1 topic, 2 key figures, 3 startups to draw inspiration from
Earlier this month, the CISA (Cybersecurity & Infrastructure Security Agency) issued a “shields up” warning to US companies to upgrade their cybersecurity assets due to the increased risks associated with the growing tension between Russia and Ukraine. As a matter of fact, the number of attacks has skyrocketed in recent years and data protection is becoming increasingly complicated. The rise of remote working has also made data protection harder by extending greatly the amount of information transferred and the number of external platforms used to share and store documents. Thus, cyberattacks are not only a financial threat, they also call into question the public credibility of the company and can even put people’s lives at risk. Fortunately, numerous startups are entering the space.
Startups that help companies protect their industrial data with cutting-edge technology and software are addressing a number of uses cases. First, some strive to educate employees on phishing for example, while others help strengthen their hardware and software assets. Solutions include automatic intrusion detection, blocking scenarios to limit the propagation as well as counter-attacks to seek information on the hacker and the way it succeeded to get it. As factories use increasingly more IoT technology, the size and complexity of the networks and communications that need to be monitored are growing. As such, some startups ambition to protect these networks as a whole. Cybus, for example, has developed connectivity software for smart factories that use Industrial Internet of Things (IIoT), to help them secure the connection between different machines, different databases, the company’s ERP as well as its connection to external services. That way, industrials can carry out quality management, condition management, or predictive maintenance in a safe manner. Dragos provides an industrial cybersecurity platform that contains all the necessary capabilities for vulnerability assessment and management, threat detection, investigation and incident response. It draws insight on previous cyberattacks to track and profile various threat activity groups to determine how they operate and how to best respond. Veracity offers a zero-trust network management platform that allows companies to define exactly which devices can communicate with which and avoid unwanted information communication. In addition, the fact that the authorizations are given to a specific device rather than a port number on a switch makes the network flexible. A machine can be moved and plugged at another side of the network and keep the authorizations and communication rules intact. Even in the case of a malfunction of the machine, the information can be rerouted, and a warning is sent to check the device.
A good example of an industry where cybersecurity is critical is automotive manufacturing, as it is particularly vulnerable to cyberattacks and has a higher stake in protecting its networks. For example, it is essential for connected car manufacturers to avoid any tempering of their cars as their passengers’ lives are in their hands. Startups are tailoring offers specifically to fit their needs. Upstream Security provides a cybersecurity and data management platform for connected vehicles. Their cloud-based solution analyzes and reports the potential security risks and has an integrated workflow to respond in the event of an attack. More than just protecting the vehicles from cyber-attacks, Upstream analytics provides insights on mobility data to help OEMs, Tier-1s, or Tier-2s to better understand their fleet. One upside of their solution is that it does not require adding software or hardware within the vehicle, their technology uses the data already produced by the connected vehicles to monitor the various systems status. Cybellum, on the other hand, provides digital twins of the car’s software architecture in an attempt to detect potential security flaws. Its solution enables car manufacturers to test any new software or feature on the digital twin to detect any weaknesses in the integrated system before deploying it on the fleet. The digital twins are continuously tested for flows as Cybellus adds new potential attack methods to its database.
The average annual budget spent by companies on cybersecurity ranges from $500k for smaller companies to millions of dollars for larger ones. While these amounts seem huge, they are still affordable compared to the colossal losses that can result from a successful cyberattack. The high budget and urgency of the matter has made cybersecurity a critical topic for corporations. As an example, Microsoft acquired CyberX to enhance its IoT securing technology. Similarly, earlier this month, Forescout acquired CyberMDX to enhance its security focus in the healthcare industry. Finally, last year, cybersecurity giant Fortinet partnered with Dragos to integrate its technology into Fortinet’s software.
To conclude, as technological equipment and networks become more complex, the number of potential security breaches grows. Companies of all sizes have realized that cybersecurity is critical and that most of them cannot do it in-house due to a lack of manpower or expertise. That is why startups have a great role to play in mitigating this risk by offering ever-new protections to stay one step ahead of malware.
2 Key Figures
140+ Industrial cybersecurity startups
Registered by Tracxn
By 2040, the industrial cybersecurity market is expected to reach $22.5bn
Compared to $16.9bn in 2020, growing at a CAGR of 5.8% – Markets and Markets
3 startups to draw inspiration from
This week, we identified three startups that we can draw inspiration from: Dragos, Veracity, and Cybellum.
Dragos designed a security software that provides critical visibility into ICS and OT networks so that threats are identified and can be addressed before they become significant events, its solutions are optimized for emerging applications like the Industrial Internet of Things (IIoT), enabling its clients in power and water utilities, energy and manufacturing industries to establish a resilient and adaptable security posture.
Veracity provides industrial network intended to brings visibility, control, and remediation to industrial networks. The company’s network is secure-by-design and deny-by-default that moves beyond detection and alerts cyber events into a resilient network that reduces the attack surface, enabling businesses to manage and ensure secure communication between the connected devices.
Cybellum developed a platform designed to provide software risk assessment by detecting vulnerabilities automatically without source code. The company’s platform delivers an agentless and on-premise end-to-end program that gives fully automatic forensics and visibility into each incident without the need for cyber experts to operate it, enabling users to enjoy high-quality web security and safe surfing.