Nasdaq Cybersecurity Indexes

Cybersecurity focuses on protecting computers, networks, programs, and data from unauthorized and/or unintended access. Cybersecurity has become increasingly important recently as governments, corporations, and people collect, process, and store vast amounts of confidential information and transmit that data across networks. Data breaches have become almost commonplace in recent years. Over the last few years, high-profile cases of cyber hacks have increased the demand for sophisticated software and security products.

Companies across the globe are growing more aware of the potential threat which is leading to a greater allocation of resources towards companies that help mitigate such risks. The growth in cybersecurity is primarily driven by the measures needed to counteract the increasing number of cybercrimes that people, businesses, and governments face on a daily basis.

Cyber attackers can range from individuals to government-sponsored groups. Because of the diverse nature of the cybersecurity problem, not only do traditional software and computer technology companies provide cybersecurity services, but there are also more traditional defense companies that have experience with providing defense services against government sponsors groups as well. Below is a list of different cyber threats and their descriptions from the Government Accountability Office (GAO).

GAO Threat List:

• Bot-network Operators - Bot-network operators are hackers; however, instead of breaking into systems for the challenge or bragging rights, they take over multiple systems in order to coordinate attacks and to distribute phishing schemes, spam, and malware attacks. The services of these networks are sometimes made available in underground markets (e.g., purchasing a denial-of-service attack, servers to relay spam, or phishing attacks, etc.).
• Criminal Groups - Criminal groups seek to attack systems for monetary gain. Specifically, organized crime groups are using spam, phishing, and spyware/malware to commit identity theft and online fraud. International corporate spies and organized crime organizations also pose a threat to the United States through their ability to conduct industrial espionage and large-scale monetary theft and to hire or develop hacker talent.
• Foreign Intelligence Services - Foreign intelligence services use cyber tools as part of their information-gathering and espionage activities. In addition, several nations are aggressively working to develop information warfare doctrine, programs, and capabilities. Such capabilities enable a single entity to have a significant and serious impact by disrupting the supply, communications, and economic infrastructures that support military power - impacts that could affect the daily lives of U.S. citizens across the country.
• Hackers - Hackers break into networks for the thrill of the challenge or for bragging rights in the hacker community. While remote cracking once required a fair amount of skill or computer knowledge, hackers can now download attack scripts and protocols from the Internet and launch them against victim sites. Thus, while attack tools have become more sophisticated, they have also become easier to use. According to the Central Intelligence Agency, the large majority of hackers do not have the requisite expertise to threaten difficult targets such as critical U.S. networks. Nevertheless, the worldwide population of hackers poses a relatively high threat of an isolated or brief disruption causing serious damage.
• Insiders - The disgruntled organization insider is a principal source of computer crime. Insiders may not need a great deal of knowledge about computer intrusions because their knowledge of a target system often allows them to gain unrestricted access to cause damage to the system or to steal system data. The insider threat also includes outsourcing vendors as well as employees who accidentally introduce malware into systems.
• Phishers - Individuals, or small groups, who execute phishing schemes in an attempt to steal identities or information for monetary gain. Phishers may also use spam and spyware/malware to accomplish their objectives.
• Spammers - Individuals or organizations who distribute unsolicited e-mail with hidden or false information in order to sell products, conduct phishing schemes, distribute spyware/malware, or attack organizations (i.e., denial of service).
• Spyware/Malware Authors - Individuals or organizations with malicious intent carry out attacks against users by producing and distributing spyware and malware. Several destructive computer viruses and worms have harmed files and hard drives, including the Melissa Macro Virus, the Explore.Zip worm, the CIH (Chernobyl) Virus, Nimda, Code Red, Slammer, and Blaster.
• Terrorists - Terrorists seek to destroy, incapacitate, or exploit critical infrastructures in order to threaten national security, cause mass casualties, weaken a target economy, and damage public morale and confidence.

1. https://www.forbes.com/sites/stevemorgan/2015/11/24/ibms-ceo-on-hackers-cyber-crime-is-the-greatest-threat-to-every-company-in-the-world/
2. https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
3. https://us.norton.com/internetsecurity-emerging-threats-cyberattacks-on-the-rise-what-to-do.html
4. https://us-cert.cisa.gov/ics/content/cyber-threat-source-descriptions

Cybersecurity is a dynamic theme and sits at the cross-section of multiple industries, especially technology and industrials, as well as multiple sectors within technology, such as software and computer services. The diverse nature of this theme is a direct result of the diversity of challenges that businesses, governments, individuals, and organizations face, and the solutions that are available to address them. As well, some cybersecurity companies provide single or multiple solutions to the market, while other elements of cybersecurity are provided as offerings from diversified technology companies. Below is a list of various elements of cybersecurity sourced from the Digital Guardian.5

Digital Guardian's Elements of Cybersecurity:

• Network Security - The process of protecting the network from unwanted users, attacks and intrusions.
• Application Security - Apps require constant updates and testing to ensure these programs are secure from attacks.
• Endpoint Security - Remote access is a necessary part of business but can also be a weak point for data. Endpoint security is the process of protecting remote access to a company’s network.
• Data Security - Inside of networks and applications is data. Protecting company and customer information is a separate layer of security.
• Identity Management - Essentially, this is a process of understanding the access every individual has in an organization.
• Database and Infrastructure Security - Everything in a network involves databases and physical equipment. 12 https://digitalguardian.com/blog/what-cyber-security NASDAQ.COM 4 GLOBAL INFORMATION SERVICES
• Cloud Security - Many files are in digital environments or “the cloud”. Protecting data in a 100% online environment presents a large amount of challenges.
• Mobile Security - Cell phones and tablets involve virtually every type of security challenge in and of themselves.
• Disaster Recovery/Business Continuity Planning - In the event of a breach, natural disaster or other event data must be protected and business must go on.
• https://digitalguardian.com/blog/what-cyber-security. (Source: Digital Guardian, “What is Cybersecurity? Definition, Best Practices & More, June 10, 2020, https://digitalguardian.com/blog/what-cyber-security)