As shoppers grab bargains and swipe credit cards during the holiday shopping season that kicked off this weekend, the possibility of their financial information getting stolen in yet another data breach may well be on their minds.
It’s certainly in the thoughts of Patrick Morley, chief executive of Bit9 + Carbon Black, a Waltham cybersecurity firm. “Many, many companies are getting breached right now, as we speak,” he said.
The well-founded worries of both consumers and companies, intensified over the past year by data thefts from retail chains Target and Home Depot, are helping to spur the growth of a cluster of cybersecurity firms in the Boston area. These companies — at least 10 enterprises employing more than 1,000 people — are expanding, hiring, and attracting millions of dollars in investment.
Revenues at Bit9 + Carbon Black, for example, have grown an average of more than 60 percent in each of the past three years, company officials said. In addition, the company recently said it generated record revenues in the quarter that ended in September, and expects 2014 to be the best year since its founding in 2002.
The privately held company, which has raised some $120 million in venture funding, has added more than 100 employees since January, bringing total staffing to about 300. Bit9 + Carbon Black also plans to move to larger headquarters in Waltham next year, doubling its footprint.
“We’ve seen what I’d consider to be dramatic growth over the past few years,” Morley said.
The growth of companies like Bit9 + Carbon Black is driven in large part by soaring rates of cybercrime. Some 800 million individual records were stolen last year, according to a recent report from the Center for Strategic and International Studies, a Washington think tank, and McAfee, the antivirus company headquartered in Santa Clara, Calif.
Cybercrime costs the global economy $445 billion each year, the report estimates.
As a result, companies offering new ways to protect networks, devices, and applications are on the rise, said Maria Cirino, cofounder and managing director of .406 Ventures, a Boston venture capital firm that has invested in several of the region’s cybersecurity enterprises, including Bit9 + Carbon Black. The global cybersecurity market is expected to grow by nearly two-thirds over the next five years, to $156 billion in 2019 from $96 billion this year, according Markets and Markets, a Dallas research firm.
The increasing use of cloud computing and mobile devices, meanwhile, is creating more entry points for cybercriminals, security experts said.
With so many employees using devices from phones to tablets to laptops for their work, crucial intellectual property and financial information often leaves the building with little protection.
“The pure increase in the number and volume and velocity of the attacks is truly exponential,” Cirino said. “It requires a pace of innovation that is unmatched by any other technology.”
In the third quarter of this year, Kaspersky Lab of Woburn said, it stopped at least 1.3 billion attacks on its customers’ systems, up from 1 billion in the previous quarter. Those numbers reflect only the portion of the client base that agreed to report its data.
Kapersky sells applications that detect and stop malicious software, known as malware, used to disrupt computer networks and break into business systems and personal devices. Kapersky managing director Chris Doggett said the company experienced a 21 percent increase in its sales to businesses and 10 percent growth in consumer products.
“For us to be doing double-digit growth, it’s been a great place to be,” Doggett said.
Other local cybersecurity firms also appear to have promising futures. Veracode, a Burlington application security firm, raised $40 million in new funding in September and is headed toward a potential initial public offering of stock, perhaps within the next year.
The company, founded in 2006, has grown to 375 employees, up from 225 just 18 months ago.
Also in September, CyberArk, an Israeli company with US headquarters in Newton, completed an IPO on the Nasdaq exchange, raising $86 million.
Christopher Zannetos, chief executive of Courion, a Westborough cybersecurity firm, said he expects the industry to grow as highly publicized data breaches push corporate leaders to invest more to protect sensitive information. His firm helps companies manage who logs into their systems and what they do once there.
As long as cybercrime keeps growing, so will Courion and other companies that combat it, Zannetos said. “I don’t see any trend driving this market that is doing anything other than accelerating.”
Keeping hackers at bay
Large corporations aren’t the only ones who need to protect themselves from hackers. So some local security entrepreneurs offered advice on how avoid the most common errors individuals make online:
■ Organize: First up, group your passwords by function — social media, financial information, work — and use a different approach for creating passwords within each group. That way, if a hacker figures out your Facebook password, he won’t be just clicks away from your bank account.
■ Customize: It’s old news that your password shouldn’t be an obvious word (like “password”) or a pet’s name. Chris Doggett, managing director of Kaspersky Lab in Woburn, suggests going a step further and customize passwords by using rules known only to you. For example, you might add the first letter of the site’s name to the middle of the password. You will end up with passwords that are easy to remember but hard to crack.
■ Analyze: Before you click on or download anything, make sure you know exactly what you are doing. Do you know and trust the source? Does it have a valid security certificate? Tempting free games or fun apps are often just a hiding place for malware that will steal essential data.
Sarah Shemkus can be reached at email@example.com.