With 2017 Poised to be the Year of Ransomware, More Cyber Spending is on the Way

With 2017 Poised to be the Year of Ransomware, More Cyber Spending is on the Way

With headlines swirling following the WannaCry attack that hit more than 230,000 computers across more than 150 countries in just 48 hours, on this episode of Cocktail investing we spoke with Yong-Gon Chon, CEO of cyber security company Focal Point to get his insights on that attack, and why ransomware will be the cyber threat in 2017. Before we get into that Safety & Security conversation, Tematica’s investing mixologists, Chris Versace and Lenore Hawkins broke down last week’s economic and market data as well as the latest relevant political events. With all the controversy in D.C., there was a lot to discuss concerning the likelihood that the Trump Bump, which was based on assumptions around tax reform, regulatory roll-back, and infrastructure spending is evolving into the Trump Slump as investors realize the anticipated timeline for such was decidedly too aggressive. With mid-term elections looming, we expect the Trump opposition will be emboldened by the controversy surrounding the administration and will put in best efforts to appeal to their constituents. For the market, it’s another reason to see the Trump agenda likely slipping into late 2017-early 2018, and that realization is likely to weigh on robust GDP and earnings expectations for the balance of 2017.

The markets on May 17th suffered their biggest losses in 2017, with the Nasdaq taking the biggest one-day hit since Brexit, as the turmoil in Washington dampens investors’ appetite for risk while raising questions over GDP and earnings growth. While some Fed banks are calling for 2Q 2017 GDP as high as 4.1 percent (quite a jump from 1Q 2017’s 0.7 percent!), the data we’re seeing suggests something far slower. We continue to think there is more downside risk to be had in GDP expectations for the balance of 2017, and the latest Trump snafu is only likely to push out team Trump’s reforms and other stimulative efforts into 2018. If 2Q growth is driven in large part by inventory build, which is what the data is telling us, expect the second half to be significantly weaker than the mainstream financial media would lead you to believe.

While the global financial impact of the WannaCry ransomware attack may have been lower than some other high profile attacks such as ILOVEYOU and MyDoom, the speed at which it moved was profound. We spoke with Yong-Gon Chon, CEO of Focal Point Data Risk about the incident to get some of the perspective and insight the company shares with its c-suite and Board level customers. While many are focusing on WannaCry, Yong-Gon shares that as evidenced by recent content hijackings of Disney (DIS) and Netflix (NFLX), ransomware is poised to be the cyber threat of 2017. Those most likely to be targeted are those organizations that prioritize uptime and whose businesses tend to operate around the clock, making backups and software updates extremely challenging.

While in the past IP addresses may have been scanned once every four to five hours, in today’s increasingly Connected Society, IP addresses are scanned one to ten times every second. As consumers and businesses in the developed and emerging economies increasingly adopt the cloud and other aspects of Connected Society investing theme, we are seeing an explosion in the amount of data as more and more of our lives are evolving into data-generating activities. From wearables to appliances to autos, our homes, offices, clothing and accessories are becoming sources of data that goes into the cloud. With the Rise of the New Middle Class in emerging markets, we are seeing the number of households participating in this datafication grow dramatically, exposing new vulnerabilities along the way. That increasingly global pain point is fodder particularly for cyber security companies, such as Fortinet (FTNT), Splunk (SPLK) and Cisco Systems (CSCO) that are a part of our Safety & Security investing theme.

During our conversation with Yong Gon we learned that companies need to understand that breaches must be viewed as inevitable in today’s Connected Society, network boundaries are essentially a thing of the past. Security can no longer about preventing nefarious actors from gaining entrance, but rather is now about managing what happens once a company’s network has been invaded. From a sector perspective, with all the regulation and reporting requirements in financial services, many of these firms are leading the way in how to best deal with such breached.Uber

For investors who want to understand the potential impact of cybercrime, Yong-Gon Chon suggests looking at how much data a company is generating and how the company is managing the growth of that data, with companies such as Facebook (NASDAQ:FB), Alphabet (NASDAQ:GOOGL) and Uber examples of heavy generators. Investors need to look at a company’s cyber risk as a function of the magnitude of its data generation and the company’s level of maturity in addressing that risk. By comparison, companies not affected by attacks such as WannaCry need to be asking themselves why didn’t they get hit? Was it luck or did we do something right? If so, what did we do right and what is the scope of protection we have given what we’ve learned about the latest attack strategies?

We also learned about the new efforts underway globally to develop attribution of cyber threats so as to differentiate between those threats from professional cyber criminals versus the capricious tech savant engaging in ill-advised boundary exploration. Along with this shift is also a change in the boardroom, where cybersecurity is viewed in the context of its potential impact on the business, rather than as a function of a company’s IT department.

One thing we can be assured of is that hackers are watching each other and the good ones are learning what makes attacks fail and where organizations are weakest. As the Connected Society permeates more and more of our lives, these risks become more pernicious and their prevention more relevant to our everyday lives. The bottom line is we are likely to see greater cyber security spending in preventative measures as well cyber consulting as those responsibilities become a growing focus of both the c-suite and board room.

Companies mentioned on the Podcast

  • Amazon.com (AMZN)
  • Apple (AAPL)
  • CVS Health (CVS)
  • Disney (DIS)
  • Facebook (FB)
  • Focal Point
  • JC Penny Co (JCP)
  • Kohl’s (KSS)
  • Macy’s (M)
  • Microsoft (MSFT)
  • Netflix (NFLX)
  • Nordstrom (JWN)
  • TJX Companies (TJX)
  • Twitter (TWTR)
  • Uber
  • United Parcel Service (UPS)
  • Walgreens Boots Alliance (WBA)

Resources for this podcast: