Cyber in Review
Friends of Paladin:
At the end of 2017, our firm held a roundtable with leaders in cybersecurity representing local think tanks, law firms, universities, and U.S. Government agencies. During our discussion, we reflected on some of the more important events that occurred in 2017 and what new trends we anticipate coming to fruition in 2018.
Given the importance of this conversation, we want to share with you some of these insights in our Annual Cyber Year in Review.
Cybersecurity Trends in 2017
In 2017, criminals realized the best way to crack the safe was to hack the safe. Hackers were heavily focused on reaping financial rewards, targeting lucrative industries like healthcare, entertainment, and energy. Their preferred methods? Ransomware and extortion.
First, we witnessed one of the largest and widespread ransomware attacks by the Wanna Decryptor (WannaCry). Between May 12-15, WannaCry struck almost 200,000 government, hospital, and business systems in over 150 countries. Hackers reportedly used stolen information from the National Security Agency (NSA) to access a vulnerability in Microsoft Windows. They demanded hundreds of thousands in Bitcoin from each target. One of the more notable victims was the UK’s National Health Service – sending shivers down the spines of healthcare providers around the world.
Two months later, Game of Thrones fans were panicking after they had learned a hacker had stolen 1.5 terabytes of information from HBO. The hacker demanded over $6 million in bitcoin and threatened to release unaired episodes of HBO’s most popular show if it refused to pay. HBO wasn’t alone. In August, a hacker released unaired episodes of Netflix’s “Orange is the New Black” after the company refused to pay hundreds of thousands of dollars in Bitcoin.
When extortion hackers were unable to dig-up valuable intellectual property, they pivoted to other sensitive material – embarrassing emails, employee information, patient records, and general corporate strategies. No industry was spared; almost every sector has suffered from this rise in cyber extortion.
Finally, hackers continued their strong interest in government and finance. This year’s “earthquake” was Equifax, impacting over 143 million people in the United States and UK. The credit reporting company lost customers’ credit card and bank account numbers, as well as personal identifying information. Equifax’s stock lost almost $4 billion because of the crisis.
Meanwhile, state actors were interested in France and Germany’s 2017 general elections. In March and April, hackers attempted to infiltrate the computer systems of Germany’s top political parties. In France, hackers were ultimately successful, leaking thousands of President Emmanuel Macron’s emails days before the first round of the French election to give Marie Le Pen an advantage.
The beginning of 2018 has not shown any relief from hackers seeking to steal, disrupt and destroy.
Paladin’s Year in Review
This past year was a productive and rewarding year for Paladin in many facets of our organization. We maintained our status as the recognized leader in Cyber investing and continued to build upon our proven strategy of prudent investing. Important milestones were achieved as we continued to expand our global footprint. Our offices in both London and Luxembourg helped us achieve our goal of expanding our network and increased deal flow in many important ways. Our relationship with some the finest entrepreneurs in the marketplace helped many of our portfolio companies reach unparalleled growth and success in 2017. Highlights from this past year include:
In April, we announced that we would join with the European Investment Fund and the Luxembourg Future Fund to invest in EU based Cyber Security firms. The European Investment Fund (EIF) has proved to be an excellent partner in supporting our efforts to identify and finance cyber companies throughout the EU.
Also in April, SAG member Dr. Mary Aiken was inducted into the Infosecurity Europe’s Hall of Fame. She was recognized for her long-term contribution to information security sector as expert in Forensic Cyberpsychology.
In October, our Managing Director Lt. Gen. Ken Minihan USAF (Ret) chaired a symposium of renowned national cybersecurity leaders, including experts from past and current administrations, the US military, industry, and academia for a discussion of the past, present, and future of the security of our nations cyber infrastructure.
Throughout the entire year Paladin Managing Director and former Deputy Director of the NSA Chris Inglis travelled the world to spread the cyber security message including a keynote address at a critical cyber security conference in Israel. Chris has been an invaluable resource in identifying potential cyber investments and helping set priorities, themes and thesis for our investing.
With offices in DC, Silicon Valley, New York, London and Luxemburg Paladin’s deal team lead by Christopher Steed, Paul Conley, Mourad Yesayan, Ken Pentimonti, Gibb Witham and Tom Clute reviewed hundreds of potential deals during 2017. Deal flow remains very strong during the first quarter 2018. Paladin also added Nazo Moosa as Senior Strategic Partner Europe to help expand our efforts throughout the EU. Nazo comes to us through a partnership VT Partners and after serving for 12 years with the Carlyle Group in Europe as a member of the founding team for the Carlyle Technology Partners Europe.
Cyber Fund: In 2017, Paladin closed six new investments in our Cyber Fund. Importantly, we also participated in two additional rounds of financing for existing portfolio companies. Our new investments included:
- Karamba: In May, Paladin participated in Karamba’s $ 12 million Series B funding round. Karamba provides a comprehensive preventive endpoint security software product for automobiles. Paladin participated in the financing alongside Fontinalis Partners, Liberty Mutual, YL Ventures and Presidio Ventures.
- Panaseer: In May, we participated in the £2.5 million Seed round of financing for the company. Panaseer’s data lake and big analytics platform helps security teams gain continuous, joined -up visibility of cyber security posture. Paladin’s co-investors in the financing included Albion Ventures, Notion Capital, Winton Ventures, and Evolution Equity Partners.
- RiskLens: In May, Paladin participated in the $ 5 million Series A round of financing. RiskLens’ cyber risk management software helps C-level executives and Boards of Directors make better strategic decisions by financially quantifying cyber risk. Paladin participated in the financing with Osage Venture Partners, and Dell Technology Capital.
