We continue our exploration of the murky world of cybersecurity (and cyber-offence) today.
Remember our thesis: it ultimately doesn’t matter if Russia hacked and leaked information that influenced the US election. What’s important is that more or less every major nation is engaged in a global cyberwar, 24/7. It’s the new normal. And it leads to opportunity, if you understand it.
What Donald Trump’s election does do is escalate things. It puts cyber-defence front and centre. And it highlights how urgent it is for nation states to have highly developed cyber-forces. More on that in a second.
Today I want to introduce a new voice to the debate. As part of our research into the broader cybersecurity story, we spoke to Steve Morgan, of Cybersecurity Ventures.
Steve is the author of a recent report called “Hackerpocalypse: A Cybercrime Revelation”. It neatly outlines the magnitude of the threat. We sat down with Steve for an exclusive interview. I’d like to share parts of it with you today for the very first time.
Firstly, Steve’s research makes it clear just what an important role cybersecurity is going to play in the future of the world economy, both militarily and commercially. Annual cybercrime costs are set to hit $6 trillion by 2021. According to the report:
[That] includes damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.
Which is why the world is going to spend more than $1 trillion on cyber-defence in that time. Cybersecurity is becoming the next trillion-dollar plus industry – and it’s getting there quickly. Again, understand how and where that money is going to be spent and there’s a huge investment opportunity on the table for you.
First – the scale of the threat. On a global level, every major nation is now incorporating cyber into their thinking. It’s hybrid warfare. As a 2016 Nato report put it, we defend ourselves on land, in the air and at sea. We also need military capabilities online.
Steve quotes Adam Segal’s book The Hacked World Order in his analysis. He explains just to what extent cyberspace is a global battlefield.
It was in 2012 that nation-states around the world visibly reasserted their control over the flow of data and information in search of power, wealth, and influence… The conflict in cyberspace will only become more belligerent, the stakes more consequential… We will all be caught in the fallout as the great powers, and many of the lesser ones, attack, surveil, influence, steal from, and trade with each other.
It’s that same idea again. We’re living in an undeclared global war. By that I mean no nation has declared war on another. We’re at peace with one another in reality and in a dogfight online. How long before that spills over into the “real” world?
No one can say. But what’s clear having spoken to an expert like Steve Morgan, is that the online world is getting more dangerous. That’s because of a move towards digitisation and connection with technology like the Internet of Things (IoT). As more real world industries move online, the risk of cyber-attacks morph from pure data breaches to something much more dangerous.
Is your hospital safe from “bad actors”?
According to some research by Gartner, a quarter of all cyber-attacks will be against the IoT by 2020. We put this idea to Steve:
It’s scary, I think. There’s a tremendous risk.
You can isolate specific industries. To give you one example, healthcare. Two or three years ago, healthcare was not even one of the top five most targeted industries. Today, it’s number one. It’s the single most targeted industry; healthcare, meaning hospitals and other healthcare institutions who treat patients and that could be small practices as well.
You walk into a hospital, everything is computer controlled. We’ve seen some problems already that have been widely reported but, I think, there’s much more going on that’s not reported.
So this past year we had a situation: in a Hollywood Presbyterian hospital, which is Los Angeles, there was a ransom incident. One of the employees in the hospital clicked on something that they shouldn’t have. It initiated a ransomware attack on the hospital. The Oncology Department, which basically treats cancer patients, was down for several hours. That puts lives at risk.
Staying on track there in the healthcare market, you have implantable medical devices: neurotransmitters, pacemakers, that are computer controlled. Everything is connected to the internet, or, I should say, everything will be connected to the internet. There’s a massive number of devices that are connected now.
In the past year we saw some high-profile hacks on cars. There were a couple of instances where Jeep Wranglers were hacked. One of them was taken off the road. Now, that was an intentional hack. It was planned out to see if it could be carried out, so it wasn’t malicious. It wasn’t targeted at hurting people but it proved that cars can be hacked, those Jeeps can be hacked.
Healthcare is particularly scary. It’s an industry that’s going to become even more digitised. That brings huge health benefits. It also creates risks. And a highly digitised healthcare system means we have to invest large amounts of money in order to defend and protect it. As Steve put it:
There’s two things at work here. Number one is what you just pointed out: what does the threat look like and are they under attack?
Then the second thing you have to take a look at is the preparedness of that industry.
So financial services is much more prepared for a hack than hospitals are. They’ve devoted a lion’s share of their budgets to electronic healthcare records, digitising, so they’re short-budgeted. They don’t have nearly the [amount of] cyber-security staff that other industries do and we’re also in the midst of a severe cybersecurity workforce shortage so it’s hard to recruit and retain that type of talent.
Perhaps we’ll come back to that idea in a future issue. How do you keep patient data safe online? Perhaps moving the data onto a distributed ledger like the blockchain. If that’s your area of experience and you have something to contribute, write to me at [email protected].
What this all means for you
There’s one underlying point to all this. It’s the reason I’ve taken the time to speak to people like Steve on your behalf. And that’s because in understanding what’s happening, you begin to see there’s an opportunity here. A big one.
As Steve put it, the cyber-defence industry is growing so fast it’s actually causing problems. It’s leading to staff shortages as the sector scales up faster than it can train people:
There’s a few reasons for this shortage [of staff]. One is just the sheer growth of the industry.
You know, cybercrime is growing rapidly. So you have the vendor community who is hiring; you have large corporations who are hiring. There’s just way too many jobs for way too few people.
On top of that, we’re not doing anything either here in our country – and I think this would be true globally too – to produce enough cybersecurity graduates who can take even entry-level jobs. Most of the top universities in the US who graduate computer science majors don’t require much in the way of cybersecurity. Some don’t even require a single cybersecurity credit.
So we’re not putting enough new people in the field and the cybercrime epidemic is growing, and as a result of that right now we’ve got about a million job openings that the world can’t fill. That’s going to rise to at least a million and a half by 2019, so it’s getting worse, not better.
That’s the kind of problem a rapidly growing industry like this has. Rapid doesn’t even come close to how quickly the industry needs to develop. By 2020 the world will need to cyber-defend 50 times more data than it does today. That needs to happen.
This isn’t just an opportunity. It’s a necessity. And investing in the pioneering firms driving that rapid growth along could be a great move.
I’m going to show you how. I’m almost ready to share all our research with you. I think there’s a chance to more than double your money on just one play. Keep a look out for my note about it.
Until next time,
Associate Publisher, Capital & Conflict