root9B’s Specialized Approach to Cybersecurity
Cyberattack: 21st Century Threat
Digitization has connected the world more than ever. In 2016, 6.4 billion digital items will be interconnected, while spending on the Internet of Things [“IOT”] will total $235 billion worldwide, representing 30% and 22% increases over 2015, respectively.[1] Cyberattacks on connected systems represent a threat to businesses, governments, financial systems, utilities, and consumers. Nefarious attacks are increasing at an exponential frequency.[2] On October 21, 2016, hackers shut down websites such as Twitter, Netflix, CNN and others in the U.S. and Europe, representing the largest Distributed Denial of Service [“DDoS”] attack in history.[3] The U.S. government is not immune to cyberattacks, with the 2015 data breach of the Office of Personnel Management [“OPM”] leading to the loss of 21.5 million stolen records and director Katherine Archuleta’s resignation.[4]
Cybersecurity: Opportunity for root9B
Eric Hipkins founded root9B in 2011 as the cyber division of root9b Technologies to combat cyberattacks for commercial customers and federal and local governments.[5] root9B hired leadership and technical teams with substantial experience in the U.S. Department of Defense [“DoD”], where they fought off attacks from the “nation-state cyber actors” that represent the greatest threat to both businesses and governments.[6] According to root9B, the average time that a cyber intruder spends in an organization’s network before detection is 229 days, during which time the hacker “enters and stays hidden while extracting information of value.”[7] The core of the company’s product offering is a subscription for Manned Information Security, in which root9B’s ex-DoD employees identify potential vulnerabilities and monitor those vulnerabilities 24/7/365 for potential intrusion. After detecting an intruder, root9B’s Adversary Pursuit Center proactively defends the customer’s network to neutralize the hacker before he or she can extract any information.8 root9B also offers training to customers’ security and risk management professionals.8
Although still a small company, root9B’s unique, human-centered aggressive intrusion defense product has drawn the attention of industry experts and customers. Cybersecurity Ventures named root9B its #1 company in the Cybersecurity 500, root9B’s fourth consecutive quarter at #1.[8] Commercial businesses and government organizations are also seeing the power of root9B’s product offering. In April, the company signed a “multi-year, $2.8mm contract with a leading financial institution.”[9] root9B’s core customer base, however, remains government and public institutions, evidenced by $12mm of contracts signed in 2016 with the Department of Defense,[10] the U.S. Air Force Academy,[11] and U.S. CYBER COMMAND,[12] among many others.
Challenges and Next Steps for root9B
root9B has created a unique, exciting business model with a highly specialized product offering in a vastly growing market. Cybersecurity Ventures projects spending on cybersecurity to balloon to $1 trillion from 2017-2021, and cybercrime will cost the world $6 trillion annually by 2021.[13] root9B is therefore well-positioned to take advantage of the growing cybersecurity trend.
root9B must overcome two current challenges in the coming years: small scale and scalability of its business model. The company is a tiny, albeit cutting edge, player in the cybersecurity market today, and it needs to gain market share with commercial customers such as financial institutions who have trillions of dollars vulnerable to hackers. root9B must also determine how to scale its business. Currently, the company employs eighty11 with elite backgrounds in DoD cybersecurity. It will be hard to continue to hire such talented employees from a small talent pool, so the company must build a less-manual, yet still effective, product offering to sell to all but its most vulnerable customers.
(Word Count: 758)
[1] “Gartner Says 6.4 Billion Connected “Things” Will Be in Use in 2016, Up 30 Percent From 2015,” Gartner, Inc., November 10, 2015.
http://www.gartner.com/newsroom/id/3165317
[2] “The Growing Threat of Cyber-Attacks on Critical Infrastructure,” Daniel Wagner and Bailey Schweitzer, Huffington Post, May 24, 2015.
http://www.huffingtonpost.com/daniel-wagner/the-growing-threat-of-cyb_b_10114374.html
[3] “DDoS attack that disrupted internet was largest of its kind in history, experts say,” Nicky Woolf, The Guardian, October 26, 2016.
https://www.theguardian.com/technology/2016/oct/26/ddos-attack-dyn-mirai-botnet
[4] “A look at recent data breaches and how the government is reacting,” Josue Ledesma, Security Scorecard Insights & News, April 14, 2016.
http://blog.securityscorecard.com/2016/04/14/big-us-government-cybersecurity-problem/
[5] “Company Overview of Root9B LLC,” Bloomberg.
http://www.bloomberg.com/research/stocks/private/snapshot.asp?privcapId=251856208
[6] “root9B: About,” root9B.
[7] “root9B: Services,” root9B.
https://www.root9b.com/services
[8] “World’s Hottest Cybersecurity Companies to Watch in 2017,” Cybersecurity Ventures, November 15, 2016.
http://cybersecurityventures.com/press-release-cybersecurity-500-q4-2016-edition/
[9] “root9B Announces Strategic Cyber Defense Contract with Financial Institution,” PR Newswire, April 6, 2016.
[10] “root9B Awarded Department of Defense and Critical Infrastructure Contracts,” root9B Press Release, root9B, October 20, 2016.
[11] “Colorado Springs Company Joins Forces with Academy to Counter Cyberattacks,” root9B Press Release, root9B, November 1, 2016.
https://www.root9b.com/newsroom/colorado-springs-company-joins-forces-academy-counter-cyberattacks
[12] “root9B Awarded Subcontract Supporting U.S. CYBER COMMAND,” PR Newswire, June 3, 2016.
[13] “Cybersecurity Market Report,” Editors at Cybersecurity Ventures, Cybersecurity Ventures, Q3 2016.
http://cybersecurityventures.com/cybersecurity-market-report/
Great article!
With the transition of businesses, governments, financial systems, utilities, and consumers to an increased reliance on digital solutions, I cybersecurity is certainly a significant opportunity as you mentioned. I agree that root9B must overcome its size and that this may be particularly tricky.
I wonder if they can address this talent deficit by partnering with educational institutions and creating a feeder program, or if they could grow their global business and recruit the available talent in other markets (I see they have offices in Dubai, Hong Kong, and London).
Interesting article! I also agree scaling is a major challenge for the 80 personal company.
A great source of elite cyber-security experts could come from foreign ex-military special units. One example is Israel’s 8200 unit which by now is well known in the startup world.
[http://www.forbes.com/sites/richardbehar/2016/05/11/inside-israels-secret-startup-machine/#60f4aaee157d]
Many who served in the unit go and start their own cyber security ventures. If companies such as root9B tap in to the unit’s network there is much to gain. As mentioned in the prior comment, the company has some offices overseas. Expanding to Israel sound like a great option for cyber security company looking to scale.
Fantastic article Will! As a casual listener of Eurotrash Security Podcast, I feel like cybersecurity should get more visibility than it already does. You mention that the next steps would be gaining market share: what are the main competitors that the company should be focusing on? Further, it seems that they provide comprehensive services: risk management, compliance and energy and control solutions and that they serve a number of Fortune 500 companies. TS brought a good point: in order for them to expand, aside from investing in finding new clients, they could “source” specialists by investing in educational programs that equip students with the skills necessary to work in the cybersecurity space. Excited to follow the progress of this company!