Although the focus on improving cybersecurity has intensified in recent years, many companies were caught unprepared for the dramatic increase in cyber threats during the COVID-19 pandemic.
As working from home became the new normal, criminals sought to capitalize on widespread panic. New coronavirus-themed phishing scams sought to leverage fear, hooking vulnerable people and taking advantage of workplace disruption.
Cyber vulnerability during the pandemic
According to the cloud security company Zscaler Inc., a large holding in the Fund, there was a 30,000% increase in COVID‑19‑themed attacks between January and March. The company saw coronavirus‑themed attacks grow from around 1,200 observed and blocked COVID‑19‑related attacks in January to 380,000 such incidents in March.
Bitdefender reported that 50% of infosec professionals had no contingency plan to face a situation like the COVID‑19 pandemic. This lack of forward planning resulted in a surge of cyberthreats, with 86% of infosec professionals admitting that attacks from the most common vectors—phishing attacks (26%), ransomware (22%), social media threats/chatbots (21%), cyberwarfare (20%), Trojans (20%), and supply chain attacks (19%)—were on the rise during the pandemic. Financial services (43%), health care (including tele medicine) (34%), and the public sector (29%) were the hardest hit industries.
A study by CrowdStrike found that two-thirds of companies have invested in digital security tools and increased the use of cloud technologies as employees shifted to remote work, but that vulnerabilities due to employees operating work devices on home Wi-Fi networks are exposing companies to increased malicious attacks.
Similarly, Zscaler warned that “there is a growing security concern that once the pandemic is over, there will be thousands of machines physically returning to the corporate network after being on unsecured home networks for months. If any of these machines became compromised, they can offer attackers a beachhead into the corporate networks—which is exactly how many large‑scale breaches get their start.”
Already the toll of rising cybersecurity threats in 2020 is clear. Roughly 56% of companies surveyed by CrowdStrike report being targeted by a ransomware attack in the previous 12 months and paying an average of $1.1 million USD in ransom to have their data and systems decrypted.
Politics & Cyber Security:
Beyond cybersecurity threats posed by the coronavirus pandemic, fractured geopolitical relationships, especially between China and the US, have led to a heightened digital “cold war” in which the prize is data. This in turn has led to a race to develop strategically important next-generation technology which will drive a rise in nation-state-backed espionage. The CrowdStrike study highlighted earlier found that 89% of respondents expressed fears that international rivalries between countries would heighten their risk of being victims of a cyberattack.
To that end, in late in 2020 the cybersecurity industry was rocked by the revelation of a widespread state-sponsored cyberattack on government and corporate systems in the United States and elsewhere. Widely believed to be a Russian-sponsored operation, hackers were able to plant malicious code in software updates of network-management firm SolarWinds widely used network-monitoring tool, Orion.
This breach—which might have been in place as early as October 2019—potentially exposed 79 of the Fortune 100 companies and up to 300,000 other businesses to compromise. Known targets in the United States alone include upward of 250 federal agencies, including the departments of State, Treasury, Commerce, Energy and Homeland Security, as well as corporations like Microsoft and security firm FireEye.
While the fallout from this attack will be felt into 2021 and beyond, Palo Alto Networks, a large holding in the Fund, has announced a rapid response program to help SolarWinds Orion customers facing exposure due to this cyberattack. Palo Alto Networks’ response platform has already successfully prevented at least one attempted attack traceable to this hack.
Amidst these international tensions, it is expected that new regulations and international agreements will fall short in addressing technology’s impact on society. Regulatory tit‑for‑tat battles will manifest across nation‑states and, rather than encourage innovation, are likely to stifle and constrain it, pushing up costs.
Evolve’s Cyber Security ETF, CYBR ETF
So, what is the best way to invest in cyber security for 2021?
Canadian investors can take advantage of CYBR, from Evolve. The first cyber security ETF in Canada, CYBR offers investors broad-based coverage in the cyber security sector, in both hardware and software development. Because cyber crime affects people, governments, and organizations worldwide, CYBR offers exposure to cyber security firms globally.