Three months ago, it happened again – a high profile company with sophisticated cybersecurity was breached, compromising the credit card details of 565,000 customers. The victim was British Airways. Hackers managed to work around the airline’s encryption, among other protective measures, and siphoned the data over a two-week period ending in early September.
What set this cyber episode apart was not the sophistication of the culprit, which is increasingly common, but that the attacks occurred during an unusually quiet period for cyber breaches in the second half of 2018. Earlier this month, Marriott International reported the multi-year heist of the personal information of far more customers, but most of that occurred in prior years.
This raises three questions. Why the prolonged lull, was it just temporary and if so, why? All can be answered in one simple sentence: Major cyber attacks typically come in random waves. Past years have also seen quiet periods.
What is important now is that this lull is similarly temporary, and 2019 is likely to be the worst year for cybersecurity yet. Chronically improving malware will be deployed more aggressively on more fronts, including at the highest nation-state level.
Here, sophistication makes a gigantic leap. Russia, which intervened extensively online in the 2016 presidential election campaign in a bid to help elect President Trump, has led the way in employing actions as a means to a larger end. Many other nation-states are likely to follow in its wake.