General Industry Update

Amidst mounting criticism over several major cyberattacks, Microsoft Corp. CEO Satya Nadella issued a stern directive to employees, stressing the paramount importance of cybersecurity and developing a culture of cybersecurity at the company. In a companywide memo, Nadella stated, “If you’re faced with the trade-off between security and another priority, your answer is clear: Do security.” He indicated this might necessitate deferring the release of new features or supporting older systems.

This memo coincided with Microsoft’s unveiling of new anti-hacking measures. These steps include tying senior executives’ compensation to cybersecurity achievements and appointing cybersecurity leaders within product teams. The company has been under intense scrutiny for its handling of high-profile security breaches, with a recent government report highlighting serious deficiencies in its security culture.

Microsoft plans to expand its Secure Future Initiative, integrating insights from government reports and recent incidents involving state-sponsored cyberattacks. The company’s revised strategy will focus on three core principles: prioritizing security in every product design, enforcing default security protections, and continuously enhancing security protocols.

The U.S. Cyber Safety Review Board recently criticized Microsoft’s handling of a Chinese-affiliated hacking group’s exploit of a Microsoft tool to access the email accounts of prominent U.S. officials. In response, U.S. Senator Ron Wyden proposed legislation to establish mandatory minimum security standards for collaboration software, citing Microsoft’s inadequate cybersecurity measures to date.¹

Meanwhile, the U.S. Justice Department has indicted Russian national Dimitry Yuryevich Khoroshev for masterminding the infamous LockBit ransomware. Khoroshev faces 26 counts related to creating and operating the ransomware-as-a-service (RaaS) platform and a potential maximum sentence of 185 years in prison.

LockBit began operating in September 2019 and was temporarily disrupted by law enforcement in February of this year. Despite this, the group quickly reconstituted itself and resumed activities. The ransomware has been used in attacks on over 2,500 victims across 120 countries, including 1,800 in the U.S. and has resulted in at least $500 million in ransom payments to hackers.

Targets ranged from individuals and small businesses to critical infrastructure, hospitals, schools, corporations, non-profits, and governments. The LockBit group not only encrypted victims’ data but also exfiltrated it, using threats of public disclosure to coerce payments.²

Company Specific Updates

CrowdStrike Holdings Inc

CrowdStrike and Amazon Web Services (AWS) have expanded their strategic partnership to enhance cloud-based cybersecurity. Amazon has consolidated its security on the CrowdStrike Falcon platform and is using Falcon Next-Gen SIEM for big data security. Additionally, Amazon will deploy Identity Threat Detection and Response to counter identity-based attacks.

CrowdStrike will leverage AWS services like Amazon Bedrock and SageMaker to innovate in cloud security and AI. This collaboration aims to accelerate generative AI development and enhance cybersecurity solutions, ensuring robust protection and streamlined operations for cloud-based businesses.³

Also in May, CrowdStrike expanded its partnership with Google Cloud to enhance Mandiant’s Incident Response (IR) and Managed Detection and Response (MDR) services. Leveraging the CrowdStrike Falcon platform and Google Cloud Security Operations platform, the collaboration will focus on Endpoint Detection and Response (EDR), Identity Threat Detection and Response (ITDR), and Exposure Management solutions. The alliance between CrowdStrike and Google Cloud will offer AI-driven proactive threat hunting, empowering customers to thwart breaches across multi-cloud environments.⁴

Palo Alto Networks

Palo Alto Networks announced a strategic partnership with IBM, with Palo Alto Networks becoming IBM’s preferred cybersecurity partner across network, cloud, and SOC. The collaboration includes incorporating WatsonX large language models (LLMs) into Palo Alto Networks’ Cortex XSIAM to enhance Precision AI solutions. IBM plans to integrate Palo Alto Networks platforms into its security services portfolio, train over 1,000 consultants on Palo Alto Networks products, and bolster its offerings in cybersecurity and AI security.

As part of the agreement, Palo Alto Networks will acquire IBM’s QRadar Software as a Service (SaaS) asset, with plans to migrate QRadar clients to the Cortex XSIAM platform. The partnership aims to address the complex cybersecurity challenges posed by digital transformation and AI growth, offering comprehensive security platforms underpinned by AI to streamline security operations, combat threats, and expedite incident response for customers.⁵

CYBR ETF: Diversified Investing in Cybersecurity

A cybersecurity ETF offers a great alternative to gaining exposure to this industry without being locked into any single security and without the hassle of hand-picking individual stocks. ETFs allow you to diversify by investing in multiple companies in multiple markets, ensuring that a single market shock won’t tank your portfolio.

Canada’s first cybersecurity ETF, Evolve Cyber Security Index Fund (TSX Ticker: CYBR), invests in global companies involved in the cybersecurity industry. For more information, visit the fund page here:

Portfolio Strategy and Activity

For the month, CrowdStrike Holdings Inc made the largest contribution to the Fund, followed by CACI International Inc and NextDC Ltd. The largest detractors to performance for the month were SentinelOne Inc, followed by Qualys Inc and Fortinet Inc.



  1. Bass, D. & Martin, A., “Microsoft’s Nadella Tells Staff to Make Cybersecurity Top Priority,” Bloomberg, May 2, 2024;
  2. Arghire, B., “LockBit Ransomware Mastermind Unmasked, Charged,” Security Week, May 7, 2024;
  3. “CrowdStrike and AWS Extend Strategic Partnership to Accelerate Cloud Security and AI Innovation,” CrowdStrike, May 2, 2024;
  4. “CrowdStrike and Google Cloud Announce Strategic Partnership to Transform AI-Native Cybersecurity,” CrowdStrike, May 9, 2024;
  5. “Palo Alto Networks and IBM to Jointly Provide AI-powered Security Offerings; IBM to Deliver Security Consulting Services Across Palo Alto Networks Security Platforms,” Palo Alto Networks, May 15, 2024;

Header image source: Getty Images, Credit: sarayut Thaneerat

The contents of this blog are not to be used or construed as investment advice or as an endorsement or recommendation of any entity or security discussed. These contents are not an offer or solicitation of an offer or a recommendation to buy or sell any securities or financial instrument, nor shall it be deemed to provide investment, tax or accounting advice. The information contained herein is intended for informational purposes only.
Commissions, management fees and expenses all may be associated with exchange traded funds (ETFs) and mutual funds (funds). Please read the prospectus before investing. ETFs and mutual funds are not guaranteed, their values change frequently, and past performance may not be repeated. There are risks involved with investing in ETFs and mutual funds. Please read the prospectus for a complete description of risks relevant to ETFs and mutual funds. Investors may incur customary brokerage commissions in buying or selling ETF and mutual fund units. Certain statements contained in this blog may constitute forward-looking information within the meaning of Canadian securities laws. Forward-looking information may relate to a future outlook and anticipated distributions, events or results and may include statements regarding future financial performance. In some cases, forward-looking information can be identified by terms such as “may”, “will”, “should”, “expect”, “anticipate”, “believe”, “intend” or other similar expressions concerning matters that are not historical facts. Actual results may vary from such forward-looking information. Evolve Funds undertakes no obligation to update publicly or otherwise revise any forward-looking statement whether as a result of new information, future events or other such factors which affect this information, except as required by law.

Tags AI  artificial intelligence  cyberattack  CYBR etf  Hackers  Palo Alto Networks  ransomware