The private sector needs to do more to defend itself in the face of a rising cybersecurity threat, the White House said in a memo addressed to corporate executives and business leaders on Wednesday.
“The number and size of ransomware incidents have increased significantly,” wrote Anne Neuberger, Biden’s deputy national security advisor for cyber and emerging technology.
“The private sector also has a critical responsibility to protect against these threats,” she added. “All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location.”
The memo follows the latest attack on a key resource supplier in the US by ransomware attackers said to be based in Russia. Over the weekend, the world’s largest meat processor, JBS, was forced to shut down much of its North American operations after an attack the FBI attributed to a group known as Pinchy Spider.
And in April, the Colonial Pipeline was temporarily shut down when the company’s IT infrastructure was held hostage by the hackers known as Darkside for a ransom worth $4.4 million.
The “highly impactful steps” include using a multi-factor authentication system instead of relying on passwords, conducting regularly scheduled data backups, keeping systems updated, and segmenting networks so an attack doesn’t bring the whole system down.
“Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat,” the memo said.
When Vice President Kamala Harris addressed the graduates of the United States Naval Academy on Friday, she became the first female commencement speaker in its 175-year-history.
At the Navy-Marine Corps Memorial Stadium in Annapolis, Maryland, Harris told the graduates that they would be taking “an oath to support our Constitution and defend it against all enemies.”
“No matter what changes in our world, the charge in this oath is constant,” she emphasized.
Harris spoke of the immense challenges that graduates would face, including the fallout from the COVID-19 pandemic, climate change, and cybersecurity threats.
She called climate change “a very real threat to our national security” and lauded the graduates for being part of the future for tackling the issue.
“I look at you and I know you are among the experts who will navigate and mitigate this threat,” she said. “You are ocean engineers who will help navigate ships through thinning ice. You are mechanical engineers who will help reinforce sinking bases. You are electrical engineers who will soon help convert solar and wind energy into power, convert solar and wind energy into combat power.”
She told the graduates that they would be critical in securing the country’s infrastructure.
“Foreign adversaries have their sights set on our military technology, our intellectual property, our elections, our critical infrastructure,” she said. “The way I see it, midshipmen, you are those experts on the issue of cybersecurity.”
She added: “We must defend our nation against these threats. And at the same time, we must make advances in things that you’ve been learning, things like quantum computing and artificial intelligence and robotics, and things that will put our nation at a strategic advantage. You will be the ones to do it because the United States military is the best, the bravest, and the most brilliant.”
Harris also praised the military officers who have helped vaccinate Americans across the country.
The vice president’s speech comes as the Pentagon accelerates the timeline for withdrawing troops from Afghanistan, which will likely occur in mid-July, up from an earlier projected date of September 11, 2021, the 20th anniversary of the terrorist attacks of September 11, 2001.
She told the graduates that the September 11, 2001, attack “shaped your entire life, and it shaped our entire nation,” and said that the COVID-19 pandemic has changed the fabric of American society.
“If we weren’t clear before, we know now: The world is interconnected,” she said. “Our world is interdependent. And our world is fragile.”
Harris also gave a nod to female graduates only 46 years since Congress mandated that women could be admitted to service academies.
“Just ask any Marine today, would she rather carry 20 pounds of batteries or solar panels, and I am positive, she will tell you a solar panel – and so would he,” she laughingly said.
She then paid respects to the late Sen. John McCain of Arizona, a graduate of the academy, whom she called “a great and courageous American.”
McCain, who passed away in August 2018, is buried at the US Naval Academy Cemetery in Annapolis.
“Most people don’t know he wanted to be buried next to his best friend who he met on the yard, Admiral Chuck Larson,” she said. “That is the ultimate example of what I mean, in it together.”
“No class gets to choose the world into which it graduates, and demands and the challenges you’re going to face in your career are going to look very different than those who walked these halls before you,” he told the graduates. “You chose, as a class motto – ‘We are the future.’ I don’t think you have any idea how profound that assertion is.”
Colonial Pipeline on Saturday announced that it had returned to “normal operations” days after it restarted its pipeline following a cyberattack that resulted in disruptions across the East Coast.
The company made the announcement on Twitter Saturday at 7:30 a.m. It had restarted the pipeline at 5 p.m. on Wednesday.
“Since this incident began, we have been clear that our focus was on the safe and efficient restoration of service to our pipeline system,” Colonial Pipeline said in a tweet. “That is what we have achieved through the commitment and dedication of the many Colonial team members.”
