General Industry Update

Cybersecurity experts are raising alarms over a surge in highly sophisticated financial scams powered by generative artificial intelligence (AI). These attacks enhance traditional phishing methods with technology capable of creating convincing forgeries, such as deepfake videos of executives and fraudulent financial documents.¹ A notable case involved a Hong Kong-based firm losing over $25 million due to a scam featuring a deepfake video call.² Despite measures to prevent generative AI use at work, criminals leveraging platforms like ChatGPT or its illicit counterpart, FraudGPT, can craft realistic emails and documents, making scams harder to detect.

A survey by the Association of Financial Professionals highlighted the prevalence of such fraud, with 65% of firms experiencing attempted or actual payments fraud in 2022. Email compromises, particularly through sophisticated phishing and spear-phishing attacks, remain the primary method of fraud, by fooling employees into revealing sensitive information or making unauthorized payments. These incidents are not only more convincing with generative AI but also increasingly frequent and difficult to counter, given the broad use of digital payment platforms and APIs that introduce new vulnerabilities. The financial services industry, in particular, faces a high risk of bot-driven attacks, with a significant portion of new account registrations being fraudulent.³

But, as with so many technologies, generative AI can be used to fight fire with fire, particularly when it comes to cybersecurity. So, it comes as good news that at the Munich Security Conference in February, Google CEO Sundar Pichai emphasized the potential of AI to bolster cyber defence at scale. Pichai argued that despite fears of AI’s misuse in cybersecurity, AI could actually speed up threat detection and response, thereby enhancing security measures for governments and corporations. He also introduced Google’s new initiative to deploy AI tools, including the open-source tool Magika for malware detection, aimed at strengthening online security. This initiative is part of a broader movement, as evidenced by a recent pact among major tech firms, including Google, Adobe, Amazon, IBM, Meta, Microsoft, OpenAI, TikTok, and X, to prevent AI’s use in undermining democratic processes such as the upcoming U.S. and U.K. elections, highlighting the industry’s commitment to safeguarding cyberspace with AI’s help.⁴

Company Specific Updates

CrowdStrike Holdings

CrowdStrike has partnered with Ignition Technology as a strategic distributor in the U.K. to broaden access to its AI-native CrowdStrike XDR Falcon platform. This collaboration aims to leverage Ignition’s cybersecurity expertise and extensive partner network to meet the rising demand for modern cybersecurity solutions in the U.K. market. By integrating CrowdStrike’s Falcon platform into its offerings, Ignition Technology anticipates creating new market avenues and enhancing sales by delivering top-tier security solutions to customers and partners.⁵

CrowdStrike has also opened a new office in Pune, India, signalling its commitment to fortifying its presence in the region. The expanded office reflects CrowdStrike’s dedication to safeguarding organizations in India and beyond. This move underscores CrowdStrike’s ongoing investment in global operations and its mission to combat breaches worldwide.⁶

Also in February, CrowdStrike announced the widespread release of Charlotte AI and Falcon for IT to address the needs of both Security and IT teams by harnessing the power of generative AI while minimizing the data exposure risks associated with commercially available AI tools.⁷

Fortinet Inc

Fortinet unveiled the FortiGate Rugged 70G in February, a new device designed to enhance security and connectivity in industrial settings and remote locations. This compact, ruggedized solution integrates 5G dual modem technology, offering advanced secure networking features for operational technology (OT) environments. Fortinet’s latest Security Processing Unit powers the appliance and incorporates AI-driven security services to ensure optimal performance and protection. This device marks Fortinet’s first foray into 5G connectivity within its rugged firewall portfolio, promising enhanced networking and security for expanding networks in new, remote locations.⁸

Also in February, Fortinet Inc saw a surge in value following a Q4 earnings report that exceeded expectations, indicating a potential reversal in the recent downtrend in cybersecurity spending. Outperforming analyst predictions, Fortinet’s revenue for the quarter reached $1.42 billion, slightly surpassing the anticipated $1.41 billion, while billings saw an 8.5% increase to $1.86 billion, countering forecasts of a decline. Fortinet’s strong quarter signals resilience amid a broader industry slowdown attributed to reduced spending on cybersecurity solutions. The company’s CFO, Keith Jensen, suggested that the downturn in product cycle, which began about four quarters ago, might hit its lowest point in early 2024, hinting at a forthcoming recovery. Prior to the earnings announcement, Fortinet’s shares had already seen a 15% increase this year, following a nearly 20% gain in 2023.⁹

CYBR ETF: Diversified Investing in Cybersecurity

A cybersecurity ETF offers a great alternative to gaining exposure to this industry without being locked into any single security and without the hassle of hand-picking individual stocks. ETFs allow you to diversify by investing in multiple companies in multiple markets, ensuring that a single market shock won’t tank your portfolio.

