The Cybersecurity Report: Emerging Global Threats from Cyber Attacks

Angel Kings LLC
*The Cybersecurity Report:
Emerging Global Threats from Cyber Attacks
*Top cybersecurity companies: public & private startups
*Cybersecurity report answering: the Who, What, Where, How and Why of Cyber Attacks
*The information contained herein is for informational purposes only and is not a solicitation, only an example of fundraising and
what to expect when researching companies. Logos and trademarks herein are properties of their respective owners.
By Ross Blankenship
Expert on venture capital and cybersecurity
Author of best-selling book, Cyber Nation

The Worldwide Threat of Cyber Attacks

Source: Forrester Research, MarketsandMarkets
The cybersecurity marketplace will continue to grow aggressively.
Over the past two years, security spending as a
percentage of the total IT budget rose across most
industries. This number is only expected to
increase in light of recent security breaches.
Worldwide spending on information was $95.6
billion in 2014. Total information security spending
is projected to grow at 10.3% CAGR in the
following 5 years.
$95.60
$105.45
$114.09
$123.45
$133.57
$0
$20
$40
$60
$80
$100
$120
$140
$160
2014 2015 2016 2017 2018

Who do cyber attacks threaten the most?
B2B B2C Governments Security Firms
Pain
Points
 Preventing data
breaches and stolen
information
 Security architecture
and process design
 Preventing account
abuse or fraud from
customers
 Integrating IT security
into core business
functions and creating
ownership
Examples
 Preventing personal,
professional, and
financial accounts from
being hacked
 “Peace of mind” and
alleviating fears of cyber
crime, whether real or
perceived, due to media
coverage of recent
hacks
 National security
 Agency sharing and
collaboration (FBI, CIA,
etc.)
 Geopolitical stance and
perceived ability to
defend itself and allies
from cybercrime
 Staying one step ahead
of the cyber criminals
 Fierce competition from
other firms; finding
one’s niche
 Understanding the pain
points of all potential
customer groups

Cyber attacks have forced CIO’s to reconsider their cybersecurity capabilities.
Source: Gartner Research, Industry Blogs
Business disruption attacks require new priority from corporate leadership
Business impact analyses must consider aggressive business disruption attacks leading to loss of continuity of
operations. Response and recovery plans that cover both business processes and IT services should be
developed to address these exploits
CIO’s must pivot from blocking and detecting attacks, to detecting and responding attacks to breaches
Preventive controls such as firewalls, antivirus and vulnerability management, should not be the only focus of a
mature security program. Organizations should focus on rapid breach detection using endpoint threat detection
and remediation tools and network traffic analysis tools, and invest in forensic teams and software to analyze the
resulting alerts and memory samples.
Non-IT processes must also be assessed
Full-spectrum penetration testing that evaluates IT and non-IT business process environments is crucial. An
incident response manager may be required to oversee and manage attack events. The incident response leader
will need skills to work across IT and non-IT departments and external groups — including legal, law
enforcement, HR, forensics, corporate communications, public relations, insurance providers and network service
providers
The average total cost of a data breach to major US companies is $12.7 million.

A robust underground market for data economy fuels and incentivizes cyber criminals.
Source: Forrester Research
Common cybercrime “business models”
Email addresses and passwords, credit card numbers, Social Security numbers, account log-in credentials, and other personal information are all data that cybercriminals
can use to commit a wide range of crimes, from identity theft to fraud to reselling in the underground market economy.
• Buy and sell stolen information in online marketplaces-
Stealing credit card data and personal information is
lucrative for cybercriminals because it provides direct and
easy gains in the underground marketplace. Prices for a
customer’s personal information can range from $8 to $45,
underscoring the low-risk high-reward nature of cyber
crime.
• Crime-as-a-service- In the underground markets,
organizations and individuals can buy or sell exploit kits,
botnets, denial of service attacks, or just their skills.
Services can run from $1 for 1,000 CAPTCHA-breakings
to $350 to $450 for consulting services such as botnet
setup
• Attracting capital “investors”- Skilled individuals will
always be in demand in the eyes of organizations —
namely, organized crime syndicates — that seek to
make a profit. In some cases, individuals are coerced
or recruited by these organizations for the purpose
of leveraging their talents
• Market their supplies and services like a business-
"Suppliers" of data in this underground market economy
today operate "businesses" that may involve everything
from marketing themselves online via Twitter to providing
bulk discounts, free trials, and customer support for
customers (criminals who purchase this stolen data).

