The ever-increasing digitalization of our world has meant advances in technology that would have been unimaginable 30 years ago when the Internet first entered the popular lexicon. Created by the U.S. Government in the 1960s to build robust communications via computer networks, “Internet” as it was then called had no means of electronic mail, telephony or file sharing, which are the building blocks of today's world-wide web.
More recent inventions like e-commerce, cloud computing and the Industrial Internet of Things (IIoT) have transformed the way we do business and conduct our personal lives. We take for granted the ability to shop and bank online, have a constant cell phone connection either through broadband or wifi, stream music and videos, or talk to each other across thousands of miles through Skype and FaceTime.
Businesses now have the ability to bypass computer infrastructure to store and share reams of data previously limited by servers (cloud computing). The Industrial Internet of Things incorporates machine learning and big data to consistently capture and communicate information – providing companies with the ability for remote monitoring or sensing of machinery, and to pinpoint problems and inefficiencies sooner, thereby saving time, money and increasing quality control.
With all these advances in Internet technology, however, a dark side has emerged. The ability of companies to track customer buying habits has led to privacy invasions, from annoying pop-ups to Google ads that follow consumers around based on their searches. There have been cases of children and teens stalked on the Internet who are then exploited via cyber-bullying or threats of disclosing private photos or videos.
Nefariously, security breaches at major companies have allowed cyber-criminals to tap into databases and steal customer information including credit card numbers. Internationally, the ability of countries to spy on one other via Internet channels has even led NATO to draw up new rules on cyber-warfare that govern how countries can respond to state-sponsored computer hacks.
Computer hacking is proliferating for the most part due to a lack of cyber security. Cyber security systems and principles are designed to safeguard websites and web applications from attackers seeking to disrupt, delay, alter or redirect the flow of data. These attackers vary in target, motive, levels of organization, and technical capabilities, requiring public and private organizations to adopt ever-increasing measures to prevent cyber attacks.
Companies that can devise such security systems are currently in high demand, and worthy of investor attention. But first, an introduction into the world of cyber-hacking and the severity of the problem.
What is cybercrime?
Cybercrime is a crime that involves a computer and a network. The book Cyber crime and the Victimization of Women: Laws, Rights and Regulations defines it as “Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as Internet (networks including but not limited to Chat rooms, emails, notice boards and groups) and mobile phones (Bluetooth/SMS/MMS).”
With such a broad definition, and with the explosion of Internet connectivity (20 billion devices expected to be connected by 2020) it is no surprise that cybercrime has grown into a behemoth of a problem. An infographic by Visual Capitalist reveals that since 2013, over 9 billion records have been lost or stolen globally – with nearly 2 billion breached in the first half of 2017 alone.
These hacks come at a heavy price to their victims. Hiscox and Cybersecurity Ventures calculated that cybercrime cost the global economy $450 billion in 2016; they predict this number will reach $6 trillion in the next three years.
Lloyd's of London notes a single cyberattack can trigger $53 billion in economic losses, and pegs average losses after operating systems have been hacked at upwards of $29 billion.
While most people probably would regard terrorism as the greatest threat to the United States – say an attack on par with 9/11 – in fact Visual Capitalist cites a poll stating that cyberwarfare is the most threatening scenario at 45% compared to terrorism at 26.3%. And despite headline-grabbing news about North Korea, Kim Jong Un's missile launches ranked only 0.7% as a threat to the U.S. Climate change, China and Iran were all below 15%. According to the infographic, “the classic fear is that enemy hackers could infiltrate the power grid, shut down government agencies, and grind the economy to a halt.”
Types of cybercrime
On an individual level, incidences of cybercriminal activity vary from the feckless and amusing to the most sophisticated and untraceable. Among the low-tech are email scams like the “Nigerian letter” or other schemes enticing unsuspecting email users to send money to support false causes.
“Phishing” is an attempt to obtain sensitive information like passwords, or even to hack computers directly, by sending electronic messages disguised as if they came from a trustworthy source. Anyone who has received an email from a site disguised as iTunes or some other ubiquitous e-commerce provider, urging them to click on a link or attachment that looks legitimate, has been a victim of phishing. Spearphishing is the same as phishing except it targets specific individuals, usually based on their search history. The ultimate goal is to steal your money or information, or both.