It continued: “Our team members across the pipeline worked safely and tirelessly around the clock to get our lines up and running, and we are grateful for their dedicated service and professionalism during these extraordinary times.”
The Colonial Pipeline is the largest pipeline of refined oil products in the US. It transports more than 45% of all fuel used on the East Coast to more than 50 million people from New York to Texas.
The Wall Street Journal reported Friday that DarkSide, the hacker group that took responsibility for the ransomware attack, said it planned to disband following pressure from the US and investigations by law enforcement agencies.
There’s more interest in secure and private online communication than ever. One tool used by many modern communication services is end-to-end encryption.
End-to-end encryption, explained
What makes end-to-end encryption unique is that whatever you’re sending is encrypted on your device and travels in encrypted form all the way to its destination. It’s only decrypted there so it can be read by the recipient.
The best way to understand end-to-end encryption is in contrast to a more traditional system called encryption-in-transit. Typically, if a service uses encryption, it will be encrypted on your device and sent to the server. There, it is decrypted for processing, then re-encrypted and sent on to its final destination. The data is encrypted anytime it’s in transit, but decrypted when it’s “at rest.” This protects the information through the most critical part of the trip – in transit – when it’s often most vulnerable to hackers, interception, and theft.
In contrast, end-to-end encryption is the act of applying encryption to the data on your device and not decrypting it until it reaches the destination. Even the service that is sending the data can’t see the content of your message when it passes through the server.
This is important because end-to-end encryption can give you the confidence that your communication is safe from prying eyes. In addition to simple two-way text chats, you might want to ensure that financial transactions and business communication use end-to-end encryption.
Advantages of end-to-end encryption
End-to-end encryption has some obvious advantages over “cleartext” (when messages or data are sent without any encryption at all) and encryption-in-transit. It’s protected every step of the way, for one example.
When an app uses encryption-in-transit, that means the service you’re using owns the key to encrypt and decrypt the message at the server. That provides a point of vulnerability and a vector for hackers or malicious actors to intercept your information before it travels to its destination.
Disadvantages of end-to-end encryption
But end-to-end encryption isn’t the perfect solution to every kind of communication need. If an app’s communication is fully encrypted, that can prevent the app from offering additional features like contextual services based on the content of the message, or the ability to automatically generate calendar invites, message history, and other additional features. Simply put, the data is a black box to everyone except the sender and receiver, which might not always be desirable.
The security that end-to-end privacy offers might be limited if a third party gets physical access to the device at either end of the transmission – not only can they read existing messages, but also send new ones. That’s why it’s critical to use passwords, passcodes or biometrics to protect access to your device.
While end-to-end encryption can prevent anyone (including, in general, the government and law enforcement) from reading the content of your messages, it doesn’t hide or encrypt the metadata. That means it’s possible to determine who you sent messages to, and when, even if the content is encrypted.
Apps that use end-to-end encryption
If you’re looking to get started with end-to-end encryption, here are some apps and services that offer it:
You can get end-to-end encryption with email, as well. Here are a few apps that feature end-to-end encryption, though be forewarned that configuring the encryption is not straightforward, relies on a fairly deep understanding of how public and private keys work, and often requires both users using the same mail app to get the benefits of end-to-end encryption. Bottom line: Using encrypted email requires a substantial investment, much more so than messaging apps.
UK train operator West Midlands Trains is facing backlash for sending its employees a “crass and reprehensible” cybersecurity test disguised as a bonus announcement for working through COVID-19.
On April 12, about 2,500 West Midlands Trains employees received an email from the company thanking them for their work through the “huge strain placed upon a large number of our workforce as a result of COVID-19,” according to the email posted by Transport Salaried Staffs’ Association, a travel and transportation union that represents some of WMT’s staff.
“This has not been easy for any of us and we would like to offer you a one-off payment to say thank you for all of your hard work over the past 12 months or so,” the email said.
Recipients were instructed to click on a link that had a note from Julian Edwards, the WMT’s managing director, and information about the bonus. But after clicking through, employees received a follow-up email from the company notifying them that they had fallen for a phishing test that “used both the promise of thanks and financial reward,” according to a copy of the follow-up note posted by the TSSA.
“This important test was deliberately designed with the sort of language used by real cybercriminals but without the damaging consequences,” a West Midlands Trains spokesperson told Insider in an email. WMT has “regular” trainings and exercises on cybersecurity, the spokesperson continued, noting that “fraud costs the transport industry billions of pounds every year.”
