Cybersecurity

Cybersecurity or the ability to protect one’s information and technology is becoming more and more vital. Artificial Intelligence (AI) and the promises of growth, prosperity, and leisure for the world are growing by the day. But what if the AI, or financial system, or critical infrastructure supporting us in hacked and compromised? 

In prior blog entries, I often start with the negatives against an idea.  I am at a loss to find the downside of preventative investments in safeguarding one’s cybersecurity.  That said, what does the future world of cybersecurity look like and what does it look like from an investment perspective.

My research indicates that technology has been moving more to the cloud, away from on-premise hosting, and more towards software as a service (SaaS) and away from highly customized software solutions. Moreover, fewer people are involved in the building and maintenance of the solutions, with more of the work outsourced to third-party companies and consultants. This will lead, I believe, to both a knowledge and accountability vacuum.  No one will understand the whole system, and no one will be incentivized to understand the whole system and make sure it is running well and secure.  Network vendors will blame software vendors, no one will know how the AI rules were built and why they were put in place, and we will see failures. Failures whereby systems will be down, or unavailable to users. Failures whereby data will be stolen. Failures whereby systems integrity will be compromised and financial calculations use incorrect formulas and math functions.  And no one will be around who understands what the correct results are supposed to be, and how to even go about figuring that out. I see a world where we are caught in a cybersecurity arms race between AI-enabled systems tuned to cheat and lie, and AI-enabled systems setup to detect fraud and anomalies. 

From a framework perspective, I see a future world positioned around function as the NIST Cybersecurity framework outlines: 

Identify: Solutions around asset management and risk management. 

Protect: Solutions around access control and data security.

Detect: Solutions around anomaly detection and monitoring.

Respond: Solutions around incident response and mitigation

Recover:  Solutions around continuity of business and disaster recovery

From an investment thesis, I believe three primary cybersecurity vendors will win the cyber race who have positioned for this future and trending buying patterns:

• Zscaler- ticker ‘ZS’

• Palo Alto - ticker ‘PANW’

• Crowdstrike - ticker ‘CRWD’