The newly launched Canadian Centre for Cyber Security recently released its National Cyber Threat Assessment 2018 which details cyber threats to Canada’s citizens, businesses and critical infrastructures.
With the internet tying these three categories together, an emerging concern is the Internet of Things (IoT) especially given the insecure status of many consumer products creating platforms for attacking businesses and infrastructure. For the smart investor, such concerns may represent an opportunity to develop a cybersecurity investing thesis in an increasingly volatile environment.
Canadian Centre for Cyber Security
The new Canadian Centre for Cyber Security launched in October with a mandate to provide a hub for cybersecurity information for both citizens and businesses in Canada. The Cyber Centre not only gathers together government experts from many separate departments but will also connect with experts from private industry. In addition, the Cyber Centre intends to move beyond previous government focus on large companies to better serve small and medium-sized businesses.
While security is an increasing concern for all companies, it is also one that investors should take into account when researching public companies. Though the Cyber Centre is not necessarily intended as a resource for investors, it is intended to “be a place where the private sector can come for advice and test products they want to sell to Ottawa as well as commercially.”
The Canadian Centre for Cyber Security’s website includes a section on Industry Collaboration that notes their intention to stay abreast of developments in the cybersecurity market and to evaluate emerging technologies. They will accomplish this goal in part by partnering with the Build In Canada Innovation Program. For investors seeking to stay abreast of innovative and emerging Canadian companies, the extensive databases of Canadian companies currently working with or desiring to work with government agencies is a unique resource.
The vulnerable Internet of Things
The Cyber Centre’s first unclassified report, National Cyber Threat Assessment 2018, has separate sections on cyber threats to Canadians, Canadian businesses and Canadian critical infrastructure. The report details a wide range of threats from cybercriminals, who may be motivated by a combination of private and governmental agendas, but appears to be inspiring renewed interest in the vulnerability of the Internet of Things (IoT). In particular, attacks on private citizens have moved beyond computers and mobile devices to internet-connected electronic devices and systems in the home and automobile.
The Cyber Centre’s report states that “manufacturers have rushed to connect more types of devices to the internet, often prioritizing ease of use over security.” Security flaws lead to attacks on the devices and home systems. One currently popular attack installs malware on devices in order to mine cryptocurrency. Insecure appliances connected to the internet can also be connected in larger networks to form botnets which can then be used to attack businesses and infrastructure.
A newly released report from internet security firm Netscout focuses on the insecure nature of the Internet of Things. The report reveals that new IoT devices in the home may be attacked as quickly as five minutes after being connected to the internet. These attacks are generally automated and designed to exploit the commercial dynamics of IoT retail.
A device may sit on a retailer’s shelf for a period of time before being purchased and arriving in one’s home. During that time new vulnerabilities are found that may or may not be patched in a timely fashion but will not get patched on any particular device until that device is connected to the internet. Some attacks that may be considered outdated in a technically sophisticated business or government setting still work quite well with many IoT devices for the home. In addition, default passwords set the stage for devices being penetrated before there is even time to update passwords and software.
Public companies and the IoT
There are many angles that Canadian investors can pursue due to this state of affairs. As previously noted, many companies both public and private are working with the government on security issues. Such work can be quite lucrative and, for companies winning government contracts, can provide more consistent revenue than contracts in the private sphere.
Other areas to consider are companies providing security services specifically for devices on the Internet of Things which are not just limited to the home but also to businesses and government organizations. But it is also worth examining the vulnerability of companies that produce devices for the IoT or are heavily deploying such devices in their own operations. A company involved with such technology that has a history of lax security may eventually make the news as the latest victim of a security breach.
An investing thesis based on cybercrime and security is one which can serve investors well as security issues increase. And, in the process, securing one’s own financial and personal data is probably a smart move as well.