The 10 Biggest Cybersecurity News Stories Of 2019
The cybersecurity industry has in 2019 seen lots of outside money to address challenges around data and identity, with vendors tapping into the deep pockets of venture capital and IPOs, while many MSPs have found themselves under siege.
Making Headlines This Year
The cybersecurity industry in 2019 experienced massive data breaches, an array of new CEOs taking the helm, aggressive M&A activity, heavy private and public funding for fast-growing vendors, and crippling ransomware attacks that use MSPs as the vehicle to go after their ultimate target.
Money continued to flow into the industry to address challenges around authenticating users, securing endpoints, and synthesizing massive amounts of data, with nine up-and-coming vendors receiving at least $100 million of private equity each, six endpoint security vendors being scooped up by broader technology firms, and four cybersecurity vendors filing for an IPO.
In addition, four startups focused on orchestration or automation were purchased by larger security vendors, and an emerging and an established star in the industry were bought by private equity firms. On a more somber note, six technology firms had their own products or infrastructure infiltrated by hackers, while three blue-chip businesses suffered massive data breaches.
Keep on reading to relive the biggest cybersecurity news articles of 2019.
Get more of CRN's 2019 tech year in review.
10. New Privacy Regulations Drive Spending
The first privacy domino fell in May 2018 when citizens and residents of the European Union obtained greater control over how their personal data is being used as part of the new General Data Protection Regulation (GDPR) rules. The new requirements are the toughest in the world, with violators subject to fines of up to 4 percent of global revenue or 20 million euros—whichever is higher—for noncompliance.
Then in January 2019, French regulators smacked Google with a $57 million fine, alleging the search giant lacked transparency and clarity around how personal information was being collected, and failed to properly obtain user consent for personalized ads. Then in May, Ireland's Data Protection Commission unveiled plans to examine whether Google's Ad Exchange marketplace handled user data in violation of GDPR.
And closer to home, the California Consumer Privacy Act (CCPA) will take effect on Jan. 1, 2020, and will provide California residents with the right to know whether their personal data is being collected and sold, and request the deletion (or reject the sale) of any personal information collected on them. The CCPA applies to all businesses with annual gross revenue in excess of $25 million.
9. Two Big Private Equity Buys, With More Likely On The Way
Private equity firms made two big bets in the cybersecurity space in 2019, with minority owner Insight Partners purchasing a controlling stake in Recorded Future in May for $780 million to accelerate the vendor's technical and product vision. Then in October, Thoma Bravo offered to purchase Sophos for $3.82 billion less than four and a half years after the SMB platform security stalwart went public.
2020 could be an even busier year for private equity, with Permira and Advent International looking to team up and buy the former Symantec consumer business (now known as NortonLifeLock) for more than $16 billion, The Wall Street Journal reported in September. McAfee is also considering the sale of its enterprise and consumer units to one or multiple buyers, The Wall Street Journal said in December.
FireEye has hired Goldman Sachs to advise the company on a potential sale, with private equity firms believed to be the most likely buyer after an earlier process failed to attract interested strategic buyers, Business Insider said in October. And in November, Bloomberg said that Dell is conducting early stage talks about selling RSA Security, and is hoping to get at least $1 billion from the sale, including debt.
8. Orchestration And Automation In The M&A Crosshairs
Security teams are struggling to make sense of all the data generated by the proliferating number of protection tools, and typically lack the financial resources to go hire additional analysts. For this reason, companies are looking to synthesize the collection and analysis of disparate data as well as automate the response to common issues with SOAR (Security Orchestration, Automation and Response) tools.
Palo Alto Networks kicked off the acquisition spree in March with its $560 million buy of Demisto to better leverage artificial intelligence and machine learning to automate large parts of customers' security operations. Then in May, FireEye bought Verodin for $250 million to help find security effectiveness gaps stemming from equipment misconfiguration, evolving attacker tactics, or changes in the IT environment.
