The war in cybersecurity continues to escalate as more companies and governments fall prey to the onslaught of an invasion of information thieves. It is a worldwide phenomena that is costing companies billions of dollars in lost revenue as hackers make off with intellectual property, as well as personal information of employees and customers. Individual countries have begun to make a coordinated effort on a national level to combat this latest threat to the security of their respective governments.
The recognition that a new front has opened up in the endless theft of data at the corporate and governmental level, has gradually reached a crisis level over the last few years. There are coordinated efforts by foreign governments to steal information as well as private contractors in the same business. The skills set for individuals in this field have increased exponentially, as has the sophistication of the applicable software.
It has been determined that companies will discover that their security systems have been comprised, less than one third of the time on their own. In retail, internal monitoring provides results of about 5%. This provides an enormous opportunity for cybersecurity firms and investors in this industry.
There has been numerous hacking of customer accounts of some of the leading companies in the world. It finally reached public awareness beginning in 2013. Target the second largest discount retailer in the United States, had malware installed by someone in November, right before the beginning of the holiday shopping season.
As the Christmas season was in full swing it became known that some 40 million customers financial information, had been accessed illegally. An additional 30 million had other personal information stolen as well.
The dust had not even settled from the slow response of corporate officials at Target and the resulting bad publicity for the company, when American retailer Neiman Marcus announced in January of 2014, that more than 1.1 million customer credit cards had been exposed in a three month hack. It was revealed that the operation had begun the previous July and had continued for three months undetected.
The beauty supply chain Sally Beauty would be the next well known case. It would be discovered at the beginning of March in 2014. The company sells merchandise to salons, stylists, and customers who frequent these establishments. It soon became known that a total of 282,000 credit and debit cards from clients had been compromised and were now being offered for sale in underground market places.
Later that year the American based company of Home Depot would also fall victim to a breach in their data systems. The retailer of home improvement and construction products throughout the United States, Canada and Mexico with operations at more than 1,500 stores, saw some 56 million credit cards hacked and an additional 53 million customer e-mail accounts stolen. It would be the largest operation against a company to date.
After months of investigation by the company, law enforcement agents and hundreds of security personnel, it was determined that Home Depot had been infiltrated by some of the same tactic that had been used against Target. It would come from the hacking of an outside contractor’s electronic billing account.
What the public at large had not realized was this type of activity had been going on for years. A law had been passed in 2002 beginning in California, that customers must be contacted if their personal information has been stolen or somehow comprised. CardSystems Solutions a now defunct card processing company, holds the distinction of being the first major company to have to go public following a breach of some 40 million debit and credit cards accounts. This cyber activity was first discovered in 2005.
TJX would follow with some 94 million cards being comprised by hacking. The activity occurred from 2005 to 2007 and ended up costing the company $256 million USD (United States Dollar). Heartland Payment Systems had some 130 million accounts comprised. The hacking began in May of 2008 and would continue into 2009. The total cost to the company would be more than $130 million USD in fines, legal expenses and related outlays.
RBS World Pay which only involved 1.5 million cards became famous not for the number of accounts comprised, but rather the total amount of money stolen. The company is the payment processing arm of the Royal Bank of Scotland. About $9.5 million USD would be stolen in less than 12 hours in November of 2008.
Barnes and Noble a chain of book stores, was the first major operation involving point of sale terminals, according to investigations that began in 2012. There was the Canadian Carding Ring leading to the theft of $7 million USD by installing skimming devices on ATMs (automated teller machines) and POS (point of sale machines).
A number of card processing companies in India and the United States were hit with pre-paid card accounts. In this case, the limits of the accounts were raised and more than $45 million USD would be stolen before it was discovered.
Global payments located in the United States witnessed the comprise of some 1.5 million accounts. The payments processor would lose some $94 million USD from the costs associated with fines, fraud, investigative and remediation. The piracy occurred during the years of 2011 and 2012.
In November 2014, Sony Entertainment would join the list of companies that had confidential information comprised. In this case internal e-mails and correspondence would be made public to the embarrassment of employees and managers of the company. The case again stressed that any company was open to a cyber attack and it did not have to be financial in nature.
In June of 2015, the United States government acknowledged that more than 21.5 million current and former federal employees had their personnel files stolen through the Office of Personnel Management. Although the government will not identify China officially, the data breach is embarrassing and once again demonstrates that no security system is above being comprised.
In this case, analysts surmise the cyber attack was done in order to provide personal information that will be helpful to foreign intelligence services. The data can be used to uncover American operatives overseas and possibly be used as a tool for the blackmailing of government officials.
It has now been estimated that the financial harm done to government and private sector networks is growing at an alarming rate of 15% annually. As the rate and skill of the hacking escalates the measures taken in cybersecurity in the United States, Europe, Asia and elsewhere continue to lag behind.
The most damaging are those enterprises that are financed and promoted by foreign governments with China and Russia leading the pack. These two nations regularly recruit the most technologically adept citizens to be part of their national intelligence services. It was reported for example, that hackers from Russia had even comprised an unclassified computer network at the White House, the official residence of the American president.
The amount of viruses and malicious software on the international market has grown exponentially over the last few years. All an organization needs now, is sufficient money to inflict massive damage to computer networks of individual companies, government institutions or even infrastructure.
The haphazard approach by the United States government in cybersecurity is becoming increasingly problematic. It is a $10 billion a year expense and is progressively under delivering on closing security gaps in government systems. Cybersecurity has now become a major issue and a threat to the safety of government systems all the way to the Department of Defense. It is most likely that an coordinated agency will now be established much like Homeland Security was set up, following the terrorist attacks in the United States that occurred in 2001.
Other nations will soon follow suit, as it becomes clear how much damage can be inflicted in a relatively short period of time. Most nations have computer networks that can be easily comprised not only at a national level, but locally as well. It would not be too difficult for a coordinated computer effort in bringing down a regional communications or transportation hub. A strike against the power grid for example, could bring a national economy to the point of collapse within a relatively short period of time.
Most recently it was reported that cars made by Fiat Chrysler were open to a loophole that let two hackers take control of a moving Jeep sport utility vehicle. It highlights again how dependent and interconnected modern technology has become to different computer networks. Of course, the company is now offering a patch to this vulnerability. However, it shows how vulnerable the most innocuous systems can be to the ongoing battle in safeguarding computer systems.
The almost simultaneous computer failures at the New York Stock Exchange, United Airlines and the Wall Street Journal’s website in the United States on July 08th, have only heightened fears of the exposure computer networks can have to an outside attack. Although it has been reported that none of these three cases actually involved hacking, it demonstrated the public anxiety about the cybersecurity issue in general.
The increasing threats to the global communications network will lead to a massive expansion in cybersecurity, which will bring enormous new profits to those firms involved in this rapidly growing industry. Given the surging demand for the services these companies offer, it will permit a number of competitors in the industry to do very well in this relatively new lucrative market. It is a tremendous new opportunity for investors.