Cyber News Roundup: Investors take stock in the cybersecurity industry

Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

While the proliferation of cyberthreats and ransomware has caused concern for people and governments alike, it’s been a boon for cybersecurity companies. According to Investor’s Business Daily, shares of security vendors Palo Alto Networks are up 45 percent year to date, Fortinet is up 39 percent and Proofpoint has gained 35 percent.

Why have these companies’ profits risen so dramatically? Much of it stems from the continued growth in cyberthreats. Jon Clay, director of Global Threat Communications for Trend Micro, notes that on a typical day “anywhere from 300,000 to 500,000 malicious files traverse the internet. Because access to the internet has expanded to many different places in the world where you have people who don’t make much money, more of them turn to cybercrime,” he said.

Additional examples of the positive economic impact on cybersecurity companies include Carbon Black which raised $152 million with its IPO in May and SailPoint which raised $240 million with is November IPO.

It seems as though cyberattacks used to focus on company’s having their computer networks attacked. But many of the security breaches we read about today involve hackers who steal consumer data that can be held ransom. With the increase in use of IoT (internet of things) devices, tablets, mobile phones and other devices connected via the cloud opening new attack vectors, the cybersecurity industry looks like a solid bet for investors for some time to come.

And the hits just keep on coming

With what seems like a non-stop wave of cybersecurity breaches and ransomware attacks, it should come as no surprise that companies are spending record amounts on safeguards. Security Intelligence stated that “according to a May survey by cybersecurity company Kaspersky Lab, the average cost of a data security incident for large corporations in 2018 rose to $1.23 million — 24 percent higher than last year’s average of $992,000.”

Given that both hard costs and the impact to reputations can go far higher than the average, companies are on track to spend record amounts to strengthen their cybersecurity profiles. According to research firm Gartner, worldwide enterprise security spending  will total $96.3 billion in 2018, an increase of 8 percent from 2017.

Maxim Frolov, vice president of global sales at Kaspersky Lab, said these increases reflect the importance of cybersecurity as organizations embrace the cloud and adjust to the digital age.

“Cybersecurity has become not just a line item in IT bills, but a boardroom issue and a business priority for companies,” said Frolov. “Businesses expect a strong payoff as the stakes continue to get higher: Besides traditional cybersecurity risks, many companies now have to deal with growing regulatory pressures, for example.”

Malware, ransomware and…industrial sabotage?

Much of the news about cybersecurity has focused on malware threats and ransomware, but an even more dangerous threat could be industrial sabotage, the type that could cause damage to civic infrastructure. According to research from Dragos, an industrial cybersecurity firm, there is a new threat from a group called Xenotime who “has developed hacking tools to compromise and disrupt industrial safety instrumented systems — hardware and software controls that are used to ensure the safe operations of large-scale nuclear, chemical and other industrial plants and allow for emergency stops to take place.”

Concerns about chemical and nuclear attacks need to be taken seriously. “It is the most dangerous cyber threat in the world, period,” said Sergio Caltagirone, director of threat intelligence at Dragos. “Really, there has been no malware in the world so far that has actually put lives at risk, demonstrably.”

Partner blog of interest