KEYWORDS | By Christopher Mims
This year felt like the future arrived all at once.
"Sharing-economy" startups growing at an unprecedented pace
seemed poised to disrupt all the basics of life, from
transportation and housing, like car-hailing app Uber and
apartment-rental site Airbnb, to retail and food.
Regulators stepped in or at least wrung their hands.
Commercial drones, 3-D printing, virtual reality and wearable
computing penetrated mainstream consciousness if not our actual
homes and workplaces.
But I can't help but think that this science-fiction
narrative--the future is already here, it's just not evenly
distributed, as writer William Gibson famously said--was a
distraction from what were actually the most important trends of
2014.
It comes down to this: 2014 was the year we became more
connected than ever. And it was also the year it became apparent
that this connectivity will have terrible costs.
In the past year, manufacturers have sold a record number of
smartphones--1.3 billion, estimates IDC. It's almost certain even
more will be sold in 2015, since growth rates of smartphone sales
in emerging markets are greater than 30%, and there remains 2.8
billion people in the world who use feature phones but not
smartphones, according to eMarketer.
Simultaneously, we're connecting more and more of our devices to
the Internet, as well as homes, factories, even cars and civic
infrastructure. To take the most mundane example, what good is a
modern office if its systems aren't accessible from afar?
And yet 2014 was also the year we discovered that making these
systems accessible from the Internet opens everyone to
vulnerabilities the public is only just beginning to
comprehend.
The hack of Sony Pictures is only the latest and most visible
example. Estimates of the cost to Sony vary widely, but when you
include both direct costs like fixing its computer systems,
estimated at $70 million to $80 million, as well as indirect ones
like loss of revenue and competitive advantage, it could easily run
to the hundreds of millions of dollars, according to outside
experts.
And don't forget about Target Corp. This August, Target
announced that the late-2013 hack of its credit-card records would
cost the company an estimated $148 million, not including a $38
million insurance payment. But that could prove to be optimistic.
Earlier this month a U.S. federal judge cleared the way for three
class-action suits against Target, on behalf of consumers and
banks, that seek to recoup the damages incurred to both. Just the
cost to banks to replace credit cards because of the Target breach
is an estimated $400 million.
I could go on: Apple, J.P. Morgan, Staples, Home Depot. How soon
the latest breach is replaced by news of the next.
What history may someday view as the most serious breaches of
the year barely got any attention. Icann, the nonprofit that
controls how the addresses on the Internet are allocated, suffered
a comprehensive breach. Hackers didn't get far enough to affect the
structure of the Internet itself, but it remains a possibility.
Perhaps most disturbing of all, a cyberattack on a German iron
plant that caused "massive" damage when a furnace couldn't be shut
down was disclosed last week by Germany's Federal Office for
Information Security.
There is only one other publicly acknowledged cyberattack in
history in which physical infrastructure was damaged in this way,
and that was an attack on Iran's uranium enrichment facility.
Taken together, these attacks indicate a truth observed again
and again by security expert Bruce Schneier: If skilled hackers are
determined to break into a system, they will.
In a world in which ever more of our data is harvested, stored
and transmitted by Internet-connected devices, some of which have
the power to affect us directly, hackers have more opportunity and
incentive than ever.
Today it's your credit cards being compromised. In the coming
years it's your smart home, your Internet-connected car, even,
possibly, critical pieces of infrastructure like the electrical
grid.
Many of these hackers are state-sponsored and therefore
untouchable, Kevin Mandia, chief operating officer of
security-services company FireEye, told me at this year's WSJD Live
technology event.
Even those who are merely run-of-the-mill criminals are often
beyond the reach of the law, owing to distance and the difficulty
of attributing attacks.
Approximately two billion people are connected to the Internet,
with five billion to go. Estimates vary, but Cisco says there are
currently 12.5 billion devices connected to the Internet, and that
number will reach 50 billion by 2020, as part of the "Internet of
Things."
This was a year of huge gains in terms of connecting everyone
and everything in the world, with benefits for efficiency and
economic productivity that may be absolutely necessary on a planet
of seven billion people and counting. But it was also the year it
began to dawn on us that every time we connect a person or an
object, we make it available to faceless, remote hackers with no
qualms about using it to their advantage.
So here's a New Year's prediction: There will come a day when
damages from cybercrime will exceed damages from all other forms.
Indeed, "crime" and "cybercrime" will in most instances be one and
the same.
Follow Christopher Mims on Twitter @Mims or write to him at
christopher.mims@wsj.com
Access Investor Kit for Target Corp.
Visit
http://www.companyspotlight.com/partner?cp_code=P479&isin=US87612E1064
Subscribe to WSJ: http://online.wsj.com?mod=djnwires