In many ways, cybercrime is like an iceberg. As ordinary citizens, we can clearly see that the number of scam messages and calls has been increasing rapidly in recent years. If you haven’t been receiving fake calls and texts from the ATO (you’re about to be arrested) or Amazon (your package is waiting delivery) or Commonwealth Bank (click this random link tor restore your account), well then I assume you have a new phone number… and it’s just a matter of time.
But these endless phishing attempts are really only the tip of the iceberg. In fact, the vast majority of cybercrime exists under the surface, where, in normal times, civilians like you and I cannot see it. In fact, the iceberg keeps growing, both under the surface and below it.
I consider increasing demand for cybersecurity to be one of the best long term tailwinds to latch on to, as an investor. This article explains why I think the boom has plenty to play out.
Starting with the present, the US Financial Crimes Enforcement Network recently released an advisory note highlighting some of the more serious cybercrimes of 2021. One example was when Russian speaking criminals disrupted a major gasoline pipeline, in the USA. I quote:
“…in May 2021, a cybercriminal group perpetrated an attack that disrupted Colonial Pipeline causing widespread U.S. gasoline shortages. The FBI subsequently attributed the attack to a Russian-speaking group known as DarkSide. DarkSide developed ransomware for a criminal organization that then perpetrated the attack. This other criminal organization transferred a portion of the ransom proceeds to DarkSide as payment for the development of the ransomware. (As discussed earlier in this advisory, the development of ransomware as a service is known as RaaS.) The FBI successfully seized criminal proceeds from a bitcoin wallet that DarkSide ransomware actors used to collect a ransom payment from a victim.”
And was far from the only cyberattack originating from Russia.
This leads me to my first, very obvious reason why I think cybersecurity will massively increase in the coming year. Ukraine’s with Russia.
It is clear that Russia considers “the west”; being Europe, North America, and Australasia, to be its enemies. And given “the west” is the only group likely to stand up to a bloodthirsty dictatorship hell bent on expansion by conquest, that is understandable. But in the longer term, it also means that Russia is likely to do even more to facilitate criminal gangs disrupting Western interests, and holding them for ransom.
The resultant increase in cybercrime will ensure that cybersecurity is front of mind all over the world, even if Russia poses zero threat, itself. For example, you could argue that Australia has little to fear from Russian hackers, because they will be too busy trying to avoid Putin’s purges, and targeting Ukranian companies and organisations. That may well be true, but as long as Russia is conducting cyberwar, you can expect regular incidents to keep cybersecurity front of mind, just about everywhere.
One cybersecurity expert I spoke to suggested taking a look at how rogue state North Korea, the target of economic sanctions just like Russia, cultivated its own hacking industry. And so it has; Wired reports that “North Korean hackers have carried out a systematic effort to target financial institutions all over the world. Their methods are bold, though not always successful. In their most profitable operations, they have manipulated how major financial institutions connect to the international banking system.”
So it is pretty logical to assume that, in retaliation against Western support for Ukraine, we will see even more Russian developed ransomware directed at Western interests. Whether or not Australia itself sees an increase in attacks, the increasing losses should be a boost for cybersecurity demand.
The second reason we should anticipate more cybercrime relates to one of the dumbest financial products on earth; cyber insurance. The US government may have managed to recover the ransom from the Colonial Pipeline attack mentioned above, but we shouldn’t forget that the ransom was paid in the first place.
Unfortunately, it seems that while law enforcement have long refused to pay ransoms to bank robbers, you can not only pay ransoms to cyber criminals, but you can actually get insurance for it!
Anecdotally, cyber insurers haggle with cybercriminals over ransom, but they are incentivized to pay a ransom and pay it quickly (in order to minimize the damage from the hack). As a result, cybercriminals themselves have said they deliberately target companies with cyber insurance.
In any event, as has been correctly pointed out since 2019, cyber insurers have been consistently encouraging their clients to simply pay the ransoms. After paying out a cyber ransom in 2019, Michael Lee, spokesman for Salt Lake City commented that “Our insurance company made [the decision] for us.”