Where are the criminals coming from?
Source: Bloomberg
China, Russia, and Turkey are the countries
with the most foreign cybercriminals. The USA
however, remains the home of where over 33%
of cyber attacks originate

Governments and customers react and raise the cost of being breached
Data and privacy breaches provide lucrative payouts for cybercriminals, but the businesses targeted incur tangible and intangible costs as a result. Today, the
costs incurred having being breached comes not only from customer but from legislating bodies as well.
Zappo’s
Almost 24 hours after Zappos revealed that it
was a victim of a cyber attack in January 2012
that exposed more than 24 million customers'
account information, a customer filed a suit
alleging Zappos did not have the data properly
safeguarded and was in violation of the Fair
Credit Reporting Act
Triple-S Salud
Puerto Rican insurer Triple-S Salud faced a
$6.8 million fine from the Puerto Rican
government for exposure of protected health
information (PHI), in violation of HIPAA. In
addition to the fines, administrative sanctions
will be placed on Triple-S Salud, which include
the suspension of new enrollments into one of
its plans and the requirement to notify affected
individuals of their right to opt out of their
program.
1. Customer Litigation: Once the breach notification goes public,
companies can expect to face legal action from customers.
Common reasons cited for damages include actual loss from
identity theft, emotional distress, cost of preventing future
losses, and the increased risk of future harm. Shoppers trust
that their personal and financial information to be secure and not
shared with anyone when they shop; a loss of
this trust incurs both financial and reputational losses to the
breached company.
2. Government Fines and Sanctions: Organizations that have
experienced a breach must face the scrutiny and regulations of
the government. While data protection laws vary country by
country, or even state by state in the case of the US,
government bodies can issue fines for violations of data
protection. In the US, the Federal Trade Commission's win
against Wyndham Hotels and Resorts solidified the FTC's role
and authority as a data security regulator in the US, allowing it to
continue pursuit of action against the company

Case Study: Target
Source: Gartner Research, Forrester Research, Industry Blogs
 Target Corporation is an American retailing
company, and the second-largest discount retailer in
the United States. In 2014, it had over $72 billion in
revenue and 1934 stores in North America.
Victim
 The Target data breach was a result of hackers
gaining undetected access to the network with
credentials stolen from a refrigeration and HVAC
company that does work for a number of Target
locations.
 Hackers gained access to as many as 110 million
customer names, card numbers, expiration dates,
and CVV security codes of the cards issued by
financial institutions.
Attack
 Target's computer security team was notified of the
breach via the FireEye security service they
employed, had ample time to disrupt the theft of
credit cards and other customer data, but did not act
to prevent theft from being carried out.
Cybersecurity
 At least 90 lawsuits were brought against Target in
the aftermath of the breach. All told, Target could
face a $90 fine for each cardholder’s data
compromised, which translates to the $3.6 billion
liability.
 Profits fell nearly 50% in that fiscal quarter. Target’s
share price fell 11% during the same time.
Impact
Target reports costs associated with breach to exceed $148 million, and EPS to drop 22%.

Case Study: Sony
Source: Macquarie Research, Gartner Research, Industry Blogs
 Sony Pictures Entertainment Inc. is
the American entertainment subsidiary of
Japanese multinational technology and media
conglomerate Sony. It has been responsible for
producing/distributing films such as Spider-Man,
Men in Black, Resident Evil, and more recently, The
Interview. In 2014, it had revenues exceeding $8
billion.
Victim
 In December 2014 the Sony Pictures computer
network was compromised, disabling many
computers. Later the same week, five of Sony
Pictures' movies were leaked, as well as confidential
data about 47,000 current and former Sony
employees
 On December 16, the hackers issued a warning to
moviegoers, threatening to attack anyone who
sees The Interview during the holidays and urging
people to "remember the 11th of September 2001“.
Attack
 Sony has since hired FireEye to plug its breach.
Cybersecurity
 Macquarie Research analysts projected Sony would
likely take an impairment charge of 10 billion yen
($83 million) related to the incident
 Furthermore, hackers have released a trove of
documents that include contracts and marketing
plans that could influence competitors' strategies
and lead to a loss of trade secrets and IP for Sony
Impact
The current quarter has cost $15 million in investigation in remedial costs. Total costs are
expected to exceed $100 million in financial damage, not including loss of IP