However, TSSA has since slammed the train operating company and its “crass and reprehensible” phishing test for being a “cynical and shocking stunt.”
“It’s almost beyond belief that they chose to falsely offer a bonus to workers who have done so much in the fight against this virus,” Manuel Cortes, TSSA’s general secretary, said in a press release. “Our members have made real sacrifices these past twelve months and more. Some WMT staff have caught the disease at work, one has tragically died, and others have placed family members at great risk.”
West Midlands Trains isn’t the only company that has received backlash for sending its employees a phishing email disguised as a bonus. In December 2020, GoDaddy also sent its employees a similar phishing test pretending to offer a $650 holiday bonus. Employees who fell for the scam then had to retake the company’s “Security Awareness Social Engineering training.”
“My kids didn’t have any snow days this year because they had school from home,” Miller told Insider. “They had ransomware days.”
There are two major types of cyberattacks, according to Miller: attacks like the one on US information technology firm SolarWinds, which US intelligence agencies say Russia was behind, that seek some kind of geopolitical advantage. Then there is smaller-scale ransomware, where – normally private actors that may or may not work with tacit government permission – go after companies and other institutions and then extort them to ease up on the attack.
The DarkSide attack against the Colonial Pipeline was a ransomware attack. The hacking group shut down a major pipeline that runs from Texas to New York, demanding money in order to restore its service in what Miller said was an example of how cyberattacks are increasingly affecting the “real world.”
Ransomware gangs also go after hospitals, as in the 2017 Wannacry hack that shut down parts of Britain’s National Health Service.
The hackers typically want to cause as much pain as possible so that they can get paid quickly, Miller said, making critical infrastructure an appealing target.
“When they can have a direct impact on their business – like shutting down a pipeline or impact to some facility – it does ring a chord with the victims and how they respond to that,” Miller said.
Miller said cyberattacks are so commonly directed at US companies because they’re wealthy enough to pay off ransomware attackers. Ransomware hacking groups view themselves as businesses, he said, and target companies and institutions in countries where they’re likely to make money: The United States, Britain, and Germany.
“The industry in the US would be more likely to pay an extortion of a couple of hundred thousand dollars or whatever,” Miller said. “Not to say that they should, or do – but they’re perceived that way, compared to firms in South America or Africa where that would literally, in many cases, put these firms out of business.”
I am a former ethical hacker, and because of my more than 20 years of experience in security, my friends and family often come to me with cyber security questions. On their minds lately is the question of whether digital COVID vaccine passports are safe.
The short answer is not yet. While I believe it is possible to build a safe and secure digital vaccine passport, there are serious hurdles that make it difficult to deliver an app that can stand up to the security and privacy rigors that would meet my, or my peers’, standards.
Anyone considering downloading one of the existing applications should proceed with caution – some of the options today present too great a risk to people’s identity. Many of these hastily-created applications can expose sensitive personal and health information, which can be sold and used in malicious ways. Tech companies need to keep working to create a safe digital vaccine passport.
A digital passport even a hacker could trust
Before we can debate the possibilities a vaccine passport can unlock, we need to address safety and it’s clear a new approach to vaccine verification is needed. Currently, the technology community does not have the right solution in front of them – it is more of a buffet of options, some riskier than others.
Ideally, companies should aim to create a single, universally-accepted physical or digital passport recognized by all governments and businesses while preserving our privacy and securing our health information. Think of it as the ultimate passport to life that speeds our return to normal when the next global health crisis emerges.
A universal passport could also include verification data for other documents we carry separately today, like driver’s licenses, passports, social security cards, membership cards, and credit card information. But we cannot place big bets on improving access to the digitally-connected world without also investing in security solutions first.
Technical challenges and public buy-in
Technically speaking, the challenge will be to get a bunch of technologists to agree on a standard approach to vaccine tracking. A universal standard will require alignment on what constitutes evidence of vaccination or how data should be collected and stored from the start – without leaking users’ personal information.
Without a widely-adopted set of standards, people will be downloading myriad, potentially dangerous mobile apps to do things we all desperately miss doing now like going to a movie or a concert.
The problem with a fragmented approach is most people do not know how to spot a good app from a less trustworthy option. We can count on Google and Apple to filter out a lot of the garbage for us, but without checks and balances, it’s virtually impossible to ensure the digital safety of these apps. As non-technical consumers, it would be even harder to avoid being tricked into downloading a copycat version or an app that was not developed securely.
