Peak Breach — Could 2019 be the Year All Digital Data is Lost to Cyber Criminals?
You would be hard pressed to find any commentator from the cybersecurity community who doesn’t think 2019 will be as replete with mass breaches of consumer data as 2018. Indeed, the natural logic of the continued exposure of consumer data suggests the more that is lost the greater the effectiveness of the attacks. This then leads to more loss — a closed loop of breach and further attack leading inexorably to a point where all data is lost.
Facebook has shown the value of a massive dataset focused on individuals, allowing for the targeting of advertising. This same data set is now migrating over to global cybercrime allowing for the focused targeting of malware.
This all leads to a disturbing uroboros effect where massive insecurity eventually eats all the users of the internet.
This moment of peak breach when all data is lost is potentially emerging and 2018, was certainly another waypoint on the way to this future. Credit agencies, hotel chains, social networks, government and a myriad of companies trusted to hold our data spent 2018 apologizing for losing it.
Of course, the future is not yet written, and peak breach might remain only a theoretical position. And much as the idea of peak oil (a moment when maximum oil production is reached) galvanized the world into considering other fuel sources, society may start to take cybersecurity more seriously as the potential annihilation of the internet-based economy comes into view.
The internet economy relies on either distributed or centralized trust. We either Trust in Big Tech or each other. A continuous rise in data breach or misuse breaks the trust essential for the internet to work.
2018’s significant set of consumer breaches, bookended with the Marriott hack has served notice to most consumers that their data is in someone else’s hands and often someone they didn’t authorize to have it. This combined with the drumbeat of news surrounding the use and misuse of data held by large tech companies and the startling effect on individual privacy has created an awareness from consumers that they have a problem. However, most consumers are overwhelmed by the subject and descend into inertia rather than action. This is partly, due to the lack of effective security remediations available or known to most people.
To stave off peak breach, security solutions need to be made more available, easy to use and more sophisticated to meet this need. No easy task as security is usually one of those three things not all of them at once.
The predictable continued rise in attacks in 2019 following on from 2018, will allow for rapid innovation and data mashups on the side of attackers.
These are three types of attacks I expect to increase in 2019:
- More targeted delivery methods from richer data sources will allow bad guys to increase their click rate and infect more computers even if their underlying malware remains static in terms of its effectiveness.
- With the vast rewards available, malware attacks will continue and accelerate in 2019, leaving individual consumers exposed to both more effective targeting and more sophisticated malware. (2018 saw a massive jump in the sophistication of low-cost malware entering the eco-system).
- New methods of cyber theft will emerge and illustrate the innovative flow of R&D on the side of cybercrime.
- Cryptojacking was relatively unheard of this time last year but emerged as a way of hijacking CPU power to mine cryptocurrencies.
- Adaptive malware was used to hijack global computing power to produce cryptocurrency in an inventive new method of theft.
- Zombie networks used for cybercrime aren’t new, but cryptojacking illustrates once more that cybercrime is never a zero-sum game. Somebody pays and mostly it’s consumers through in this case higher electricity bills, lost performance and the replacement of hardware.
The year ahead will continue to see consumers trapped in the digital cooking pot while the water is heating up around them. As the basic logic of consumer data breach and cyber attacker reward increases, not only the effectiveness of attacks against consumers but widens the spectrum of assets which can be stolen from individuals. Some consumers will be able to jump out of the pot before it boils while others unfortunately, will not.
“I have seen the cyber future and it is very much like the present, only worse.”
It’s a safe bet that 2019 will be worse than 2018 for individuals using the internet. Hope resides in the power of the effects of this threat to inspire a search for solutions to this pernicious and potentially devastating trend.