Case Study: Anthem
 Anthem Inc. is the largest for-profit managed health
care company in the Blue Cross and Blue Shield. In
2014, it had revenues of $61.7 billion, and over
37,000 employees.
Victim
 On February 4, 2015, Anthem, Inc. disclosed that
criminal hackers had broken into its servers and
potentially stolen over 37.5 million records that
contain personally identifiable information from its
servers. The compromised information contained
names, birthdays, medical IDs, social security
numbers, street addresses, e-mail addresses and
employment information, including income data.
Attack
 Anthem is currently working with AllClear ID to offer
24 months of identity theft repair and credit
monitoring services to current or former members of
an affected Anthem plan dating back to 2004..
 The company has said to be conducting an
extensive internal IT forensic investigation to
determine what members are impacted.
Cybersecurity
 Over 80 million people (members, past members,
employees) are expected to be affected by the
Anthem security breach. Class-action lawsuits have
been mounted since Anthem’s announcement in
February.
 Anthem said it doesn’t expect the incident to affect
its 2015 financial outlook, “primarily as a result of
normal contingency planning and preparation.”
Impact
Anthem should expect to pay between $100 to $200 per breached record. With as many as 80
million people affected, that comes out to $8 billion to $16 billion

Source: PwC Global State of Information Security, Forrester Research
Companies and legislative bodies actively investing and and prioritizing in cyber security.
In the annual PwC, CIO, and CSO survey of more than 9,600 global executives, 41 percent of US respondents had experienced one or more security incidents
during the past year, a number that continues to rise. This situation is compounded by the fact that given recent economic uncertainty, security has not been a
priority in the recent past.
 Lobbying firms are anticipating
increased policy-making in
data security and privacy to
keep pace with, or catch up to,
the evolving threat landscape
and technology environment.
According to lobbying
analytics firm Capitol Metrics,
the number of lobby firms that
advocated on behalf of clients
on data and security issues
skyrocketed from 74 to 220
between 2008 and 2012.
Capitol Hill
 Over the years, global efforts
have culminated in the closing
of various online market
forums for exchange of stolen
data. In April 2012, a global
two-year operation involving
officers from Australia, the US,
Britain, Germany, the
Netherlands, Ukraine,
Romania, and Macedonia shut
down dozens of websites that
offered credit card data and
related details.
Global
 Many organizations struggle to
adequately enforce the rules
and standards of their security
policy due to corporate culture
and a hesitance to enforce the
consequences of
noncompliance. CISOs need
to reevaluate their current
policies to make sure that its
culture reinforces the "human
firewall."
Policy/Process
 Zero Trust is emerging as a
new model for information
security that is better-suited for
the new threat landscape. In
addition, the concept of "killing
data" — encrypting data to
devalue if it falls into the hands
of cybercriminals — is gaining
mindshare as a new default
defensive measure for the
enterprise.
Architecture
Cybersecurity Trends

Current State of Cybersecurity

Source: Forrester Research
Cybersecurity effectiveness and its metrics are being challenged on all fronts
Information security metrics have historically focused on security policy compliance and operational issues. Metrics like these demonstrate that security teams
are working very hard, but they don't really demonstrate effectiveness. Cybersecurity is an uncertain business, and this requires that CISOs move from
compliance-based reporting to risk-based reporting.
Readiness, Response, and Recovery
• Security readiness measures your company's
security posture. Readiness metrics could include the
percentage of systems with current patches as compared
to a standard baseline, how many staff successfully
completed awareness training, or firewall rule status.
Readiness reports should show trends for this information
on a quarterly or monthly basis.
• Benchmarks against previous dates should drive
future decisions. Metrics could include the number of
network exploit attempts this month as compared with last
month or the number of vulnerabilities closed this month
as compared with last month. Like the readiness reports,
these metrics should show key trends, monthly and
quarterly, and they should show event trends and attack
patterns.
• Speed in which an organization returns to normal
operation is a critical measurement of success.
Metrics in this category could include disciplinary
personnel actions taken, changes made to security
readiness processes, forensic actions, legal response,
and data and system restoration time. Event patterns are
the most important information to report, showing what
worked and what didn't.