This morally bereft financial product has predictably lead to a massive increase in ransomware attacks. CPO Magazine put it best:
“Every time a cyber insurance payout is made, it only fuels more criminal activity, and emboldens more hackers to get into the game of shaking down corporations and public sector entities for cash by taking their computer systems offline. As a result, cyber insurance is actually increasing, not decreasing, cyber risks.”
Notably, the French National Agency for the Security of Information Systems criticized ransom payments last year, prompting AXA France to stop covering ransom payments in new policies. However, this kind of action remains the exception, rather than the rule.
So the second reason we’ll continue to see a cybercrime boom is that it is the explicit policy of our governments to encourage it, through allowing cyber insurers to pay ransoms quickly and without oversight.
To quote Adam Meyers SVP of Intelligence at Crowdstrike “the ransomware situation is out of control… they’ve changed the attack, they are no longer just encrypting files… they are actually stealing data and threatening to auction it off to the highest bidder.”
The third reason cybersecurity is booming is because large organizations are currently transitioning the way they use computing power. Over the last 10 years, organisations have begun to move their applications to the cloud, because it is far more economical to pay for computing infrastructure as a service, rather than to host it on your own premises.
I won’t go through all the drivers for that transition today, but suffice it to say economics mean it is unstoppable. Most of the time it is simply far more efficient to have host applications on Google Cloud, Microsoft Azure, Amazon Web Services or their competitors. And as I will touch on in my article about ways to play the cybersecurity boom, that means these large cloud providers are also cybersecurity providers.
But it also means that there are a bunch of new threats for organizations to think about. Cloud specific risks include:
- Lower cost of implementation increases the risk of unauthorized use of cloud services known as “shadow IT”, which can introduce security risks.
- Internet-Accessible management APIs, which are increasingly integral to operations, can be compromised.
- Separation of multiple tenancies can fail, meaning another client of the same cloud service provider could access your data.
- Reduced visibility could allow for incomplete data deletion.
On top of that, the move to the cloud has meant distributed workforces using remote logins to various applications, sometimes via a virtual network, but increasingly without one. This means that the “attack surface” of each organization is greatly increased. ZDNet put it well:
“While employees and their PCs were once safely behind the office firewall, now they’re perched at a makeshift workstation in their kitchen or bedrooms, using all manner of cobbled-together technologies to get the job done.”
Other than the duplicitous office landlord, virtually nobody thinks that the remote working revolution will be unwound any time soon. Indeed, even if covid disappeared tomorrow, many employees would retain at least partial flexibility around whether (and when) they waste hours of their day on a largely pointless commute to the office.
Arguably, cloud service providers will eventually provide a more secure environment than on-premise (and possibly out of date) setups ever could. Certainly, they will do it at greater efficiency, overall. But it’s also true that the transition phase itself will bring a plethora of vulnerabilities, as workforces become accustomed to new types of threat.
In the meantime, cybercriminals can now deploy fileless ransomware to evade signature-based antivirus software, rendering much of the anti virus software we have on our laptops (hello Norton) somewhat obsolete. And Cisco reports that the vast majority of cyber breaches originate from a phishing attack, which basically means somebody has clicked a link they shouldn’t have.
In conclusion, the longer term transition from on premise to cloud (and consequent transition to remote working), the war between Russia and Ukraine, and the rapid and reliable payment of ransoms by morally corrupt insurance companies mean that cybersecurity demand will continue to boom in 2022 and beyond.
My next article, of course, considers 5 ways we can play this cybersecurity boom, as investors.
Please remember that these are personal reflections about stocks by an author. I own Crowdstrike shares. This article should not form the basis of an investment decision. It is an investment diary valuable only for the cognitive process it demonstrates. We do not provide financial advice, and any commentary is general in nature. Please read our disclaimer.
For early access to content like this, join our Free newsletter!