The pandemic has been a bonanza for hackers, as the shift to remote working provided more chances to infiltrate into corporate systems with so much data uploaded to the cloud.
One of the latest major attacks, which first affected US firm Kaseya then over 200 companies in the world, has been described as “rare, if not unprecedented” for its scale and sophistication.
In 2020 alone there have been 4.8 trillion intrusion attempts, a 20% increase compared to 2019, with malware (which is malicious software that attackers use to extract protected data) falling by 43% to ‘only’ 5.6bn attacks.
One of the trendiest methods has been ransomware, which is when hackers demand payment otherwise they will cause disruption or delete files.
This kind of attack soared by 62% to 304mln attacks compared to 2019 levels, according to research by firewall provider SonicWall.
Companies such as JBS, the world’s largest meat supplier, and US fuel company Colonial Pipeline appeared in the news as notable targets, but there are thousands out there that go untold.
Fortunately, more victims are finding out attacks and reporting them to the authorities.
“There are many threat actors who are undertaking hacking activities, each with different motivations, levels of sophistication and capability,” Stuart Jubb, director of consulting at Crossword Cybersecurity PLC (LON:CCS), told Proactive.
“Starting from the stereotypical script kiddy using downloaded resources and doing it for fun, through to highly sophisticated nation-states hacking for governments. There is no doubt that industrial hacking is being carried out by governments at a national level. Others such as ‘hacktivists’ use cyber-attacks to support and promote their cause.”
“Cyber is another business risk that simply can’t be ignored, and companies should worry about it. However, with the right level of investment and appropriate and proportionate controls in place, businesses can do a lot to reduce their risk of experiencing a breach. Businesses should also invest heavily in their incident response processes and procedures so that in the event of something going wrong, they have a well-rehearsed means by which to handle it.”
Companies should always make sure their software is up to date, according to Nathan Critchley, head of security services at Airnow, as well as dealing with trustworthy partners that are also protecting themselves.
A yearly test isn’t enough, he told Proactive, as what’s needed is security monitoring of management and the key parts of a business, as well as scrutinising policies as often as possible.
“The security market is a very fast-paced industry, but it will always be a cat and mouse industry… It’s how fast we can react and make sure that that’s not going to be a problem going forward,” Critchley told Proactive.
“More and more systems coming into scope, which eventually can massively increase our job as security professionals to reduce injuries as much as possible to ensure that only the correct level of information can be accessible to the relevant people.”
Cybersecurity sector keeps flourishing
The increasing number of threats is lifting the cybersecurity sector, analysts at Wedbush said, as enterprises and governments engage in larger, next-generation cyber deals with a further tick up in spending.
Relevant budgets are expected to climb 20% in 2021 and 2022, they noted, while new cybersecurity standards from Biden Administration will have a positive ripple impact.
“We also believe the Biden Administration is laser-focused on this troubling trend of cyber-attacks and should catalyse more spending on the federal front which benefits Beltway players such as Telos and Palantir in particular,” the wealth management group said.
“Well positioned cyber security vendors like Fortinet (NASDAQ:FTNT), Sailpoint (NYSE:SAIL), Crowdstrike (NASDAQ:CRWD), Tenable (NASDAQ:TENB), CyberArk (NASDAQ:CYBR), Varonis, Zscaler (NASDAQ:ZS), and Palo Alto (NYSE:PANW) stand to benefit.”
There are also four main ETFs: ETFMG Prime Cyber Security ETF, iShares Cybersecurity and Tech ETF, First Trust NASDAQ Cybersecurity ETF and Global X Cybersecurity ETF.
Looking at London-listed companies, there’s a US-focused ETF Rize Cybersecurity and Data Privacy (LON:CYBR) alongside more well-known household names such as Avast (LON:AVST) and Darktrace (LON:DARK).
The UK market features a plethora of other companies in the space, such as Corero Network Security (LON:CNS), BrandShield Systems (LON:BRSD), Intercede (LON:IGP), NCC (LON:NCC) and Crossword Cybersecurity.
“All eyes are on information security these days, as headlines persist worldwide around ransomware attacks and other cyberhacks,” said analysts at PitchBook.
“And, indeed, security related to the internet of things and operational technology simultaneously represents a growing threat to enterprises and an emerging opportunity for startups and investors.”