Additionally, even if the technology is sound and secure, some folks may not feel comfortable with vaccine verification apps initially. The reason my friends and family come to me for my opinion on the security of technologies is because they feel unqualified to ascertain if these applications are safe. For widespread adoption to take hold, we need time to educate citizens and get their buy-in.
In the meantime, if someone needs to use a vaccine passport now, they should only use a link from an actual source like a government agency, employer, or mobile carrier. Scanning a random QR code or clicking a link from an unknown source can be dangerous.
Government policy around vaccine passports can help
A potential solution for the cultural friction that could surface would be to enforce a government policy around vaccine passports, but there are challenges here too. Governments across the world differ in their ability to enforce such policies, and currently the US government indicates a preference to leave it to the private sector. Even if that position changes – or a public-private partnership forms in our country, like European EID schemes – it would take time to determine specifics surrounding vaccine passport enforcement and the infrastructure needed to stand it up.
Historically, legislation has not kept up with the rapidly-shifting technology landscape. In the case of approving COVID-19 vaccines, we have seen the government move quickly and partner with the private sector to help bring a life-saving solution to market fast. That same rule-breaking approach in developing new protocols that sidesteps traditional processes could go a long way in helping to deliver a universal vaccination passport. For example, the US could fund and steer a task force aimed at delivering a solution that encompasses thinking across policy, security, and user experience.
And it can be done. The tech community has solved hard problems before, like securing the internet with SSL, and they can do it again. But it does not happen overnight – it takes time, resources, and a mindset shift to find the right solution. If tech and government agencies work together, we can be ready to help society get back to the things we love faster, with more confidence in its safety and security.
Mary Writz is the Vice President of Product at ForgeRock. Mary has 19 years’ experience in the field of cyber security. Prior to ForgeRock, Mary held product and leadership positions at Hewlett Packard and IBM in domains such as threat detection, machine learning, penetration testing, security intelligence, distributed denial of service, and targeted attack protection. Mary holds two patents and a Master of Engineering degree in telecommunications.
The company, which was identified as Global Resource Systems LLC, now oversees nearly 175 million IP addresses – managing more cyberspace than some of the world’s largest internet providers, including Comcast and AT&T.
The mysterious startup’s new role spawned several questions regarding the internet space and the Pentagon’s plans for it. Here are some of the biggest unanswered questions about the unknown company that is now managing nearly 6% of usable internet space.
What exactly is the Pentagon looking for?
The Pentagon made its first statement regarding its decision on Friday. Brett Goldstein, the chief of the Pentagon’s defense digital service, said federal officials are working to “assess, evaluate and prevent unauthorized use of DoD IP address space” and hopes to “identify potential vulnerabilities” in its fight to curb cyberattacks of US networks.
Despite its response, the Pentagon left more questions regarding its intentions than answers.
Mike Hamilton, former chief information security officer of Seattle and CISO of cybersecurity firm CI Security, told Insider one of the biggest questions people should be asking is, “Are they looking for something specific?” He said it seems unlikely that the pentagon would initiate a contract of that size without a probable cause or inciting incident.
“If they’re going to the extent of 175 million IP addresses, chances are they’re not just looking for “vulnerabilities,” Hamilton said. “The kind of computing power a company would need to be able to analyze 175 million IP addresses and the technology they would have to deploy, likely means this decision had to have been planned a long time ago.”
The government could be motivated by any number of reasons. Cybersecurity experts told Insider the Pentagon could be working to lure hackers or build up their defense by analyzing threats online, as well as planning to launch infrastructure for surveillance or even its own targeted cyber attacks against other countries.
Why did the Pentagon choose an unknown startup?
Global Resource Systems LLC was created in September and has no prior government contracts. The company also does not have an online presence or a business license where it is registered in Plantation, Florida, though the company filed paperwork in October, for incorporation in Delaware, as shown by Florida state records.
Cybersecurity experts told Insider the company’s anonymity puts an extra layer of protection over the government and makes it even easier to hide what the Pentagon is doing with the IP addresses.
“I can only speculate that ‘Global Resource Systems LLC’ is a DBA / Delaware Fictitious Name,” Scott Schober, CEO of cybersecurity firm Berkeley Varitronics Systems, told Insider. “They can then operate under an alias company name so they can stay off the radar and avoid scrutiny. Global Resource Systems can function as an extension of the government without direct connection allowing them to monitor activities without the overwhelming presence of the Pentagon nor the scrutiny of public opinion.”
Who is behind the Florida company?
