About 95% of cyberattacks are due to human error
Cybercrime damages may reach $6 trillion globally
Most companies are likely to fall victim to a cyberattack
News of cyberattacks and data breaches are almost becoming commonplace, but particularly stunning attacks still make headlines, such as the Colonial Pipeline disruption and the SolarWinds attack.
In early May, a cyberattack forced Colonial Pipeline to shut its pipeline for 11 days, causing gasoline shortages along the Southeast. The SolarWinds attack was discovered in December 2020 and is believed to have infiltrated government and other systems through a compromised update to the firm’s Orion software. It was discovered when major cybersecurity company FireEye reported a breach by nation-state hackers believed to be affiliated with the Russian government.
Cyberattacks are the fastest-growing crime in the United States. Globally, cybercrime damages are expected to reach $6 trillion, according to ISACA, a global IT association and learning organization.
Cyber education company Cybint reported that 95% of cybersecurity breaches are caused by human error, so it’s likely that just about any company can suffer some sort of data breach. The global information security market is forecast to reach $170.4 billion in 2022, according to research firm Gartner.
That sort of spending may bode well for the share prices of companies in the IT and cybersecurity fields. Firms in this sector range from well-established names like Cisco Systems (CSCO) and NortonLifeLock (NLOK), formerly Symantec, to lesser household names.
History of Hacking
For as long as there’s been an internet, there’s been some malicious character trying to cause problems. Kurtis Minder, CEO of cybersecurity firm Groupsense, has worked in internet infrastructure since the 1990s. Initially hackers attacked networks just to prove it could be done, rather than steal information, because there was no place to sell purloined data.
Now the dark web exists as a marketplace to sell that information. Ransomware as a service is one type of illicit business in which a group creates a platform to facilitate a ransom lockdown of files and demands payment to return the data. It’s similar to a profit-sharing arrangement between the people who create the actual ransomware and those who execute the attack.
Minder divides cyberattacks into two categories: common cyber criminals and nation-state attackers. The methods used and the severity of those attacks are vastly different.
Minder, who creates ransomware responses for firms, explained most of the common cyber criminals aren’t particularly sophisticated, exploiting the same common mistakes people and companies have made for the past several years. These mistakes include not using two-factor authentication, clicking links from random emails, and not properly securing remote access.
“Even the actual more technical components, like the malware, is not that sophisticated. There are tools to mitigate those things; it’s just people aren’t using them,” Minder said.
Nation-state attacks are highly complex, such as the SolarWinds attack.
“You’re talking about someone who’s willing to almost use unlimited spending power and time and resources, and they’re willing to stay clandestine. They’re not trying to monetize anything. Those things are really hard to detect and are extremely sophisticated in nature,” Minder explained.
Start Building Your Portfolio
TD Ameritrade offers a variety of account types and investment products aimed to fit your needs.
Wide Variety of Tech Names
Michael Kealy, education coach at TD Ameritrade, noted there are a wide variety of companies to choose from in this sector. One name in the cybersecurity industry is Sailpoint Technologies (SAIL), which provides identity management and other cybersecurity for remote workforces. With work-from-home becoming more popular, a firm like Sailpoint may benefit from a potential secular tailwind.
CyberArk (CYBR) is a vendor in a data security offering known as privileged access management, which provides critical corporate resource access to specific userssuch as IT administrators, human resources, and compliance. If a hacker breaches the corporate network, this software helps prevent access to sensitive data.
Aside from Cisco and NortonLifeLock, a few other household names in the field include Fortinet (FTNT), which sells firewalls and anti-virus and endpoint security components, and CrowdStrike (CRWD), which does threat intelligence and cyberattack response services as part of its cybersecurity offerings. Palo Alto Networks (PANW) offers advanced firewalls, and its NextGen Cloud Security business is also quickly growing.
There are a handful of cybersecurity-focused exchange-traded funds* (ETFs) for investors who want to choose that route. It may be a good idea to check their performance against a benchmark such as the S&P Kensho Cyber Security Index ($KCYBERP) or the Nasdaq CTA Cybersecurity Index ($NQCYBR).
Many of these technology companies are off their highs; the sector has come under selling pressure in part from concerns about rising interest rates and a possible switch in mindset from growth to value. However, Kealy mentioned their valuations remain lofty, and that’s something investors should consider as they look into these stocks.
As investors, it’s hard to tell if a company will be particularly vulnerable to cybercrime because it’s likely that any large, high-profile company could be a target. However, there are certain companies where cybercrime can be a financially material issue, Minder observed. An example: companies involved in critical infrastructure, such as financial institutions or those in supply chains where a major cyber incident could be a business-ending event.
The White House is looking to beef up its dealings with contractors. In response to the Colonial Pipeline security hack, The Washington Post reported in late May that the Department of Homeland Security is expected to issue its first cybersecurity regulations for pipelines. That may be a sign more companies could be expected to have stronger cybersecurity protocols if they wish to do business with the government.
Although almost every firm can fall victim to a hack, those that are transparent with their response may have only a small hit to their reputation, especially if they take significant steps to fix the problem.
When Minder has spoken to cyber insurance companies, he’s asked them if they would offer insurance to a victim of a recent attack. “And they said, ‘Actually, yeah.’ It’s a little bit different than a car accident, where the person is now seen as a reckless driver. They’re a higher risk because they smash into things,” Minder said. “In the case of cyber incidents, the immediate response to a cyber incident is to bolster your defenses.”
As dependency on cyberspace grows, more companies are likely to adopt tougher security measures. Demand for cyber products is likely to grow, so it may be worth keeping an eye on the evolution of the cybersecurity industry.
*Carefully consider the investment objectives, risks, charges and expenses before investing. A prospectus, obtained by calling 800-669-3900, contains this and other important information about an investment company. Read carefully before investing.
Debbie Carlson is not a representative of TD Ameritrade, Inc. The material, views, and opinions expressed in this article are solely those of the author and may not be reflective of those held by TD Ameritrade, Inc.