Samenvatting
The attack was caught before it could inflict harm. On 8 February 2021, hackers remotely accessed the city of Oldsmar's water treatment plant in Florida and changed the level of sodium hydroxide by 111 times. At these levels, the 15,000 residents would have fallen seriously ill. Luckily, the water never reached their homes - the Florida water treatment hack was foiled.
Introduction
The attack was caught before it could inflict harm. On 8 February 2021, hackers remotely accessed the city of Oldsmar's water treatment plant in Florida and changed the level of sodium hydroxide by 111 times. At these levels, the 15,000 residents would have fallen seriously ill. Luckily, the water never reached their homes - the Florida water treatment hack was foiled. 1
 |
Download the article here |
More recently - on 9 May 2021 - a hacker group called Darkside, launched a ransomware attack, which shut down an essential US energy pipeline.
The Colonial Pipeline transports 2.5 million barrels of refined petroleum products from the US Gulf Coast to major US cities on the East Coast. 2 The disruption led to panic buying at US gas stations and threatened to cause significant economic damage. It is reported that the organisation had to pay a USD 5 million ransom to receive a key to recover data that have been encrypted by the hacker group. 3
Just 3 days later, the same hacker group attacked the North American division of German chemical distributor, Brenntag, resulting in ransom pay out amounting to c. USD 4.4 million, as a part of the group’s campaign targeting critical industries in North America. 4
These are just a few examples of the gravity and severity of cyberattacks.
To put this into context, Varonis.com reports that hackers attack on average every 39 seconds, which equates to 2,244 times a day. 5
Hackers attack on average every 39 s, which equates to 2,244 times a day
Many companies are often unaware that they have been attacked, while others choose not to disclose these events due to fear of reputational damage. 6 The frequency and magnitude of these attacks is only set to increase as our world becomes even more digitally connected.
Let us go through a few of the threats that companies face.
Threat 1: Lack of sufficient cybersecurity capabilities
At the start of the pandemic, companies were forced to send their workforce home and their IT infrastructure was stretched beyond imagination.
It presented the perfect opportunity for cyberattackers to strike.
The highest reported ransomware pay out amounted to in excess of
USD 4.5m
The videoconferencing tools that employees started to use to communicate were particularly vulnerable. According to Deloitte, nearly half a million workers had their personal data stolen from cyber weaknesses caused by videoconferencing software during the first lockdown. 7
Ransomware attacks, identity fraud and phishing campaigns all rose significantly during this period. Brute force attacks which used password cracking tools and account checking tactics were also used frequently to log into online accounts. Bank fraud and identity theft also became widespread.
According to IBM, the average cost of each data breach that a company experienced in 2020 was USD 3.86 million. Statistically, it took on average 207 days to identify a breach, while it took an average of 280 days from the point the breach was identified until it was fully contained. 8
Ransomware, an extortion software that encrypts your data demanding a ransom for its release (Kaspersky) and the fastest growing malware according to the US Department of Justice, reportedly starts to encrypt the victim’s files in only 3 seconds. 9 Moreover, the highest reported ransomware pay out amounted to in excess of USD 4.5 million. 10 Such calibre of crime leaves people and organisations damaged and powerless.
Threat 2: The exponential growth in data
Cybercrime is likely to rise considerably even after the pandemic. The exponential growth in insufficiently secured data in the digital world that we are entering is prone to be a major factor.
As of 2020, there were 7.83 billion people living on Earth. 66% owned a mobile phone. Meanwhile 59% were connected to the internet.
54% were also active social media users 11
These figures have since increased tail-winded by the pandemic. According to DatarePortal.com, globally, social media users are growing at a rate of 13.7% per year, with the average social media user visiting or using 6.3 different social platforms every month 12
The huge amounts of data that we are now creating presents even greater opportunities for cybercriminals to attack. However, this is nothing compared to what we might experience with the emergence of 5G.
Threat 3: Growing internet connectivity
When 5G fully arrives, there will be an explosion of devices connected to the internet producing even larger quantities of data.
By 2025, it is expected that there will be more than 30 billion connected devices, which equates to 4 devices per person globally. 13
It's not just smartphones, laptops and computers that will be connected to 5G – we will also see a growing number of autonomously driven cars, devices inside smart homes, and industrial equipment in factories, which will contain 5G chipsets.
Better security is the solution
Cybersecurity will be an increasingly crucial component in our emerging technological economy.
The global cybersecurity market is expected to grow at a rate of 12.6% per annum until 2030, rising from USD 119.9 billion in 2019 (before Covid-19) to USD 433.6 billion by 2030. 14
In fact, according to a recent report from Accenture Security, more than 20% of IT budgets are being spent by leading companies on advanced technology, which is almost double what has been spent in the last three years. 15
How to leverage the growth in cybersecurity?
Cybersecurity is a complex industry targeting a variety of issues, while providing a great opportunity for diversification and direct exposure.
For instance, perimeter security is probably the most relevant to an individual’s daily activities. This includes the firewall in your browser, but also security isolation systems that recognise threats to a computer network. Cisco Systems* is one of the most well-known companies that operate in this space.
Network security has become particularly significant during the pandemic when there was a huge increase in workers logging in remotely. But this will not stop after the pandemic has passed. Cloud computing is set to see this trend continue in the future and companies will be required to cope with a hybrid structure of internal and external networks. Companies, like FireEye*, now help firm improve this type of security.
There is also endpoint security, which aims to protect computer networks from devices such as desktops, laptops and smartphones that are connected to it.
This can be an area of vulnerability for computer networks and has become increasingly important as more-and-more companies embrace cloud technology. A company that works in this space is CrowdStrike*, which helps ensure endpoint security and provides threat intelligence for the companies it works for.
Application security is also important and represents the intellectual property of many firms.
Companies will need to protect data and the code used to make applications they own, which companies like Zscaler* can help them do.
Finally, there is data security itself. In other words, protecting digital data, such as those stored in databases from cyberattacks. Gartner estimates that this market will grow from USD 9.8 billion in 2019 to circa USD 14.0 billion by 2024. 14
A good example of a company that operates in this space is Okta*. It provides companies with a platform that can help secure the identity of customers and workers.
What’s next?
Cybercrime is a long-term trend that sped up tremendously as a result of the pandemic.
This has, in turn, cemented cybersecurity’s importance as part of the global economy going forward.
The increasing sophistication of cybercrime is alarming and difficult for most ordinary people to comprehend. According to IBM Security's X-Force “35% of investigated incidents leverage [their target’s] vulnerabilities in the attack”. 16
It is a serious issue. If the costs of cybercrime in 2021 were the GDP of the country, it would be the third largest in the world after the US and China. Cybercrime is expected to cost victims USD 6 trillion in 2021. 17
There is no one-size-fits-all solution
Companies will require different layers of cybersecurity that are unique to them. In some instances, coverage of every layer of cybersecurity will be required from various suppliers. This is why it is absolutely crucial to have a strong cybersecurity industry. Without this type of infrastructure, it will be impossible for a future digital economy to emerge.
This is an industry that is likely to see significant growth in the future. That is why the time to invest in cybersecurity is now.
Recente research
Samenvatting
As hackers continue to grow in ambition and sophistication, the risks and costs of cybercrime are rising. Indiscriminately, governments, powerful institutions, big business and individuals have all proved vulnerable. Cybersecurity is multi-layered and multi-faceted but companies that provide solutions to tackle the ever evolving threats are in a position to provide a long-term growth opportunity for investors.