Infinite Group Inc.

IT firms see higher demand for their security services

IT firms see higher demand for their security services

By MIKE COSTANZA

Rochester Business Journal
January 22, 2016

Rochester-area firms are turning more and more to cybersecurity services to safeguard their data, customer information and networks.

“We’ve seen exponential growth with our customer base in the Rochester area,” says Trevor Smith, executive vice president of Brite Computers.

Cybersecurity services encompass a host of measures designed to protect computers, computer systems and digital communications networks from unauthorized access or attack. Demands for such services and products have grown over the past few decades and should continue to rise. The research firm MarketsandMarkets projected that the global demand for cybersecurity would reach $106 billion by the end of 2015—and come to $170 billion by 2020.

While the overall market for cybersecurity in the Rochester area is unknown, those working in the industry say business has been on the upswing. The huge thefts of customer credit card information and other data at Target Corp., Home Depot Inc. and Excellus BlueCross BlueShield boosted the market for cybersecurity products and services at firms like Pittsford-based Infinite Group Inc.

“Every time there’s a published issue stemming from some sort of event, it does cause some widespread fear and panic and inquiries as to what to do, how to do it,” says Andrew Hoyen, chief administrative officer of Infinite Group Inc.

Successful attacks can hit even large companies hard—Target recently agreed to pay as much as $67 million to Visa card issuers alone. Small to medium-sized companies can suffer even more.

“We’ve actually seen several companies go out of business as a result of being breached,” says Michael McCartney, president, CEO and co-founder of Buffalo-based Digits LLC, which also has an office in Rochester.

Hackers have also increased in number and proficiency, thereby driving up the need for increased digital safety. Criminals who once sent out millions of bogus emails in order to “phish” for personal information—passwords to online bank accounts and the like—can now “spear phish,” targeting individuals whom they believe have vital corporate information.

“They know an individual is the head of R&D (research and development) at a large organization, so they have access to critical stuff,” Smith explains.

Spear phishing hackers hooked a big one in 2013, when a contractor who had access to Target’s network clicked on a suspect email. As a result, they were able to steal the credit card information of up to 40 million of the retail giant’s customers. Such stories, coupled with increased business use of email, have helped drive up demands for cybersecurity.

“Most businesses use email as their main form of communication, so email spam and protecting people from (fraudulent) links and things like that on email is huge,” says Sitima Fowler, co-CEO of Capstone Information Technologies Inc.

At the same time, more and more employees leave relatively secure offices to conduct business outside over tablets, smartphones and laptops, resulting in a greater need for cybersecurity.

“Laptops need to be encrypted,” Fowler explains. “That means that if a laptop is ever stolen, people won’t be able to make sense of what is on it.”

Finally, local businesses’ and organizations’ computer systems and communications networks need to meet increasingly rigorous government and industry standards regarding data security and privacy. By doing so, they limit the risks of breaches and the legal and financial ramifications of those that occur.

Local firms meet their customers’ cybersecurity needs by a variety of means. Though some include them as part of general IT services, others specialize in helping their clients safeguard their systems and data.

Digits LLC offers proactive and reactive cybersecurity and Internet response services. As part of its proactive services, the company will assess the effectiveness of a firm’s security measures and take action to safeguard its data.

“We’ll look at their current infrastructure and their current security posture around the data they create, save and store … and make recommendations to increase or improve that security both from an outsider threat as well as from an insider threat,” McCartney says.

As part of that package, the firm provides software that can monitor a client’s systems in real time and signal when a breach occurs.

When hackers do strike, the reactive side of Digits comes to the fore. Company investigators use computer and digital forensics to try to discover what the hackers did, who they were and the kind and amount of data they stole—if any.

McCartney says the market for both types of services has greatly increased at Digits since 2012.

“It’s grown at least 60 percent, and no end in sight,” he says.

Responding to breaches of clients’ systems and similar incidents makes up about a third of GreyCastle Security’s business.

“Companies call us 4:30 on a Friday afternoon because there’s a couple hundred grand missing from a payroll account,” says CEO Reg Harnish. “We have teams of people who respond to those kinds of cyberbreaches and intrusions and theft and hacking.”

On the proactive side, the Troy, Rensselaer County-based firm identifies client’s security risks, builds programs or plans that reduce or eliminate them, and takes such measures as “penetration testing.”

“An organization engages us to essentially act like hackers—to break in and steal something of importance to that organization,” Harnish explains.

Business has grown by as much as 220 percent a year since GreyCastle was founded five years ago, according to Harnish. The firm’s employees used to commute to service Rochester-area clients, but GreyCastle recently hired someone in the area to do so. It is also in the process of opening a local office.

Brite Computers offers a broad range of cybersecurity services, including security assessments, data protection and assistance with meeting government risk-compliance standards. Business is on the upswing.

“We are seeing a huge growth in small and medium businesses because of the need for and the efficiency of the cybersecurity solutions,” he explains.

Small and medium-sized companies also make up a growing part of Capstone’s cybersecurity clientele.

“People are finding out that just doing things on their own is not enough,” Fowler says.

Capstone’s cybersecurity offerings include software, hardware and the technical assistance that companies need to protect their data and systems, both in the office and out in the field.

“We do the daily blocking and tackling to keep our clients safe,” Fowler explains.

Capstone’s ability to block-and-tackle has helped it double the amount of business it takes in via cybersecurity services over the past five years, according to Fowler. Nowadays, the provision of such services makes up over 50 percent of the firm’s business.

Cybersecurity also constitutes a major growth area at IGI, according to Hoyen.

“We’ve seen year-on-year growth probably in the 10 to 15 percent” range, he says.

One particular element of cybersecurity for which demand has grown in recent years is that of vulnerability assessment, which involves determining the security failings of internal and external Web and Wi-Fi systems. While companies generally conduct such assessments annually, ÜberGuard, a technology that IGI rolled out last December, allows them to do so in real time—and much more efficiently.

“It’s a vulnerability management solution that enables a customer to automate certain aspects of vulnerability management and the scanning of potential issues in their network, and then have canned reporting and dashboards, etc., at their beck and call,” Hoyen explains.

Hoyen, and others in the local cybersecurity industry, view the coming years with optimism.

“We are hoping to see 25 to 30 percent growth (year-over-year),” Smith says of his firm.

Mike Costanza is a Rochester-area freelancer.