Six months later, Sumo Logic acquired early stage autonomous SOC (Security Operations Center) provider Jask Labs to better protect modern applications, architectures and multi-cloud infrastructures. And in December, Fortinet bought CyberSponse for an initial cash consideration of $28 million to make security operations teams more efficient and bolster incident response.
7. Massive Data Breaches Rock Blue-Chip Companies
Marriott International revealed in January that hackers had taken off with 5.3 million unencrypted passport numbers and details for 354,000 unexpired payment cards in a recent breach. The hotel chain was hit in July with a fine of 99.2 million British pounds (about $124 million) by the U.K.'s Information Commissioner's Office for allegedly violating Europe's General Data Protection Regulation (GDPR).
Quest Diagnostics disclosed in June that a potential breach on the web payment page of its billings collection vendor exposed the sensitive data of 11.9 million patients. The exposed data included medical information, financial information such as credit card numbers and bank account information, and other personal information like Social Security numbers, according to Quest.
And former Amazon Web Services employee Paige Thompson was charged in July with accessing the personal information of 106 million Capital One credit card applicants and customers as well as stealing data from more than 30 other companies. A firewall misconfiguration allegedly allowed Thompson to access folders or buckets of data in Capital One's AWS storage space.
6. Changing Of The Guard At Eight Vendors
Eight cybersecurity vendors tapped someone new in 2019 to lead their companies, with Digital Guardian kicking things off in February when it hired CA Technologies security chief Mo Rosen. Rosen replaced Paul Ciriello, who had served as interim CEO since October 2018 following the sudden resignation of ex-CEO Ken Levine. Meanwhile, former Digital Reasoning CEO Brett Jackson took over at Cyren in May, replacing veteran CEO Lior Samuelson.
Also in May, the abrupt resignation of Symantec CEO Greg Clark prompted former Novellus Systems Chairman Richard Hill to take over on an interim basis. After the November sale of the Symantec Enterprise Security business to Broadcom, CFO Vincent Pilette was named CEO of the remaining consumer cyber safety business (which had been rebranded NortonLifeLock).
In July, top Avast lieutenant Ondrej Vlcek was promoted to CEO, replacing Vince Stecekler, who had led Avast for more than a decade. Also that month, LogRhythm tapped Attunity President Mark Logan to be its next CEO, replacing Andy Grolnick, who had led the company since 2005. In September, BlackBerry Cylance promoted right-hand man Daniel Doimo to take over as president, replacing Stuart McClure, who had led the company since its founding in 2012.
In October, Claroty snagged Druva Chief Revenue Officer Thorsten Freitag to lead the company, taking over for Amir Zilberstein, who had served as CEO since founding the company in 2015. Later that month, Imperva Chairman Charles Goodman stepped in to lead the company on an interim basis following the sudden resignation of CEO Chris Hylen in a “personal decision.”
5. Cybersecurity Vendors Strike It Rich With IPOs
Recent attempted initial public offerings at real estate or consumer technology companies like WeWork, Uber or Lyft have been high-profile flops, but cybersecurity companies stepping into the raging waters of the public market have been welcomed with open arms.
Boston-based network security policy orchestration firm Tufin kicked things off in April, raising $108 million in a New York Stock Exchange public offering with a valuation of $453.6 million. Two months later, Sunnyvale, Calif.-based next-generation endpoint security vendor CrowdStrike raised $612 million in a Nasdaq public offering with a valuation of $6.6 billion.
Then in September, San Francisco-based security and performance services vendor Cloudflare brought in $525 million in a New York Stock Exchange public offering with a valuation of $4.4 billion. And just a week later, Denver-based identity security vendor Ping Identity raised $187 million in a New York Stock Exchange public offering with a valuation of $1.16 billion.
4. Nine Cybersecurity Firms Secure Six-Figure Funding Rounds
OneLogin kicked off the major funding activity in January with a $100 million round led by Greenspring Associates and Silver Lake Waterman, bringing the company’s overall haul to $175.2 million since being founded a decade ago. Four months later, Sumo Logic got $110 million in a round led by Battery Ventures, bringing the company’s overall haul to $340 million since being founded nine years ago.
