Cybercrime is the good and bad news for Bala Cynwyd's booming BTB Security

The bad news in cybercrime is part of the good news for Ron Schlecht Jr.

A high flyer on the Philly 100, Schlecht's BTB Security is "again up another 300 percent" this year. The 24×7-cranking firm, based in Bala Cynwyd with branches in Chicago and Austin, Texas, is now approaching $7 million in annual revenues for 2017.

But being the bearer of bad tidings and continually putting out fires has to be stressful for this cybersecurity hawk, his 40-plus member warrior staff, and especially his clients, including "household-name enterprise-class businesses, two of the five major car manufacturers, and large financial institutions, plus a lot of mid-market, rapidly growing companies."

A shocking new global report on cybercrime from Accenture and the Ponemon Institute found that an organization, on average, will experience 130 security breaches this year, up 27 percent from 2016. And each attacked entity suffers an average cost of $11.7 million to manage and recover from these disruptions, losses of information, and revenue and equipment damage.

The highest-profile hacks — involving Target, Sony, Yahoo and Equifax — have awakened the populace to the perniciousness of cybercrime, said Schlecht. But that's just the tip of the iceberg. "People are now fearful, and ask me what should they do to protect themselves. I say 'Welcome to my level of paranoia,' " he shared with a laugh. "I've been living this, doing security for close to 20 years."

On the "bright" side, coping with the persistent efforts of global hackers aimed at businesses and home systems has become the new normal. Large advisory firms such as Deloitte and PwC and technology firms such as IBM and Dell are players in the security business, along with general IT firms such as  fellow Philly fastest growing 100 winners Total Technology Resources and Green Technology Services, which offer security as part of their "we'll-be-your-IT-department" pitch.

"People are finally realizing it's OK to admit you had a breach," Schlecht said. "Better to 'own' it now than to be found out later, to appear to have been hiding bad news. And while we used to say 'take care of the low hanging fruit' " — the security locks ripest for the picking — "now we say gather the fruit already on the ground. Sadly, in the Equifax case, multiple parts of the breach were very simple things they didn't secure correctly, elements in the systems left misconfigured or with default settings exposed that were easy to guess."

It's no coincidence that BTB Security's managed information security platform, named RADAR for Rapid Advanced Detection and Response — and its three-stage cybercrime fighting strategy, Detect, Defend, Defeat — have a whiff of law enforcement. Managing partner Schlecht completed a double major of criminal justice and computer science at Juniata College, class of 2000, and his first job out of school was as a cop in the same area, rural Huntingdon County, Pa. "I quickly realized that small-town police work was not where I wanted to spend my career. So I started up this company, with two partners and $50 in a bank account. And it's been quite a ride."

In BTB's initial "detect" phase of work with a client, Schlecht and colleagues take on the role of "white hat hackers" who worm their way into a company's computer system, looking for openings. "We take the path of least resistance. All we have to do is find one vulnerability, the foot into the organization's door, and then continue to exploit that, elevating or accessing privileges and continuing the hack from there. It's a cat-and-mouse game."

Just as the bad guys do, BTB  taps into "data dumps on the dark web" and social media sites such as  Facebook, where a company's employees might inadvertently let down their guard, posting the name of their first school or cat's name which they use as a system password or answer to a security question.

Once the security pros have exposed weaknesses, "companies realize they need to be constantly on guard, and entrust us with the job," said Schlecht, who said he finds his best employees from industry folks' referrals. "We become trusted trackers of their traffic, working out of our security response center, where we use a lot of visualization in our custom monitoring platform to pinpoint where communications are coming from.

"With artificial intelligence and machine learning, we baseline how and where the company is doing business, determine what's their 'normal.' Simultaneously, we're looking for oddities and piping-in security intelligence about viruses floating around the globe. If we're working for a regional bank and suddenly see traffic coming from China" — the No. 1 global cybercrime stronghold, he says — "we proactively block that the instant it comes in."

The bad-actor business is booming on many fronts. "Historically, the cybercrime coming from the Eastern bloc has been financially driven. But from China, India and Japan, it's more about stealing intellectual property, company secrets, pulling information about your business and products to  better compete."

Given the recent revelations of geopolitical disruption, one might suspect that Russia would be No. 2 on cybercrime's most-wanted  list, "but it's actually the U.S." at No. 2, said Schlecht. "Russia, overall, is No. 10 on the list." War-terrorist strongholds such as Iraq, Pakistan and Afghanistan hardly figure at all in the cyberassault epidemic, "but as we introduce infrastructure and technology, that will lead them down the path to perpetuate computerized attacks," he believes.

The Accenture/Ponemon study found that "malicious attacks" from inside a company are the hardest to detect, taking an average of 50 days to mitigate. "That's because these bad operators often have the keys to the system. It's like trying to find a spy in the FBI," said Schlecht.

Ransomware that locks up, say, a hospital's patient records, takes about 23 days to resolve. "The detection is quick, but the cleanup is long," he  noted.  "At one point, the FBI was saying 'you're better off paying the ransom because you'll get your information back.' That put everybody in the security industry in an uproar, because if you pay up, they could just hit you again. There's no honor among thieves.

"Honestly, the best plan for protection is to have good backup. We don't see any silver-bullet cures looming on the horizon to prevent hacker attacks. But if they steal your data, lock up or wipe your systems, having good backup systems means you can quickly restore what you've lost."