Source: Gartner Research, Forrester Research
Companies are responding aggressively to data and cybersecurity threats.
Recent high profile cybersecurity breaches of Target, Sony, and other high profile targets have companies playing catch-up to cybercriminals. Here are some of
the main weapons companies have at their disposal.
• Enhanced use of encryption, and more careful attention to the maintenance and proper
configuration of existing encryption systems, is one of the first lines of defense used to thwart would-
be attackers.
• Increased scrutiny of internal data use is another common response to Target’s woes. Behavioral
analytic technologies allow firms to monitor users within the company as well as end users, remaining
alert for suspicious behavior that accompanies theft or attack with malware.
• Risk assessment and software analysis to screen for vulnerabilities is gaining a front seat at many
organizations. Keeping software up-to-date to avoid known weaknesses and testing proprietary
software for unnoticed vulnerabilities are both front-line defensive maneuvers that are receiving more
attention in 2014.
• Active defense is a relatively new concept in computer security that is garnering extra attention these
days. The idea is to convince hackers that they are into their target area, when they’ve actually been
diverted and trapped in a shell where they can be easily identified and in some cases, retaliated
against.
• Following up on network threats is a necessity that requires manpower organizations don’t always
have available. Active monitoring and maintenance by managed service providers and hiring forensics
experts to respond to threats are two popular solutions.

Fortune 500 Cybersecurity Providers

IBM (IBM)
Company
Description
IBM® Security solutions help detect, address, and prevent security
breaches through integrated hardware and software solutions. Powered
by deep analytics and trusted IBM Security expertise, our robust
portfolio of comprehensive, scalable industry-leading tools delivers
unparalleled security intelligence with reduced complexity and lower
maintenance costs.
Marquee ClientsProducts/Services Offered
2014 Revenue $92.8 B
CEO Ginni Rometty
Headquarters Armonk, NY
M&A Considerations
• Trusteer Pinpoint Criminal Detection helps protect websites
against account takeover and fraudulent transactions by
combining traditional device IDs, geolocation and transactional
modeling, and critical fraud indicators. This information is
correlated using big-data technologies to link events across
time, users and activities.
• Security Key Lifecycle Manager centralizes, simplifies and
automates the encryption and key management process to
help minimize risk and reduce operational costs
• InfoSphere Guardium Data Activity Monitor prevents
unauthorized data access, alerts on changes or leaks to help
ensure data integrity, automates compliance controls and
protects against internal and external threats
• Firewall management is designed to reduce the complexity
and burden of managing and monitoring firewalls manually.
Offers near-continuous monitoring, management and analysis
of firewall logs
• Security Architecture and Program Design helps you
evaluate the effectiveness of your security architecture to
better manage evolving cyber threats. We also work with you
to design a program to align security practices with business
requirements and help reduce risk
• IBM acquires Trusteer, a specialist in
cybersecurity primarily for financial services for
$1B in August 2013
• IBM acquires Crossideas, an identity and access
management vendor for an undisclosed amount in
July 2014
• IBM acquires Lighthouse Security Group, an
identity and access management company for an
undisclosed amount in August 2014
• AT&T and IBM announced in February 2014 a
strategic alliance to provide a set of
comprehensive security services that, if
successful, would define the next generation of
managed security services providers

Cisco (CSCO)
Company
Description
Cisco® Cybersecurity solutions make sure that security is a
fundamental component of the intelligent network fabric by using a
multilevel approach, building security controls within and around the
core network. In-depth security requires an adaptive, responsive, and
always-on approach that is also architectural.
2014 Revenue $47.1 B
CEO John Chambers
Headquarters San Jose, CA
M&A Considerations
• Cisco Advanced Malware Protection provides an efficient
process for solving threats by going beyond detection. Offers
Point in Time Protection and Retrospective Security together.
• Cisco Identity Solutions provide visibility into who and what
is connected to your network, automation for simplifying
operations and adapting to changing needs, and controls for
limiting access to information and resources.
• Cisco Wireless Security Solutions provides a
comprehensive approach to wireless security, offering
enterprises the ability to address the threats of access and
eves dropping. This at‐a‐glance focuses on the external
threats that a WLAN will encounter and the mechanisms to
detect and mitigate these threats.
• Cisco Secure Mobility Solutions provide virtual office
solutions with full IP phone, wireless, data, and video services
to staff wherever they may be located. Security capabilities
include spam protection, data loss prevention, virus defense,
and email encryption tracking.
• Cisco acquires Cognitive Security, a company
focused on applying artificial intelligence
techniques to detect cyber threats for an
undisclosed amount in January 2013
• Cisco acquires SourceFire, a network security
and anti-malware appliance developer for $2.7 B
in July 2013
• Cisco acquires ThreatGrid, a malware analysis
and threat intelligence company an undisclosed
amount in June 2014

