- Cyber consultant NCC has seen an increase in concern from clients
- Darktrace share price up over 30 per cent since conflict started
Cyber-attacks are an essential component of the hybrid wars that will be fought in the 21st century. Now anyone who has a laptop or a smart phone is at risk of attack, while critical infrastructure is at risk from disruption. The National Cyber Security Centre has already told British companies to "bolster online defences", while Nato has made clear a cyberattack could trigger Article 5 of the Washington Treaty, meaning an attack against one Nato member is an attack on all of them.
Given this backdrop, investors have piled into cyber security companies in the week following Russia's invasion of Ukraine, with Darktrace's (DARK) share price up a third. Major US players have also seen increases: Crowdstrike (US:CRWD) is up 10 per cent in the past week and Cloudflare (NET) was up 4 per cent.
London cyber firm NCC Group (NCC) is up around 1 per cent, but this is still ahead of the FTSE 250, which has fallen 1.4 per cent in the past week.
Cyber-attacks were already "ferocious"
Russia's cyber attacks on Ukraine pre-dated the invasion: in mid-February, the Ukrainian banking sector was hit with a distributed denial of service (DDoS) cyber-attack.
A DDoS attack is a form of cyber sabotage when a hacker brings down a server by overwhelming with it with fake traffic. The UK’s Foreign, Commonwealth & Development Office attributed this attack to the Russian Main Intelligence Directorate, or GRU, the agency believed to have been behind the Salisbury poisonings in 2018.
In this case, the attack was an immediate precursor to a full invasion. But the Russian government has been sponsoring cyber-attacks long before 2022. In 2017, Russia attacked Ukraine’s financial, energy and government institutions with a disruptive piece of malware called ‘NotPetya’.
Once the malware infected one machine it was designed to spread rapidly through any trusted networks. Despite being targeted at Ukraine, the virus managed to infect the systems of Danish shipping company Maersk (DM:MAERSK) leaving it unable to process shipping orders and costing the company up to $300mn (£224mn), while FedEx (US:FDX), the US delivery company had to freeze trading of its shares due to NotPetya disruption. The virus was so out of control that it even infected Russian petroleum company Rosneft (RU:ROSN).
Anthony Ginsberg, managing director of GinsGlobal Index Fund, which includes the HAN-GINS Tech Megatrend ETF (ITEK), said cyber security has to be at the forefront of company management planning. “I think CEOs in the US are one big hack away from losing their jobs," he said. "In 2015, the Sony CEO left after the North Korean hack and executives will remember this."
Russia is by far the most aggressive nation on this front, according to Microsoft’s 2021 Digital Defence Report, accounting for 58 per cent of all cyber-attacks from nation states. As it carries out more assaults it also becomes more effective at them. The success rate jumped 11 percentage points to 32 per cent last year.
Despite investors piling into the sector, the current reality is Russia's cyber soldiers will be focused on Ukraine, according to the chief technology officer at cyber consultant NCC, Ollie Whitehouse.
“There isn’t much room for an increase in ransomware given the ferocious intensity of [Russian] government cyber espionage activity," he said. "With Russia’s current hyper focus on Ukraine it is actually likely we will a drop off in UK attacks for the time being."
Whitehouse has seen an increase in CEOs enquiring about beefed-up cyber security since the Ukraine crisis began. “The war will raise awareness of the threat. People are seeing this a precursor to what could potentially happen in Taiwan [were China to invade].”
Even before the Ukraine crisis the market was expected to grow significantly as more companies move their operations online and embrace the Internet of Things, which creates more entry points into their systems. Last year, a report published by Grandview Research said it expected the cyber security market to register a CAGR of 11 per cent from 2021 to 2028.
Last year, following a White House meeting with President Biden, Microsoft (MSFT) committed to spending $20bn on cyber security over the next five years. At the same time, Alphabet (GOOGL) announced a five-year $10bn cybersecurity investment. It is safer for companies to store data in the cloud than on private local servers.
Not just about software
Darktrace uses AI technology to protect a system that has already been breached. Its software is made to be self-learning and is needed because hackers increasingly use AI themselves. It is impossible for a company to ever make it certain that a virus will not enter a system. There are now so many potential access points, therefore having software than can protect companies after a breach is crucial.
But software alone is not enough. The other important consideration for companies is personnel. In 2010, a joint mission between the US and Israel managed to deactivate the Iranian centrifuges essential for its nuclear program. The virus used to shut them down was called Stuxnet but because the centrifuges were on closed systems it is understood that someone would have needed to upload the virus directly using a USB.
This is a dramatic example, but for any company the same risk applies. Access to any hardware could lead to a breach, and cyber experts see higher risks from employees working from home. The ability to corrupt employees through so-called 'societal engineering' increases as people become more isolated from their employers, as well as the lower security provided by home networks.
Data management company Blancco Technology (BLTG) highlighted these added risks in its 2021 results last week. "[A global IT consultant's] clients are challenged by the landscape for data and device lifecycle management which underwent a fundamental change during the pandemic," Blancco said. "Those clients have seen increasing adoption of flexible working models and more individuals accessing and sharing data via personal and public networks and devices."