The name on the company’s business papers, Raymon Saulino, matches a name tied to Packet Forensics, a company that has worked with the government before, according to a report from Associated Press. Packet Forensic had nearly $40 million in federal contracts over the past 10 years. It currently sells lawful intercept equipment – a process that allows law enforcement agencies to selectively wiretap individuals via a court order.
The company received national attention in 2011 when a Wired story reported Packet Forensics was selling an application to the federal government that could spy on people’s online browsers.
Global Resource Systems LLC also has the same name as a firm that shut down over 10 years ago and was sending out email spam, internet fraud researcher Ron Guilmette told Associated Press. The company had the same street address and used the same internet routing identifier. The only difference between the two companies is that this one operates as a limited liability corporation.
The company has no real history, but the people behind the company undoubtedly have government connections, Morgan Wright, the chief security officer of SentineOne, told Insider.
Wright told Insider the startup is likely a shell for a bigger company due to the computing power needed to manage nearly 175 million IP addresses.
“It would be like trying to eat an elephant,” Wright said. “Not many companies can do that.”
Why did the handover happen moments before Trump left office?
The shift in management of the IP addresses was revealed via an announcement in the internet-routing messaging system of Border Gateway Protocol (BGP). Messages arrived about three minutes prior to Biden’s inauguration that the previously dormant IP addresses that had been assigned to the Pentagon had begun accepting internet traffic that would be routed through the new company. Overtime, the company increased its management to nearly 175 million unused ranges on the IPv4 internet space.
While the timing seems noteworthy, many cybersecurity experts told Insider that the decision was probably not politically motivated.
Wright said the deal had likely been in the works for some time. It probably made sense for the Pentagon to put it into action before it would have to go through the scrutinization process of a whole new administration.
What’s more, the deal was announced about three minutes before former US president Donald Trump left office and it encompasses almost 6% of usable internet space.
It is largely unknown what the Pentagon is planning to do with the IP addresses, as well as why the government chose the unknown startup, Global Resource Systems LLC. Cybersecurity experts told Insider the Pentagon could be looking to do anything from lure in hackers and build up online government defenses to surveillance of US citizens and reconnaissance on foreign countries.
When contacted for comment, a government spokesperson pointed Insider to a Friday statement from the Pentagon’s chief of defense digital service, Brett Goldstein, who said federal officials are working to “assess, evaluate and prevent unauthorized use of DoD IP address space” and hopes to “identify potential vulnerabilities” in its fight to curb cyberattacks of US networks. The Pentagon confirmed that the government has maintained ownership of the internet addresses while Global Resource Systems LLC is managing them.
The Pentagon could be using the newly advertised internet space as a “honeypot”
Honeypots are spaces on the internet with obvious vulnerabilities that are designed to draw in hackers or other bad actors. Scott Schober, the CEO of cybersecurity firm Berkeley Varitronics Systems, told Insider an effective honeypot would allow the Department of Defense (DoD) to study hackers’ tactics and identify the vulnerabilities that they are targeting.
“This would allow the government to observe the hackers without any trace of surveillance in order to anticipate future moves,” Schober said.
The move would be particularly poignant in light of recent threats to the government’s system, including the SolarWinds hack.
While Schober and founder of cyber analytics company ExtraHop Jesse Rothstein agreed a honeypot is a likely explanation for the move, other cybersecurity experts expressed doubts regarding the theory.
Morgan Wright, the chief security officer of Sentinel One, said it could be difficult to set up the space for a honeypot, as it has been so heavily publicized that the IP addresses belong to the DoD. Similarly, Mike Hamilton, former CISO of Seattle and CISO of cybersecurity firm CI Security, told Insider the government wouldn’t need nearly that much space on the internet to set up a trap.
The government could be setting up a surveillance system to scour internet traffic
Hamilton told Insider that the Pentagon could be piloting software and servers to identify suspicious activity on the internet, whether from outside countries and hackers or internal internet chatter in the US.
About 175 million IP addresses could encompass the internet footprint of the entire US, according to Hamilton, who says the government could be practicing the scaling required to analyze large portions of US internet use. The data gathered could help prevent organized crime in the US – instances like the US Capitol siege, which first came together online.
While privacy laws deter internet surveillance, Hamilton said the involvement of a private company could create plausible deniability for the government. He pointed to similar internet surveillance in China and even the UK – which has been testing online surveillance technology for the past two years, logging and storing the web browsing history of every individual in the country.
