Hackers are using generative AI and ChatGPT to fine-tune ransomware and social engineering email-based attacks, leading to an increasing number of breaches. AI-enhanced threat actors are also exploiting unsecured gaps between endpoints and identity protection, showing that CISOs and other enterprise security experts are underprepared for cybersecurity in the age of artificial intelligence. These are among the conclusions of a new report from Forrester on the top cybersecurity threats in 2023. The report suggests that augmented by AI, threat actors will be able to attack any sector and any business with a speed, scale, and complexity of attack not previously possible.¹

And Forrester wasn’t alone in sounding the alarm in May about the increasing weaponization of AI by would-be hackers.

Security firm Zscaler (held by the Fund) recently averted a social engineering attack from hackers who had used recordings of CEO Jay Chaudhry’s voice from talks available on the internet to synthesize a soundalike using AI. This soundalike tried via phone to get a Zscaler sales director in India to transfer funds to a bank in Singapore. Zscaler cited the availability of AI as part of the 47% rise the company has seen in phishing attacks over the last year.²

And CISOs are being warned about the security implications of generative AI use by employees. As not every company has its own large language model (LLM), employees are going outside the organization to use public LLMs like ChatGPT, Microsoft’s Bing AI, or Google’s Bard to help make their everyday work tasks easier. As a result, many CISOs are playing catch-up on monitoring how employees are using this technology and assessing what kind of privacy and data security challenges the use of external generative AI poses.³

Industry Updates on Specific Companies 

Zscaler Inc

Zscaler announced new AI-powered monitoring capabilities in its Zscaler Digital ExperienceTM (ZDX). The upgraded ZDX platform can provide end-to-end visibility into the user experience, offer intelligent solutions for user issues, and allows troubleshooting through the Zscaler security cloud.

Thanks to the integration of AI, troubleshooting can be reduced from hours or days to mere minutes. This capability is increasingly important with today’s workforce dispersed geographically, which poses challenges for IT and helpdesk teams. According to Zscaler, by using this digital experience monitoring and AI-powered troubleshooting, IT Ops productivity increased 70% within environments secured by Zscaler.⁴

 CrowdStrike Inc

To help combat the growing risks posed by AI-enabled hackers, CrowdStrike unveiled its new Charlotte AI, a generative AI cybersecurity analyst meant to help users of the CrowdStrike Falcon platform stay ahead of threats, regardless of their cybersecurity skill level. Charlotte AI lets users as questions in natural language (including English and dozens of other languages) and receive intuitive, plain-language answers in real-time. According to CrowdStrike, the ability for even junior members of a security team to access Charlotte AI and benefit from its insights while hunting threats will mean that more members of an organization’s IT or cybersecurity team will be able to be as effective as a senior member.⁵

Diversified Investing in Cybersecurity with CYBR ETF

A cybersecurity ETF offers a great alternative to gaining exposure to this industry without being locked into any single security and without the hassle of hand-picking individual stocks. ETFs allow you to diversify by investing in multiple companies in multiple markets, ensuring that a single market shock won’t tank your portfolio.

Canada’s first cybersecurity ETF, Evolve Cyber Security Index Fund (TSX Ticker: CYBR), invests in global companies involved in the cybersecurity industry.

Portfolio Strategy and Activity

For the month, Zscaler Inc made the largest contribution to the Fund, followed by Okta Inc and CrowdStrike Holdings Inc. The largest detractors to performance for the month were GDS Holdings Ltd, followed by CACI International Inc and Check Point Software Tech Ltd.

For more information, visit the fund page here: https://evolveetfs.com/cybr/.

 

Sources:

1. Columbus, L., “Forrester predicts 2023’s top cybersecurity threats: From generative AI to geopolitical tensions,” VentureBeat, May 22, 2023; https://venturebeat.com/security/forrester-predicts-2023-top-cybersecurity-threats-generative-ai-geopolitical-tensions/
2. Menn, J., “Cybersecurity faces a challenge from artificial intelligence’s rise,” The Washington Post, May 11, 2023; https://www.washingtonpost.com/technology/2023/05/11/hacking-ai-cybersecurity-future/
3. Cohen, M., “Workers are secretly using ChatGPT, AI and it will pose big risks for tech leaders,” CNBC, April 30, 2023; https://www.cnbc.com/2023/04/30/the-big-cyber-risks-when-chatgpt-and-ai-are-secretly-used-by-employees.html
4. “Zscaler Expands Digital Experience Monitoring with New AI-Powered Insights and Analysis to Support Employee Productivity,” Zscaler, May 9, 2023; https://www.zscaler.com/press/zscaler-expands-digital-experience-monitoring-new-ai-powered-insights-and-analysis-support
5. “CrowdStrike Introduces Charlotte AI to Deliver Generative AI-Powered Cybersecurity,” CrowdStrike, May 30, 2023; https://www.crowdstrike.com/press-releases/crowdstrike-introduces-charlotte-ai-to-deliver-generative-ai-powered-cybersecurity/

The contents of this blog are not to be used or construed as investment advice or as an endorsement or recommendation of any entity or security discussed. These contents are not an offer or solicitation of an offer or a recommendation to buy or sell any securities or financial instrument, nor shall it be deemed to provide investment, tax or accounting advice. The information contained herein is intended for informational purposes only.

Commissions, management fees and expenses all may be associated with exchange traded funds (ETFs) and mutual funds (funds). Please read the prospectus before investing. ETFs and mutual funds are not guaranteed, their values change frequently, and past performance may not be repeated. There are risks involved with investing in ETFs and mutual funds. Please read the prospectus for a complete description of risks relevant to ETFs and mutual funds. Investors may incur customary brokerage commissions in buying or selling ETF and mutual fund units.

Certain statements contained in this blog may constitute forward-looking information within the meaning of Canadian securities laws. Forward-looking information may relate to a future outlook and anticipated distributions, events or results and may include statements regarding future financial performance. In some cases, forward-looking information can be identified by terms such as “may”, “will”, “should”, “expect”, “anticipate”, “believe”, “intend” or other similar expressions concerning matters that are not historical facts. Actual results may vary from such forward-looking information. Evolve Funds undertakes no obligation to update publicly or otherwise revise any forward-looking statement whether as a result of new information, future events or other such factors which affect this information, except as required by law.