Imagine a burglar breaking into your house and living undetected inside your home—for months. That’s the current state of cybercrime.
According to root9B, a startup in Colorado Springs, Colorado, a hacker who infiltrated a computer network on Jan. 1 would typically operate unnoticed until now. That is, until August 17—229 days on the inside, stealing data and spying. This sort of ongoing breach may sound like a plotline from the paranoid realm of Mr. Robot, but the real-life corporate victims know otherwise. Just ask Sony, Target, Home Depot, the Democratic National Committee and, now, Eddie Bauer.
Clearly, the conventional approach of building automated digital walls isn’t adequate. This failing explains the rise of root9B, the No. 1 firm on Cyber Security 500’s annual ranking of innovators–ahead of IBM, Cisco, and other tech giants. The five-year-old company relies instead on “manned information security.” Its analysts engage in code-code-code combat with cyber attackers inside corporate and government networks.
Staffed by elite former military and intelligence experts at the National Security Agency and other federal agencies, root9B identifies and shuts down hackers in action, usually within days of a breach. Because root9B’s analysts are invisible as they patrol a client’s network, the unwitting “adversaries,” as the company refers to them, are caught unaware.
The company’s war lingo is appropriate, not simply because of its military ties, but also because of how root9B views its work. “I would put cybersecurity as the No. 1 threat to the United States of America,” says CEO Eric Hipkins.
That threat–that battle–is constantly changing. The attackers try new tactics, pushing the defenders to keep adapting as well. “To be a successful cybersecurity professional, there needs to be a creative side,” says John Harbaugh, root9B’s COO. “You have to be able to look at a problem and see different solutions, things that nobody else sees.”
–- Chuck Salter, Senior Editor