2014: The year cyber danger doubled

Cybersecurity stories were more popular than ever in 2014, with the word 'cyber' showing up in front of topics ranging from security to shopping scams to global online attacks. But no matter how we rename, reclassify or reanalyze the data in cyberspace, it is clear that the dollars spent, problems encountered and attention given cyber has virtually doubled in 2014.

by / December 21, 2014

Dan Word Cloud 2014 Cyber

 credit: Miriam Jones

As we look back at cyber topics in 2014, don’t be surprised if you are seeing double.

This has been a year when cybersecurity stories doubled in breadth, depth and width of societal influence. As the Internet has expanded into every area of life, the opportunities have grown dramatically – but so have the challenges with the ‘dark side’ of the Internet.

While 2013 was also a big year, with Snowden’s disclosures and the Target breach during the holiday shopping season dominating last year’s news headlines, 2014 brought a 2X cyber growth.

The 2014 Sony breach impact has eclipsed all previous data breach stories, with President Obama now calling Sony’s recent actions a mistake and promising retaliation against the foreign hackers. Responses continue to pour in from North Korea, Sony and others. There were also hundreds of major data breaches this year. But that’s just the beginning.

Even our vocabulary has evolved with more cyber words seemingly created daily – from cyberdefense to cyberdeals, from cyberbullying to cyber-insurance and from cyberattack to cyber-extortion.

To further define what I mean by the numbers doubling in 2014, let’s look at cyber examples in three different categories.

I. Double The Number of Public and Private Sector Cyberattacks, With Double Spending On Cyberdefense:

1)      In January, the US Cyber Command more than doubled spending to protect Department of Defense (DoD) networks. This increase was despite an overall flat budget for the DoD.

2)      In April, Price Waterhouse Coopers (PwC) reported that the cost of data breaches to businesses has almost doubled.

3)      2014 saw double the reported cyberattacks on businesses.

4)      And double the number of cyber insurance policies were sold to a large London insurer.

5)      Double the demand for cyber pros. The number of cyber job vacancies has more than doubled in the past year.

6)      In October, James Dimon, JPMorgan Chase’s president and CEO, announced a doubling of spending on cybersecurity following a large bank data breach.

7)      In December, Coalfire reported that the cost of cybersecurity and risk management has doubled for most businesses as we head into 2015.

II. Double Attention on Cyber Crime, Shopping Scams and Cyberbullying:

8)      Even as Walmart deals doubled on Cyber Monday, Cyber Monday transformed into a Cyber Week of deals and scams.

9)      Hasbro, not to be outdone – doubles down on cyber savings during cyber week, but McAfee issues the 12 scams of the holidays.

10)   Double the number of teenage victims of cyberbullying.

11)   Hacking impacts more households than ever – with growing identity theft awareness.

12)   Wired called cybercrime (along with hacktivism) a huge growth business, with surging numbers. “Organizations must extend risk management to include risk resilience, in order to manage, respond and mitigate any damaging impacts of cyberspace activity.” 

III.  Global Government Attention and Action Doubles:

13)   North Korea doubled the size of their cyber force.

14)   ‘Dark net’ drugs market doubles in size in a year

15)   Brazil has doubled down on cybersecurity in 2014.

16)   Canadian TV news is among many countries now closely watching these cybersecurity developments. Here is a related video clip from Canada AM from Friday of this week.

17)   The focus on foreign and domestic hackers causing data breaches has reached dramatic new levels in 2014, including the breach of over one billion passwords from hackers reportedly in Russia.

18)   US helping numerous other countries around the world build cybercommand capabilities.

19) (Update on 12/27/2014) - Kaspersky Lab announced that the number of corporate sector targets has more than doubled since 2013. The number of victims affected by targeted attacks in 2014 is 2.4 times that of 2013....

20) (Update on 12/27/2014) Another source describes the doubling of cyber insurance policies sold. Last year, the U.S. insurance industry produced $1 billion in policies covering hacker attacks. By the end of 2014, the figure is expected to reach $2 billion.

Federal Government Breaches Skyrocket

Not all 2014 facts and figures fit neatly into the “double” theme. However, under any scorecard or metric, the breach numbers have skyrocketed. For example:

  The number of cyber incidents involving government agencies has jumped 35 percent between 2010 and 2013, from roughly 34,000 to about 46,000, according to another recent report by the Government Accountability Office.

"This is a global problem. We don't have a malware problem. We have an adversary problem. There are people being paid to try to get inside our systems 24/7," said Tony Cole, vice president of the cyber security firm FireEye.

Information Week Magazine online highlighted the four worst government data security breaches from 2014. Here’s an excerpt from the top two listed:

Unknown hackers broke into more than two-dozen servers at the US Postal Service earlier this year, including one containing names, Social Security numbers, birth dates, and other personally identifiable information on about 800,000 workers and 2.9 million customers….

…Names, birth dates, Social Security numbers, and other personally identifiable information belonging to about 850,000 job seekers in Oregon was exposed after hackers gained illegal access to a database containing the information at the State Employment Department. The names were part of the WorkSource Oregon Management Information System and pertained to individuals looking for jobs at state employment offices, according to The Oregonian.

Influence Beyond Numbers and Cyber Metrics

But perhaps these cyber-numbers don’t make the main point as well as survey results that show more Americans than ever fear hacking and identity theft. Here’s an excerpt:

The crime that Americans fear the most is having their credit card information stolen by hackers, according to a new poll.

A Gallup survey published Monday found that 69 percent of U.S. residents worry “frequently” or “occasionally” about computer hackers stealing their credit card information from stores. Target, Neiman Marcus and Home Depot are among retailers that have recently experienced massive breaches.

The second most-feared crime in America, according to the survey, is having a phone or computer hacked to steal personal information. Sixty-two percent of respondents said they worried at least “occasionally” about it.

Cybersafety fears are growing amongst parents as younger kids know how to access the Internet on their iPads and parent's iPhones.

Meanwhile, the many benefits of computers in education are evident, but K-12 schools and even college campuses are struggling with cybersecurity.

Cybersecurity Challenges Will Evolve Going Forward

As our online and offline worlds merge together in new ways, most experts expect these cyber-trends to continue. Future cyber-inventions that fall under the Internet of Things (IoT) banner, which include cars and homes and smart cities that are connected, will bring more cyber-challenges in 2015 and beyond.

The opportunities with cloud computing, new smartphones, big data, social media and more are immense. Technology will continue to transform the way we live and work and learn, and stopping innovation is not an option. Society continues to struggle with the good, the bad and the ugly in cyberspace.

Will this doubling of cyber danger continue in 2015? Will we be creating a counterpart to Moore’s Law for cybersecurity? (My view: Not likely.)

Is a “Cyber Pearl Harbor” coming that will bring down infrastructure? How will new cybercrimes and foreign nations conducting cyberattacks on global businesses change the conversation? Will we have new sub-categories for cybersecurity as we do for medicine? Only time will tell.

Final Thoughts:

Something dramatic happened to our metrics regarding cyber in 2014.  While there is no doubt that the Snowden situation and the Target breach brought more attention and got the cyber ball rolling faster in 2013, the report card with measurements in several different cybersecurity categories just came in.

2014 was a year that cyber danger doubled.

Next week, a look at the top 15 security industry predictions for 2015 - along with my analysis.

Dan Lohrmann Chief Security Officer & Chief Strategist at Security Mentor Inc.

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.

During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.

He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.

He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.

He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.

Follow Lohrmann on Twitter at: @govcso