It might not be as well-known as fintech, as glamorous as consumer-level tech, or as buzzwordy as blockchain, but cyber security is undeniably one of the fastest emerging areas of tech globally.
According to a report from Cybersecurity Ventures, global cyber security spending is set to exceed $US1 trillion ($1.35 trillion) between 2017 and 2022. Back in 2004, the global cyber security market was worth just $US3.5 billion, and by 2022 is predicted to be worth over $US120 billion.
Closer to home, there has been a slow uptick in the number of venture capital funds getting on board with cybersec investments, and recently the Victorian government pledged $450,000 to back cyber security accelerator CyRise.
“Victoria is fast becoming known as the best location in APAC for the cyber security industry,” CyRise head Scott Handsaker told SmartCompany last year.
So with the global industry set to boom, who’s kicking cyber-goals in Australia? We’ve made a shortlist of nine startups we think you should know about.
Methods of verifying user logins and providing another layer of security for individuals are essential, but far from perfect. Often known as two-factor authentication (2FA), its use has become more commonplace for digital logins in the last decade, but the method of using it has remained largely the same.
This is where TokenOne comes in, with the startup developing an authentication system for companies and individuals that creates unique, uncrackable, one-time codes for authentication. Instead of needing to use authentication apps and enter in a different code each time authentication is required, users just put in a single pin and TokenOne’s app generates a unique password for each use.
This also cuts down on users needing to remember hundreds of different passwords for different sites; instead they only need their pin and their smartphone.
Last year the startup was selected by the United States National Cybersecurity Centre of Excellence to work with a consortium of other startups to improve issues of identity theft and fraud.
Imagine if you could predict and track breaches in your system before they even occur?
While that’s not exactly how cyber security and risk analysis startup ResponSight works, it’s not far off. The startup, which raised a $1.15 million seed round in 2016, tracks users and employees’ behaviour as they use a system, building a ‘typical’ profile for them of how they interact.
The software works on the premise that a malicious actor or a hacker using the system is likely to act differently to however a typical user acts, meaning ResponSight’s software is able to detect the change and warn the business of the potential breach.
“In my 25 years of consulting the reality dawned on me that there was no real link being made between the end point — the machine the user was on — and the activity of the attacker,” ResponSight chief executive Jeff Paine previously told SmartCompany.
“A few years ago I came up with the idea of effectively identifying the ways behaviours can be profiled on end points. We can’t tell who the end user is, but we can tell that user X is still user X or if they are behaving like someone else entirely.”
One of the fastest-growing areas of cyber security is that of bug bounties: rewards for ethical hackers and programmers who find holes in companies’ security systems.
Google alone has dished out over $US3 million ($4 million) in bug bounties last year, and hackers can earn anywhere up to $30,000 for solving just one bounty, although the average rests at around $2,000.
Homegrown startup BugCrowd is a facilitator of such bounties, allowing companies to connect with a set of trusted “good” hackers who seek out and identify vulnerabilities before the “bad” hackers do the same.
The startup has been a local success story for some time, raising numerous rounds of funding and locking in bounty partnerships with companies such as Tesla, NetGear, and Pinterest.
Earlier this year, the startup revelled in a $US26 million ($35 million) Series C funding round, led by Triangle Peak Partners and contributed to by Aussie VC Blackbird Ventures.
“The appetite for what we’re doing is very widespread and you combine that with this whole cyber security story in general, which is strapped to a rocket at the moment,” co-founder and chief executive of Bugcrowd, Casey Ellis, told SmartCompany in 2015.
Two years ago, local password security startup Haventec was kicking goals, having signed on Macquarie Group and other notable international clients, and with an initial public offering in its sights.
A couple of years later, things appear to have died down somewhat for the startup, which is led by Ric Richardson, a famous Aussie inventor who owns a number of key security patents worldwide. In 2011, he was awarded $US388 million ($456 million) against Microsoft after the company infringed one of his patents.
Haventec aims to stop the centralisation of passwords, credit card info, and other sensitive data by decentralising authentication across users, their devices, and the Haventec servers. No sensitive data is ever stored on a business’ server in this situation, reducing risk for all parties.