Hewlett-Packard (HP)
Company
Description
HP's enterprise security software and solutions provide a proactive
approach to security that integrates information correlation, application
analysis and network-level defense.
2014 Revenue $111.5 B
CEO Meg Whitman
Headquarters Palo Alto, CA
M&A Considerations
• HP Fortify Static Code Analyzer helps verify that your
software is trustworthy, reduce costs, increase productivity and
implement secure coding best practices. Static Code Analyzer
scans source code, identifies root causes of software security
vulnerabilities and correlates and prioritizes results—giving
you line–of–code guidance for closing gaps in your security.
• ARCSIGHT ESM is enterprise security management software
that combines event correlation and security analytics to
identify and prioritize threats in real time and remediate
incidents early. Correlates data from any source in real time to
quickly detect threats before they do damage. Collects and
categorizes up to 100,000 events per second for instant
detection of activities affecting anything on your network,
including insider or zero-day attacks.
• HP Atalla Information Protection and Control solves the
complex challenge of providing data classification and data
security by providing organizations the means to bring
protection to the data itself. HP Atalla IPC applies protection at
a point where information is created, and makes that
protection persistent, so it follows the information wherever it
goes. This secures sensitive data no matter where it actually
resides.
• HP acquires ArcSight, a company that provides
data security analytics for security information and
event management for $1.5 B in October 2010

Publicly Listed Cybersecurity Providers

2014 Revenue $425.7 M
CEO Dave DeWalt
Headquarters Milpitas, CA
M&A Considerations
• FireEye Adaptive Defense is a new approach to cyber
security that delivers technology, expertise, and intelligence in
a unified, nimble framework. Our state-of-the-art technology
protects you with our patented virtual-machine detection
(MVX™) engine. Find cyber attacks that bypass signature-
based tools and common sandboxes.
• Malware Analysis (AX series) products provide a secure
environment to test, replay, characterize, and document
advanced malicious activities. Malware Analysis shows the
cyber attack lifecycle, from the initial exploit and malware
execution path to callback destinations and follow-on binary
download attempts..
• FireEye Threat Intelligence provides intel and analysis to
help you understand cyber threats, identify and stop cyber
attacks, and reduce the impact of compromise. Automates the
detection and prevention of zero day and other advanced
cyber attacks with our global threat intelligence ecosystem.
Accelerates incident response and reduce the time to
investigate and resolve security incidents.
• In September 2013, FireEye became a public
company, trading on the NYSE under the ticker
FEYE, raising $304 M in their IPO at a market
capitalization of $4.2 B (~26x revenue)
• In December 2013, FireEye bought Mandiant, a
computer forensics specialist company for $1.05 B
Company
Description
FireEye Inc. is a publically listed US network security company that aims to
provide automated threat forensics and dynamic malware protection
against advanced cyber threats, such as advanced persistent threats and
spear phishing.
FireEye (FEYE)
Source: Hoovers

Palo Alto Networks (PANW)
Company
Description
Palo Alto Networks provides a wide suite of enterprise-level next
generation firewalls, with a diverse range of security features for your
network.
2014 Revenue $598.2 M
CEO Mark McLaughlin
Headquarters Santa Clara, CA
M&A Considerations
• The PA-7050 protects datacenters and high-speed networks
with firewall throughput of up to 120 Gbps and, full threat
prevention at speeds of up to 100 Gbps. To address the
computationally intensive nature of full-stack classification and
analysis at speeds of 120 Gbps, more than 400 processors
are distributed across networking, security, switch
management and logging functions. The result is that the PA-
7050 allows you to deploy next-generation security in your
datacenters without compromising performance.
• Panorama provides you with the ability to manage your
distributed network of our firewalls from a centralized location.
View of all your firewall traffic; manage all aspects of device
configuration; push global policies; and generate reports on
traffic patterns or security incidents - all from one central
location..
• Palo Alto Networks Threat Prevention security service
protects against malware delivery through custom-built
signatures that are based on content — not hash — to protect
against known malware, including variants that haven’t been
seen in the wild yet. Offers intrusion prevention, SSL
decryption, and file blocking to ensure security needs
• In July 2012, Palo Alto Networks became a
public company, trading on the NYSE under the
ticker PANW, raising $260.4 M in their IPO at a
market capitalization of $2.8 B (~13x revenue)
• Morta Security was acquired for an undisclosed
sum in January 2014
• Cyvera was acquired for approximately $200
million in April 2014
Source: Hoovers

