The remote and hybrid work models that arose during the pandemic have delivered several benefits – among them, more flexibility and freedom for workers, as well as potentially higher productivity and less demand for physical infrastructure for companies. Yet a more distributed work environment, especially in the so-called knowledge industries, has also come with a more challenging side effect: a more distributed technology environment. And that has upped the ante when it comes to cybersecurity. With more people logging on to company systems with their own equipment and work-from-anywhere data connections, IT departments have less control over employees’ online behaviours and often weaker safeguards to keep malicious actors out. Not surprisingly, cyber-attacks have skyrocketed. According to Splunk’s Inc.’s recent study on the state of security, nearly two-thirds of organizations have seen increased cybersecurity breaches in the pandemic era.
Cyber-attacks are expected to grow as the proliferation of hybrid work continues to expand the attack surface. Many companies are scrambling to respond. CIO expectations point to an acceleration in cybersecurity spend in 2022 of +9.4% year-over-year, up from 7.1% in 2021, partly due to this increasingly distributed IT environment, according to Morgan Stanley’s CIO Survey taken in the fourth quarter of 2021. Moreover, companies that have 60%+ employees working remotely face an average higher cost of a data breach, according to data from IBM’s Security Cost of a Data Breach Report 2021. For organizations with 61-80% and 81-100% of employees working remotely, the average cost of a breach was US$4.39 million and US$5.54 million, respectively, versus the overall average of US$4.24 million
Given the costs and the risks, the evolving security landscape could lead to a sea-change in the world of networking. The last mega-change in networking occurred in the 1990s when the modern network with switching and routing technology was born. This traditional perimeter-based “castle and moat” approach to security focused on securing the network itself, and it worked well when all applications lived in the data centre and users worked on premises. From there, when users wanted to work from home, we came up with virtual private network, or VPN, extending every corporate network to every household. The world then moved toward embracing the public cloud, extending networks to every cloud provider, leading to virtual firewalls in the cloud.
With more and more apps migrating to the cloud and employees working from anywhere, there are expanded opportunities for attack and risk of lateral movement once threat actors are inside. Now the byword is Zero Trust – cloud-based approaches that connect users to the application directly, regardless of location and without traffic routed through data centres. That can minimize the attack surface, reduces lateral movement and eliminates the backhauling of traffic. Simply put, the security check is now done in a sandbox at the park, not at your own front door.
The U.S. government is creating tailwinds for this approach. It recently released a follow-up memo to its 2021 executive order on Zero Trust, setting timelines for government agencies to submit plans to fully achieve Zero Trust architectures over the next two years. That will help drive public-sector demand for next-level security solutions both worldwide, and it will likely have knock-on effects in the private sector as well.
This represents a massive landscape change, as well as a generational opportunity for companies that provide security solutions in the era of remote work. It could also be an opportunity for investors. The NASDAQ CTA Cybersecurity Index has underperformed the broader market in recent months, according to Bloomberg data, but the secular trend may well favour at least the significant U.S. firms, along with the relative handful of Canadian ones, who are poised to capitalize on the government of Canada’s own cybersecurity push. For investors, the takeaway is clear: as remote work becomes ubiquitous and the cybersecurity landscape adapts, companies tied to the Zero Trust security solutions could have an increasingly important place in investor portfolios.
Related: The Ultimate AI Arms Dealers
The views expressed in this blog are those of the authors and do not necessarily represent the opinions of AGF, its subsidiaries or any of its affiliated companies, funds, or investment strategies.
The commentaries contained herein are provided as a general source of information based on information available as of June 3, 2022 and are not intended to be comprehensive investment advice applicable to the circumstances of the individual. Every effort has been made to ensure accuracy in these commentaries at the time of publication, however, accuracy cannot be guaranteed. Market conditions may change and AGF Investments accepts no responsibility for individual investment decisions arising from the use or reliance on the information contained here.
“Bloomberg®” is a service mark of Bloomberg Finance L.P. and its affiliates, including Bloomberg Index Services Limited (“BISL”) (collectively, “Bloomberg”) and has been licensed for use for certain purposes by AGF Management Limited and its subsidiaries. Bloomberg is not affiliated with AGF Management Limited or its subsidiaries, and Bloomberg does not approve, endorse, review or recommend any products of AGF Management Limited or its subsidiaries. Bloomberg does not guarantee the timeliness, accurateness, or completeness, of any data or information relating to any products of AGF Management Limited or its subsidiaries.
AGF Investments is a group of wholly owned subsidiaries of AGF Management Limited, a Canadian reporting issuer. The subsidiaries included in AGF Investments are AGF Investments Inc. (AGFI), AGF Investments America Inc. (AGFA), AGF Investments LLC (AGFUS) and AGF International Advisors Company Limited (AGFIA). AGFA and AGFUS are registered advisors in the U.S. AGFI is registered as a portfolio manager across Canadian securities commissions. AGFIA is regulated by the Central Bank of Ireland and registered with the Australian Securities & Investments Commission. The subsidiaries that form AGF Investments manage a variety of mandates comprised of equity, fixed income and balanced assets.