Microsoft on 7 April said it had disrupted state-linked hacker activity aimed at US, European and Ukrainian entities. Bloomberg has reported at least seven power grid infrastructure centers in India were surveilled by state-linked hackers. Separately, developers of NFT-based video game Axie Infinity have raised USD 150mn from private investors to reimburse victims of a hacking theft incident last month.
A raft of notable new cyber incidents—impacting governments and infrastructure, private companies and the public alike—are a reminder of the growing need for cybersecurity defenses:
• State-linked hackers are effective and can be hard to stop. Recent government-linked hacking incidents highlight the novel tools and sophistication of state-linked hacking groups. While hacking victims in the past were often more obvious as targets, state-linked hackers have widened the scope of points of attack as they find new ways to breach connected systems in service of political goals.
• Infrastructure is a major target. Reports of state-linked hackers scanning or penetrating foreign infrastructure are not a new trend. The FBI last month claimed five US energy companies were probed by Russian hackers as a form of “preparatory activity”. In the case of the US, much infrastructure is privately held and operated, with decisions on cyber defense spending up to corporate leadership.
• New targets, from crypto-based assets to mobile phones, are growing vectors. The significant value attributed to crypto assets, and the relative speed at which the code behind these distributed networks has been deployed, can make attractive targets for profit-focused hackers. Likewise, the proliferation of mobile phone usage in enterprise and government settings has seen attacks increase, with those targeting previously unidentified flaws (known as zero-day attacks) growing by 466% in 2021 according to security firm Zimperium.
We view these incidents and examples as further examples of the need to boost government, private sector and public spending on cybersecurity defenses. The US government is already lifting its planned spending for 2023, with the Biden administration’s budget request earmarking USD 10.9bn in civilian cybersecurity-linked spending, an 11% year-on-year increase, of which USD 2.5bn is set for the cybersecurity and infrastructures security agency.
We see median cybersecurity stocks trading around their historical five-year average enterprise value to sales multiples, indicating valuations are still reasonable. Cybersecurity, alongside AI and big data, is part of our “ABCs of tech” theme and also our age of security thematic view. More on our long-term equity views here.
Main contributors- Mark Haefele, Sundeep Gantori, Jon Gordon, Christopher Swann
Content is a product of the Chief Investment Office (CIO).
Read original report – No slowdown for hackers, 11 April 2022.