As Russia Fires Real, Virtual Weapons, Cybersecurity Gets Spotlight
While fighting intensified across Ukraine -- with startling images of brutal urban warfare emanating from Kharkiv, Lviv, and beyond -- NATO and the West have been keen to keep their participation at an arm's length. This has largely consisted of sanctions, supply of defensive weapons, and the seizure of assets held abroad by Krelmin-linked oligarchs.
But there is a much more direct war that the collective West and Russia have been waging for a decade or more. That, of course, is the series of battles in cyberspace that look as though they will only escalate as more open conflicts erupt.
Already in 2022, there have been three separate reports published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) related to Russian state-sponsored hacking targeting that warn of an only increasing threat.
"Russia continues to target critical infrastructure, including underwater cables and industrial control systems, in the United States and in allied and partner countries, as compromising such infrastructure improves-and in some cases can demonstrate-its ability to damage infrastructure during a crisis," the agency advised in a recent report. "Russia almost certainly considers cyber attacks an acceptable option to deter adversaries, control escalation, and prosecute conflicts."
As such, investors must be mindful not only of sectors that are at risk, but companies that could provide critical protections against such malicious actions.
Areas of Interest
As technology is an integral part of nearly every modern business, this broad threat is becoming more ominous. However, there are sectors that attract more attention for hacks, as demonstrated by Russia's attempts to break into the U.S. energy grid in recent years.
"Critical infrastructure sectors, which include communication, energy, and healthcare, are at a particularly high risk of cyberattacks," Therese Schachner, cybersecurity consultant at cybersecurity advisory firm VPN Brains told Real Money. "Cyberattacks against these types of organizations are particularly damaging because they often result in the halting of operations and impede these organizations' ability to provide electrical power, gas, and other essential goods and services to the public."
Once again, given the precedent to pinpoint these important industries, politically motivated attacks on these critical sectors are anticipated. Whether it be the energy sector overall or the recent Solarwinds hack of Microsoft (MSFT) , there appears to be no limit to the size and scale of these attacks.
"No industry is immune from cyber-attacks, and considering the current situation financial and banking sectors, Healthcare, Telecom and energy are more vulnerable than others," advised Alex Lam, Chief Strategy and Business Development Officer at TechDemocracy.
He added that the impact for cloud providers like Amazon, IBM (IBM) , Alphabet (GOOGL) , and Microsoft could be quite large and therefore will necessitate more spending on defense. Further, he advised that more focus on the individual level for smartphones, password protection, and more is likely.
That said, attempting to pinpoint the next target is likely no better than amateur meteorology. Instead, Schachner advised a broader approach to risk mitigation is advisable and highly likely in U.S. firms.
Positioning for Protection
For investors, this spells opportunity in the cybersecurity space broadly.
"Cybersecurity companies such as Palo Alto Networks (PANW) and Crowdstrike (CRWD) are well-positioned to help address organizations' needs for protection against cyberattacks," Schachner advised. "These companies offer products and services such as threat intelligence, endpoint detection, and response (EDR) solutions, malware defense, and incident response."
She, therefore, expects more spend on the products offered by each of those firms to prevent any politically motivated breaches.
Christopher Vecchio, senior strategist at market research firm DailyFX added in an email to Real Money that global dynamics beyond simply the US widen the opportunity available.
"With Europe having abandoned its decades-long pacifist military policies in just the past week - Germany will begin deficit spending to boost its armed forces - there is significant scope for cybersecurity firms to benefit as governments increase allocations to kinetic defenses, but to digital defenses as well," Vecchio explained.
"This is a meaningful tailwind that could provide a bullish catalyst to companies like Crowdstrike and ZScaler over the coming months as Western countries and companies beef up their cyber defenses to ward off countermeasures deployed by Russia in response to the sanctioning of Russian banks from SWIFT, as well as the Central Bank of Russia's asset freeze."
Elsewhere, Check Point Software (CHKP) and Mandiant (MNDT) appear to be benefiting from the Russo-Ukrainian conflict and anticipated cyberwarfare. Given Mandiant, previously known as FireEye, has long called out Chinese and Russian cyberattacks, the firm would appear particularly well-positioned.
On an individual level, NortonLifelock (NLOK) and Fortinet (FTNT) are likely to benefit from similar dynamics. Cisco's CSCO recent acquisition of DuoSecurity for password protection is also likely to be proven prescient amidst the current environment. Judging by share dynamics as of late, the market is growing to appreciate the broad-based opportunity.
To be sure, not all cybersecurity firms are enjoying the same level of success.
For example, Okta (OKTA) has seen its stock price eroded by both a worse than anticipated bottom line in its latest earnings report provided on Thursday and soft guidance into the coming quarter. ZScaler (ZS) likewise fell in a recent report, suggesting that execution is still a crucial aspect of stock-picking in cybersecurity.
Gloss