Profit Off the No. 1 Threat to Banks

By TradeSmith Editorial Staff

I want to draw your attention to a story from last week.

Maybe you were too busy celebrating the Dow’s rebound and missed it.

Or you cheered the big earnings report from Levi Strauss (LEVI).

Or maybe you went away for the weekend.

But this was big; it’s a story you cannot ignore.

When Federal Reserve Chairman Jerome Powell spoke in April on 60 Minutes, most people ignored his warning.

Not about rates. Not about the economy. But about cybersecurity.

There’s a reason hackers may cost global banks $100 billion each year.

And on Thursday, Morgan Stanley proved why.

Here’s What Went Wrong                     

In April, Powell said that cyberattacks are the biggest threat to banks.

But implementing sufficient cybersecurity to protect against them has also become their largest cost.

I wrote at the time that JPMorgan (JPM) and Goldman Sachs (GS) are giant banks that can hire the best cybersecurity professionals in the world. JPMorgan reportedly paid $600 million in 2018 for cybersecurity protection, according to a letter that year from CEO Jamie Dimon to shareholders.

Yet these banks are still vulnerable to cyberattacks. What makes them the most susceptible are third-party vendors with access to their systems.

Morgan Stanley is one of the largest investment banks on Wall Street.

And hackers found a backdoor into their system. Hackers breached a Morgan Stanley vendor’s access to the bank’s server and stole personal information on the banking customers.

The vendor is named Guidehouse. It provides account maintenance services to Morgan Stanley’s StockPlan Connect business. The vendor told the bank in May 2021 that the hack occurred.

But  according to media outlet Bleeping Computer, evidence suggests that the hack likely started in January and wasn’t discovered until March.

Morgan Stanley has said in letters to impacted individuals that none of its applications were hacked.

Instead, the incident itself involves specific files in Guidehouse’s possession, including encrypted files, according to the bank’s letters.

But here’s what some of the breached and stolen documents did contain.

The names of people who participated in StockPlan Connect. Their last known address, their date of birth, their social security number, and company names.

Sure.

Morgan Stanley’s letter would make me feel “safe.”

Where Are the Vulnerabilities?

If you pay very close attention to the news, you’ll notice that hackers are rarely successful at attacking a company’s servers directly.

It’s more and more common for hackers to exploit database and customer information through third-party vendors. And these cyberattacks on third-party vendors can be extremely costly.

Back in 2013, Target Corp. experienced a massive breach. Hackers successfully penetrated the private data on 41 million customers through one of Target’s vendors. Target had to pay an $18.5 million settlement to the victims (its customers) after this breach.

Remember, it all happened because someone exploited access to the company’s payment information network through a third-party vendor. 

A 2020 study by Mastercard’s RiskRecon team and Cyentia Institute revealed that third-party vendors are an extraordinary threat to corporations and small businesses.

A survey of third-party risk management professionals said that 31% of their vendors represent a material risk of causing a breach. The most common organizations of those surveyed were in financial services, technology, and health care.

All three are industries that manage sensitive customer information.

And in the age of the cloud, companies are failing to ensure they have the proper protocols in place when sharing such sensitive data.

According to another survey by the Wiz research team, 82% of companies give third-party vendors access to ALL of their cloud data. This includes highly privileged information that could cause a huge security risk.

Even worse, 90% of the respondents said they were not even aware they had provided that level of clearance to their third-party vendors.

Here’s How to Invest in the Trend

If you’re not investing in cybersecurity by now, I don’t know what to tell you.

The United States economy has faced several massive cybersecurity attacks this year, including those on the Colonial Pipeline and meat supplier JBS. And earlier last week, there was a massive cyberattack that hit between 800 and 1,500 small and medium-sized businesses (SMBs) in more than a dozen nations, according to CNBC. Russian hackers have demanded $70 million to unlock the frozen computer systems of these SMBs.

These attacks are not slowing down. They are only getting more costly and more common.

Cybersecurity stocks are poised to benefit as institutions pour more and more capital into their coffers in the years ahead.

We talked about Unisys being an interesting stock back in April. It remains in the Green Zone, but is locked in a momentum side-trend. So, even though you might want to consider this IT supplier for financial services, there may be better choices.

FireEye (FEYE) moved back into the Green Zone in early June and has strong momentum.

Finally, look at cybersecurity stocks Dynatrace (DT), Fortinet (FTNT), and Cloudflare (NET). All three are in the Green Zone and have a solid uptrend.

This sector is only going to be more important in the future.

Cybersecurity is the backbone of the 21st-century economy. It’s time to invest like it is.