Paladin Capital Group, headquartered in Washington DC, is a leading global private equity investor in some of the world’s most innovative companies; particularly those that are developing new technologies in the cybersecurity space.
Mike Steed (pictured), Paladin’s Founder and Managing Partner, is unequivocal in his view that hackers are no longer merely interested in targeting individuals to steal financial information; rather, hacktivists or state-sponsored groups are targeting critical infrastructure to disrupt society, and to compromise the identities of US citizens.
Recently, Steed wrote an article on Paladin’s website entitled “Paladin’s 2015 Cyber Year in Review and Key Trends Shaping 2016”. He notes that incidents such as the Office of Personnel Management’s (OPM) data breach, which exposed concerns over the US Government’s attempts to secure data relating to its personnel and citizens, and the attack on health care industry behemoth Anthem, putting the health records of one third of US citizens at risk, are examples of just how vulnerable critical infrastructure is becoming to cyber threats.
These attacks, says Steed, are issues of global national security and reinforce the need for private companies, many of which are charged with maintaining and operating the 16 verticals of global infrastructure, to protect their systems.
“We have evolved from merely stealing information to initiating disastrous attacks against critical infrastructure in an attempt to disrupt and destroy that critical infrastructure. So there’s a new sense of urgency. Some CEOs that I speak to say they just want to survive. Most of the cyber attacks that the mainstream media has focused on are those in which an enormous amount of personal information has been stolen, and intellectual property.
“Don’t get me wrong, I don’t want my personal data being breached but if the electricity network isn’t running because of an attack I don’t much care about my private data,” says Steed.
Aside from the energy sector, other key verticals, according to the US Department of Homeland Security, include the chemical sector, commercial facilities, communications, dams, financial services and healthcare.
This shift in tack towards state-sponsored cyber attacks has led to the rise of what Steed calls Weapons of Mass Cyber Destruction. And in his view, that trend is only going to get broader and deeper as attackers become more sophisticated “and the good guys continue to deploy new digital platforms, new technologies, without taking into consideration how they are going to secure them from attacks.”
“Our highest priority should be on how we are going to protect our critical infrastructure,” continues Steed. “In the US approximately 85 per cent of it is privately owned. What that suggests is two things: first is that the government cannot provide the solutions to protect us. Second, which is good for us as investors, is that companies must spend “unlimited” amounts of money – and I use that word intentionally – to do two things; to maintain best practice, policies, and to survive.
“We therefore think that the focus has to be on these Weapons of Mass Cyber Destruction in order to protect our critical infrastructure from increased vulnerability as it adopts digital technologies.”
As such, the Paladin team works to identify the best innovative companies to invest in that are equipped to lead the fight in helping private and public companies running critical infrastructure defend themselves from these WMCD that seek to not only steal information but disrupt and destroy their targets.
Steed says that innovation in cybersecurity has changed markedly in recent years. Three years ago, for example, if a company were attacked they would bring in cyber specialists who could provide forensics on who initiated the attack, how long they were in the network for etc.
Now, the market has evolved to focus on ‘threat intelligence’. Steed says there are at least 50 or 60 companies in the marketplace using sophisticated proprietary software to essentially help clients to see an attack before it hits them.
The cybersecurity market is, therefore, moving away from being forensic to becoming more diagnostic-based.
“If you can’t see the problem then you can’t do anything about it. So the first thing you need to have is the systems, the software, the sensors, and the threat intelligence that tells you what is going on out in cyberspace and that it’s more likely that you will be hit be Attack A, B, C or D.
“There is a wealth of opportunity to invest in these types of companies. Another area that the cybersecurity space is evolving into is incident response. CEOs don’t want to be called at 3am in the morning. They want to get into the office and be told that if there was an attack that they had the proper incident response technology in place to respond to it and contain it,” says Steed.
One such company that Paladin invests in is called PhishMe® Inc., a leading provider of phishing threat management solutions. The firm does security awareness training and works with clients to understand what they need to do once these attacks are already in the network.
Current market technologies are therefore developing to provide companies with managed services to be able to manage, at the front end, the collection of threat data in order to predict attacks that might take place. And at the back end to develop an effective incident response.
“We believe that there are approximately 9 billion connective devices in the world today. As a result of what we call ‘The Internet of Things’, we predict that, in part, that number will have increased to 30 billion by 2021. That’s an awful lot of potential entry points for a cyber criminal.
“As a result, we invest in services and technology companies that will make the digital infrastructure resilient – you can’t be 100 per cent secure – at times of crisis. As mentioned, without diagnostics, you can’t do anything about a threat unless you can see it. And once you’ve seen it, you want to contain it and eradicate it. We’ve done 38 deals and we’ll be announcing two more in the coming weeks. Having been doing this for 14 years now, we consider Paladin to be at the vanguard of investing in early stage cyber technologies,” explains Steed.
Paladin certainly has an array of high profile experts on board, as evidenced by the composition of its Strategic Advisory Group. This includes: Sir David Omand, the former UK Security and Intelligence Coordinator, Permanent Secretary of the Home Office and Director GCHQ; James Woolsey, Chairman of the Strategic Advisory Group, who served the US Government on five different occasions, most recently as Director of Central Intelligence; and Dr. Mary Aiken, PhD, a CyberPsychologist and Director of the CyberPsychology Research Centre.
“We have seven people at Paladin with top security clearances. That allows us to focus on areas of the market that aren’t immediately available to other General Partners of private equity groups. As the threats grow, so do the market opportunities. And with people like Sir David Omand and James Woolsey, we really are at the cusp of being to identify where those opportunities reside,” adds Steed.
To further expand its investment horizon, Paladin opened its first European office in London on 1st December 2015. The aim, just as in the US, is to scour the European market for what Steed likes to refer to as “engines of innovation”. Where is the creative intellectual property and how is it being generated? Leading that charge is Alex O’Cinneide, Managing Director, Head of Europe.
The UK Government recently announced it was spending a significant amount of money on cyber research and development. GCHQ, in tandem with the Engineering and Physical Sciences Research Council, has already identified 13 UK universities as “Academic Centres of Excellence in Cyber Security Research.
“We said that if we are going to continue to be effective in this space we need to have access to the UK market, which is way ahead of the rest of Europe. Alex’s role will be to find the best technologies, the best management teams to invest in,” confirms Steed.
To do so, the Paladin Cyber Fund has been launched to invest in early stage technology across both the US and Europe. Again, the focus will be on those companies that can best monitor and defend critical infrastructure.
“I think 2016 is going to be vibrant because as more companies and governments adopt digital platforms they are going to need to protect their critical infrastructure from the bad guys. We hope that through the companies we invest in we will start to see the gap narrowing between digital adoption and the security of technology platforms,” concludes Steed.
The fight against weapons of mass cyber destruction has begun.