• United States




Emerging security threats at the half-year mark

Jun 17, 20196 mins
5GCyberattacksData Breach

We’ve hit the halfway mark of 2019, and I’m sure that we have all noticed some interesting happenings in the cybersecurity world. I’d like to highlight a few that I’ve found interesting, but also disturbing – and I am sure that there are several others not mentioned here that others might rank higher on their personal list.

The 5G race is on, and China holds an ominous advantage

5G is going to touch every company and person in the next year or two, as service providers drive new high-bandwidth offerings.  But currently, as discussed in a Beltway conference a few weeks ago – raising the anxiety of the audience – China is the only country that manufactures the full stack of 5G solutions, from chips and handsets to core infrastructure. This is a troubling situation, as in particular there are many security concerns around Chinese technology providers.  For example, tech heavyweight Huawei, the world’s largest telecom supplier and second largest phone supplier, has long been suspected of providing products that compromise customer security and privacy. These issues could impact the adoption of 5G in the U.S. and internationally, while also creating a new set of vulnerabilities that affect our corporate and national security. 

Huawei has a very close relationship with the Chinese government, which has raised red flags in the security world. As recently summarized by the Recorded Future team, Huawei’s wide range of technologies and products and its enormous global customer base has put it in a position to access vast quantities of information on organizations, governments, and people worldwide. Huawei’s obligations to the Chinese government under various national security statutes puts that data at risk of interception and compromise.

In addition,  the company’s CFO, and also daughter of the founder, Meng Wanzhou, was arrested in Canada last year after the US government alleged that she was helping the Company circumvent US sanctions on Iran.

To protect U.S. interests, a ban has been put in place that prevents the U.S. 5G network providers and government agencies from buying products from Chinese companies, and U.S. technology providers like Google from supplying Chinese providers like Huawei with technology. In the Google case, Huawei will need to develop its own operating system since the company will no longer have access to the full Android system.

If the world wants to be operating on 5G quickly and cost-effectively, there will be a dependency on China and vendors like Huawei. That could result in getting devices and infrastructure that are already compromised with backdoors for eavesdropping. The U.S. might prevent business with Huawei, but that doesn’t mean all of our allies will, and as confidential US data – government or corporate – flows through their networks, this could have a devastating impact on our national security and IP protection.

Singapore data theft

Another China related security story that hasn’t quite made the headlines like Huawei has also involves data theft. Chinese hackers broke into Singapore’s government health database and stole more than a million records. This happened last summer, but the story has spilled over into this year, as the hacking group responsible has been uncovered. According to The New York Times, a second hack involved medical records for thousands of HIV positive Singapore residents, which were disclosed online. While I’m not certain what the motivation of an attack like this was, it does demonstrate the ease of breaking into supposedly secure medical data. And just think of the consequences had the goal been to actually cause physical harm – or even death – by changing the records instead of just disclosing them.    

Facial recognition bans

Biometrics are supposed to add an extra layer of security, but we are starting to see some pushback about privacy concerns surrounding the use of some biometrics. Large cities like San Francisco and Oakland in California – as well as smaller communities like Somerville, Massachusetts – have banned the use of facial recognition software by police and other local government agencies. On Capital Hill, a bill was introduced to ban the use of commercial facial recognition that would allow businesses to track customers without their consent. Those who support the ban worry about privacy of citizens but also of racial profiling, with concerns that the technology is too new and lacks ethical guidelines for its use. Opponents of the ban worry that it could hamper investigations. Expect the tension between each side to only strengthen, as biometrics become more ubiquitous in our everyday lives. Facial recognition in theory is going to keep people safer, but of course it’s going to breach privacy. How and by when will we find a balance?

Google’s data privacy problems

Google and its Android mobile operating system being kicked off Huawei devices may be the least of its problems right now. For being such a large, superpower tech company, it has struggled lately with basic security and data privacy protections. The problems began at the end of 2018, when Google admitted a bug in the Google+ API exposed more than 50 million accounts, resulting in Google shutting down the application. In May, it was revealed that the passwords of millions of G Suite users were stored in plaintext. You’d think a company as tech-savvy as Google would be better at security. It was likely an accident, of course, rather than malicious intent, but Google’s problems show that maintaining good security practices is hard for even the most tech-savvy companies.

EternalBlue attacks

A breaking security story as we move into the mid-year is the EternalBlue cyberattack, which exploits a software vulnerability in Windows. EternalBlue isn’t new; it’s been around for a couple of years, developed by the NSA. The code was stolen and used in the WannaCry and NotPetya ransomware attacks. In May, EternalBlue resurfaced, this time in a ransomware attack on Baltimore’s city government. The problem is that many computers continue to use outdated Windows operating systems – estimates are over 1 million — and hackers are taking advantage. Baltimore’s ransomware is a high-profile case, with city business all but halted and officials refusing to pay the ransom. But it is just one in an escalating number of EternalBlue attacks, all because organizations haven’t updated their operating systems or applied patches that were made available.

These security concerns focus on some very specific situations and incidents, but they represent the larger security landscape as a whole. Hackers continue to use both new sophisticated forms of attacks or take advantage of old attacks, organizations continue to have sloppy security habits, and society continues to struggle with the balance of new technologies and privacy. We’ll see in December how these particular issues and the overall trends play out over the rest of 2019.


Rick Grinnell is a founder and Managing Partner of Glasswing Ventures, an early-stage venture capital firm dedicated to investing in the next generation of AI-powered technology companies that connect consumers and enterprises and secure the ecosystem. As a venture capitalist and seasoned operator, Rick has invested in some of the most dynamic companies in security, enterprise infrastructure and storage.

During his 17 years of venture capital experience he has led investments and served on the board of directors for companies such as EqualLogic (acquired by Dell), Prelert (acquired by Elastic), Pwnie Express, Resilient Systems (acquired by IBM), Trackvia and VeloBit (acquired by Western Digital) and is now lead investor and a member of the board of directors at Terbium Labs.

Rick is also active with various entrepreneurial programs at the Massachusetts Institute of Technology (MIT), Harvard and Tufts Universities, and is a frequent judge at MassChallenge. Rick’s contributions to the broader community include serving as a member of the Board of Directors of Big Brothers Big Sisters of Massachusetts Bay, as Vice Chairman of the Board of Overseers at the Museum of Science in Boston, and as a member of the Educational Council at MIT. Rick has been recognized by the New England Venture Network with the Community Leadership Award for his philanthropic work and contribution to the community.

Rick earned BS and MS degrees in Electrical Engineering from MIT and an MBA from HBS.

The opinions expressed in this blog are those of Rick Grinnell and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.