So far this holiday season, we’ve seen a pronounced pickup, as expected, in the shift to digital shopping that is one of the central aspects of our Digital Lifestyle investing theme. New research shows that shift is also serving as a spark for cyber attacks, increasing the risk of identity theft, fraudulent traffic and other malicious activity that is a tailwind for cyber spending and our Safety & Security investing theme.
The ad-verification company Fraudlogix published recent data showing an increase in fraudulent advertising traffic in the weeks leading up to Thanksgiving and the holiday shopping season.
Fraudlogix analyzed three months of global programmatic ad traffic and found that the average percentage of fraudulent traffic jumped from 11.6% in October to 14.2% in November. The data includes all device types.
Invalid or fraudulent traffic is generated by bots, hijacked devices, or malware. The data comes from monitoring traffic from more than 640 million unique users, 1.2 billion unique devices, and 12 million URLs monthly.
Fraudlogix is not the only company to identify a rise in fraudulent ad traffic. Companies like Distil Networks estimate that bots create about 48% of all internet traffic across all web sites. Google and White Ops also helped the U.S. Department of Justice indict two people from Kazakhstan and six Russian nationals for alleged involvement in a digital advertising fraud scheme worth about $29 million in fake digital ads.
Source: Online Fraudulent Traffic Increases 20% Leading Up To Holidays 12/03/2018
When Jamie Dimon, CEO of JPMorgan Chase one of the largest banking entities, speaks investors and the markets tend to listen and digest what he is saying. This week, Dimon reminded that cybersecurity, one of the tentpoles of our Safety & Security investing theme, is an area that individuals, institutions and the government need to “focus on.” Intermixed with his comments was that JPMorgan has spent “a lot of money” and is “secure” but as we know this is an evolving landscape that likely means cyber spending should be considering an ongoing aspect of capital spending plans rather than a “fix it and forget it” type of spend. We’re already witnessing the shift in spending categories at the Pentagon, and odds are it will only be a matter of time before we see the same at more of Corporate America as well. All it will take is another high profile cyber attack or two, but that will be reactive (defense) rather than proactive (security).
Banks may be in sound condition post-Lehman Brothers, but the financial system could crack again if hit with a devastating cyber attack, J.P. Morgan Chief Executive Jamie Dimon warned on Thursday.
“I think the biggest vulnerability is cyber, just for about everybody” he told CNBC’s Indian affiliate CNBC TV-18 on Thursday. “I think we have to focus on it, the United States government has to focus on it.”
“We have to make sure because cyber — terrorist and cyber countries — they could cause real damage. We’re already spending a lot of money and J.P. Morgan is secure but we should really worry about that,” Dimon told CNBC-TV18’s Shereen Bhan in New Delhi.
Source: JP Morgan’s Jamie Dimon says cyber is biggest risk to the financial system
According to JP Morgan, one of its models that “calculates outcomes based on the length of the economic expansion, the potential duration of the next recession, the degree of leverage, asset-price valuations and the level of deregulation and financial innovation before the crisis” sees the next financial crisis occurring in 2020. We recognize this current economic expansion is long in the tooth, but to us what is more worrisome is how the next financial crisis might start. Several new reports point to cyber threats as the likely culprit. Perhaps companies will take heed of these findings and perspectives, which would serve as the latest catalyst for our Safety & Security investing theme.
On Wednesday, the Depository Trust & Clearing Corp., which provides clearing and settlement for the financial markets in the U.S., released a report, entitled “The Next Crisis will be Different: Opportunities to Continue Enhancing Financial Stability 10 Years After Lehman’s Insolvency.” It discusses several macroeconomic and market-related risks to the financial system but specifically said that cybersecurity threats “have grown to a point where they may have become the most important near-term threat to financial stability.”
Cyberthreats have consistently been ranked as the number one concern by respondents to Depository Trust’s Systemic Risk Barometer since the survey began in 2013: “The motivation of cyber-attackers is shifting from purely achieving financial gains to disrupting critical infrastructures, such as through nation-state attacks, which threatens the basis for confidence in the financial system and even national or international stability.”
They aren’t the only ones worried. After the financial crisis, the Dodd-Frank Act established the Financial Stability Oversight Council to identify and monitor excessive risks to the U.S. financial system. The chairman is the secretary of the Treasury.
The Office of Financial Research provide financial data and research to the council and each year publishes a Financial Stability Report on risks to the financial system.
The most recent report, published in December, came to the same conclusion as the Depository Trust: “A large-scale cyberattack or other cybersecurity incident could disrupt the operations of one or more financial companies and markets and spread through financial networks and operational connections to the entire system, threatening financial stability and the broader economy.”
