INN looks at some of the key trends in security over the third quarter following the towering CapitalOne and DoorDash data breaches.
As DoorDash and CapitalOne (NYSE:COF) made the biggest headlines in the security sector over the quarter —with breaches exposing a combined 104.9 million accounts — the cybersecurity arena continues to show core vulnerabilities.
Looking back over the quarter, the US Department of Defense (DoD) released new cybersecurity standards in August for businesses that are contracted by the DoD.
“Every company within the DoD supply chain — not just the defense industrial base, but the 300,000 contractors — are going to have to get certified to do work with the Department of Defense,” Katie Arrington, chief information security officer for the DoD’s Office of the Assistant Secretary of Defense for Acquisition, said at the Intelligence and National Security Summit, according to Federal News Network.
As the US federal government has made moves to standardize cybersecurity practices, ransomware attacks on municipalities continue to rise in numbers. Just weeks after the report was released by the DoD, 22 cities throughout Texas were subject to a ransomware attack. A number of small cities were being held ransom for millions of dollars to release their data.
Mark Stone, one victim from the attack, told the New York Times, “Our security operations center is fending off attacks in the terms of millions every month, and many of those are attempted ransomware.”
While it remains clear that the prevalence of attacks are increasing, the Investing News Network (INN) reviews some of the most notable events that took place in Q3 2019, including major trends, vulnerabilities and an outlook for the security sector.
Security update Q2 2019: Major trends
As breaches have spurted over the quarter, the Forbes Technology Council noted six trends in cyberattacks: sandbox evaders, internet of things (IoT) ransomware, higher sophistication, multi-factor authentication, lagging General Data Protection Regulation (GDPR) compliance and state-sponsored attacks.
Sandbox technology fends off a form of malware called sandbox-evading malware. It is untraceable by security detection systems and can take over 500 different forms.
Similarly, IoT ransomware is a form of cyber attack that can target any IoT system, whether its a connected heating system, vehicle or appliance. The dangers are present on both an individual or commercial level, implicating security systems to manufacturing processes.
On a more positive note, as cyber attackers become more advanced, so too do the security systems that are fighting them off. Some recent examples of more sophisticated security controls include endpoint systems and creating fake data to bait and deceive hackers.
While two-factor authentication is more commonly known in cybersecurity solutions, now it may not be enough. As Forbes notes, perhaps surprisingly most data leaks are still the result of bad passwords. Multi-factor authentication takes it one step further for protection.
Along with the emergence of multi-factor regulation, problems with the GDPR were a trend in the quarter, and will likely continue into the end of the year. After the GDPR was introduced in May 2018, requirements became quite onerous, leading to potential fines for companies if they didn’t adequately comply. As a result, adopting practices to protect customer data has been slow.
Capping off top trends during the quarter are state-sponsored attacks. These attacks, which rippled worldwide during Q3, are projected to attack both pillars of democracy and major operational systems such as voting systems, power grids, utilities and government branches, to name a few.
Security update Q2 2019: Physical security in focus
When it comes to physical security, a number of technological advancements from university labs have come to the forefront. Through integrating machine learning systems to detect attacks, Liberty Defense’s security system is designed to prevent another type of attack — traditional physical threats.
Bill Riker, CEO of Liberty Defense (TSXV:SCAN), defines the four primary areas within physical security: public venues, buildings and perimeters, transportation and others. These can include hospitals, community centers and schools.
“Since 2015, in the US there have been over 350 mass shootings per year, and we’re well over 360 in 2019,” Riker told INN.
Similarly, First Responder Technologies is cultivating new technologies in the physical security space, such as applying commercial WiFi systems to detect potential threat objects.
Robert Delamar, CEO of First Responder, told INN how the company was founded by a former RCMP officer.
“He had a heart to try to find a way to capture what they call the magic 10 or 15 seconds in the context of a crisis situation,” said Delamar. “And the idea was if you could provide a first responder with better information and analytics before they run into a threatening situation, the end result can save lives.”
