As data increases in importance and volume, data protection and privacy are essential to safeguard the integrity of the systems we all use and depend on.

Don’t forget the weakest link: humans

Do you realise that some of the most popular passwords that people use are ‘123456’ or ‘password’[1]?

We may think of ‘hacking’ as occurring in a dark room, but hackers tend to have a much higher chance of successfully breaching a network by posing as a legitimate visitor and walking in the front door.

Colonial Pipeline: Ransomware Crosses the Rubicon

We may look back on 2021 and view the Colonial Pipeline attack as the moment that galvanised a coherent US policy and enforcement response to ransomware.

To recap: The Colonial Pipeline is roughly 5,500 miles and is the largest refined products pipeline in the US, supporting about 45% of East Coast fuel consumption. It goes from the Houston, Texas area on the gulf coast up to the NY metro area. The actual ransomware attack hit Colonial’s information technology systems, but as a precautionary measure the firm shut down their operational technology systems because they were uncertain in the early hours how deeply the attack could spread[2].

On 25 August 2021, President Biden hosted executives from major technology, financial and energy companies for a summit on national cybersecurity, as in his view this is the ‘core national security challenge we are facing.’ Some of the participants included:

Tim Cook, CEO of AppleAndy Jassy, CEO of Amazon.comSatya Nadella, CEO of MicrosoftSundar Pichai, CEO of Alphabet

It was also notable that:

Jamie Dimon, CEO of JPMorgan ChaseBrian Moynihan, CEO of Bank of America

Were also in attendance, solidifying that this is not a ‘big tech’ only type of issue. President Biden cited an estimate that indicates that roughly half a million cybersecurity jobs in the US are currently unfilled[3].

Darkside: Victim of the Publicity Paradox

Darkside, widely viewed as producing the specific malware used in the Colonial Pipeline attack, views ransomware as a business. Cybereason estimates that their malware has been used to compromise more than 40 victims, demanding figures between $200,000 and $2 million in each case[4].

To Pay or Not to Pay?this is the Crucial Ransomware Question

Ransomware attackers have an oddly rational stance, in the sense that while many victims might feel ‘unlucky’, it is much more likely that targets are researched in detail.

The CEO of the Colonial Pipeline did opt to pay the ransom, which was roughly 75 Bitcoin, valued at the time as roughly $4.4 million[5]. While companies paying ransoms does encourage further ransomware, it is very difficult to make this decision when you are in the position of power or influence at an affected firm.

Is Bitcoin or Cash more Anonymous for Criminal Purposes?

In the case of the Colonial Pipeline attack, roughly 64 of the 75 Bitcoins were seized by authorities. That means that they were able to trace the specific on-chain activities related to the attack, to find the digital wallet associated with Darkside, and then to obtain the appropriate public and private keys to make the seizure[6].

Cybersecurity works in concert with other Megatrends

77% of firms either did not change their investments in artificial intelligence or even increased these investments during the Covid-19 Pandemic period[7]. As many consumers have shifted to ecommerce, many businesses are seeking to collect and monetise this data, and AI represents the toolkit with which to do this. The ease of access to cloud computing storage and computational resources makes this an even easier proposition.

When firms are considering AI implementation, it is notable that cybersecurity tends to be viewed as 1) the top risk or concern and 2) the key thing garnering the investment in risk mitigation. It would be difficult to imagine a firm investing in or implementing artificial intelligence solutions without considering cybersecurity risks.

To learn more about investing in Cybersecurity, please visit: Cybersecurity Strategy page| WisdomTree Europe

To access a list of relevant thematic products within the AJ Bell Youinvest platform, please visit: AJ Bell Youinvest - Thematics

This material is prepared by WisdomTree and its affiliates and is not intended to be relied upon as a forecast, research or investment advice, and is not a recommendation, offer or solicitation to buy or sell any securities or to adopt any investment strategy. The opinions expressed are as of the date of production and may change as subsequent conditions vary. The information and opinions contained in this material are derived from proprietary and non-proprietary sources. As such, no warranty of accuracy or reliability is given and no responsibility arising in any other way for errors and omissions (including responsibility to any person by reason of negligence) is accepted by WisdomTree, nor any affiliate, nor any of their officers, employees or agents. Reliance upon information in this material is at the sole discretion of the reader. Past performance is not a reliable indicator of future performance.

[1] Source: Shebu, Sherin. “2020’s Most Common Passwords are Laughably Insecure.” UK

[2] Source: Eaton, Collin & Dustin Volz. “US Pipeline Cyberattack Forces Closure.” Wall Street Journal. 8 May 2021.

[3] Source: Volz, Dustin & David Uberti. “Biden Says Cybersecurity Is the ‘Core National Security Challenge’ at CEO Summit. Wall Street Journal. 25 August 2021.

[4] Hay Newman, Lily. “DarkSide Ransomware Hit Colonial Pipeline?and Created an Unholy Mess.” WIRED. 10 May 2021.

[5] Source: Eaton, Collin. “Colonial Pipeline CEO Tells Why He Paid Hackers a $4.4 Million Ransom.” Wall Street Journal. 19 May 2021.

[6] Source: Peroth et al. “Pipeline Investigation Upends Idea that Bitcoin is Untraceable.” New York Times. 9 June 2021.

[7] Source: Daniel Zhang, Saurabh Mishra, Erik Brynjolfsson, John Etchemendy, Deep Ganguli, Barbara Grosz, Terah Lyons, James Manyika, Juan Carlos Niebles, Michael Sellitto, Yoav Shoham, Jack Clark, and Raymond Perrault, “The AI Index 2021 Annual Report,” AI Index Steering Committee, Human-Centered AI Institute, Stanford University, Stanford, CA, March 2021.

Find out how to deal online from £1.50 in a SIPP, ISA or Dealing account. AJ Bell logo

Issue Date: 01 Sep 2021