31 Dec Cybersecurity Update: Q4 2018 In Review For Investors
Cybersecurity Trends 2018: Year of Regulations and Breaches
Toronto, ON Canada — Dec. 12, 2018
While it has often been predicted that cybercrime damages will touch US$6 trillion by 2021, the impact is already being felt by individuals, companies and countries as a whole.
Major 2018 cybersecurity highlights include the introduction of General Data Protection Regulation(GDPR) in Europe in May, Facebook (NASDAQ:FB) suffering multiple data breaches, including the Cambridge Analytica Scandal, and cybersecurity emerging as a focal point for the US and many key organizations in the east.
On that note, the Investing News Network (INN) is taking a look back at the year that propelled the sector to the spotlight, with comments from industry analysts and companies. Read on to learn their thoughts on cybersecurity trends.
Cybersecurity trends 2018: Rise of cyber attacks
Steve Morgan, founder and editor-in-chief of Cybersecurity Ventures, said that ransomware has emerged as the default mode of attack for cybercriminals in 2018.
A Cybersecurity Ventures report states that ransomware damage is predicted to reach US$20 billion by 2021, and that it is set to attack a business every 11 seconds by the end of 2021.
“Ransomware solidified itself as the fastest-growing cybercrime,” Morgan told INN in an email statement.
Several other firms, including Symantec (NASDAQ:SYMC) and Cisco (NASDAQ:CSCO), have also said that ransomware attacks are on the rise. Symantec has indicated that attackers have now started to target mobile devices, while Cisco said in its annual report that malware has undergone an evolution, as seen with the emergence of network-based ransomware attacks.
Cisco states that network-based ransomware attacks have eliminated the “need for the human element in launching ransomware campaigns.”
Cybersecurity Ventures’ report highlights that 91 percent of cyber attacks begin with spear-phishing emails, which are used to infect organizations with ransomware, a point that Idan Udi Edry, CEO of Trustifi, seems to agree on.
Edry told INN that at the end of 2017 he expected that emails would be the main source of attacks and data breaches, and noted that 2018 proved him right.
“[It] doesn’t matter if cyber criminals used phishing or malware as their method of intrusion. I was correct in assuming attacks and data breaches would continue to start from email domains in 2018,” Edry told INN via email.
Edry highlighted attacks on major companies such as Adidas (ETR:ADS), Under Armour’s (NYSE:UAA) MyFitnessPal app, Facebook and Marriott (NASDAQ:MAR), and how they exposed the emails of hundreds of consumers.
However, Edry said that the critical attack this year was the email compromise of the top four National Republican Congressional Committee officials right before the midterm elections.
Cybersecurity trends 2018: Odds favor attackers
Edry said that a challenging aspect of the cybersecurity market was to understand what cybercriminals would be doing to target their potential targets.
“To keep track and follow the sophistication and level of strategies developed by the hackers,” he said. “Cybercriminals are always changing and inventing new ways to target consumers and businesses.”
Meanwhile, Morgan said that the cyber worker shortage is worse than many in the industry think.
“The delta between open cybersecurity positions and qualified candidates continued to widen — much to the surprise of many industry watchers and those in the community,” he said.
According to Cybersecurity Ventures, cybersecurity job openings will touch 3.5 million by 2021.
A report from Cyberseek, a firm that serves as a resource portal to the cybersecurity workforce, reveals that the total number of job openings in the US stood at 313,735 between September 2017 and August 2018.
The firm says the ratio between cybersecurity workers and job openings is currently at 2.3, while the national average for jobs is at 5.3 — highlighting the significant shortage of cyber workers.
Given the shortage of cyber workers and the fact that cybercriminals are continually finding new ways to target vulnerable people, odds certainly seem to favor attackers. However, Edry said there’s a way to overcome the odds of the situation.
“One way to ensure you’re on top of these strategies and as ahead as you can be, is to stay on top of all compliances and analyze recent attacks as much as possible,” he said.
Cybersecurity trends 2018: Attacks costly
With the shortage of cyber workers, and perhaps with companies lacking the tools to fight cyber attackers, 2018 may be remembered for data breaches that happened to major companies.
Facebook has been in the news all year long for numerous reasons, and has shared how it deals with cyber threats.
On November 14, Facebook revealed how it’s determining “who is behind cyber threat,” and detailed how it’s attributing an action to a particular actor.
As mentioned, another company that recently faced the wrath of cyber criminals is Marriott. This American diversified hospitality company suffered an extensive data breach that the company disclosed on November 30.
In a release, Marriott said that details of 500 million guests were hacked, and in the second week of December it was revealed that the breach was traced to hackers from China.
It’s crucial to note that breaches not only impact users, but also companies. A study from IBM (NYSE:IBM) notes that the average cost of data breaches is US$3.86 billion, a 6.4-percent increase from its 2017 report. It also reveals that the cost of mega breaches, which is in the range of 50 million accounts, is as high as US$350 million.
If the study from IBM Security is applied to Marriott, the figure is revealed to be upwards of US$3.5 billion.
In a filing with the US Securities and Exchange Commission, Marriott said that it was “premature” to estimate the costs related to this incident.
“The Company carries insurance, including cyber insurance, commensurate with its size and the nature of its operations. The Company is working with its insurance carriers to assess coverage,” Marriott commented.
Additionally, the company said that the attacks won’t impact its finances, and that it seeks to maintain its investment-grade rating.
However, in a quarterly filing in the first week of November, Marriot indicated that its cyber insurance might not be enough to cover its costs.
“[I]nsurance coverage may not be sufficient to cover all losses or all types of claims that may arise in connection with cyber-attacks, security compromises, and other related incidents,” Marriott said. “Furthermore, in the future such insurance may not be available to us on commercially reasonable terms, or at all.”
Cybersecurity trends 2018: Year of regulations
2018 will be also be remembered for the introduction of GDPR, and cybersecurity being a focal point in US defense policy.
“The reality of it is now setting in, and the realization of how it impacts any company globally that does business in the EU,” Morgan said on the topic of GDPR.
GDPR lets users to have more control over their personal data, with businesses benefitting from a level playing field with regards to the data that’s being gathered.
“Given the GDPR compliance that we’re abiding by, consumers are given more control and transparency of what personal information is being shared. This will regulate personal data collection and sharing in order to possibly reduce the numerous data breaches a year,” Edry said.
In the west, the US has been ramping up its cybersecurity act as the president’s budget for 2019 also includes US$15 billion for cybersecurity-related activities.
“Due to the sensitive nature of some activities, this amount does not represent the entire cyber budget,” the budget document says.
Cybersecurity trends 2018: Investor takeaway
While there has been an increase in regulations, 2018 was punctuated by data breaches across the globe from companies that are stalwarts in their fields.
With a severe shortage of cyber workers and with attackers finding new ways to target users, it remains to be seen if the odds will continue to favor cyber attackers.
Don’t forget to follow us @INN_Technology for real-time news updates!
Securities Disclosure: I, Bala Yogesh (author of this story at INN), hold no direct investment interest in any company mentioned in this article.
Editorial Disclosure: The Investing News Network does not guarantee the accuracy or thoroughness of the information reported in the interviews it conducts. The opinions expressed in these interviews do not reflect the opinions of the Investing News Network and do not constitute investment advice. All readers are encouraged to perform their own due diligence.
The Investing News Network® (INN) publishes InvestingNews.com as a destination web site for the investment community. We provide independent, trusted news and education for investors in over 40 targeted categories. Cybersecurity Investing News, published by Investing News Network, is a trusted source for the cybersecurity marketplace, and a Cybersecurity Ventures media partner.