- Ursa: In October, Paladin led the $ 7 million Series A round of financing for URSA. The company is a Space 3.0 analytics-as-a-service company. URSA provides transparency to complex markets, enabling global operators in financial services, energy, industrial, and government sectors to make more informed decisions. Paladin was joined in the round of financing by New Enterprise Associates (NEA), RRE Ventures, S&P Global and other strategic investors.
- Inscripta: In February, Paladin participated in Inscripta’s $ 23 million Series B funding round. The company has developed technologies to massively increase efficacy/precision of genetic analysis for health, industrial, and bio- defense applications. Paladin participated in the financing alongside Venrock, Foresite Capital, NanoDimension and Spruce / MLS.
- GALT: in February, we participated in the $ 2 million follow-on financing of General Automation Lab Technologies. GALT has developed a benchtop instrument and microfabricated consumable “lab on a chip” that automates the laborious and error-prone work flow involved in isolating and screening for microbes in human, plant and animal microbiomes. The technology is key to developing critically needed new anti-biotics. Paladin’s co-investor was Formation8.
In 2017, we witnessed the maturation and growth in many of our portfolio companies, participated in additional rounds of financing and helped further position our companies for future exits. Some of those achievements are reflected below.
- PhishMe: Record setting growth and accomplishment was the hallmark of this past year from the company. The company continued to expand its product offerings, clients, and global footprint throughout the year.
- Bugcrowd: In 2017, the company accelerated growth, expanded both its executive team and global footprint. With new offices in London, Boston and Sydney, the company is well positioned to continue its growth trajectory. In August, Ashish Gupta took over the helm as the CEO and the company’s headcount tripled to over 100 employees.
- Endgame: The Company has been named a visionary in the most recent Gartner Magic Quadrant for Endpoint protection platforms. Importantly, due to its recent customer wins in the commercial and federal sectors more world class organizations are protecting their critical infrastructure with Endgames leading endpoint protection platform.
- 10x: In December, The Scientist included the Chromium system from 10x as one of the top ten innovations of the year. We participated in $20 million Series C led that was co-led by Softbank and Fidelity.
- Twist: In June, Twist announced it had completed a $60 million financing, with a total of $191 million raised since inception. The company reached a major milestone in October, announcing a supply agreement with Gingko Bioworks to provide 1 Billion base-pairs of DNA. The company also announced a partnership with Microsoft to develop new technologies to address large scale data storage.
Cybersecurity Outlook in 2018
Last year’s cybersecurity trends will continue to accelerate in 2018. The public and private sectors will both see a significant increase in ransomware software and extortive cyberattacks. Criminals had significant success with these methods in 2017 – so not only will there be a rise in attacks, but confident hackers will also increase proposed ransoms. Security professionals will need to be proactive in updating computer systems, strengthening cyber defenses, and backing up critical data.
In addition, the Internet of Things (IoT) will continue to play a large role in cybersecurity breaches around the globe. Smart devices are often the weak link in individual and corporate networks. Users rely on faulty passwords or use insecure networks, leaving IoT devices vulnerable to malware and botnets. IoT has expanded beyond phones, tablets, and watches. Amazon Alexa and Google Home are creating new points of entry and valuable data for malicious hackers.
In November, the U.S. will hold its 2018 midterm elections. In the months leading up to the 2016 Presidential election, hackers breached 21 states’ election systems, exposing thousands of voters’ information. This year, the U.S. Government is hoping to prevent any foul play – the Department of Homeland Security is planning to vet all 50 states’ election systems before Election Day, although no government wide approach has been articulated by the White House.
However, American voters are still concerned state actors could sew social discord, as we saw in Russian propaganda efforts on Facebook and Twitter. There is also growing concern around the integrity of local voting systems. While the Federal Government has offered to help protect election systems against cyberattacks, it is ultimately up to the state governments to prevent outside actors from attacking the electoral process.
Electronic voting systems are only one piece of U.S. critical infrastructure recently in the crosshairs of aggressive cyber actors. In addition to voting systems, state actors are also targeting the energy, defense, communications, and manufacturing sectors. This past summer, government reports detailed that hackers have been increasingly probing nuclear power operators, manufacturing plants, financial services firms, and energy facilities. An attack on any one of these sectors could create economic instability and long-lasting security concerns across the globe.
In December 2017, President Trump included critical infrastructure in his Administration’s National Security Strategy, arguing that cyber offers “low cost and deniable opportunities” for aggressors to “seriously damage or disrupt critical infrastructure, cripple American businesses, weaken U.S. Federal networks, and attack the tools and devices that Americans use every day to communicate and conduct business.” Over the next year, the U.S. Government will attempt to bolster critical infrastructure by identifying and prioritizing cyber risks, deterring, and disrupting bad actors, and improving information sharing between the public and private sectors.
In May, companies collecting information on EU citizens will need to comply with new rules around protecting data and privacy. General Data Protection Regulation (GDPR) will bring a strong set of regulations that hope to set a new standard for protection of citizens’ data. These mandatory regulations will lead to the adoption of many of Paladin’s portfolio company technologies in order to comply. This trend toward mandatory cyber defense requirements, we believe, will increase substantially over the next year further driving broader global adoption of cyber technologies.
We anticipate that in 2018 we will continue to prioritize building networks by collaborating with the finest and most dedicated professionals, partners, and entrepreneurs involved with the world of Cyber. We truly value our relationship with you and welcome your thoughts and comments. The commitment to the success of our partnership continues to be the top priority of the entire Paladin team.
Founder and Managing Partner