Several companies and the provincial government of Nova Scotia reported breaches in June related to a flaw in the secure file transfer product MOVEit from Progress Software Corp. The exploit allowed the theft of files companies had uploaded to MOVEit, meaning potentially thousands of companies were impacted.

While Progress Software released a patch within days, it came only after the U.S. Department of Homeland Security, the U.K. National Cyber Security Centre, and Microsoft all released alerts and after British Airways and Boots, a U.K. pharmacy chain, reported losing control of the personal data of an unknown number of employees numbering “in the thousands,” including names, dates of birth, and possibly even banking details through a cyberattack on their payroll provider, Zellis, which used MOVEit. The BBC also confirmed it had suffered a breach via Zellis, but the extent of the compromise remained under investigation.¹

It was timely, then, that also in June, Okta, Inc. announced the results of its international Secure Sign-In Trends Report, which analyzes billions of monthly logins from around the world to Okta Workforce Identity Cloud. The report shows that across more than sixteen industries the use of multi-factor authentication (MFA) has nearly doubled since 2020 and that MFA represents the best choice in terms of security and convenience for users.

Okta found that MFA adoption by Okta’s workforce customers jumped from 35% to 50% between February and March 2020, ramping up as the pandemic began. By January 2023, Okta found that 90% of administrators and 64% of users were signing in via MFA.

By industry, Okta found that (perhaps unsurprisingly) the tech sector is farthest along in MFA logins (87%), with Insurance (77%), Professional Services (75%), Construction (74%), and Media & Communications (72%) making up the rest of the top five. The report also found that smaller organizations with 300 employees or fewer were better at MFA sign-ins (79%) than businesses with 20,000+ employees (54%).

While much resistance to MFA is due to the assumption that it trades security for a degraded user experience, the Okta report found that, on average, MFA saved users time and led to fewer failures compared to traditional passwords.²

CrowdStrike Inc

CrowdStrike announced a strategic collaboration with Amazon Web Services (AWS) to develop cutting-edge cybersecurity-oriented generative AI applications. The partnership also includes cloud-based security solutions tailored to the needs of customers building and securing their generative AI apps.

In leveraging the advanced generative AI capabilities of Amazon Bedrock, CrowdStrike will provide customers access to enhanced search capabilities, robust reporting mechanisms, and streamlined automation processes within CrowdStrike’s Falcon cybersecurity platform.

This partnership is already yielding fruit in developing CrowdStrike’s Charlotte AI, an AI-powered security analyst. By harnessing Amazon Bedrock, Charlotte AI enables customers to leverage the power of natural language queries for advanced threat detection, investigation, and response within CrowdStrike Falcon.

Legitimate security concerns exist about malicious tampering with AI training data and the potential for inadvertent release of sensitive information used in LLM queries. By pooling their expertise, CrowdStrike and AWS can help safeguard the cybersecurity of customers engaging with a range of AI and ML services in the cloud.³

Fortinet Inc

Fortinet announced new partnerships with 11 managed security service providers (MSSPs) to adopt Fortinet Secure SD-WAN. This strategic decision by these MSSPs aims to drive improved business outcomes and enhance customer experiences. New adopters include Kyndryl, Globe Business, InfiniVAN, Inc., KT Corporation, and Tata Teleservices, amongst others.

Fortinet’s secure networking solutions bring together networking and security capabilities, creating a robust platform that can easily expand across various domains such as SD-WAN, SASE, SD-Branch, and ZTNA. What sets Fortinet apart is its ability to integrate all such functionality within a single operating system, FortiOS.

This comprehensive integration across solutions opens new avenues for revenue generation for MSSP partners. Moreover, it offers an opportunity to assist customers in securely reducing complexity and enhancing digital experiences. In fact, a recent study by Forrester revealed that companies leveraging Fortinet Secure SD-WAN have witnessed an average of 300% return on investment over three years, along with a 65% reduction in network disruptions, amongst other notable benefits.

Gartner predicts the managed SD-WAN market will reach $8.8 billion by 2026, a CAGR of 20.2%. This projection underscores the significance of Fortinet’s Secure SD-WAN solution in meeting the evolving demands of the market.⁴

Diversified Investing in Cybersecurity with CYBR ETF

A cybersecurity ETF offers a great alternative to gaining exposure to this industry without being locked into any single security and without the hassle of hand-picking individual stocks. ETFs allow you to diversify by investing in multiple companies in multiple markets, ensuring that a single market shock won’t tank your portfolio.

Canada’s first cybersecurity ETF, Evolve Cyber Security Index Fund (TSX Ticker: CYBR), invests in global companies involved in the cybersecurity industry. For more information, visit the fund page here: https://evolveetfs.com/cybr/.

Portfolio Strategy and Activity

For the month, Palo Alto Networks Inc made the largest contribution to the Fund, followed by Booz Allen Hamilton and Fortinet Inc. The largest detractors to performance for the month were Okta Inc, followed by SentinelOne Inc and CrowdStrike Inc.

Sources

1. Turton, W., “Hacking Spree Feared After Breach of File-Sharing Software,” Bloomberg, June 5, 2023; https://www.bloomberg.com/news/articles/2023-06-05/hacking-spree-hits-british-airways-as-experts-warn-of-extortion
2. “Use of Multi-Factor Authentication (MFA) Nearly Doubles Since 2020, New Okta Secure Sign-In Trends Reports Finds,” Okta, June 12, 2023; https://investor.okta.com/news-releases/news-release-details/use-multi-factor-authentication-mfa-nearly-doubles-2020-new-okta
3. “CrowdStrike to Accelerate Development of AI in Cybersecurity with AWS,” CrowdStrike, May 31, 2023; https://www.crowdstrike.com/press-releases/crowdstrike-and-aws-to-accelerate-ai-development-in-cybersecurity/
4. “Fortinet Expands Global Secure SD-WAN and SASE Presence with New MSSP Partnerships,” Fortinet, June 07, 2023; https://investor.fortinet.com/news-releases/news-release-details/fortinet-expands-global-secure-sd-wan-and-sase-presence-new-mssp

 

The contents of this blog are not to be used or construed as investment advice or as an endorsement or recommendation of any entity or security discussed. These contents are not an offer or solicitation of an offer or a recommendation to buy or sell any securities or financial instrument, nor shall it be deemed to provide investment, tax or accounting advice. The information contained herein is intended for informational purposes only.

Commissions, management fees and expenses all may be associated with exchange traded funds (ETFs) and mutual funds (funds). Please read the prospectus before investing. ETFs and mutual funds are not guaranteed, their values change frequently, and past performance may not be repeated. There are risks involved with investing in ETFs and mutual funds. Please read the prospectus for a complete description of risks relevant to ETFs and mutual funds. Investors may incur customary brokerage commissions in buying or selling ETF and mutual fund units.

Certain statements contained in this blog may constitute forward-looking information within the meaning of Canadian securities laws. Forward-looking information may relate to a future outlook and anticipated distributions, events or results and may include statements regarding future financial performance. In some cases, forward-looking information can be identified by terms such as “may”, “will”, “should”, “expect”, “anticipate”, “believe”, “intend” or other similar expressions concerning matters that are not historical facts. Actual results may vary from such forward-looking information. Evolve Funds undertakes no obligation to update publicly or otherwise revise any forward-looking statement whether as a result of new information, future events or other such factors which affect this information, except as required by law.