Orange builds out security credentials with SecureData acquisition

Orange has announced the acquisition of SecureData, building out the increasingly extensive cybersecurity operations at the telco.

The Orange Cyberdefense Division is another one of Orange’s ventures into the world of differentiation. Like banking and smart home services, this is not a segment which is necessarily core for the telco, but with a close enough link to connectivity it’s a low risk approach to diversification. With annual sales approaching €300 million, over 1,300 employees and a presence in 160 markets, it is also fast becoming more than just an ‘other bet’.

In SecureData, Orange has bought itself more of a presence in the UK, the largest Western European market for managed security services. SecureData’s existing Security Operations Centre (SOC) in Maidstone will add to the existing 9 Cyber SOC’s and 4 CERT’s around the world. The footprint is steadily increasing, gradually making the Orange security business more appealing to both national and international customers.

“SecureData, just like Orange Cyberdefense, has successfully made the transition toward Managed Security Services, and shares the same passion for Cyber,” said Hugues Foulon, Executive Director of Strategy and Cybersecurity activities at Orange.

“Cybersecurity has become a critical element for both large and small companies as they evolve in an increasing digital-reliant world. We are convinced that the combined expertise of Orange Cyberdefense and SecureData will provide a powerful resource for our customers in ensuring the protection of their valuable data.”

While Orange has not necessarily been spraying the cash everywhere, it has steadily been building its cybersecurity credentials. Aside from this purchase, Atheos and Lexsi are two other examples, with the services now being extended to 160 different countries.

These two acquisitions do date back a few years, though in cybersecurity Orange has once again proved it can think ahead of the game. This is a segment which is only starting to get the attention it rightly, and responsibly, deserves but it has been an ambition for Orange for years.

A recent survey from Tripwire claims 60% of respondents were more concerned about IoT security in 2019 compared to the previous year. IoT is a blossoming segment, an opportunity many companies will want to take advantage of for both new revenues and operational efficiency, but few know how to keep themselves secure. The perimeter of the network is about to vastly expand, but right now it is nothing more than a risk. Security needs to radically rise up the agenda.

Like getting ahead of the fibre trends across Europe, Orange looks like it onto a winner with a focus on cybersecurity. With tighter regulations on data protection and privacy, combined with increased public backlash with recent breaches and leaks, as well as new business models, security is becoming more of a priority for companies. The low-risk, long-thinking approach from Orange definitely looks to be paying off.

Cybersecurity investments on the up but not sustainable – study

Research from Strategic Cyber Ventures points to an increased appetite for cyber security investments, but the euphoria sweeping the segment forward is not sustainable.

On numerous occasions we have commented security is the ugly duckling of the technology world. It is critical to ensure the industry, and digital society on the whole, functions appropriately, though more often than not it is ignored. There will be numerous reasons for this, perhaps because security is a thankless and often impossible task, but the data suggests 2018 might have been a watershed year.

Not only did 2018 see $5.3 billion in global venture capital funding, 81% more than 2016, M&A activity increased as did private equity investments. On the M&A side of things, Cisco made a bang with a $2.4 billion acquisition of Duo Security, while Blackberry acquired Cylance for $1.4 billion. These are two of the larger deals, though there was increased activity in the segment across the period.

In terms of private equity, Barracuda Networks was acquired for $1.6 billion by Thoma Bravo, Bomgar by Francisco Partners for $739 million, while Blackrock spent $400 million on Cofense. Elsewhere in the more complicated financial world, Skyhigh Networks acquired McAfee with assistance from its financial sponsors Thoma Bravo and TPG Capital.

Cybersecurity one

Overall, the trends for the security segments are heading in the right direction. Perhaps now this is an area which will be taken more seriously by the industry, with adequate investments heading into security department.

That said, Strategic Cyber Ventures has warned the trends from a funding perspective are not exactly the most favourable. The amount of cash being invested is increasing, though it does not appear the rewards are reflecting this. Some of these companies have raised funds through big rounds, but growth has slowed, perhaps due to vendor fatigue or increased competition. The risk here is firms cannot raise additional funds at increased valuations from prior rounds, meaning they will have to lean on existing investors. Eventually these parties will grow tired of keeping them alive for minimal rewards.

