World Reimagined: Cybersecurity as a Growth Industry

Abstract rendering of cybersecurity and technology
Credit: NicoElNino - stock.adobe.com

In 2012, then-Secretary of Defense Leon Panetta warned the U.S. could face a “Cyber Pearl Harbor.” Panetta went on to say he was playing the long game and aimed to “shake up ordinary citizens, to awaken them to the seriousness of the situation at a time when the nation’s cyber defenses were still in their formative stages.” Little did Panetta know how prescient he would be.

As we approach the end of 2020, it’s more than fair to say the year has been unlike any other that most can remember. Even before it was acknowledged as a global pandemic, we now know there were signs of the COVID-19 virus in many parts of the world, but it reached a tipping point during the March quarter, resulting in dramatic changes for businesses and people alike, upending well-established business models and accelerating the shift to emerging models that rely heavily on digital platforms and remote access. This abrupt change provided a huge opportunity for cyber-attackers, with ransomware becoming the new darling among the hacker community.

With only weeks left in 2020, amid haggling in Washington over a pandemic stimulus bill, Brexit negotiations that have been extended for what seems like the umpteenth time, and the sharpest increase in holiday digital shopping in history, we are sorely reminded that cyberattacks are not only pervasive but can be perpetrated at almost every level of society and government. The past few days have seen yet another high-profile attack on government organizations ranging from Homeland Security to Fortune 100 companies.

Ransomware and other attacks

First, let’s get some context for these attacks. According to CrowdStrike’s (CRWD2020 Global Threat Report, ransomware attacks made up the majority of serious cyber intrusions in 2020. All in all, ransomware accounted for 51% of all incidents investigated by CrowdStrike during the year, including six-to-seven-digit ransom demands in exchange for allowing the resumption of corporate operations. Some hackers took advantage of COVID-19 to trick people into opening malicious emails and attachments as they attacked organizations ranging from legal, manufacturing, and financial services to IT services, facility management, higher education, and municipalities.

According to Emsisoft, ransomware attackers have threatened to sell stolen data to competitors; use stolen data to attack victims’ business partners; and publicize victims’ “dirty secrets” on the clear web for all to see.

One of the larger categories of ransomware victims in 2020 were municipalities, including the cyberattack by DoppelPaymer that shut down the city of Florence, Alabama’s email system and took down Tillamook County’s server, internal computer systems, website, phone systems, and email networks. This marked a sea change from attacks that had previously been focused on stealing personally identifiable information (PII) to sell online to one that looked to disrupt operations, thereby creating a critical concern for organizations.

More recently, following a rapid increase in cyberattacks, the FBI urged private sector organizations to be on alert for Ragnar Locker ransomware attacks, which frequently lead to data theft. Ragnar Locker ransomware actors have been known to target victims in the cloud service provider, communication, construction, enterprise software, and travel industries.

FireEye

On December 8, Kevin Mandia, CEO of cybersecurity company FireEye (FEYE), wrote in a blog post the company was “attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack.” Google (GOOGL), Microsoft (MSFT), and companies that perform cybersecurity investigations said they had never seen some of these techniques used in this attack. Mandia went to say the company “found that the attacker targeted and accessed certain Red Team assessment tools that we use to test our customers’ security. These tools mimic the behavior of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers.”

The concern is that by hacking into those tools and stealing source code, hackers can gain a toehold into victims’ systems. FireEye houses those tools in a digital vault that it closely guards and has developed more than 300 countermeasures against the tools for use by customers and the cybersecurity community.

FireEye did not name the culprit behind this high profile and targeted attack. The investigation was quickly turned over to the FBI Cyber Division, which pointed the finger to “an actor with a high level of sophistication consistent with a nation-state.”

Patrick Wardle, a former N.S.A. hacker who is now a principal security researcher at Jamf, said, “Hackers could leverage FireEye’s tools to hack risky, high-profile targets with plausible deniability.”

A few days later, we learned several federal government agencies, including the U.S. Treasury, the Department of Commerce, and the Department of Homeland Security, were attacked, and other government agencies were likely compromised. Per reports, the hack of Commerce systems includes the National Telecommunications and Information Administration, a unit that works on technology policy issues. The hackers infiltrated both government agencies and those at FireEye through a malicious software update introduced in a product from SolarWinds Inc., a U.S. network-management company that has more than 300,000 customers worldwide, including more than 400 of the U.S. Fortune 500 companies.

