Cybersecurity: (The Colonial) Pipeline of Opportunity

 
Q2 2021 Edition

25th June

Key takeaways

  • Hot on the heels of the SolarWinds crisis, another high profile cyberattack occurred last month on Colonial Pipeline.
  • The advanced cyberattack was attributed to DarkSide, a ransomware gang which forced Colonial Pipeline to shut down its entire 5,500-mile pipeline system, that supplies almost half the fuel used along America’s East Coast.
  • Companies at the forefront of modernising the cybersecurity industry through digital transformation, could be poised to be the primary beneficiaries.
Cybersecurity - the fight with hackers is far from over!

In our last “Thematic Thinking” commentary, we discussed the SolarWinds hack and its potential to act as a positive catalyst for the cybersecurity industry, fuelling an increase in cybersecurity spending in both the private and public sector. Hot on the heels of the SolarWinds crisis, another high profile cyberattack occurred last month on Colonial Pipeline. The hack exposed critical vulnerabilities to increasingly sophisticated cyberattacks and, in this instance, affecting more than just finances. This, combined with continuing cloud adoption for critical business computing systems, appears to be driving cybersecurity investment.



Source: Colonial Pipeline Company

The advanced cyberattack was attributed to DarkSide, a ransomware gang which forced Colonial Pipeline to shut down its entire 5,500-mile pipeline system, that supplies almost half the fuel used along America’s East Coast (see our map above for scale). DarkSide grabbed almost 100 gigabytes of data from Colonial’s corporate networks and threatened to leak it onto the internet unless the firm paid a 75 bitcoin ransom (when paid on the 11th May had an estimated value of $4.3m, but its value just a week later was worth a meagre $2.9m, depending on when the cyber gang emptied their wallets).

DarkSide used a “double extortion” attack. A tactic which has been growing in popularity since 2019, alongside other ransomware trends, such as third-party supply chain attacks and DDoS (denial of service). Double extortion provides cyber attackers with added leverage, generally leading to a higher success rate and typically larger ransoms. A double extortion attack usually follows this approach:

Source: Zsacler Report, 2021

When entering a system, criminals steal sensitive data before launching ransomware that encodes the files making it impossible for organisations such as hospitals, universities, and cities to do their daily work. If this tactic isn’t intimidating enough, they threaten to reveal confidential information, sometimes posting a snippet as leverage. Last month, the Washington DC police department refused to pay the $4m ransom demanded by a gang called Babuk. Babuk retaliated by publishing confidential intelligence briefings, the names of criminal suspects, witnesses, and personnel files online. Just as we are writing this, JBS Foods the world’s largest meat producer, has gone offline, suffering a ransomware attack that could have far-reaching ramifications on food supply chains.

‘Look at the latest Colonial Pipeline attack. It happened through VPN. VPN puts people on the network. As long as you have VPNs, whether they are in the cloud or wherever, they are dangerous. So Zero Trust is becoming more and more important. It is probably the best way to reduce risk and protect against ransomware and a bunch of other attacks.’ -  Jay Chaudhry, Zscaler CEO, Merril Lynch Technology Conference, 2021

"MAJOR DISTURBANCES AND UNUSUAL OCCURANCES" ON US GRID
2000 to 2021

Importantly, it seems that ransomware attacks have not stopped or slowed down. The ransomware event at Colonial following on from the Solar Winds crisis, and other events in the last few weeks further highlights the need for major cyber improvements. While a congressional effort to institute mandatory cybersecurity requirements in 2012 didn’t quite have the legs, this time the Government’s response was decisive:

“Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life. The Federal Government must bring to bear the full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises, or hybrid.”

Presidential Executive Order on Improving the Nation’s Cybersecurity, 12th May 2021


The sheer scale of investment needed to implement the cybersecurity capabilities necessary to protect both companies and infrastructure effectively is vast. Those companies at the forefront of modernising the cybersecurity industry through digital transformation, could be poised to be the primary beneficiaries. Zscaler’s stock price jumped 15% after the cloud-based security platform announced revenue, earnings and billings growth significantly higher than expectations. The chart below highlights Zcaler’s scale which demonstrates the company’s competitive standing in an addressable market currently valued at $72 billion1.

‘Our results exceeded our expectations, and we are again increasing our guidance for fiscal 21. Our business is firing on all cylinders: our superior architecture and optimized go-to-market engine is elevating us above the competitive noise.’ - Zscaler Q3 2021 Earnings Call

1 https://ir.zscaler.com/static-files/e977b065-d724-472b-a13d-07214d3dacdf 


Source: First Trust from data on Zscaler company website, 2021

References to specific companies should not be construed as a recommendation to buy or sell shares or other financial instruments issued by those companies, and neither should they be assumed profitable.

Latest thinking

Turning our latest rigorous research into
insights and advice.

×

Sign up to our mailing list

Keep up to date on the latest news and fund developments in the world of thematic investing.