We were excited to speak to Aaron Dubin, VP of Strategy & Business Research at Team8 on the Behind the Markets podcast.
Team8 works with WisdomTree on the WisdomTree Team8 Cybersecurity UCITS Index, which is tracked by the WisdomTree Cybersecurity UCITS ETF (WCBR), before fees and expenses.
By way of background, Team8’s cybersecurity expertise helps organise the array of companies providing different cybersecurity solutions to the market. With different megatrends, one of the most important details regarding how that megatrend connects back to the company’s future plans. Team8 does this through eight distinct cybersecurity themes that represent the critical areas for growth in the theme as we move forward. Those themes are:
The conversation covered a wide range of topics in cybersecurity, a few of which we summarise in this piece.
1995 in our current ‘AI Moment’
Primarily, people use 1995 to think about where we might be relative to a possible ‘tech bubble’, which we know burst in 2000.
Aaron made an interesting comparison to where we are with cybersecurity of AI today, in the second quarter of 2024, versus where we were with cybersecurity of the internet in 1995. In those early days, there was a significantly higher risk when providing financial information, credit cards, or personal details online. Today, while nothing is perfect, we are a lot more comfortable with those things than we were. Maybe AI will be on a similar path, as we are similarly early in the process at the moment, as many of the large language models with which we are most familiar were initially released with little if any guardrails on how they could be used.
Some of the most interesting and memorable talks on cybersecurity involve experts showing how to take known systems, like ChatGPT, and ‘jailbreak’ them into breaking through the guardrails that have been put in place. Aaron cited one particularly scary example, where we know that AI can be used today in the context of medical imagery, an important diagnostic tool for certain types of cancer. These systems can be tricked into registering a diagnosis opposite to the reality of the situation, showing how thinking of the security of medical systems should always be of the utmost importance.
It takes a village to start a company
Part of the discussion centered on Team8’s activities as a ‘company-builder.’ They have an expression, ' It takes a village to start a company,’ and when we think of cybersecurity and how Team8 operates in the cybersecurity venture space, it starts with their village of 350 Chief Information Security Officers (CISOs) at Fortune 500 companies.
An open dialogue with these professionals uncovers certain unmet needs, and from these unmet needs, sometimes, companies can be founded and built. When we think of the ‘8’ in Team8, it comes back from Unit 8200 of the Israeli military, which is the elite cyber unit of the Israeli Defense Force. Nadav Zafrir, the Co-Founder and Managing Partner of Team8, was the Commander of Unit 8200 during his military career. Many Team8 founders, particularly in the cybersecurity area, have experience serving in this unit.
Connecting current events to Team8’s cyber themes
One of the most interesting parts of our discussion with Aaron regarding the connection between the eight, aforementioned ‘cyber themes’ to current events and headlines that many of us may have seen in different publications.
Linux1
Aaron’s description of a ‘supply chain attack’ that was recently thwarted was an important illustration of how today’s hackers may be able to access certain systems used by many different customers. Many of us might remember Solar Winds – the issue there was not necessarily any single hack but rather how, from that breach, the hackers were able to access the customers using the Solar Winds system.
In the Linux case, it appears that a Microsoft researcher thwarted the possible attack before the worst possible cases could be realised. It is telling, however, that many developers today are not incentivised to secure the applications they create, and a lot of code is repurposed from various sources. It takes a lot of effort to continually secure and update that code – think about the effort it takes to ensure your smartphone is regularly updated.
The theme ‘Shift-Left’ refers to how there are efforts to encourage developers to incorporate security earlier in the development process and to secure their code continually. The iPhone was only released in 2007, so we’d note that what we think of as the ‘app economy’ and ‘software-as-a-service’ has not been around for that long, in historical terms.
Human error (Layer 8)
The eighth theme on Team8's list – the most recently added – focuses on humans. Even if we might picture popular movies where complex firewalls seem to be breached with ease, we discuss how the vast majority of hacks in the real world do not occur from breaking complex encryptions or doing incredibly technical things – they come from human error.
Aaron noted that the most obvious source of breaches, at least in the second quarter of 2024 from what he is seeing, comes from misconfiguring cloud access points. It’s not that the cloud itself is not secure – it is that the humans who are setting up how they access the cloud are making mistakes.
What is ‘zero-trust’
It says a lot that many of us might have, by now, heard of ‘two-factor authentication.’ Simply put, when you are logging into a system and your cell phone generates an additional code, that is an example of this practice at work. Zero-trust, however, is not as commonly used in popular media.
When we think of zero-trust software architecture, one can think of it as constant verification. When people are accessing systems, those systems could be constantly monitoring what they are doing and how they are doing it to determine if those individuals are where they should be and that the system itself remains secure. How this works is similar to how credit card companies use anomaly detection to send out notifications about different transactions that appear ‘odd’, relative to what the primary account holder usually does. The same principle can apply to accessing a company’s network; there are the things that users normally do, and there are possible deviations away from those things that can be flagged and addressed.
Cybersecurity: A megatrend for all seasons
As we write these words in the second quarter of 2024, cybersecurity is no longer an option. Every individual and company needs to have an approach; if they do not, they are taking a huge risk. Of course, when we look company by company, it is never certain which businesses will rise to the top of the heap and provide the best solutions. This is the benefit of our regular dialogue with Team8, in that it helps us to continually understand developments in the cybersecurity space which can evolve quite quickly. Enjoy our most recent discussion with Aaron Dubin, available here.
Sources
1 Source: Roose, Kevin. “Did One Guy Just Stop a Huge Cyberattack?” New York Times. April 3, 2024.
Wichtige Informationen
Dieses Material wurde von WisdomTree und seinen verbundenen Unternehmen erstellt und soll nicht für Prognosen, Research oder Anlageberatungen herangezogen werden. Zudem stellt es weder eine Empfehlung noch ein Angebot oder eine Aufforderung zum Kauf bzw. Verkauf von Wertpapieren oder zur Übernahme einer Anlagestrategie dar. Die geäußerten Meinungen wurden am Herstellungsdatum getätigt und können sich je nach den nachfolgenden Bedingungen ändern. Die in diesem Material enthaltenen Informationen und Meinungen wurden aus proprietären und nicht proprietären Quellen abgeleitet. Daher übernehmen WisdomTree und seine verbundenen Unternehmen sowie deren Mitarbeiter, Führungskräfte oder Vertreter weder die Haftung für ihre Richtigkeit oder Zuverlässigkeit noch die Verantwortung für anderweitig auftretende Fehler und Auslassungen (einschließlich Verantwortlichkeiten gegenüber einer Person aufgrund von Fahrlässigkeit). Die Verwendung der in diesem Material enthaltenen Informationen erfolgt nach eigenem Ermessen des Lesers. Wertsteigerungen in der Vergangenheit lassen keinen Schluss auf zukünftige Ergebnisse zu.
]]>