CyberArk (CYBR) – Israeli-based company
Company
Description
CyberArk specializes in providing IT security from internal threats—that is,
cyberattacks launched from within an organization, rather than from
outside its perimeter
2014 Revenue $103.0 M
CEO Udi Mokady
Headquarters Newton, MA
M&A Considerations
• Privileged Threat Analytics is an expert system for privileged
account security intelligence, providing targeted, immediately
actionable threat alerts by identifying previously undetectable
malicious privileged user and account activity. The solution
applies patent pending analytic technology to a rich set of
privileged user and account behavior collected from multiple
sources across the network. CyberArk Privileged Threat
Analytics then produces highly accurate and immediately
actionable intelligence, allowing incident response teams to
respond directly to the attack.
• CyberArk SSH Key Manager is designed to securely store,
rotate and control access to SSH keys to prevent unauthorized
access to privileged accounts. SSH Key Manager leverages
the Digital Vault infrastructure to ensure that SSH keys are
protected with the highest levels of security, including the
encryption of keys at rest and in transit, granular access
controls and integrations with strong authentication solutions
• CyberArk Enterprise Password Vault enables organizations
to secure, manage and track the use of privileged credentials
whether on premise or in the cloud, across operating systems,
databases, applications, hypervisors, network devices and
more
• In September 2014, CyberArk became a public
company, trading on the NASDAQ under the ticker
CYBR, raising $85.8 M in their IPO at a market
capitalization of $414 M. (~11x revenue)
Source: Hoovers

Source: CBInsights, Gartner Research
The cybersecurity market is poised for disruption from start-up companies.
Cybersecurity is more than the latest investment
fad for today’s savvy investor. Recent events have
led to significant growth in the number of startups
focused on cybersecurity, and to the number and
diversity of investment opportunities for early stage
investors. In 2013 alone, venture capital firms
invested nearly $1.4 billion in 239 cybersecurity
companies
Among top-tier VC investing firms, Intel Capital is the
most active investor in cybersecurity startups having
invested in more than 20 companies since 2010.
Accel Partners and KPCB took second and third
place respectively, investing in more than 15 unique
companies each.

Authy*
Company
Description
Secure Yet Easy-to-Use Two-Factor Authentication for Websites and
Mobile Apps. Protect your daily apps like Facebook, Dropbox, Evernote,
AWS, Outlook and many others. Use Authy to thwart phishing and man-in-
the-middle attacks, quickly and easily.
2014 Revenue ---
CEO Daniel Palacio
Headquarters San Francisco, CA
M&A Considerations
• Authy designed and built a powerful dashboard with all the
basic and advanced features like create infinite applications,
add collaborators, setting your SMS, calls and many other
options created to help you manage your applications.
• Enable, set and decide what do you want to have in your
application to create the best experience for your users and
keep them happy.
• Our payments system lets you know exactly what you are
using and what you are paying. So you can always know what
is your account status up to date.
• Whether you require PCI, HIPPA, FIPS or any other
compliance requirements, Authy helps you easily achieve and
stay compliant.
• Security policies are an essential part of an scalable and
secure Two-Factor Authentication deployment. Authy has a
powerful policy engine that allows you to automatically control
how your Authentication behaves at it's deepest level.
• Authy uses 256 bit's private keys, which can be rotated
instantly on demand. All keys are also fully manageable. You
can remotely disable and reset keys all with a push of a
button. We also provide remote health checking capabilities
that help you keep your organization running 24/7 and your
users happy.
• Authy was acquired for an undisclosed sum by
Twilio in February 2015.
*An Angel King Portfolio Company
Source: Crunchbase

Lookout
Company
Description
Protecting individuals and enterprises, Lookout predicts and stops mobile
attacks before they do harm.
2014 Revenue ---
CEO Jim Dolce
M&A Considerations
• Predictive Security - Lookout’s advanced security connects
the dots between code, app behavior, and known attackers to
stop threats – all in the cloud without impacting your device.
• Missing Device - Forget that panicked feeling when you can't
find your smartphone. Lookout gives you the control you need
to get your lost or stolen device back.
• Theft Alerts - Lookout turns your device's features – from the
front-facing camera to the lock screen – into defensive
countermeasures that make thieves think.
• Data Backups - Losing or damaging your device doesn't have
to mean losing what's on it. Automatic backups of your
contacts, photos, and call history make sure they’re always
• Secure App Stores - Automatically vet applications to ensure
policy compliance before making them available to your
organization, as well as mobile apps to keep user safe
• Raised $282 over 8 rounds from investors
including Morgan Stanley, Andreessen Horowitz,
Accel Partners, and Greylock Partners
Source: Crunchbase

