- European companies will be among the winners as cybersecurity becomes a major concern
- Some of the major players are accused of helping governments or even terrorists
It is clearly a field with a bright future: market analysts predict that annual global spending on cybersecurity could reach $200 billion by 2021 as security firms react to growing threats and the world embraces vulnerable new technologies like linked devices and cloud services. Among the winners will be some European companies with cutting-edge technologies and solid business models.
Outsourcing security for smaller companies.
A global leader in secure software applications, Amsterdam-based Gemalto is also the world’s largest manufacturer of SIM and other smart cards, including e-passports. Since its creation in 2006, the company has spread its operations to 48 countries, earning €3.1 billion last year.
Gemalto has also made a name for itself in the field of secure managed services, which, roughly translated, means providing the online use of secure software platforms as an alternative to managing your own software. Angela Sasse, director of the UK Research Institute in Science of Cyber Security, says such cloudbased services can potentially be of huge use to small- and medium-sized enterprises that struggle with the know-how and practice of managing their IT securely.
“In principle, the practice of outsourcing your security can be very useful if the supplier is competent and trustworthy, as professionals specialised in this area should be able to do a much better job,” she says.
If providers like Gemalto can successfully offer secure cloud services in the face of rising cybercrime, such solutions will help drive the trend towards security as a service. “Previously you would receive a factorysetting connection without a firewall – and it’s up to you to sort it out – but now the entire range of security measures are often taken care of by expert suppliers.”
Leading the antivirus battle.
A household name for its antivirus software, Moscow-based Kaspersky also offers an extensive crosssection of cybersecurity products and services. Marking its 20th anniversary, the firm boasts the largest market share for desktop security in Europe, the second highest for mobile use, top ratings from independent testing and, as of 2016, more than 400 million users around the globe.
Like other security providers, Kaspersky’s biggest challenge is keeping up with the rapid speed at which malware is developed, detecting these threats and protecting against them. And although users seem more aware than ever of the risks posed by viruses, Sasse fears that people still overestimate how well they’re protected: “We see people doing things online they really shouldn’t, saying, ‘It doesn’t matter, my antivirus will take care of this’.”
Increasingly on the agenda are questions concerning the responsibilities of cybersecurity companies to their customers in the face of government pressure for intelligence. Kaspersky has been criticised for its proximity to the Russian authorities, primarily by Americans fearful that their privacy could be compromised by “backdoors” built into software for surreptitious access.
Kaspersky has repeatedly denied any government collusion, but the same questions apply to cybersecurity firms everywhere. “As researchers, we believe the needs of consumers and citizens come first,” says Sasse. “Weakening encryption by backdoors, or not patching in the name of national security cannot be endorsed.”
Encrypting messaging against snooping
Taking advantage of a growing market of people fearing mass surveillance, Telegram is a Berlin-based messaging app, founded in 2013, which last year reported more than 100 million monthly users. Although Facebook-owned WhatsApp tops this with 1.2 billion-plus monthly users, Telegram was quicker to offer end-to-end encryption, with messages never stored on an intermediate server that could be accessed by secret services. The easy creation of anonymous accounts, the timer for destroying messages and the privately developed encryption are further selling points for those wary of Facebook or other US-owned services.
Telegram is used around the world, says Sasse, “often in countries where young people think it offers protection from eavesdropping governments”. The flip-side is that Telegram is criticised for enabling secret communication by terrorists.
Telegram has responded by shutting down channels linked to terrorism, although new ones can be opened quickly as soon as others are shut. Sasse says this highlights an ethical quandary in software development. “Normally you would consider going ahead or not going ahead, depending on whether you believe the negative consequences outweigh the benefits. With security products, you can’t have one without the other.”
Sasse says a bigger issue is the perception of how secure communications with such apps are. “Colleagues of mine have shown that Telegram is relatively easy to break, so if people think it will protect them from governments, it won’t,” she says. “Besides, our studies of Telegram users show that a vast number are actually using the app in unencrypted mode without realising it.” With WhatsApp users now receiving end-to-end encryption across all messaging and governments pushing to undermine secure communications with calls for backdoor access, this misperception may be Telegram’s biggest challenge.