02 Sep 2020
There's no shortage of knowledge and expertise at RSMR! Each week we get our heads together and talk about events in the world and how investments are affected by them. Our broadcast tackles a wide range of topical issues facing investors from liquidity to the future of alternatives to politics and the pound. We like to think of it as cracking content for the financial adviser. Have a read & get clued up...
Cybercrime is evolving at an incredible rate. Attacks are taking longer to resolve, and protection is becoming an expensive business for companies across the globe. The increasing threat from malicious nation-states, indirect supply chain attacks and data exploitation is real. Organisations are introducing new technologies to drive innovation and growth faster than they can be secured and humans are increasingly targeted as the weakest link.
The New Zealand stock exchange was recently knocked offline two days in a row by a Distributed Denial of Service attack (DDoS). It’s a relatively simple type of cyber-attack where a vast number of computers try to connect to an online service at once, overwhelming its capacity. They often use devices compromised by malware and owners may not even be aware that they are part of the attack. Personal and financial information is not necessarily accessed but as a result of the attack, genuine traders may have had problems carrying out their business.
Equifax, one of the world’s largest consumer credit reporting agencies, holds a lot of high-quality data. A cyber-attack in 2017 resulted in the theft of 143 million records, prompting an immediate drop in the company’s share price of around 35%. Investor’s memories however are short and the share price has since recovered, but this type of cyber threat is clearly a huge issue.
In May 2017, a worldwide cyber-attack by the WannaCry ransomware cryptoworm targeted computers running Microsoft Windows by encrypting data and demanding ransom payments in the bitcoin cryptocurrency. It propagated through EternalBlue, an exploit discovered by the United States National Security Agency (NSA) for older Windows systems. Microsoft had released patches to close the exploit, but many organisations hadn’t applied them, or were using older Windows systems, allowing the cryptoworm to wreak havoc. The attack was halted within a few days but was estimated to have affected more than 200,000 computers across 150 countries, with total damages extending to billions of dollars. Security experts believed from preliminary evaluation of the worm that the attack originated from North Korea, or agencies working for the country.
Uber’s former Chief Security Officer, Joseph Sullivan, has recently been charged with obstruction of justice in the United States. Uber experienced a data breach in 2016 where data on 57 million people was stolen, including details of their own drivers and passengers. Uber admitted to paying a group of hackers a ransom of $100,000 in bitcoin to delete the data they had stolen. The payment was disguised as a ‘bug bounty’ reward, used to pay cybersecurity researchers who disclose vulnerabilities so they can be fixed and Joseph Sullivan is accused of taking deliberate steps to stop the Federal Trade Commission from finding out about the hack.
The reasons for the DDoS attack on New Zealand are unclear but in Uber’s case, the hackers were obviously motivated by money. Uber paid the ransom and an additional $148 million to settle a legal claim when they were sued by all 50 states in the US because of the data breach. For companies that are a target of cyberattacks, the ramifications are huge.
One recent report suggests that cybercrime could cost the world $6 trillion annually by 2021.With 20 billion devices in the world and valuable data at stake, there’s a lot to fear. It’s not just laptops and phones that are potential access points, data can be garnered through smart watches, smart meters, security systems and many other devices. There are also a staggering 26 billion credit and debit cards in circulation. With more devices and cards than there are humans on the planet, the scale of the threat is immeasurable.
The bug bounty business is growing all the time. How can investors access this expanding area? Some funds that we rate allow you to invest in companies that provide bug bounty expertise and investment vehicles such as ETFs offer strategies that focus specifically on cybersecurity.
The US government spent $15 billion dollars on cybersecurity last year and the UK government £1.9 billion. Accenture Security professionals have examined the economic impact of cyber-attacks and have estimated that the average cost of cybercrime for an organisation is $13 million. The threat to businesses is real, vast and potentially catastrophic, making cybersecurity a very pricey but non-discretionary spend for the foreseeable future.
Looking for a whole host of informative, up-to-the-minute content from the fund rating experts? Click here to head to RSMR Connected.
This information is for UK Professional Advisers only and should not be given to retail clients.The value of investments and the income from them may go down as well as up and investors may not get back the amounts originally invested.
Rayner Spencer Mills Research Limited is a limited company registered in England and Wales under Company Registration Number 5227656. Registered office: Number 20, Ryefield Business Park, Belton Road, Silsden, BD20 0EE. RSMR is a registered trademark.