NEW YORK (TheStreet) -- Branden Spikes, the former CIO of SpaceX and technology right-hand man of Elon Musk warns that cyber hackers are not only growing stronger, their activities are a thriving industry in and of themselves.
Spikes said he's created a way to severely cripple their activities; to eradicate the risks of wide-reaching hacking attacks such as those that ushered in the new year with targets including Yahoo!
(YHOO) and Target
(TGT) and ensure that nothing like that could ever happen again.
The attacks have been both efficient and epidemic in proportion.
Gartner estimates that it costs about an average of $653 to fix infected desktops, and some security industry assumptions estimate about 10% of the roughly 2 million computers that were infected by the Dec. 31 to Jan. 3 malware attack on the Yahoo's advertising server could have belonged to business users. As a result, that one attack might have resulted in $130 million in IT costs and lost productivity for businesses.
With Target, the December breach into its point-of-sale machines that left compromised credit card and personal data belonging to up to 110 million customers was done through just a single point of vulnerability after employees at one of Target's heating and ventilation suppliers became recipients of malware-loaded emails.
The annual, global economic cost of cyber-attacks have now reached more than $400 billion, with about a quarter of that coming from just the U.S., according to a Jefferies report.
"There is commonality between how the organizations are targeted these days," Spikes explained during a chat with TheStreet.
"All of the successful penetrations are coming through web browsers."
Having spent the majority of last two decades serving as a top, senior technology executive reporting directly to Elon Musk at PayPal
, Tesla Motors
, and SpaceX, Spikes was responsible for designing and building high-performance and highly-secure IT systems for some of the world's most high-profile corporate environments and has therefore in some ways been more aware than many of just how vulnerable business organizations can be to external hackers.
Even the famously, highly-secure environments of SpaceX, PayPal and Tesla didn't deter hackers from trying to break into systems through browsers while he was there, he said.
"Once PayPal became recognized as an online payment service, it became one of the biggest targets on the web," Spikes recalled. "And today it still remains one of the biggest targets of well-coordinated and concerted efforts of hacker nation states like Russia." Attempts have been made by hackers to "fool" employees through malware-laced links.
At SpaceX, Spikes focused on securing systems to prevent hacker attacks during space flights and thwart threats of state-sponsored attacks by China targeting intellectual property through indirect access through employees unknowingly being exposed to malware through their browsers. "Employees would be completely unaware that they had bad, malicious software on their computer," he noted. Similarly at Tesla, projects were focused on securing the Model S to make sure that it couldn't get penetrated during driving.
The technology that hackers have at their disposal to break any browser by having a user click a link without even requiring any downloads is only one example of how sophisticated the attacks have become and how they're becoming more and more sophisticated by building upon previous successes, Spikes commented.
"There are big, online marketplaces where hackers can go to buy successful attack vectors and mechanisms to employ into their attacks at will," Spikes warned. "It's an industry of constantly evolving zero-day mechanisms -- there's hundreds of these attack technologies per day that are going onto those marketplaces." Zero-day mechanisms refer to malware technology that are completely new and therefore undetectable by traditional safeguards.
Also available in these marketplaces are hacked computers, where interested parties from any country can purchase access to the computer for a fee, Spikes bemoaned. The assets that are sold and traded can be used to mine Bitcoin and perform service attacks on corporate networks.
As the founder and CEO of web security outfit Spikes Security since 2012, Spikes on Tuesday was formally announcing at the annual, flagship RSA North American security trade show event in San Francisco the AirGap web browser that he created and he says can completely isolate malware threats against enterprises, keeping them out of their networks and desktops entirely. The safety mechanisms would kick in long before the hacking could even take place, making them superior to those of existing security products that typically focus on detection and remediation after the fact.
The announcement was being made after months of beta testing on pre-release software with a number of large enterprise customers.
"If you're browsing the web using our technology, you're fearless. There's nothing that you can do wrong," said Spikes.
By preventing malware attacks at the browser, 90% of cyber-attacks can be eradicated, eliminating the biggest threat that faces all large organizations, according to Spikes.
AirGap, as described by a company brochure, contains several layers of security features and true hardware separation that makes its users entirely immune to "web drive-bys." The company says it has optimized its remote display codec for the lowest levels of latency possible, ensuring a fast response to interactions.
Another AirGap feature is it gives users browsing experiences as close to a traditional browser as possible, including smooth videos and rich content. All of its client software has been streamlined, with no required extensions, plugins or runtimes. AirGap's key, underlying software architecture is adaptable to any corporate device, including tablets and smartphones.
The initial offering of AirGap is a software-based product that can be installed in a server that would sit in the customer's existing network infrastructure, and the pricing would be based on the number of web sessions that the company wants to support. Pricing details would vary according to the enterprise's size, and different terms of agreement and channel relationships.
Within that client organization, when one user terminates a web session, that session then becomes available to any other user in the organization. If the customer decides they need to provision more web sessions because web usage is heavier than expected, that requires a small adjustment to the license agreement. The typical cost to add a new session is about $100 a year, less with a multi-year license commitment.
Spikes ambition is to take his company public in a number of years. The company is currently in the process of carrying out a Series A financing round with target proceeds of about $4 million to $6 million to go towards faster execution in the enterprise mass market. The company completed its seed capital funding of $2 million in early 2013.
-- Written by Andrea Tse in New York
>Contact by Email