Key Takeaways

We were excited to speak with Aaron Dubin, VP of strategy and business research at Team8, on the Behind the Markets podcast.

Team8 works with WisdomTree on the WisdomTree Team8 Cybersecurity Index, which is tracked by the WisdomTree Cybersecurity Fund (WCBR), before fees and expenses.

By way of background, Team8’s expertise is in organizing the array of companies providing cybersecurity solutions to the market. One of the most important details regards how a megatrend connects back to different company activities that are meant to play out in the future. Team8 does this through eight distinct cybersecurity themes that represent critical areas for growth as we move forward. Those themes are as follows:

• Cloud Security

• Resilience & Recovery

• AI & Smarter Security

• Security of Things

• Perimeterless World

• Data Security

• Shift Left

• Layer 8

Further details on these themes are available in this Market Insight piece.

The conversation covered a wide range of topics in cybersecurity, a few of which we summarize here.

1995 in Our Current “AI Moment”

We recently spoke with Dan Ives on Behind the Markets, and the foundation of that discussion regarded how this moment looks similar to the development of the internet in 1995. Primarily, people use 1995 to think about where we might be relative to a possible tech bubble, which we know burst in 2000.

Aaron made an interesting comparison to where we are with AI cybersecurity today, in the second quarter of 2024, versus where we were with internet cybersecurity in 1995. In those earlier days, there was a significantly higher risk of putting financial information, credit cards or personal details online. Today, while nothing is perfect, we are a lot more comfortable with those things than we were. AI may be on a similar path, and we are similarly early in that many of the large language models with which we are most familiar were released with little, if any, guardrails as to how they could be used.

Some of the most interesting and memorable talks on cybersecurity involve experts showing how to take known systems, like ChatGPT, and “jailbreak" them by breaking through the guardrails that have been put in place. Aaron cited one particularly scary example: AI can be used today in the context of medical imagery, an important diagnostic tool for certain types of cancer. These systems can be tricked into registering a diagnosis opposite to reality. This example demonstrates how the security of medical systems should always be of the utmost importance.

It Takes a Village to Start a Company

Part of the discussion centered on Team8’s activities as a company-builder. It has an expression—it takes a village to start a company—and when we think of cybersecurity and how Team8 operates in the cybersecurity venture space, it starts with its village of 350 chief information security officers (CISOs) at Fortune 500 companies.

An open dialogue with these professionals uncovers certain unmet needs, and from these unmet needs, sometimes companies can be founded and built. The “8” in Team8 comes from Unit 8200 of the Israeli military, which is the elite cyber unit of the Israeli Defense Forces. Nadav Zafrir is the co-founder and managing partner of Team8, and he was commander of Unit 8200 during his military career. Many Team8 founders, particularly in the cybersecurity area, have experience serving in this unit.

Connecting Current Events to Team8’s Cyber Themes

One of the most interesting parts of our discussion with Aaron regarded the connection between the eight aforementioned cyber themes and the current events and headlines that many of us may have seen in different publications.

Linux¹

Aaron’s description of a “supply chain attack” that was thwarted recently was an important illustration of how today’s hackers may be able to access certain systems that many customers use. Many of us might remember SolarWinds. The issue there was not necessarily any single hack but rather how, from that breach, the hackers were able to access the customers who were using the SolarWinds system.

In the Linux case, it appears that a Microsoft researcher thwarted the possible attack before the worst possible scenarios could be realized. It is telling, however, that many developers today are not incentivized to secure the applications they create and that a lot of code is repurposed from various sources. It takes a lot of effort to continually secure and update that code. Think about the effort it takes to ensure that your smartphone is regularly updated.

The shift-left theme refers to the efforts to encourage developers to incorporate security earlier in the development process and continually secure their code. The iPhone was released in 2007, so we’d note that what we think of as the app economy and software-as-a-service have not been around for that long, historically speaking.

Human Error (Layer 8)

The eighth theme that Team8 has on its list—the most recently added—focuses on humans. Even if we might picture popular movies where complex firewalls seem to be getting breached with ease, we discuss how the vast majority of hacks in the real world do not occur from breaking complex encryptions or doing incredibly technical things. They stem from human error.

Aaron noted that the most obvious source of breaches, at least in the second quarter of 2024, from what he is seeing, comes from misconfiguring cloud access points. It’s not that the cloud itself is not secure. It is that the humans who are setting up cloud access are making mistakes.

What Is Zero-Trust?

It says a lot that many of us might have heard of two-factor authentication. Simply put, if you are logging into a system and your cell phone generates additional code, that is an example of this practice at work. Zero trust, however, is less commonly used in popular media.

A zero-trust software architecture can be thought of as constant verification. When people are accessing systems, those systems could be constantly monitoring what they are doing and how they are doing it to determine if those individuals are where they should be and that the system itself is secure. How this works is similar to how credit card companies use anomaly detection to send out notifications about transactions that appear “odd” compared to what the primary account holder usually does. The same principle can apply to accessing a company’s network. There are the things that users normally do, and there are possible big deviations from those things that can be flagged and addressed.

Cybersecurity: A Megatrend for All Seasons

As we write these words in the second quarter of 2024, cybersecurity is no longer an option. Every individual and every company needs an approach. Without one, they are taking a huge risk. Of course, when we look company by company, it is never certain which businesses will rise to the top of the heap and provide the best solutions. This is the benefit of our regular dialogue with Team8, in that it helps us continually understand developments in the cybersecurity space that can evolve quickly.

Enjoy our most recent discussion with Aaron Dubin, available here, or listen below.

¹ Source: Kevin Roose, “Did One Guy Just Stop a Huge Cyberattack?” The New York Times, 4/3/24.