The issue here is the need and hype around security. Its critical to secure the expanding perimeter of the digital economy, creating the need for the segment, while executives constantly talk about security being a number one priority of firms, creating the hype. This would seem to be the perfect recipe for investment in security companies and start-ups. However, the segment hasn’t taken off, perhaps due to the preference of customers investing in technologies which will make the company money as opposed to more secure?

This is maybe the most accurate assumption on why the security segment has faltered continuously over the years. Companies have limited spending power with executives choosing to invest in areas which will make the company more profitable, such is the pressure from investors and shareholders. However, consumer attitudes might be changing.

While many would have ignored the security risks of the digital economy in years gone, today’s consumer is more educated. Privacy scandals have demonstrated the power of data forcing the consumer to consider security more critically. This might have an impact on future buying decisions.

According to research by Onbuy.com 60% of US and 44% of UK consumers believe there is a risk to personal safety in the sharing economy, while 58% of all the respondents believed the risks outweigh the benefits in the sharing economy. Such attitudes will force companies to consider their security credentials as there is now a direct link back to the bottom line.

What this means for VC funding and investments from around the ecosystem remains to be seen, though the tides are turning in favour of the security segment. As Strategic Cyber Ventures notes, the current levels of investment are unsustainable, but there certainly are rewards.

Internet giants decide US government has nothing to offer security talks

A coalition of internet giants have decided to have a meeting to discuss cybersecurity and misinformation during November’s US mid-term elections, but the government didn’t make the invite list.

It isn’t often the worlds tech giants all get along, but this seems to be an area which they can all agree on. Something needs to be done to remove a repeat of the controversy which has constantly stalked Donald Trump’s Presidential win, and it isn’t even worth bothering listening to the opinions of the government.

According to Buzzfeed, Nathaniel Gleicher, Facebook’s Head of Cybersecurity Policy, called the meeting, inviting twelve other organizations but the government was not on the list. The snub seems to follow a similar meeting in May, where each of the invitees left feeling somewhat disappointed with the government contribution. We can only imagine Department of Homeland Security Under Secretary Chris Krebs and Mike Burham from the FBI’s Foreign Influence Task Force simply sat in the corner, one holding a map and the other pointing to Russia shouting ‘we found it, we found it, look, they don’t even do water sports properly’.

“As I’ve mentioned to several of you over the last few weeks, we have been looking to schedule a follow-on discussion to our industry conversation about information operations, election protection, and the work we are all doing to tackle these challenges,” Gleicher wrote in an email.

The meeting will take place in three stages featuring the likes of Google, Twitter, Snap and Microsoft. Firstly, each company will discuss the efforts they have been making to prevent abuse of the platform. Second will be an open discussion on new ideas. And finally, the thirteen organizations will discuss whether the meeting should become a regular occurrence.

While interference from foreign actors has proved to be a stick to poke the internet giants in the US, criticism of the platforms and a lack of action in tackling misinformation has been a global phenomenon. European nations have been trying to hold the internet players accountable for hate speech and fake news for years, but Trump’s Presidential win is perhaps the most notable impact misinformation has had on the global stage.

With the mid-term elections a perfect opportunity for nefarious characters to cause chaos the internet players will have to demonstrate they can protect their platforms from abuse. Should abuse be present again, not only would this be a victory for the dark web and the bottom dwellers of digital society, but it will also give losing politicians an opportunity to shift the blame for not winning. While this meeting is an example of industry collaboration, each has been launching their own initiatives to tackle the threat.

Facebook most recently revealed it scored users from one to ten on the likelihood they would abuse the content flagging system, and has been systematically taking down suspect accounts. Twitter has algorithms in place to detect potential dodgy accounts and limits the dissemination of posts. Microsoft recently bought several web domains registered by Russian military intelligence for phishing operations, then shut them down. Google has also been hoovering up content and fake accounts on its YouTube platform.

Whether the internet giants can actually do anything to prevent abuse of platforms and the spread of misinformation remains to be seen. That said, keeping the bundling, boresome bureaucrats out of the meeting is surely a sensible idea. Aside from the fact most government workers are as useful as a bicycle pump in a washing machine, Trump-infused politically-motivated individuals are some of the most notable sources of fake news in the first place.