Source: A cyberattack could trigger the next financial crisis
A few months ago in episode 59 of the Cocktail Investing podcast, we discussed the looming cybersecurity threats to be had in the corporate supply chain. After that conversation, we figured it was only a matter of time until a high profile supply chain attack occurred. It was only a matter of months until the vulnerabilities for several automotive companies and their suppliers were exposed. How they address it means more spending associated with our Safety & Security investing theme.
To check out our latest Cocktail Investing podcast, click here.
Security researcher UpGuard Cyber Risk disclosed Friday that sensitive documents from more than 100 manufacturing companies, including GM, Fiat Chrysler, Ford, Tesla, Toyota, ThyssenKrupp, and VW were exposed on a publicly accessible server belonging to Level One Robotics.
The exposure via Level One Robotics, which provides industrial automation services, came through rsync, a common file transfer protocol that’s used to backup large data sets, according to UpGuard Cyber Risk. The data breach was first reported by the New York Times.
According to the security researchers, restrictions weren’t placed on the rsync server. This means that any rsync client that connected to the rsync port had access to download this data. UpGuard Cyber Risk published its account of how it discovered the data breach to show how a company within a supply chain can affect large companies with seemingly tight security protocols.
This means if someone knew where to look they could access trade secrets closely protected by automakers.
Source: Data breach exposes trade secrets of carmakers GM, Ford, Tesla, Toyota | TechCrunch
Another reminder that cybersecurity, a key aspect of our Safety & Security investing theme and our Safety & Security Index, is the 21st century version of insuance – one needs to have for when something does go wrong. With $445 billion lost last year to cybercrime, I see that making cybersecurity a must have for companies as well as elevating it past the C-suite and into the Boardroom.
Similar to insurance, people tend to become complacent as the cyber attack headlines die down. As these two attacks show, however, the hackers are not taking a breather and that means cybersecurity growth prospects remain vibrant.
Bank of Montreal and Canadian Imperial Bank of Commerce (CIBC) announced Monday (May 28) that hackers stole data on close to 90,000 customers.
According to a report in Reuters, Bank of Montreal said it was contacted by hackers who claimed to have personal and financial data on its customers — the bank thinks it’s less than 50,000 of its 8 million customers. The spokesman wouldn’t tell Reuters if customers’ money was stolen in the hack, but did say that the hackers said they would make the data public. The bank is working with authorities and has launched an investigation.
Reuters noted that the Bank of Montreal thinks the attack happened from outside the country and is confident it has shut off the exposure that led to the data breach. Meanwhile, CIBC said fraudsters also contacted it, claiming to have stolen personal and account information on 40,000 customers. Both banks said they have notified customers and urged them to monitor their credit reports.
Source: Bank of Montreal, CIBC Announce Cyberattacks | PYMNTS.com
If you need more evidence that we are living in an increasingly internet-connected world, look no further than a recent software update aimed at making sure 465,000 people with pacemakers don’t have hearts that are vulnerable to hackers.
The U.S. Food and Drug Administration announced this week that medical device company Abbott has issued a corrective action for implantable cardiac pacemakers made under the St. Jude’s Medical brand. According to the company, there is a “risk of patient harm due to potential exploitation of cybersecurity vulnerabilities.”To address this heart-hacking vulnerability, Abbott is issuing a firmware update to the pacemakers.
Source: 465K People Need A Pacemaker Security Update To Protect Their Hearts From Hacking – Consumerist
Finally after more than few years of mounting cyber attacks with increasingly devastating results to individuals, businesses and other institutions, President Obama finally opts to get into gear with our Safety & Security investment theme. This also confirms what many of us have already thought – the increasing role of cyber attacks in modern warfare.
The Obama administration is preparing to elevate the stature of the Pentagon’s Cyber Command, signaling more emphasis on developing cyber weapons to deter attacks, punish intruders into U.S. networks and tackle adversaries such as Islamic State, current and former officials told Reuters.
Under the plan being considered at the White House, the officials said, U.S. Cyber Command would become what the military calls a “unified command” equal to combat branches of the military such as the Central and Pacific Commands.
Source: Obama prepares to boost U.S. military’s cyber role: sources | Reuters
When a cyber attack makes the headlines it serves as a reminder of the growing threat we face as part of our increasingly Connected Society. Even without flashy headlines, ongoing increases in the number of cyber attacks confirm its place as a growth industry.
Akamai Technologies released its Q1 2016 State of the Internet – Security Report, which takes an in-depth look into the global cloud security threat landscape to provide analysis and insight into malicious activity that’s been observed across the Akamai Intelligent Platform™ from January to March of this year.“We have continued to witness significant growth in the number and frequency of DDoS and web application attacks launched against online assets, and Q1 2016 was no exception,” explained Stuart Scholly, SVP and GM of Akamai’s Security Business Unit.
Source: State of the Internet and Security In Q1 2016 | PYMNTS.com