WisdomTree
cyber-3.png

A military perspective on cybersecurity (Part 1)

Published 10 May 2023

Christopher Gannatti, CFA
Christopher Gannatti, CFA

Global Head of Research

Team8
Team8

Global venture group

While a simplistic take on cybersecurity may mean ‘protecting systems from hackers’, it’s important to recognise that there is a lot more than that going on. Team8 (a venture firm with an exceptional level of experience in analysing trends in cybersecurity) and WisdomTree have collaborated to create a series of eight investment themes within the cybersecurity space.

In this two-part blog series, we are able to benefit from the perspective of Nadav Zafrir and Admiral Mike Rogers. Nadav Zafrir served as Commander of Unit 8200, Israel’s elite military technology unit, prior to co-founding Team8. Admiral Rogers culminated his distinguished US Navy career with a four-year tour as Commander, US Cyber Command, and Director, National Security Agency. Together, their experience and accomplishments bring the highest level of perspective from two of the most powerful countries in cybersecurity – let’s unwrap their views on the first four of our eight cybersecurity themes.

Theme 1: Cloud security

Nadav Zafrir: As we navigate the accelerating cloud migration, we must recognise that, while it presents new security challenges due to its flexibility, it also offers unique security opportunities. Data moves to new partners and services, and the network is flatter and more discoverable for attackers. However, everything is visible, and we have a deeper insight into our systems and what happens in them than ever before.

With the upcoming power of artificial intelligence (AI), moving to the cloud will become not only a necessity but imperative for leading organisations. In the multi-cloud plus software-as-a-service (SaaS) world we live in, with cloud operators solving part of the equation and cloud-native services becoming better and better, operating securely in the cloud is core to almost all businesses.

Admiral Rogers: As targets (companies) begin pivoting to shifting large chunks of their data to the cloud, you’re going to see a heavy focus from nation-state actors on cloud data concentrations.

Theme 2: Resilience and recovery

Nadav Zafrir: Ransomware is a sophisticated and financially motivated attack that has become more prevalent in recent years, with attackers using increasingly sophisticated methods to infiltrate organisational networks, especially, as in many cases, they are supported today by governments. As a result, organisations must be proactive in their approach to security, recognising that it is not a matter of if but rather when they will face a ransomware attack.

To effectively combat this threat, organisations are shifting their focus from solely trying to prevent attacks to also preparing for the inevitability of a successful attack. This means building a comprehensive security strategy that includes not just technical controls to detect and prevent attacks but also well-defined policies, procedures and training to allow continued operation and rapid recovery. By adopting this approach, organisations can increase their resilience in the face of an attack and ensure a speedy recovery while maintaining critical business operations.

Admiral Rogers: Ransomware is going to continue to be significant in particular sectors more than others, for example, critical infrastructure/healthcare etc. The outcome is a focus on “resilience, resilience, resilience,” which will continue to be of more and more importance in 2023. This will be exacerbated, in particular, if budgets decline and there is a shortfall of people, as businesses will be looking for efficiency wherever they can find it.

While ransomware has traditionally been about access, we’re also going to see an increase in the ‘embarrassment factor’ to get people to pay more in ransom. Though most companies won’t acknowledge it, the number of companies paying the ransom is slowly decreasing. What’s the criminal response? Ransomware threat actors need to figure out what other motivators will drive the company to pay, for example, public embarrassment and reputational risk/damage.

Theme 3: Smarter security

Nadav Zafrir: In today’s fast-paced and complex threat landscape, we have more services and applications than ever before, yet we don’t have many more security professionals to protect them. Meanwhile, attacks have become faster and more sophisticated, making it increasingly difficult for organisations to keep up.

In response, organisations are now demanding smarter security tools that integrate with other technologies, have application programming interfaces (APIs) for customisation, and provide intelligent recommendations. Smarter security also involves using advanced analytics and threat intelligence to identify and respond to potential security threats in a timely and effective manner. By focusing on what is truly important and investing in the right security technologies and practices, organisations can improve their security posture and reduce the risk of cyberattacks.

This trend toward smarter security is only going to accelerate in the coming years. As we navigate the increased complexity, we must leverage new technologies like AI to help us stay ahead of the curve.

Admiral Rogers: One of the dynamics I see for Chief Information Security Officers (CISOs) going forward is that most CISOs have broadly enjoyed 5–7 years of continual growth—including annual increases in budget and manpower. However, today there are tons of businesses dealing with a potential recession and a tough economic environment. People are getting laid off left and right.