Cybersecurity for the Fourth Industrial Revolution

Telecoms.com periodically invites third parties to share their views on the industry’s most pressing issues. In this piece Cormac Whelan, CEO UK & Ireland, Nokia Networks looks at how the cybersecurity landscape is evolving.

The Fourth Industrial Revolution, the increasing connectivity of our lives and businesses, is driving business transformation and improving the lives of employees and customers globally. But there’s a darker side to this increased mobility and interconnectedness in the form of security risks that grow exponentially as more data and business operations move to the cloud. Quicker, smarter cloud apps that power business growth are also driving a quickly evolving threat landscape, with at least 360,000 new malicious files detected every day in 2017 (an increase of 11.5 per cent from 2016).

The UK Government’s Cyber Security Breaches Survey 2017 found that almost seven in 10 large businesses identified a breach or attack last year. What’s more, businesses holding electronic data about their customers were far more likely to be compromised than those that didn’t. In tandem, governments, utilities and public services are also at greater risk than ever. An attack resulting in loss of connectivity or equipment damage can leave an entire city without electricity.

The recent WannaCry ransomware attack affected some 400,000 computers in over 150 countries and resulted in major outages in key services such as healthcare, transport and banking. As more and more data gets stored on mobile devices, the risk of attacks increases.

With every business, financial institution, telecoms provider, energy company and government at risk, the only effective response is a defence strategy to protect assets. Operators need to think not only about how criminals can gain access to their networks, but also what they do when they are inside. Temporary loss of files, compromised software or systems, permanent loss or change of files or personal data, lost access to third party systems, money assets or intellectual property stolen – all are possible in any number of combinations.

Identifying risk

Think of this like a large building with black and white windows. In order to repair the building, you need to find the black windows – analyse the problems to find where threats and viruses can come in. The broken window then needs to be fixed; a new window or a new frame (implementing the right solution and software). To add to the complexity, the windows are constantly changing, so continuous monitoring is needed to keep up. Only through these four elements – the right assessment, the right solution, the right software, and the right monitoring, can the building be secured.

Of course, this was much easier when data was operators’ own and applications were hosted internally. Companies had their own servers and could install a firewall. Now, to defend assets operators need qualified security professionals, a good understanding of vulnerability of important domains and a continuous up to date management. Even with talented staff in place, the threat landscape changed, with new viruses, new systems and new types of software and approaches needed.

New vulnerability through the Internet of Things

Cybercrime is moving from computers to mobiles and the Internet of Things. Mobile network infection has gone up by 63% and 50%of those attacks are very serious, with ransomware spreading easily into networks. All new devices that connect into an operator’s network are new vulnerability points and this pool is growing daily as the IoT booms. In the near future, every area of our life will be connected by a sim card and the vulnerability this brings along with the potential for device loss or theft is huge.

Alongside the business impact of network attacks (such as lack of network, impacting critical operations), there’s the very real risk of private data loss. Not only can enterprise problems cause consumer problems through lack of access or loss of service, but companies are responsible for keeping the customers, and their data, safe. Regulations, particularly in the EU, mean that if a virus at the network level allows a hacker to steal 9 million credit card details, the company responsible for the data loss will be held to account.

Preparing for the Fourth Industrial Revolution

Now is the time for companies to start thinking about the vulnerabilities the Fourth Industrial Revolution and ever-expanding Internet of Things will expose. Keeping operations and customers safe needs to be firmly front of mind, both in terms of companies’ own networks and applications, but also in terms of where a network interacts with others.

It’s a complex puzzle and it can be difficult to know where to start, but only by undertaking a thorough assessment and benchmarking against industry averages can an operator create an improvement plan and take steps toward becoming ready for potential security risk. With a plan in place, it is possible to identify the right solution, implement the right software and have a deeper understanding of the monitoring required to keep the business safe. Keeping data safe will be an essential part of realising the benefits and potential of the Fourth Industrial Revolution.

 

Cormac WhelanCormac is currently the CEO for the UK & Ireland at Nokia, having taken up this role in January 2016. In this role he leads all operations for the UK & Ireland markets including sales, business management, delivery and operations. As a senior executive over more than two decades in a number of global blue-chip organisations, Cormac has extensive experience is sales, marketing and business development. In addition he has proven expertise in strategic planning and driving transformation and change management in large scale businesses.