Cyberattacks against the government and companies have increased, experts say.
Growing concerns over cybersecurity vulnerabilities in the United States are prompting record investments from firms to protect critical industries.
FBI Director Christopher Wray said last month that intelligence officials were “concerned” about the possibility of Russian cyberattacks against critical U.S. infrastructure in the wake of Russia’s war with Ukraine.
“The reason we’re concerned about it is not just based on our longstanding understanding of how the Russians operate, but it’s actually the product of specific investigative work and surveillance work that we’ve been doing all together,” Wray told an audience at the Detroit Economic Club in March.
Wray’s comments came a few weeks before Tuesday’s announcement that Goldman Sachs planned to expand its reach in supply chain cybersecurity, investing $125 million in a strategic partnership with a company that serves energy, government and aerospace and defense accounts.
Nikhil Gupta, a professor with New York University’s Tandon School of Engineering, who is affiliated with the NYU Center for Cyber Security, told ABC News the investment was part of a growing trend.
Over the past year, several private investment firms have invested hundreds of millions of dollars in cybersecurity. Former U.S. Treasury Secretary Steve Mnuchin’s Liberty Strategic Capital spent $525 million to acquire mobile security vendor Zimperium last month; Turn/River Capital acquired security policy management firm Tufin for $570 million earlier this month; and software security giant McAfee sold its Enterprise business to Symphony Technology Group for $4 billion dollars in March 2021.
Gupta noted that “more than 70% of manufacturing is conducted by actually small and medium-sized companies, and these companies don’t have resources to invest in upgrading their computers or, or implementing cybersecurity solutions.”
He added, “A lot of times they are manufacturing companies and they just don’t have expertise to even understand the value of electronic files which are transmitted to them.”
Goldman Sachs billed its $125 million investment as part of a new strategic venture with Fortress Information Security, a company responsible for securing 40% of the U.S. power grid, as well as assets in critical manufacturing and the nation’s defense industries.
Fortress is seen by industry insiders as one of the nation’s leading cybersecurity providers for critical infrastructure organizations with digitized assets. The company says its platform is focused on allowing customers to manage their outside vendors, assets and software as a part of their supply chains. The firm also maintains a central repository of security information shared by utility companies across the country.
“The depth and breadth of the Fortress platform are unmatched and we believe there is a meaningful opportunity to accelerate,” Will Chen, a managing director for asset management at Goldman Sachs, said in a statement about the new venture.
Chen noted Goldman Sachs’ investment will allow Fortress to expand its platform into “product adjacencies, including software and hardware bill of materials, workflow orchestration, and additional analytics and reporting capabilities.”
Gupta, the NYU professor, said the hefty investment was a start and “this investment should not be just one time.”
“No amount of investment is enough, and you can look at the attacks that’s happening and the targets that you have to save like nuclear power plants, and the supply chain for other kinds of manufacturing goods, which goes into billions of dollars,” he said.
Fortress Chief Operating Officer Betsy Soehren Jones told ABC News that the company’s “biggest risk right now is with small and midsize companies in the United States because they don’t think about cyber the same way that they think about a CPA or hiring a law firm or HR or anything else.”
“This can’t not be part of what they spend money on, but they don’t and so they become the biggest targets because of the information that they have,” she added.
Retired Navy Rear Admiral Mark Montgomery, a senior director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, told ABC News “the big issue is that we are vulnerable.”
“We know we’re going to be compromised. The question is, can we mitigate the impact of it and recover from it rapidly? That’s where investments are needed. That’s why investments like this one contribute to improve cybersecurity,” Montgomery said.
In recent years, the number of cyberattacks — specifically ransomware attacks — against the government and private companies have increased, Homeland Security Secretary Alejandro Mayorkas said last year at a U.S. Chamber of Commerce event.
One of the biggest vulnerabilities is linked to a commonly used piece of software called Log4j, a utility that runs in the background of many commonly used software applications, according to Homeland Security’s Cybersecurity and Infrastructure Security Agency. Log4j is widely used across the internet — from cell phones to e-commerce to internet-connected devices in homes and offices.MORE: DOJ official warns companies ‘foolish’ not to shore up cybersecurity amid Russia tensions
“This vulnerability, which is being widely exploited by a growing set of threat actors, presents an urgent challenge to network defenders given its broad use,” CISA Director Jen Easterly said in a statement in December.
Soehren Jones says the Goldman Sachs investment will allow them to address these types of vulnerabilities faster.
“The speed at which you answer these things is so critical. That’s what this is going to do…it’s going to be able to put us on warp speed when it comes to a response,” Soehren Jones said.
With the investment, Fortress said it plans to double in size in a year, growing to 400 employees.