Later in May, Auth0 raised $103 million in another round led by Sapphire Ventures, bringing the company’s overall haul to $212.3 million since being established six years ago. SentinelOne kicked off June with a $120 million round led by Insight Partners, bringing the company’s overall haul to $229.5 million since being founded six years ago.
Five days later, Vectra closed a $100 million round led by TCV, bringing the company’s overall haul to $222.5 million since being founded nine years ago. Two days after that, KnowBe4 received a $300 million investment from KKR, bringing the company’s overall haul to $393.5 million since starting nine years ago. And a week later, Druva raised $130 million in a round led by Viking Global Investors, bringing the company’s overall haul to $328 million since being established 11 years ago.
Then in August, Cybereason raised another $200 million from SoftBank, bringing the company’s overall haul to $388.6 million since being founded seven years ago. And a month later, Acronis received a $147 million investment from Goldman Sachs, bringing the company’s overall haul to $158 million since being established 16 years ago.
3. Six Technology Companies Fall Prey To Hackers
Several technology companies were hacked in 2019, with Citrix Systems disclosing in March and May that foreign cybercriminals broke into its internal network and possibly captured the names, Social Security numbers and financial data of current and ex-employees. Also in May, Bloomberg reported that hackers had broken into the accounts of 100 Amazon sellers and funneled cash from loans or sales into their own bank accounts.
In July, Sprint disclosed that hackers had broken into customer accounts through Samsung’s “add a line” website and might have viewed information such as phone numbers, account numbers, subscriber IDs, and customer IDs. A month later, Google researchers found that a massive two-year iPhone hacking campaign might have provided adversaries with access to user contacts, photos, and location data.
Imperva said in August and October that unauthorized use of an administrative API key in a production AWS account had exposed customer email addresses as well as some hashed and salted passwords. Also in October, Comodo said the account login information of up to 245,000 users registered to comment on the Comodo Forums had been exposed, leaking some hashed passwords and social media usernames.
2. Endpoint Security Vendor Consolidation
The endpoint security space got a lot less crowded over the past year as broad technology vendors pursue endpoint protection, detection and response capabilities. BlackBerry kicked off the acquisition spree in February by scooping up Cylance for $1.4 billion. A month later, Carbonite snagged Webroot for $618.5 million to create a company that can deliver backup, recovery and cybersecurity on the endpoint.
Then in September, HP Inc. bought Bromium for $45 million (according to Momentum Cyber) to gain more control over the malware protection technology used to protect its commercial PCs and Device-as-a-Service offering. The next month, virtualization giant VMware acquired Carbon Black in a transaction with an enterprise value of $2.1 billion.
That very same day, open-source search technology company Elastic closed its purchase of Endgame for $234 million. And in November, Symantec sold its struggling Enterprise Security division to semiconductor manufacturer Broadcom for $10.7 billion. The Symantec name was transferred to Broadcom, and the remaining consumer cyber safety assets were renamed NortonLifeLock.
1. MSPs Under Attack
Cybercriminals targeted MSPs throughout 2019 and seized upon the tools they use to manage customer IT systems as vehicles to attack those same customers.
A wakeup call came in April when Wipro acknowledged that employee accounts had been compromised in a phishing campaign, allowing adversaries to use the Indian IT outsourcing giant’s systems to launch attacks against at least a dozen of its customers. The hackers were believed to have used ConnectWise Control to connect to Wipro client systems, which were then used to obtain deeper access into Wipro customer networks.
Then in August, an on-premises version of the ConnectWise Control remote access tool was used to seed the endpoints in a devastating ransomware attack that resulted in portions of 22 Texas town and county networks being locked behind encryption keys. The Texas towns and counties hit by ransomware were all receiving products and services from Rockwell, Texas-based MSP TSM Consulting.
And in December, six New York-area managed service customers of data center provider giant CyrusOne were affected by a ransomware attack. These managed service clients experienced availability issues due to a ransomware program encrypting certain devices in their network, according to a company spokesperson.