The Transformation of Cyber Attacks

This is a guest blog post by Jacques Benkoski, Risk I/O investor and Board member.

A complete, global transformation of the landscape in the security software domain is underway. Countless articles have been written about how we have moved beyond the casual attacker cooking a virus for fun and/or profit to something completely different and far more dangerous to the general public. Recently, we have seen the emergence of professional hacking groups, the industrialization of intrusions by organized crime and the chilling prospects of state actors penetrating the cyber world for espionage and counter-espionage.

One hundred years ago the Wright brothers changed the world with the technological leap of the airplane, which started as a fantastic new toy for the rich, and quickly became a mass form of commercial transportation, that, when adopted by governments for the military, also radically changed the way in which wars are fought.

Similarly, cyber technologies have been transformed, moving from the drive-by shooting represented by the viruses of yore to the full-fledged equivalent of industrial wiretapping. And, with the appearance of government-based and often government-backed attacks, we have crossed into another realm.

There is no need to reiterate the highly publicized Stuxnet virus attack on Iran, as well as some of the lesser known damage that its mutating siblings have inflicted before and since then. The U.S. and several other countries no longer have only a cyber defense department, but have also assembled top teams in official cyber attack structures.

It is still hard to fathom on which cyber fields these wars will be fought but I have little doubt they will. One can imagine many of them being fought in the quasi-silence of air-conditioned mega data centers. But some of them could do real physical damage to our infrastructure, transportation systems and communications, thereby causing injuries and even death to innocent people. But even if that worst-case scenario can be avoided, it is not science fiction to imagine a small country having to surrender without much of an old-fashioned war, simply because its government has lost all control over its infrastructure, transportation and communication networks.

For some of us involved in the security software industry, we are already seeing a ramp in spending by government and industry alike. The threats are already real and the losses are far from imaginary. Industrial espionage is no longer the sad privilege of Fortune 500 companies and defense contractors; it is a daily occurrence all the way to small businesses. Government bodies all around the world are issuing RFPs looking for technology to protect their countries’ assets and utilities, and are scrambling to identify and patch their obvious cyber vulnerabilities. Just like with aviation last century, large companies will be built that will help manufacture, protect and attack, and this represents a huge opportunity for entrepreneurs to respond to market needs.

As citizens of the world, we can only hope that the forces will balance through some form of cyber deterrence, and that the conflicts will remain limited—with no other victims than a few bank accounts, some stolen contracts and an occasional out-of-control centrifuge.

About the Author: Jacques Benkoski is a partner at U.S. Venture Partners (USVP), as well as an investor and Board member of Risk I/O. He is focused on fostering USVP as an active investor in the Israeli market and in the IT markets in the U.S. Jacques is an avid competitive sailor, a skier, a swimmer and can often be seen on a motorcycle.