Another common means of hacking the individual is malware. While related to phishing, in that the goal is to steal information, malware involves the surreptitious installation of harmful software that disrupts an electronic device's normal operation. More commonly known as a computer virus, hackers inflict malware by getting the user to install a program, which then executes a malicious code. Doing so could result in applications that capture keystrokes or even allow the user to be spied on by webcam, blocking access to files, forcing the user to make a payment (ransomware), bombarding a browser with ads, or even breaking essential components that render the device inoperable.
Hackers now have the ability to breach even the most seemingly impenetrable corporate and governmental facilities. One of the earliest and most famous examples is the “Stuxnet worm”. First uncovered in 2010, the malicious computer worm targeted SCADA industrial systems and was known for causing substantial damage to Iran's nuclear program. It worked by hitting programmable logic controllers (PLCs) which are used in factory automation, or centrifuges needed for separating nuclear material.
This past summer the FBI and the Department of Homeland Security warned that the U.S. energy industry has been targeted by hackers – including nuclear plants. The hackers known as Dragonfly, Energetic Bear or Berserk Bear tricked employees into opening Microsoft Word documents that harvest user names or passwords, reported the Financial Times. Symantec, the anti-virus software provider, warned that hackers could shut down parts of the electricity grid just as they did in regions of the Ukraine in 2015 and 2016.
There have been a number of cyberattacks on companies whereby the hackers stole information from customers stored on private servers. The biggest data breach in recent history occurred at Equifax, whereby the credit histories of 143 million consumers in the U.S. and half a million in the UK and Canada were affected. The breach caused the stock of the consumer credit reporting company to plummet 34%.
At Uber, the ride-hailing service was criticized for paying hackers $100,000 last year to keep secret a massive security breach that exposed data from around 57 million accounts.
Other well-known company hacks include those at WannaCry, HBO and Deloitte, the latter where 350 clients were affected including U.S. government departments, the UN and some of the world's biggest multinationals.
Even the exclusive Oxford and Cambridge Club on Pall Mall in London is not immune to cybercrime. At the end of November the club was hit by a data breach affecting its 5,000 members, who are alumni of the UK's two most prestigious universities. Members include comedian Stephen Fry, the Astronomer Royal, Lord Rees, and both the Prince of Wales and the Duke of Edinburgh, reports Computer Business Review.
The solution: Cyber-security
The increased number of hacks at enterprises and the threats to crucial industrial and governmental sites – both physical and virtual – has spawned a new cyber security industry.
Companies too are having their hard-earned intellectual property and customer information stolen from them by tech-savvy hackers. Here the playing field for cyber-security appears to be broad and long, with so many billions at stake. Even on an individual level, as advertising becomes more aggressive and intrusive, the demand for software and other products that safeguard privacy will continue to grow.
According to a report by Zion Market Research, the cyber security market is one of the fastest growing industries in the past few years and is expected to reach $181.77 billion in 2021, with a compound annual growth rate of 9.5 percent.
The 2017 report also indicates that North America is the world's largest market for cyber security, while emerging markets in Asia Pacific will have a huge opportunity.
The market is divided into network security, cloud security, wireless security and others, with network security dominating the market at 40% market share.
A 2016 report from Research and Markets pegs it even higher, at $202.6 billion by 2021 and a CAGR of 10.6%. That report also has network security dominating the market, along with aerospace and defence.
The Visual Capitalist infographic breaks the industry down a little bit differently, into security analytics, threat intelligence, cloud security and mobile security. Forbes notes that cybersecurity companies are continually innovating to remain focused on these four key growth areas.
The customers, of course, are companies, particularly large businesses intent on protecting themselves from data breaches and cybercriminals. According to a survey quoted in the infographic, 78% of senior managers will increase their cyber risk management spending over the next year. Another source says over 30% of online software sales will go towards security and privacy products.
In November of 2017 it was revealed that the Pentagon left exposed a database containing 1.8 billion documents. While no government secrets were contained in the stash, Wired comments that the fact the Pentagon used a third party to store its files and then mishandled the set-up “stokes concerns about its overall cyber-posture.”
In the wake of corporate and state-sponsored hacks, cyberwarfare and cyber security is now regarded as a top priority among governments especially those with the greatest financial, military and cyber resources: China, Russia and the United States.
A recent article in Huffington Post describes a future sci-fi type of military conflict:
“We are already witnessing the emergence of an array of technology that was only recently in the realm of science fiction. The emergence of weapons that will likely shape tomorrow’s wars range from cyberwarfare to drones and from AI to virtual reality to Virtual Terrorism. The wars of the future will include a global cast of characters fighting at sea, on land, in the air, and in two new places of conflict: cyberspace and outer space.”