BlockScore
Company
Description
BlockScore is an identity verification and anti-fraud solution for online
transactions.
2014 Revenue ---
CEO John Backus
Headquarters Palo Alto, CA
M&A Considerations
• Customer Identity Verification - We use many data sources
to verify the information your customers provide. We correlate
data across credit bureaus, motor vehicle records, address
histories, watchlists, and other records in order to provide a
superior solution to single-source verification services.
• Knowledge Based Authentication - We provide a series of
questions to which only your customer knows the answer
using information separate from someone’s identity. This
provides a better, practical solution to photo ID verification
because it is difficult to know correct answers to these
questions unless you are actually the person.
•
• Compliance - As part of every verification, we instantly scan
dozens of government watchlists and red flag lists to protect
your business from wanted individuals. We can optionally
proactively scan your entire user base every time the list
changes and inform you if anything changes.
• Fraud Alert - We detect mass fraud and use of false identities
across our network. When lists of stolen identities hit the black
market, we quickly learn of problematic identities and
proactively notify you, limiting your exposure to fraudulent
activity.
• Raised $2M over 2 rounds from YC, Khosla
Ventures, and Battery Ventures, among others
Source: Crunchbase

Sift Science
Company
Description
Sift Science fights fraud with machine learning. Machine learning teaches a
computer to mine data for statistical patterns, and continuously learn and
adapt as new data streams in.
2014 Revenue ---
CEO Jason Tan
M&A Considerations
• Reduce Chargebacks - Zero in on investigating orders that
matter and make quick, accurate decisions. Using the Sift
Science Console, see all of your data in one place, including:
Signals identifying suspicious behavior, the ability to filter
users by IP address, device fingerprint and more network
visualizations so you can see relationships between users and
accounts
•
• Fraud Detection - With every new piece of your data, Sift
more precisely adapts to your business and helps you stay
ahead of ever-changing fraud tactics. Prevent fraud with
automated learning on our award-winning platform using
advanced data science techniques. Harness the same
powerful technologies used by Amazon and Google.
• Distill Patterns from Data - We sift through your data for
subtle fraudulent behaviors that a rules-based system would
miss. Behind the scenes, we automatically build a statistical
model with your unique data and patterns found on our
network. Harness the power of data-driven decision-making in
a single platform.
• Raised $23.6M over 3 rounds from First Round,
Union Square Ventures, and YC
Source: Crunchbase

BugCrowd
Company
Description
Crowdsourced cybersecurity. Bugcrowd is the premier marketplace for
security testing on web, mobile, source code and client-side applications.
Bugcrowd solves the undersupply of cybersecurity professionals by giving
businesses the ability to engage with their curated, reputation-driven
community of over 13,000 security professionals.
2014 Revenue ---
CEO Casey Ellis
M&A Considerations
• Testing: Researchers test your site and report vulns to
Bugcrowd. During this time, Bugcrowd is validating
submissions.
• Final validations and report: Bugcrowd finishes validations,
and finalizes your assessment report.
•
• Finish: A streamlined report of the valid findings our
researchers discovered.
• Raised $7.7M over 3 rounds from Paladin Capital
Group, Rally Ventures, and Square Peg Capital,
among others
Source: Crunchbase

Source: Gartner Research, DigitalChalk
Four categories frame the future battleground for cyber warfare.
Four key trends are poised to disrupt the IT Strategy consulting
marketEmployee Training
• 77% of American Corporations use some form of online learning
• The US and Europe account for over 70% of the global eLearning industry
• By 2019 half of all college courses will be taught online
• Access to mass populations and their parent organizations are at an all time high
Hardware (Drones)
Connected Devices
• 89% of mobile media time is spent on mobile apps
• 80% of internet users now own a smartphone
• Internet of Things is creating an explosion of connected devices worldwide
• Mobile security options and computing power remains nascent relative to traditional security
functions of desktops and laptops
Active Defense
• Practically all drones have computers and onboard logic, and for the most part are
communicating with a control system through a communications channel making them
susceptible to a cyber-attack.
• There has been a thriving community of drone hackers already and several open source
projects available such as Skyjack which uses your drone to take over the drones around it
• A honeypot is defined as “a computer system on the Internet that is expressly set up to
attract and ‘trap’ people who attempt to penetrate other people’s computer systems
• Sinkholing is the impersonation of a botnet command-and-control server in order to intercept
and receive malicious traffic from its clients
• Threat intelligence is “consuming information about adversaries, tools or techniques and
applying this to incoming data to identify malicious activity