First Responder’s security technology was developed at Rutgers University, winning a peer-reviewed best paper award.
According to Allied Market Research, the global physical security market is projected to reach US$292.4 billion by 2025.
Security update: Beyond Q3 2019
As reported by the Economist, US$1.5 trillion in revenue has been siphoned to cyber criminals worldwide. Or, in other words, cybercriminal activity has generated revenue equal to the gross domestic product of the 13th largest country in the world.
Needless to say, as the sophistication of threats only increases, executives are focusing on core areas to protect their enterprises. After surveying 4,000 cybersecurity professionals, Deloitte reported that the three highest domains that professionals are addressing are cyber monitoring, cybersecurity government and cybersecurity resilience.
According to the report, challenges in the industry include prioritizing risks, cybersecurity framework agreements and data management.
“There will never be a time when the chief technology officer will sign an affidavit to his or her board of directors saying ‘I hereby certify that we are completely finished and we achieved invulnerability to hacking’ because it’s just a moving, evolving threat,” Peter Andersen, founder of Andersen Capital Management, told INN.
So long as there is the internet, the risk of cyber threats will not go away. What’s more, the cryptologic systems that protect from security threats are highly advanced.
“That’s a very, very mathematical field. A lot of Wall Street analysts just simply don’t understand that business,” said Andersen. Having graduated from Yale with a master’s in physics, Andersen describes how the math-intensive field will create a moat for those companies who truly understand the cryptology and mathematics behind it.
“With every new firewall technique or anti-hacking provision that’s put in place, it is a tremendous challenge for hackers to achieve. So, this is never going to end in terms of computer security and email security for all kinds of enterprises,” Andersen said.
Security update: Investor takeaway
With the NASDAQ CTA Cybersecurity Index (INDEXNASDAQ:NQCYBR) rising 20.69 percent year-to-date, outpacing both the S&P 500 and the Dow Jones Industrial Average, it is evident that the cybersecurity industry has staying power.
These companies have a different kind of culture, acting more like renegades in their fields as opposed to corporate actors, Andersen explained.
“You have a lot of very, very intelligent people working on preventing other intelligent people from hacking into their systems,” he said.
CyberArk, for example, pioneered the privileged account security market. Privileged accounts are the administrators that are granted access to enterprise domains. The company also has a solid balance sheet: low debt balances and a rising cash cushion.
On the other hand, Palo Alto Networks has a different story. Nir Zuk, its founder, was originally a computer hacker himself.
“The founder of Palo Alto Networks is an Israeli-born computer wiz and when he was a teenager, he was caught hacking into an Israeli company,” said Andersen. “Rather than apprehend him, they actually asked him to come and work on their side because they figured it takes somebody that has been able to prove that they could penetrate their computer security to join their side.”
He later moved to the US and founded Palo Alto Networks in 2005. “He has hired some of the best brains in the cryptology business,” said Andersen. In the second quarter, Palo Alto Networks reported a 22 percent increase in revenues, reaching US$805.8 million and a net loss of US$20.8 million.
When asked if the companies were undervalued, Andersen agreed that they were. “There’s a lot of things in a growing company that will impact the earnings but in terms of the stock part that makes them very attractively valued, I remain a buyer,” he said.
For a list of the top security stocks on the NASDAQ year-to-date into 2019, read here.
Don’t forget to follow us @INN_Technology for real-time news updates!
Securities Disclosure: I, Dorothy Neufeld, hold no direct investment interest in any company mentioned in this article.
Editorial Disclosure: First Responder Technologies is a client of the Investing News Network. This article is not paid-for content.
The Investing News Network does not guarantee the accuracy or thoroughness of the information reported in the interviews it conducts. The opinions expressed in these interviews do not reflect the opinions of the Investing News Network and do not constitute investment advice. All readers are encouraged to perform their own due diligence.