AndreyPopov/iStock via Getty Images
By Devin Ryder, CFA
Cybersecurity companies are the premier solution for cybersecurity threats that continue to grow in number and monetary severity. The workforce available today is not sufficiently trained for companies to hire security experts in-house, causing them to turn to leading cybersecurity providers as a solution to the ever-growing problem. These cybersecurity companies, available through HACK, are securing the world’s individuals, corporations, and government entities. In today’s world and its increasingly digital interconnectedness, data is gold. This presents an opportunity for cybersecurity businesses to continue to grow in importance and widespread use.
So far this year, cyberattacks across the globe have been rampant, with no signs of slowing down. Just this month, the largest cybersecurity breach in China’s history took place when unidentified hackers broke into a Shanghai police database and claimed to have stolen information on up to a billion Chinese citizens. Numerous other digital vulnerabilities have been exploited across the globe as corporations and government agencies struggle to secure adequate cybersecurity personnel. Below, we’ll break down some of the major cyber security events of the first half of this year and the resulting market implications.
LAPSUS$ Data Extortion Group
Cybercrime group LAPSUS$ first appeared in December 2021 with an extortion demand on Brazil’s Ministry of Health. LAPSUS$ made headlines again in early 2022 when they posted screenshots of internal tools linked to several significant companies, including NVIDIA (NVDA), Samsung (OTCPK:SSNLF), and Vodafone (VOD). In March, the group released source code from Microsoft Bing and Cortana, as well as its identity management platform Okta (as of 7/15/22, Okta Inc represented approximately 4.48% of the ETFMG Prime Cyber Security ETF). The attackers, who looked to have bases in South America and the United Kingdom, used phishing attempts to infiltrate the targets’ networks. British police detained seven persons alleged to have ties to the group at the end of March, and at the start of April, two of them were charged.
Conti Ransomware Gang
Costa Rican President Rodrigo Chaves declared a national emergency in May as a result of cyberattacks by the Conti ransomware gang on various government entities. Losses of tens of millions of dollars per day were incurred because of the group’s attack on the nation’s Ministry of Finance, which rendered Costa Rica’s import/export operations inoperable. The HIVE ransomware linked to Conti was blamed for a second attack in late May that targeted the Costa Rican Social Security Fund and severely disrupted the nation’s healthcare system. The disruptions from the attack lasted for months.
Lazarus Group Alleged Crypto Heist
Investigations by blockchain researchers suggest that a hack that resulted in the theft of about $100 million in cryptocurrencies was likely carried out by state-sponsored hackers from North Korea. American cryptocurrency startup Harmony (ONE-USD) was the target of the attack, which occurred in June. The majority of the stolen crypto was converted to ether through Tornado Cash, a “mixing” service used to hide the trail of money. Blockchain firms Elliptic and Chainalysis worked with Harmony to investigate the attack. Their investigations revealed that the attack methodology and the subsequent laundering of funds bear numerous similarities to Lazarus Group, a hacking collective with strong ties to Pyongyang.
China’s Largest Data Leak
An anonymous post on an online cybercrime forum last week claimed that an unknown group of hackers have stolen data on as many as a billion Chinese residents after breaching a Shanghai police database. If true, this would make the breach the largest in the country’s history. The attackers threatened to sell more than 23 terabytes of database data that had been stolen, including names, addresses, birthplaces, national IDs, phone numbers, and details about criminal cases. The unknown hacker demanded ten bitcoin, equivalent to almost $200,000. While still unknown how the alleged attackers obtained access to the Shanghai police servers, there is speculation that the breach involved a third-party cloud infrastructure partner. Among the largest cloud service providers in the nation are Tencent Holdings Ltd. (OTCPK:TCEHY), Huawei Technologies Co., and Alibaba Group Holding Ltd. (BABA).
The Cybersecurity Talent Market
Major digital security breaches over the past few years are serving as a wake-up call to corporations about the need to invest in cybersecurity. Over an eight-year period tracked by Cybersecurity Ventures, the number of unfilled cybersecurity jobs grew by 350 percent, from one million positions in 2013 to 3.5 million in 2021. According to a 2020 survey by (ISC)2, there are around 879,000 cybersecurity professionals in the workforce in the United States alone, yet still a need for another 359,000 individuals. And according to a report by international recruiting agency Michael Page, there will be more than 1.5 million cybersecurity job openings in India alone by 2025. Unfortunately, there is no short-term solution to this problem. Experts suggest a rethinking of education systems to include cybersecurity training as early as kindergarten as a potential way to address the demand gap. There has also been a push to grow a more diverse cyber workforce. Currently, women represent 25% of the cybersecurity workforce, which is up from 20% in 2019 and 11% in 2011. As the number of women and other underrepresented racial and ethnic groups join the cybersecurity community, the skills gap will shrink even further.
Carefully consider the Fund’s investment objectives, risk factors, charges, and expenses before investing. This and additional information can be found in the Fund’s prospectus, which may be obtained by calling 1-844-ETF-MGRS (1-844-383-6477), or by visiting www.etfmg.com/HACK. Read the prospectus carefully before investing.
Investing involves risk, including the possible loss of principal. Shares of any ETF are bought and sold at market price (not NAV), may trade at a discount or premium to NAV and are not individually redeemed from the Fund. Brokerage commissions will reduce returns. Narrowly focused investments typically exhibit higher volatility. The fund is concentrated in technology-related companies that face intense competition, both domestically and internationally, which may have an adverse effect on profit margins. Such companies may have limited product lines, markets, financial resources or personnel. The products of such companies may face obsolescence due to rapid technological developments, frequent new product introduction, unpredictable changes in growth rates, competition for the services of qualified personnel, and competition from foreign competitors with lower production costs. Technology companies are heavily dependent on patent and intellectual property rights. The loss or impairment of these rights may adversely affect the profitability of these companies. Investments in foreign securities involve political, economic and currency risks, greater volatility and differences in accounting methods. The Funds are non-diversified, meaning they may concentrate its assets in fewer individual holdings than a diversified fund. Investments in smaller companies tend to have limited liquidity and greater price volatility than large-capitalization companies. Diversification does not assure a profit or protect against a loss in a declining market. The Fund’s return may not match or achieve a high degree of correlation with the return of the Prime Cyber Defense Index. To the extent the Fund utilizes a sampling approach, it may experience tracking error to a greater extent than if the Fund had sought to replicate the Prime Cyber Defense Index.
ETF Managers Group LLC is the investment adviser to the Fund.
The Fund is distributed by ETFMG Financial LLC. ETF Managers Group LLC and ETFMG Financial LLC are wholly owned subsidiaries of Exchange Traded Managers Group LLC (collectively, “ETFMG”). ETFMG is not affiliated with Prime Indexes.
The Fund is intended to be made available only to U.S. residents. Under no circumstances is any information provided on this website intended for distribution to or use by, or to be an offer to sell to or solicitation of an offer to buy the Fund or any investment product or service of, any person or entity in any jurisdiction or country, other than the United States, where such distribution, use, offer or solicitation would subject the Fund or its affiliates to any registration requirement or be unlawful under the securities laws of that jurisdiction or country.
Editor’s Note: The summary bullets for this article were chosen by Seeking Alpha editors.
Be the first to comment