Going forward, some CEOs may say continual growth in cyber isn’t sustainable and that they can’t just keep giving CISOs 15% budget increases year after year. We will have to push ourselves to ask, “What does a more efficient, more resource-constrained model look like?” This is where smarter security comes in.

Theme 4: Security of things

Nadav Zafrir: As the number of connected devices continues to skyrocket, these devices are also becoming increasingly integrated into our lives and, in many cases, have the ability to affect the physical space around us.

While the value that connected devices bring is clear, they can also be a source of exposure to new and dangerous attack vectors. As such, building scalable security for these devices is of critical importance, particularly for emerging technologies like drones, connected cars, connected health care devices, smart factories and more—all of which can affect our physical world and put lives at risk.

To achieve this, organisations and vendors must develop security strategies and tools that account for the unique risks and challenges presented by the security of things. This requires collaboration between manufacturers, regulators and security experts to create standards, frameworks and best practices for securing these devices throughout their entire lifecycle.

Admiral Rogers: I expect a greater focus on operational technology (OT) and the internet of things (IoT), specifically on functionality, not just data. Look for actors to approach critical infrastructure in a deeper analytical way, that is, it will no longer be “Let’s go after water company X. Let’s see if I can get into their network.”

Rather, attackers will look at their targets more holistically, evaluating the network, operating structure, remote access, vulnerabilities in basic and embedded systems, supply chain, etc., to identify the most effective path to achieve their goal.

Stay tuned for Part 2 where we will cover the remaining 4 themes: permiterless world, data security, shift-left, and our newest theme Layer 8.

Related blogs

+ Cybersecurity should remain a top focus in 2023

+ Introducing our newest cybersecurity theme: Layer 8 - The Human Factor

Related products

+ WisdomTree Cybersecurity UCITS ETF - USD Acc (WCBR/CYSE)

About the contributors

Christopher Gannatti, CFA
Christopher Gannatti, CFA

Global Head of Research

Christopher Gannatti began at WisdomTree as a Research Analyst in December 2010, working directly with Jeremy Schwartz, CFA®, Director of Research. In January of 2014, he was promoted to Associate Director of Research where he was responsible to lead different groups of analysts and strategists within the broader Research team at WisdomTree. In February of 2018, Christopher was promoted to Head of Research, Europe, where he was based out of WisdomTree’s London office and was responsible for the full WisdomTree research effort within the European market, as well as supporting the UCITs platform globally. In November 2021, Christopher was promoted to Global Head of Research, now responsible for numerous communications on investment strategy globally, particularly in the thematic equity space. Christopher came to WisdomTree from Lord Abbett, where he worked for four and a half years as a Regional Consultant. He received his MBA in Quantitative Finance, Accounting, and Economics from NYU’s Stern School of Business in 2010, and he received his bachelor’s degree from Colgate University in Economics in 2006. Christopher is a holder of the Chartered Financial Analyst Designation.

Team8
Team8

Global venture group

Team8 is a global venture group that creates and invests in companies at the intersection of cyber, data, artificial intelligence and fintech. Leveraging an in-house, multi-disciplinary team of company-builders integrated with a dedicated community of C-level executives and thought leaders, Team8’s model is designed to identify big problems, ideate solutions, and accelerate success and impact through technology innovation. Team8’s leadership team includes serial entrepreneurs, industry pioneers and the former leadership of Israel’s elite tech and intelligence Unit 8200.

Best Workspaces - GPTW UK 2024
Best Workspaces for Development - GPTW UK 2024
Best Workspaces for Women - GPTW UK 2024
Best Workspaces in Financial Services & Insurance - GPTW UK 2024
Important Risk Information

Jurisdictions in the European Economic Area (“EEA”): This website and its content has been provided by WisdomTree Ireland Limited, which is authorised and regulated by the Central Bank of Ireland.


Jurisdictions outside of the EEA: This website and its content has been provided by WisdomTree UK Limited, which is authorised and regulated by the United Kingdom Financial Conduct Authority.

The price of any Shares or the value of an investment in ETPs may go up or down and an investor may not get back the amount invested. Past performance is not a reliable indicator of future performance. This material is not intended to be relied upon as a forecast, research or investment advice, and is not a recommendation, offer or solicitation to buy or sell any financial instrument or product or to adopt any investment strategy.

Please click here for our full disclaimer.

© 2026 WisdomTree, Inc. All Rights Reserved