“I can see that as an outcome because the alternative would be legislation making it okay for the NSA to surveill internally and nobody’s going to do that,” he said, calling the new company a “relic of the Trump administration.”
To date, the NSA’s “upstream” surveillance program allows the organization to search the international online activity of Americans, but it requires a type of warrant from a special court and does not aggregate and analyze entire data sets.
While Hamilton said the company could use BGP route injections (a process that allows outside sites to hijack a route) to collect data on US citizens, as well as foreign organizations, Rothstein told Insider he doesn’t see any evidence for BGP interception.
However, the government could easily scarf up extra data as the Pentagon’s IP addresses include significant addresses. Even though internet connections in residential areas, enterprise environments, and office spaces should be using private IP addresses under address allocations in RFC1918, many do not, according to Rothstein. He said some of the Pentagon’s IP prefixes could be in use by outside parties.
Many cybersecurity experts were optimistic that the government would be more focused on external traffic from other countries than collecting data from within the US.
The government could be preparing to launch a series of cyber attacks
The decision to activate the formerly dormant IP addresses could be a way for the US to keep up with other countries, including Russia, China, and North Korea, that use high level cyber intelligence.
The Pentagon has recently been making strides to protect its digital presence and compete with other countries in cyberspace. The government created the Defense Digital Service unit in 2015 to solve emergency problems and make technological advancements for the US military. The Pentagon’s IP address decision spawned from the DDS team that is characterized as a “SWAT team of nerds.”
Wright said the IP addresses could be used to provide foreign intelligence and launch surveillance attacks against other counties. For example, some Chinese companies use similar IP address numbering schemes for their internal networks, and there’s a chance some of their data could be directed to the US.
He said that cyberspace is the next frontier for warfare and the US is lagging behind.
“Unless we get better at defending cyberspace, we will continue to lose our national intelligence information,” Wright said. “We have a massive intelligence failure right now,” he said pointing to the recent SolarWinds hack.
Whether via launching surveillance attacks on other countries or improving its defense, the US needs to prioritize its cyberspace, Wright said.
The pilot program could help prevent attacks on the Pentagon’s IP addresses
Cybersecurity experts agreed the company would be able to identify large scale attacks and, as a result, develop strategies to better protect its system.
“When it comes down to it, it’s all about cybersecurity research,” Rothstein told Insider.
The company could identify worms on the internet, as well as distributed denial of service attacks (intentional disruptions to internet service, often referred to as DDoS attacks).
With the sheer amount of internet space that the company will be able to analyze, it would be able to come up with sophisticated defense mechanisms and generate a greater understanding of the kinds of vulnerabilities hackers and outside countries seek to exploit.
Zscaler and Varonis Systems are among Wedbush Securities’ top 7 cybersecurity stocks heading into what the investment firm believes will be a “strong” earnings season for the sector.
In a note to clients on Sunday, analyst Dan Ives and his team said they’re expecting a robust March earnings season for the cybersecurity space due to a growing threat landscape for tech companies and a continued shift to the cloud.
“Cybersecurity sector/stocks have been treading water so far this year, we view a ‘beat and raise’ 1Q as a positive catalyst to move the sector higher for the rest of 2021,” Ives wrote.
The analysts said recent checks on the cybersecurity industry have revealed strong deal flow making them bullish on the sector.
“In particular we are seeing strong deal flow around identity threat detection, privileged access management (PAM), endpoint/ vulnerability security, and a discernible shift to zero trust architecture all gaining steam in the field,” Ives wrote.
Ives and his team also said they believe 44% of workloads will move to the cloud by the end of 2021 and that figure will hit 55% by 2022.
This digital transformation to the cloud is set to buoy cybersecurity names moving forward, according to Wedbush. The firm forecasts cybersecurity spending to increase over 20% in 2021.
Data from Gartner backs up the Wedbush’s stance. Gartner is forecasting the worldwide information security market to reach over $170 billion in net value by 2022 amid a continued push towards cloud hosting.
The shift to cloud for both enterprises and governments is also being accelerated by big tech companies like Microsoft, Amazon, and Google, due to their recent push to enhance cloud offerings.
Ives and his team said they believe the cybersecurity sector could see an additional 300 bps+ lift from President Biden’s federal spending surge in light of recent nation-state attacks from Russia and China as well.
The analysts added that they expect a surge of M&A to take place within cybersecurity from both strategic and financial players in the coming months.
To that point, ThomaBravo announced it acquired the cybersecurity firm Proofpoint for $12.3 billion in cash on Monday.