Which industries in America face the biggest threats from cyber attacks?
Healthcare &
Insurance
Defense
Internet of
Things
• Hardware and robotics account for a significant increase in hospital care/surgical devices
• Doctors and nurses are sharing important patient data via mobile and cloud. HIPAA at risk.
• Research labs for pharmaceutical companies are also increasingly cloud-based.
• Patient information being falsely used for procuring health insurance.
Biggest threats: patient privacy, patient safety with drug development, hardware
malfunctioning with medical devices, and insurance industry theft.
• American defense (large cap) spending is increasingly spent on hardware such as drones
and space-based defense/offense measures.
• Major energy, financial grids and networks are subject to attacks by foreign entities.
• Police and law enforcement is now cloud-based with new sharing that could be hacked.
Biggest threats: operational protection of markets, hardware/drone operations,
police/safety.
• Millions of homes projected to be connected to Internet of Things (“IoT”) by 2020.
• Major corporations like Google, General Electric, Cisco, and Honeywell will need to ensure
all Wi-fi devices and internet based software/hardware hybrid protects are protected.
• Access to consumer homes bring inherent and growing risks for safety and privacy.
• Biggest threats: Wi-fi devices, hardware such as thermostats and smoke detectors,
routers and internet-connected devices
#1
#2
#3
The cybersecurity industry will increase by an additional $250 billion by 2020.

Source: Crunchbase
Investor returns in cybersecurity start-ups are at an all-time high
Investor Company Exit Price Capital
Round
ROI*
Sequoia
Capital
FireEye $1.5 B $6.5 M (A) 46x
Juniper
Networks
FireEye $1.5 B $14.5 M (B) 34x
Greylock
Partners
Palo Alto
Networks
$2.8 B $10 M (A) 280x
Sequoia
Capital
Palo Alto
Networks
$2.8 B $18 M (B) 51x
Goldman
Sachs
CyberArk $414 M $40 M (B) 3.45x
*Estimated

Recent Cyber Attacks:
To give examples of how cyber attacks can be
so diversified and impact every industry.
Disclosure: investing in startups carries a high degree of risk. Financial and operating risks confronting both early and developmental-stage companies, as well as
more mature expansion-stage companies are significant. Many emerging growth companies go out of businesses every year. It is difficult to know how companies
will grow, if at all, or what changes may occur in the market. A loss of an investor's entire investment is possible and no profit may be realized as nothing is
guaranteed, ever. Investors are responsible for conducting their own due diligence.

UCLA Health System Attacked.
According to Business Insider, “A months-long cyber attack on the University of California, Los
Angeles hospital system put at risk the personal information for up to 4.5 million people, officials said
Friday.
UCLA Health said in a statement that while there's no evidence hackers acquired personal or
medical data, it can't be ruled out yet.
Officials said they were working with the FBI to track the source of the attacks.
The FBI said in a statement that the agency was looking into the nature and scope of the
cyberattack, as well as the person or group responsible.”
Estimated Cost: $100 Million Dollars across 4 hospitals on two campuses

The Federal Government – Office of Personnel
Management (“OPM”) Attacked.
According to the OPM:
Personnel data of nearly 5 million former Federal government employees
was stolen in April of 2015. This includes full names, birth dates, Social
Security numbers, and home addresses.
An additional 20+ million persons’ private data were stolen from previously
conducted background checks. These background checks were supposed
to be “Top Secret.”
The suspect culprit: the Chinese government.
https://www.opm.gov/cybersecurity/
Estimated Cost: $20 Billion Dollars over next 5 years

Ashley Madison (Website) Attacked.
Online cheating site.
According to the Krebs on Security:
Large caches of data were stolen from site AshleyMadison.com – to the tune
of nearly 37 million users.
Additional user databases, financial records and other proprietary data were
stolen.
The owner, “Avid Life Media (ALM) confirmed the hack… and said the
company is working diligently and feverishly” to respond.
Estimated Cost: A lost IPO opportunity + $2 Billion Dollars in Revenue

Information herein provided by:
The Angel Kings Funds
#1 Way to Invest in Cybersecurity Startups
 Learn more at AngelKings.com

The author of this cybersecurity report is Ross Blankenship.
http://rossblankenship.com
-Ross Blankenship is a leading expert on cybersecurity & startups.
-Author of best-selling book on cybersecurity, Cyber Nation.
guaranteed, ever. Investors are responsible for conducting their own due diligence. Learn how to invest in startups, now.

The Cybersecurity Report: Emerging Global Threats from Cyber Attacks

Recommandé

Recommandé

Contenu connexe

Plus de Ross D. Blankenship

Plus de Ross D. Blankenship (7)

Dernier

Dernier (20)

The Cybersecurity Report: Emerging Global Threats from Cyber Attacks