|
Surge in Cybersecurity Attacks Under COVID-19 Guise
Three factors have combined to create a perfect storm for cybercriminal activity: lower staffing levels at security operation centers + millions of people suddenly working remotely outside enterprise firewalls + high interest in COVID-19 news. It is no surprise then that governments and corporations around the world have reported a material increase in cyber threats during the pandemic.
Cybercriminals are capitalizing on anxiety about the virus by to spread infections of their own. Emails doctored to look like a company’s purchase order for face masks or other supplies have seemed convincing enough to trick an employee into wiring payments to a fraudulent account. In another phishing case, an email purportedly from the World Health Organization (WHO) was sent to companies in the transportation sector. It contained false instructions about how to monitor crews aboard ships for coronavirus symptoms and included an infected attachment with those instructions.
Hackers are also exploiting the growing work-from-home trend by either attacking existing virtual private networks that allow employees to connect to their offices, or by passing off their malicious tools as remote collaboration software produced by known entities like Zoom and Microsoft.
Public sector entities, especially in health care, have faced relentless assaults. Last month, the US Health and Human Services Department suffered a DDoS attack, which involved overloading the HHS servers with millions of hits over several hours. Medical facilities in Europe and Asia have been targeted too, as they battle against the coronavirus.
At this point, hackers have hit every country on earth with coronavirus-themed cyberattacks, ranging from phishing lures, malware infections, network intrusions, scams and disinformation campaigns. Some of these attacks were allegedly sponsored by the governments of North Korea, Russia and China who used the pandemic as lures for their respective long-term espionage campaigns, according to cybersecurity firm FireEye Inc. In most other hack cases, the motive was simply money.
Businesses are Betting on Telework Arrangements Enduring
The rapid shuttering of offices and brick-and-mortar businesses has highlighted the benefits of having a sturdy enough cloud infrastructure to enable business continuation off-site. This is true even within the cybersecurity industry, where cloud-based services that can quickly scale up defenses around decentralized employees have proven invaluable during the sudden pivot to remote work.
Some businesses are betting on remote work arrangements enduring even after the current restrictions end. A Gartner survey conducted during the last week of March and involving 317 finance executives revealed that 74% of businesses plan to permanently keep more employees out of physical offices after the pandemic. Such a paradigm shift will compel companies to shore up their virtual networks to protect trade secrets and data security while people work outside the office on personal devices.
Palo Alto Network’s recent acquistion of CloudGenix Inc., a cloud-based security startup, is an indication that the cybersecurity industry recognizes there’s a paradigm shift underway. In a call with investors, Palto Alto Networks’ chief executive cited “a permanent change in how organizations think about remote workforces” as a reason for the acquisition.
Other cybersecurity giants may follow the example of Palo Alto Network by upgrading their own cloud-specific offerings to ensure they have the agility to easily scale up protection for clients with a generally distributed workforce.
Breakout Moment for Cloud- and Software-Based Cybersecurity
Going forward, more activity –- be it work, school, health or civic — will be conducted online than before the coronavirus outbreak. The networks and tools through which such activities are conducted will require even sturdier security features. That should result in more money being invested into cybersecurity.
Cybersecurity revenues were already projected to reach $300 billion in 2024, up from $120 billion in 2017 and reflecting an average annual growth rate of 12%. That growth rate will surely accelerate in the post-COVID-19 era, with software products and services capturing an ever-greater share of the pie.
The intersection of cloud computing — one of the fastest-growing segments of the broader technology industry — and cybersecurity software supports that outcome. Before the pandemic, analysts at research firm Gartner Inc. estimated that the market for cloud- and software-based security tools would grow by 17% during 2020. Moving technology, security and other teams off-site could tilt budget-conscious companies’ overall spending further toward the cloud, said Paul Proctor, a Gartner cybersecurity analyst.
Ways to Invest
Investors can gain exposure to the cybersecurity industry through exchange-traded funds like the ETFMG Prime Cyber Security ETF (HACK), the First Trust NASDAQ Cybersecurity ETF (CIBR), and the iShares Cybersecurity and Tech ETF (IHAK). All three funds invest in providers of cybersecurity hardware, software, products and services. HACK and CIBR are the oldest and largest ETFs in this space, with $1.2 billion and 1.3 billion in AUM, respectively. The key difference between the two is that CIBR contains a heavier weighting in aerospace and defense stocks.
Investors looking for single-stock exposure have a plethora of options to choose from. The ten largest pure-play cybersecurity companies are: Palo Alto Networks (PANW), Splunk (SPLK), Check Point Software (CHKP), CrowdStrike (CRWD), Okta (OKTA), Fortinet (FTNT), Symantec (NLOK), Akamai Technologies (AKAM), Zscaler (ZS), and F5 Networks (FFIV). Old tech titans like Microsoft (MSFT), Cisco (CSCO), and Oracle (ORCL) also offer cybersecurity as part of their service suites.
Nelly Nyambi
Managing Director, Research
McAlinden Research Partners
|
Leave a Reply