Canada’s first cybersecurity ETF, Evolve Cyber Security Index Fund (TSX Ticker: CYBR), invests in global companies involved in the cybersecurity industry. For more information, visit the fund page here: https://evolveetfs.com/cybr/.

Portfolio Strategy and Activity

For the month, Okta Inc made the largest contribution to the Fund, followed by NextDC and CrowdStrike Holdings. The largest detractors to performance for the month were Trend Micro Inc, followed by Palo Alto Networks and Fastly Inc.

 

Sources

1. Sheng, E., “Generative AI financial scammers are getting very good at duping work email,” CNBC, February 14, 2024; https://www.cnbc.com/2024/02/14/gen-ai-financial-scams-are-getting-very-good-at-duping-work-email.html
2. Tan, H., “A company lost $25 million after an employee was tricked by deepfakes of his coworkers on a video call: police,” Business Insider, February 5, 2024; https://www.businessinsider.com/deepfake-coworkers-video-call-company-loses-millions-employee-ai-2024-2
3. Sheng, E., “Generative AI financial scammers are getting very good at duping work email,” CNBC, February 14, 2024; https://www.cnbc.com/2024/02/14/gen-ai-financial-scams-are-getting-very-good-at-duping-work-email.html
4. Gilchrist, K., “AI can ‘disproportionately’ help defend against cybersecurity threats, Google CEO Sundar Pichai says,” CNBC, February 23, 2024; https://www.cnbc.com/2024/02/23/ai-can-help-defend-against-cybersecurity-threats-google-ceo-sundar-pichai.html
5. “CrowdStrike and Ignition Technology Partner to Address UK Market Cybersecurity Demand,” CrowdStrike, February 13, 2024; https://ir.crowdstrike.com/news-releases/news-release-details/crowdstrike-and-ignition-technology-partner-address-uk-market
6. “CrowdStrike Significantly Invests in India Operations to Continue Protecting Businesses from Modern Cyber Attacks,” CrowdStrike, February 15, 2024; https://ir.crowdstrike.com/news-releases/news-release-details/crowdstrike-significantly-invests-india-operations-continue
7. “CrowdStrike Unifies Security & IT, Unleashes the Transformative Power of Generative AI,” CrowdStrike, February 20, 2024; https://ir.crowdstrike.com/news-releases/news-release-details/crowdstrike-unifies-security-it-unleashes-transformative-power
8. “Fortinet Converges 5G Dual Modem, AI-Powered Security, and Zero Trust to Securely Connect and Protect Operational Technology,” Fortinet, February 6, 2024; https://investor.fortinet.com/news-releases/news-release-details/fortinet-converges-5g-dual-modem-ai-powered-security-and-zero
9. Brown, R., “Fortinet Surges After Quarterly Earnings Defy Expectations, Signaling Cyber Turnaround,” Bloomberg, February 6, 2024; https://www.bloomberg.com/news/articles/2024-02-06/fortinet-surges-after-quarterly-earnings-defy-expectations

Header image source: Getty Images Just Super

The contents of this blog are not to be used or construed as investment advice or as an endorsement or recommendation of any entity or security discussed. These contents are not an offer or solicitation of an offer or a recommendation to buy or sell any securities or financial instrument, nor shall it be deemed to provide investment, tax or accounting advice. The information contained herein is intended for informational purposes only.

Commissions, management fees and expenses all may be associated with exchange traded funds (ETFs) and mutual funds (funds). Please read the prospectus before investing. ETFs and mutual funds are not guaranteed, their values change frequently, and past performance may not be repeated. There are risks involved with investing in ETFs and mutual funds. Please read the prospectus for a complete description of risks relevant to ETFs and mutual funds. Investors may incur customary brokerage commissions in buying or selling ETF and mutual fund units.

Certain statements contained in this blog may constitute forward-looking information within the meaning of Canadian securities laws. Forward-looking information may relate to a future outlook and anticipated distributions, events or results and may include statements regarding future financial performance. In some cases, forward-looking information can be identified by terms such as “may”, “will”, “should”, “expect”, “anticipate”, “believe”, “intend” or other similar expressions concerning matters that are not historical facts. Actual results may vary from such forward-looking information. Evolve Funds undertakes no obligation to update publicly or otherwise revise any forward-looking statement whether as a result of new information, future events or other such factors which affect this information, except as required by law.