Some of the more high-profile customers include Booz Allen Hamilton (BAH), the Secret Service, the Defense Department, the Federal Reserve, Lockheed Martin Corp. (LMT), PricewaterhouseCoopers LLP, and the National Security Agency. Reports suggest the Russian intelligence service, SVR, is believed to be behind the sophisticated campaign, which has been running since at least the spring.

The above is an example of a supply-chain attack that harnesses a vulnerability in a common product or service used widely across the internet to rapidly hack dozens of victims before the attacks are detected. This includes bad actors taking advantage of routine software patches sent to update systems. SolarWinds has since shared that fewer than “18,000 of its customers had downloaded a compromised software update which allowed suspected Russian hackers to spy on global businesses and governments unnoticed for almost nine months.” Reuters reported, “any organization running a compromised version of the Orion software would have had a “backdoor” installed in their computer systems by the attackers.”

What now?

Even before these latest high-profile attacks, there is little question that cybersecurity is a growth market with individuals, companies, and other institutions looking to ward off future attacks, shore up their existing cyber defenses, assess attack and intrusion analytics, and become more secure. The deployment of 5G and other technologies that are slated to wildly expand the number of connected devices will, in turn, wildly expand the number of potential attack vectors by hackers.

This all translates to one thing: security spending. While the actual dollar amounts may vary, what all of these forecasts have in common is an upward vector and accelerating velocity, with cybersecurity spending accounting for more of the overall IT spending budget. In its CIO Agenda 2021, which surveyed thousands of CIOs, Gartner found that 61% project increased spending in cybersecurity, and 58% expected to increase spending on business intelligence/data analytics.

Those trajectories point to continued cyber spending growth given that cybersecurity is an arms race with bad actors looking to exploit new vulnerabilities with newfound forms of attacks. History would suggest, however, that industry spending forecasts have been too conservative. For example, in 2017, Gartner forecast that spending would increase to $93 billion in 2018. In mid-2018, Gartner revised that spending forecast to $114 billion for all of 2018. Data per Gartner shows that even that upward revision fell modestly below the $114.1 billion that was spent during 2018.

Given the events of the last few days, odds are the cyber spending forecasts that were had just a few weeks ago are already being recalculated with an upward bias.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

Chris Versace

Christopher (Chris) Versace is the Chief Investment Officer and thematic strategist at Tematica Research. The proprietary thematic investing framework that he’s developed over the last decade leverages changing economic, demographic, psychographic and technology landscapes to identify pronounced, multi-year structural changes. This framework sits at the heart of Tematica’s investment themes and indices and builds on his more than 25 years analyzing industries, companies and their business models as well as financial statements. Versace is the co-author of “Cocktail Investing: Distilling Everyday Noise into Clear Investing Signals” and hosts the Thematic Signals podcast. He is also an Assistant Professor at NJCU School of Business, where he developed the NJCU New Jersey 50 Index.

Read Chris's Bio

Lenore Elle Hawkins

Lenore Elle Hawkins serves as the Chief Macro Strategist for Tematica Research. With over 20 years of experience in finance, her focus is on macroeconomic influences that create investing headwinds or tailwinds. Lenore co-authored the book Cocktail Investing and in addition to her Tematica work, provides M&A consulting services for companies in Europe looking to expand globally. She holds a degree in Mathematics and Economics from Claremont McKenna College, an MBA in Finance from the Anderson School at UCLA and is a member of the Mont Pelerin Society.

Read Lenore's Bio

Mark Abssy

Mark Abssy is Head of Indexing at Tematica Research focused on index and Exchange Traded Product development. He has product development and management experience with Indexes, ETFs, ETNs, Mutual Funds and listed derivatives. In his 25 year career he has held product development and management positions at NYSE|ICE, ISE ETF Ventures, Morgan Stanley, Fidelity Investments and Loomis Sayles. He received a BSBA from Northeastern University with a focus in Finance and International Business.

Read Mark's Bio