The past year was all about unprecedented concerns about Internet privacy, nation state espionage and (of course) breaches.
2013 will be remembered as a monumental and potentially catalyzing year for cyber security and possibly for the Internet as we know it. It brought the dirty secrets of the Internet to the front pages, living rooms, deal desks and diplomatic circles unlike any prior year or combination of years. The following are the key events of the past 12 months, and how they’ll possibly continue to shape digital life as we know it.
Lions, Tigers, Bears and Chinese...
Every year has been the year of the breach and 2013 was no different. Traditional attacks against every vertical continued, large brands were impacted, identities stolen, services taken off line and money lost. Thus a typical day on the World Wide Web. The Mandiant APT1 report represents arguably the boldest development on this front, taking the contributing role of China to the mainstream media. It was not groundbreaking simply for revealing a campaign that has been ongoing for at least eight years, but because it went public in terms of pointing the Mandiant index finger to the forehead of the Chinese government. This was a very daring act, and one that could come with repercussions. The Chinese are not bound by four-year election cycles and popularity polls. They are patient. Whether the intent of this report was to raise public awareness or simply a public relations and marketing exercise, the resulting media frenzy brought a new awareness to the public and the boardroom. The public already knew the Internet was full of criminals and perverts. But this report confirmed there’s greater strategic motivation within the cyber underworld than simply entertainment, money and thrills: Adversaries are seeking a doorway to connect to every home, company, government and organization.
What Happens on the Internet Stays on the Internet...
...or at least someone’s variation of “Internet.” Privacy (or the lack thereof) smacked the world in the face during 2013. Whether based upon a tweet or viral video or a social media backlash, the realization that free apps don’t necessarily mean privacy grew a little clearer, at least to some.
And then there was Edward Snowden. His 2013 quest reminds me somewhat of Frodo in the Lord of the Rings Trilogy. An odd soul that set out on a journey facing great peril traveling through hostile lands to deliver something that tormented him. The difference is that in the Tolkien classic, Frodo was asked to bear the torments of this journey. Snowden’s journey was self-imposed…or at least it was in 2013. History may reveal something very different.
Regardless, Snowden’s quest and result placed another player in the cyber coliseum. The Chinese now have company on the global and very public stage. This resulted in a global backlash against the U.S. and a realization that what any individual does on the Internet may be subject to eavesdropping, copying, or taking on its own digital lifespan unbeknownst by the owner. Whether it’s social media, search engines, e-mail provider, service providers or governments, your digital life is captured everywhere. 2013 taught the world that nothing digital is private, even if you’re the NSA.
Market Exuberance and the Cyber Arms Race
While the cyber security market has grown in double-digits, 2013 set a new bar for both the buyer and the seller. With the constant onslaught of cyber attacks against financial institutions and their consumers, banking doubled down on their headcount and technology in hopes of shoring up their infrastructure and consumer-banking businesses. Even in the midst of the U.S. government’s financial-budget crisis, cyber-security programs in 2013 received support. Investment bankers and venture capitalists are also heavily hunting the growing plethora of cyber-security companies looking for the next SourceFire or Mandiant to invest in. Cyber security as a component of an investment portfolio has become a necessity in 2013. The lucrative multipliers being paid by the acquiring companies in 2013 are driving this necessity. The 10x multipliers paid by Cisco for SourceFire, and most recently FireEye for Mandiant, are strategic investments to secure customers and wallet share while expanding portfolio offerings. 2014 will demonstrate whether this multiplier has emerged as the new norm for the industry.
The Shadow of Global Cyber Nationalism
The public display of nation state espionage in 2013 has further driven the potential for Cyber Nationalism to take on a storm-cloud quality on the near horizon. It has shaken trust in the supply chain as well as manufacturers of Internet infrastructure and security equipment – to the point in which governments are openly talking about nationalizing their cyber infrastructure with indigenous manufactures equipment. For most nations, this is easier said than done. But the impact to many U.S. based manufactures is real. While this has been a brewing condition for the past few years, 2013 witnessed Huawei throw in the towel on expanding sales in the U.S. due to that mistrust of the Chinese-based firm. Should this cloud of cyber nationalism come to fruition in 2014, the economic impact to global manufacturers could be felt for years. Especially for U.S.-based companies for which revenues depend on the global market.
What the Internet is and what it becomes in the months and years ahead will only be revealed one trend at a time. However, I firmly believe that the events that have occurred in 2013 will forever be reflected in the Internet DNA of the future, and how the cyber security market evolves to accommodate that future.