This will be the worst year yet for cyberbreaches


VCJ Venture Cybersecurity Guest Column
Photo of computer virus concept courtesy of sarayut/iStock/Getty Images.

We haven’t had many high-profile cyberbreaches of late. But cyberwatchers shouldn’t let their guard down. Attacks tend to come in waves, and we’re overdue for a new one.

In November we learned that Marriott International/Starwood had been victimized, threatening the personal information of as many as 500 million customers. This occurred over a span of several years.

Five months ago, British Airways reported the theft of the credit-card data of 565,000 customers. But an attack last September isn’t recent and, of course, British Airways is not an American company.

The next spate of attacks could be the worst yet, however, because more effective malware will be deployed aggressively on more fronts, including at the ultrasophisticated nation-state level.

Compounding matters is that the use of AI, including machine learning, is accelerating as hackers look to scale the damage they inflict.

VCJ Cybersecurity
Robert Ackerman Jr

In addition, as companies increasingly adopt digitization to drive efficiency, they effectively set themselves up for cyberattacks. The more they do so, the more they become targets.

In 2019, look for AI-driven chatbots to go rogue; crimeware-as-a-service to increase substantially; the weaponization of data to accelerate, ransomware to resurge, and nation-state attacks to rise.

Also on a growth track is cryptojacking, a quiet and more insidious profit avenue that relies on invasive methods of initial access and drive-by scripts on websites to steal resources from unsuspecting victims.

Here are more details:

  • Ransomware resurgence: Ransomware made its debut as serious malware following the global WannaCry attack in 2017. According to the FBI, ransomware payments in the U.S. last year exceeded $1 billion. The healthcare industry is the biggest target. Look for the lull in this activity to end.
  • Data weaponization accelerates: Plagued by increasingly compromised privacy, tens of millions of web users have begun to seriously question the net benefit of the internet. Why? One excellent example is Facebook — not long ago the highly respected giant of social media and now a pariah in some quarters. In part, this reflects the company’s huge blunder last year in providing Cambridge Analytica with personal data on 87 million Facebook users.
  • AI-driven chatbots emerge: This is the year in which cybercriminals and black-hat hackers start creating malicious chatbots in a bid to misdirect users to click on illegitimate links. Attackers are also likely to take advantage of web-application flaws in legitimate websites to insert malicious chatbots into websites that don’t have them.
  • Crimeware-as-a-service: This new component of the underground economy will attack entire cities. Adversaries will use new tools that attack data integrity, among other things, disabling computers to the point that the hardware must be replaced. Many culprits will likely be terror-related groups. Making things miserable for the masses draws enormous attention.
  • Cyberattacks on satellites: In June, Symantec reported that an unnamed group had successfully targeted the satellite communications of Southeast Asia telecom companies involved in geospatial mapping and imaging. Symantec also reported attacks originating in China last year on a defense contractor’s satellite.

To be sure, the future isn’t entirely bleak. Corporations every year continue to increase cybersecurity budgets and they, alongside some state governments, are pursuing new steps to try to avert and mitigate damage.

Multifactor authentication, for example, is expected to become the standard for all online businesses, making password-only access an anomaly.

In addition, some states are likely to strengthen cybersecurity laws. California has already passed some tougher standards, effective in 2020.

These developments will not turn the tide on the growth in cyberattacks in 2019, but they could avert some breaches.

According to industry analyst Cybersecurity Ventures, cybercrime will cost the world $6 trillion annually by 2021. These damage cost projections are based on historical cybercrime figures, including recent year-over-year growth, a dramatic increase in hostile nation state sponsored and organized crime gang hacking activities, and a cyber attack surface which will be an order of magnitude greater in 2021 than it is today.

Given the costs of cybercrime, there is a very clear imperative for enterprise customers to continue to increase their expenditures on effective cyber defenses and for cyber investors like AllegisCyber to extend and expand their investments in new and more effective cyber innovation.

Robert Ackerman Jr. is founder and a managing director of AllegisCyber, a cybersecurity-focused venture firm with offices in San Francisco, and Fulton, Maryland, and DataTribe, a startup studio focused on cybersecurity and data science. Reach him at [email protected]