While we may still be a ways away from something out of Star Wars, already we are seeing the major players preparing themselves. China's “Assassins Mace” program includes cyberwarfare, space warfare and other systems that could disability the fighting ability of the U.S. Military, states Huff Post.
Russia's focus, unsurprisingly, is on the control of information, with the purpose being to undermine truth and objective reporting, rather than concentrating on hacking and cyberwars. The strategy is a modern-day version of “the pen is mightier than the sword.”
The ongoing investigation over whether Russia interfered with last year's U.S. election is an example of cyber-thought control.
In the United States, the Administration of President Trump said right after inauguration last January that cyberwarfare is a top priority in taking on ISIS and other terrorist organizations.
“Cyberwarfare is an emerging battlefield, and we must take every measure to safeguard our national security secrets and systems,” reads a page from the White House website under Making Our Military Strong Again.
It adds that the government “will make it a priority to develop defensive and offensive cyber capabilities at our U.S. Cyber Command, and recruit the best and brightest Americans to serve in this crucial area.”
Trump made good on the promise by ordering hackers working for US Cyber Command to target North Korea's military spy agency, it has been reported.
Another expression of how cyberwarfare has become an entrenched part of military strategy comes via NATO, which for the past decade has been training and testing cyber defenders from across the Alliance. The Cyber Coalition cyberwar game now involves more than 700 people from across 25 NATO states, reports ZDNet.com; it took place in November in Estonia.
"Cyberwarfare is like a soccer game with all the fans on the field with you and no one is wearing uniforms." Marshall Lytle, Coast Guard Vice Adm.
Weapon of Mass Disruption
“RP: Given that there are very few countries with both the capabilities and motives to launch a large-scale cyber-attack, how do you respond to those who argue that the threat is being overstated?
EK: I’ll stick to the facts in my response, which are as follows. First, the militaries in different countries are busy creating dedicated cyber-units and coming up with cyber-weapons. Examples include China, the EU, France, Germany, India, North Korea, South Korea, Nato, the UK and the US. Second, industrial espionage incidents and acts of sabotage are no fantasies. Examples include the high-profile attacks using Stuxnet and Duqu, which were clearly backed by nation states. Third, news about carefully planned attacks is appearing at an alarming rate, to the extent that a new term has been coined for it: advanced persistent threat (APT).
There is no doubt that this is all just the tip of the iceberg. Whenever we uncover a new Stuxnet-like malicious program it turns out that: the malware accidentally “blew its cover” because of a mistake or oversight; it has been quietly “residing” in various networks for a long time already, and we can only guess at what it has been up to there; and many technical features of the malware and also the motivations of its creator are still a mystery.
Clearly, we’re sat atop a powder keg. The militaries of different countries are gradually turning the Internet into one big minefield. A single keystroke could unleash such chaos that nobody would be left unaffected. A misguided push of a button could bring everything to a halt – and not just computers. The chain reaction would engulf the real world as well as the virtual one. Infrastructure could be affected – including the potentially devastating sort like nuclear power stations. A network conflict could quickly escalate into a military one. And it’s no overreaction on the US’s part in its equating hacker attacks with an invasion – the country clearly understands the scale of the possible consequences. Indeed, the more we look at it, the scarier it gets.” The Digital Battlefield
“We worried for decades about WMDs – Weapons of Mass Destruction. Now it is time to worry about a new kind of WMDs – Weapons of Mass Disruption.” John Mariotti, author of ‘The Chinese Conspiracy’
As the daily headlines appear to demonstrate, the world is becoming more dangerous, not safer, as terrorist and criminal organizations figure out new ways to wreak havoc on civilians and governments alike.
“In the new cyber world order, the conventional big powers won't be the only ones carrying the cannons. Virtually any nation – or terrorist group or activist organization – with enough money and technical know-how will be able to develop or purchase software programs that could disrupt distant computer networks.” James Mulvenon, a founding member of the Cyber Conflict Studies Association
The new emphasis on cyberwarfare will naturally spawn new cybersecurity technologies to deal with this emergent arena of virtual fighting.
For all these reasons, cyber-security is a new and exciting area that all Ahead of the Herd investors should have on their radar screen. It is certainly on mine.
Is it on yours?
If not, maybe it should be.
By Richard Mills