000
Threat Types <50 >1,000,000
Alerts/Day (Average Per Firm) <1,000 >1,000,000
Security Vendors <100 >2,300
VC Investments <$500M >$6B
Security Spending <$3B >$80B

 

The situation is dire by any measure. The western world is contending with significant cyber threats on both its eastern and western fronts – a virtual cyber sandwich. On one side, we have had to deal with the “Great Chinese IP War,” which we have been witnessing from 2008 to the present, in which more than 20 Chinese military agencies have attacked and stolen intellectual property from more than 5,570 (last count) U.S.-based companies. Chinese military agencies have fed this IP to state-owned enterprises (SOEs) to close the gaps in China’s innovation relative to the western world. 

Equally devastating, the “Great Russian Information War” has escalated as well. Military and intelligence agencies such as the former Soviet Union intelligence and state security organizations (now the FSB and SVR) and Russia’s military intelligence service (the GRU) have attacked, manipulated and successfully altered information and could cause issues for decades. Hundreds of major breaches of social media platforms, news outlets, political organizations, email providers, telecommunication systems and satellite providers have created a very challenging situation. 

The combination of an IP war and an information war has highlighted that we live in a world without accepted cyber space rules of conduct, without trust and integrity in all our information, and without hope of peace and tranquility in the cyber domain for a long time to come.

So, what about cyber defenses? Over this same amount of time, most western organizations enormously increased their cyber security spending. Defense-in-depth became the prevailing strategy. Hundreds of security vendors deployed point solutions to counter the changing threat landscape. With each security vendor producing hundreds or thousands of alerts on average per day, the typical organization now has to monitor and respond to millions of alerts daily. An organization just has to miss one alert, and they’re breached. 

Compounding the monitoring and response problem, the hundreds of security companies often don't share intelligence, don't integrate their products and only infrequently cooperate when responding to threats. In addition, there is insufficient government and commercial cooperation, a lack of security standards and many outdated regulatory compliance requirements. 

CYBERscape
Source: Momentum Partners CYBERscape

Why should governments around the world cooperate when they are on the offense? How does the defense contend with nation states with thousands of trained cyber warriors? Breaches are inevitable, and the consequences are increasing in severity, as our critical infrastructure in particular becomes more exposed to technological attacks.

The results of this exponential growth are very worrisome. The offense is clearly winning. We believe we need some serious change to deal with what clearly is a serious problem.

This is why we have engaged in cyber security. And, this is why we have joined Optiv in this fight.

The world needs a global trusted provider of security – an independent and objective security solutions company to assist in reducing the complexity of security; and a trusted researcher, responder and educator. 

At more than $2B in gross revenue last year, 1,700 security experts, and more than 20 years of history and experience as a trusted advisor serving more than 12,000 clients, Optiv is very well positioned to be that company. Optiv brings to the table the depth of technical knowledge of all the security vendors, without a singular focus on one technology or technology sector, and combines this with objective services skills to plan, build and run the right solution for each private or public entity. 

We are excited to support Optiv and its executive team as they work to deliver the next generation of powerful security solutions. And, we look to help private and public entities meet their ever-expanding global needs. 

0 Shares
Dave-DeWalt

Dave DeWalt

Optiv Board of Directors

DeWalt has more than 25 years in the technology space, holding a series of leadership positions in some of the industry’s most innovative and successful companies. He most recently served as FireEye’s chief executive officer. Previously, DeWalt was McAfee’s president and chief executive officer, and led the acquisition of McAfee by Intel for $7.7 billion in 2010. Prior to McAfee, DeWalt served in a number of executive positions at EMC Corporation. He also has held top leadership positions at Documentum, Quest Software, Segue and Oracle Corporation.

David-Petreaus

General (Ret.) David Petraeus

Optiv Board of Directors

Gen. (Ret.) Petraeus is a Member of KKR and Chairman of the KKR Global Institute, which integrates geopolitical and global trends expertise, macroeconomic analyses, and environmental, social and governance issues and opportunities into KKR’s investment process. Prior to joining KKR, Gen. Petraeus served more than 37 years in the U.S. military, including command of coalition forces in Iraq, command of U.S. Central Command, and command of coalition forces in Afghanistan. Following his service in the military, Gen. Petraeus served as the director of the CIA.