Cybersecurity Struggles to Keep Up with Threats, Experts Say

Cyber Security Investing

INN spoke to experts about how cybersecurity could become one of the most important aspects for investors to consider moving into 2020.

Cybersecurity continued to be an important topic of discussion in 2019 as security breaches reached new levels of speed and intensity.

Phishing and ransomware threats, along with password attacks, made headlines throughout the year as personal data was threatened and stolen; businesses also found themselves at risk, underlining the need for companies to up their defenses to ensure data safety.

In the lead up to 2020, the Investing News Network (INN) turned to experts in the space, who spoke about some of the cybersecurity challenges facing public companies, and how security could become one of the most important aspects to consider for investors heading into the year.

Major breaches highlight need for cybersecurity

Melanie Adams, vice president and head of corporate governance and responsible investment at Royal Bank of Canada (RBC) (NYSE:RY,TSX:RY) Global Asset Management, told INN that a company’s image is on the line when it comes to its security measures.

“We’ve seen a number of cybersecurity incidents over the last several years, and many have had significant financial and reputational implications for companies,” she said.

Some recent examples of scandalous attacks include a data breach The Walt Disney Company (NYSE:DIS) was faced with soon after the launch of its streaming service, Disney+. Thousands of accounts for the video platform were hacked and put up for sale on the dark web, according to a report from ZDNet.

Disney’s share price took a small hit in the days following the launch on November 12, dropping 2.7 percent from November 13 to 15.

There was also a breach for Capital One Financial (NYSE:COF) that affected about 100 million individuals in the US and approximately 6 million people in Canada. It led to a 5.9 percent drop in value for the firm after the news was announced.

But cybersecurity is a tricky concept, Adams continued. And that high level of technicality can serve as an obstacle for investors who are looking to understand how companies are protecting their information.

Nadav Maman, chief technology officer at cybersecurity company Deep Instinct, also highlighted the importance of efficient security measures for companies. He used the data breach that Norwegian aluminum company Norsk Hydro (OTCQX:NHYDY) dealt with in March of last year as an example. According to Computer Weekly, it could cost the firm up to US$75 million.

Maman told INN that improvements to ransomware, a type of malware that threatens to release private data unless a ransom amount is paid, have made this software difficult to detect and increasingly sophisticated, as well as able to evade protective measures.

But implementation still tough for companies

Cyber crime poses a real risk for companies, and the fast pace of technology development means that security solutions need to routinely evolve in order to deal with new and updated threats.

“Security and weapons detection is an area that is in a constant state of evolution, so it is important that the technology and methods used to counter attacks are keeping up,” said Bill Riker, CEO of Liberty Defense Holdings (TSXV:SCAN,OTCQB:LDDFF).

In Adams’ view, cybersecurity is a crucial environmental, social and governance (ESG) factor that investors should consider. In fact, it ranks as the the number one ESG concern for investors in RBC Global Asset Management’s 2019 Responsible Investing Survey.

She said that more companies are now moving forward with an understanding of cyber risks, and are both providing investors information about how they are dealing with cyber security and ensuring they have the level of expertise needed on their boards.

Maman, however, believes firms still aren’t adept at sifting through the “noise” of the cybersecurity world to get a real sense of what their security needs are.

“Companies struggle to identify the subsets of (artificial intelligence) and what these distinctions mean.”

He added that decision makers are still unclear about the differences between computer systems — some can perform tasks without instructions and use patterns or inferences to make decisions, while others are based on artificial neural networks that mimic animal brains and can learn without being programmed with specific rules — and what those distinctions mean in terms of keeping data safe.

“I think that there are not enough people in the industry that are thinking out of the box and ready to deal with the next unknown attack without heavily relying on human resources. People gave up on security and they are putting their resources in the wrong place, not just by moving their security ownership to third party companies, but also by not even knowing what they are facing,” Maman said.

Cybersecurity avenues for investors to consider

Security breaches come with a heavy cost, and in its 2020 Official Annual Cybercrime Report, Cybersecurity Ventures states that the cost of cybercrime could rise to a staggering US$6 trillion by 2021.

That’s why Maman said investors need to look at firms that are actively working with talented technology experts, and that spend time breaking down the finer details of the security measures being used.

Maman also said businesses looking into operational technology could be of interest to investors. Operational technology is hardware and software that can detect changes though the monitoring of physical devices and can be used to secure networks within a system.

The importance of operational technology is connected to the increase in internet of things (IoT) devices, Maman said. The IoT is a system made up of the billions of computing devices and digital machines currently connected to the internet that collect, share and use data.

According to Statista, in 2019 there were over 26 billion IoT devices connected to the internet worldwide, and that number is expected to get to over 75 billion by 2025.

“Since many IoT devices are accessible via the Internet, malicious actors can exploit vulnerabilities to gain access to IoT devices,” Maman told INN.

Don’t forget to follow us @INN_Technology for real-time news updates!

Editor’s note: This article previously stated that Herjavec Group authored the 2020 Official Annual Cybercrime Report. The author has now been changed to Cybersecurity Ventures.

Securities Disclosure: I, Danielle Edwards, hold no direct investment interest in any company mentioned in this article.

Editorial Disclosure: The Investing News Network does not guarantee the accuracy or thoroughness of the information reported in the interviews it conducts. The opinions expressed in these interviews do not reflect the opinions of the Investing News Network and do not constitute investment advice. All readers are encouraged to perform their own due diligence.

The Conversation (0)