Certainly not just another cog in the machine, this local cybersec startup has the backing of some of Australia’s biggest names in tech, including Atlassian’s Mike Cannon-Brookes and VC fund Rampersand. It raised $3.5 million in Series A funding last December.
Cog Systems’ product was developed in 2014 by chief executive Daniel Potts after he grew concerned about the number of Internet of Things-enabled devices and their poor level of protection against cyber attacks.
Along with providing embedded baseline-level security solutions for a range of IoT-style devices, the startup also endeavours to work closely with manufacturers to prevent security risks and to help them build cyber-resilience into their products.
“When we started talking with some investors, IoT was still a bit mystical. But we told them our story and that security was a huge problem that needed to be fixed or the system would fall on its face,” Potts told SmartCompany.
Cog Systems has worked with high name clients, including chipset manufacturers ARM, Qualcomm and Cisco, along with US government bodies such as the US Army and the US Department of Defense.
Cyber security startup Kasada has been going from strength to strength. Earlier this year, the startup locked in $2.5 million in funding led by big four Australian bank Westpac’s Reinventure venture capital arm, despite being founded just three years ago.
Twenty-two-year-old founder Sam Crowther was a former security consultant at Macquarie Group who became aware of an issue for businesses where cyber attackers would use bots and automation to pound companies with regular attacks and run regular data scraping programs.
Leaving Macquarie, Crowther went on to start Kasada and its product, Polyform, which detects and mitigates bot attacks on company websites and services. The product has an overall goal of disrupting the ‘business model’ of hackers.
“We’re making companies uneconomical targets. Cybercriminals don’t do this stuff for free, so if we make it too hard for them to break in, they’ll give up and move on,” Crowther told SmartCompany.
Kasada’s customers consist of a number of ASX100 and Fortune100 companies, says Crowther, but the founder is staying tight-lipped on exactly who.
Another successfully funded local startup, Forticode’s journey was fraught with difficulties, with founder Tony Smales telling SmartCompany earlier this year that he and his team were forced to totally rebuild their pioneering product.
That product, Cipherise, allows businesses to interact with consumers and clients through a mobile app that allows the business to choose how much of the user’s data is given to them, reducing risk for both parties.
“The problem space became how can we provide simple access to verify someone to be who they say they are, against the inconvenience of traditional security models, which can often leave businesses vulnerable to cyber attacks?” Smales told SmartCompany.
But after building their all-star product, Smales and his team found they had skimped on embracing a user-focused design and their product was difficult to use by both businesses and consumers. This meant, after multiple investment rounds, the team put “our entire tech stack in the bin” and started again.
Thankfully the bet paid off, and earlier this year Forticode closed a $1.3 million investment round from 40-year-old software business Pronto Software, which at the time was slated to help the startup finish building out its product. The startup was also recently chosen to be part of a delegation of cybersecurity startups to the RSA Conference in San Francisco.
“We want to have a shot at being the next Australian success story,” Smales told SmartCompany at the time of the raise.
If cyber security is an emerging industry, Entersoft’s recent focus on a specific slice of it might be the most emerging of all.
The company itself is no newcomer, having been founded in 2014 as a cyber security company with a focus on helping enterprise companies build strong, cyber-resilient applications.
However, Entersoft has recently popped back into the news after it revealed it had launched and protected over $1 billion dollars worth of initial coin offerings — a way of digitally raising money via cryptocurrency.
Business Insider reports the company’s ICO-specific security services had been operational for just 10 months, and disrupted more than 24 phishing sites and 17 fake Medium pages, along with auditing smart contracts for over 30 companies, including Aussie success story Havven.
“The majority of the hacks happen due to phishing scams through fake URLs and social media accounts, a lack of security around token sale websites or through exposing flaws in smart contracts,” co-founder Mohan Gandhi said.
“We have been able to successfully shut down these scams in all ICOs we have supported.”
Finally, encryption software provider Netcrypt is another prominent player in Australia’s cyber security sector. It provides private encrypted storage networks to businesses in Australia.
Additionally, the company provides a data loss protection service for companies that are at risk of being subject to a cyber attack, allowing them to roll-back the state of a server or hard-disk to the point before infection.
NetCrypt has received backing from LaunchVic through the CyRise accelerator.