While there are a number of companies that are included in my Security - Personal, Corporate and Homeland investing theme, including arms manufacturers like Smith & Wesson Holdings (NASDAQ:SWHC) and Sturm, Ruger & Co. (NYSE:RGR), secure transportation and logistics company Brinks Company (NYSE:BCO), and electronic security and systems monitoring businesses like those found at Tyco International (NYSE:TYC), the last few weeks have had a number of stories on a growth industry of sorts - cyberattacks.
- Citigroup (NYSE:C) has publicly acknowledged being the victim of a devastating cyberattack earlier this year. According to Bloomberg News, about 3,400 customers lost $2.7 million when their credit-card information was breached by online hackers
- Recently, some of U.S. defense giant Lockheed Martin’s (NYSE:LMT) systems were hacked, and the Pentagon said that cyber attacks perpetrated by foreign governments could now be considered acts of war.
- Other recent prominent attacks have targeted entities such as the International Monetary Fund, the Central Intelligence Agency and the U.S. Senate, as well as multinationals Google (NASDAQ:GOOG), Sony (NYSE:SNE) and PBS.
Unfortunately, as the available data indicates, these most recent attacks are part of a growing trend. A survey released from the Poneman Institute and Juniper Networks (NYSE:JNPR) earlier this month revealed that 90 percent of organizations have sustained at least one data breach in the past year. To paint a more accurate picture, that survey of 583 U.S. IT and IT security practitioners found that:
- 59 percent of respondents said their networks have been compromised at least two times in the past year.
- Seventy-eight percent of those surveyed said there has been an increase in the frequency of attacks in the past year
- Only 10 percent said they have had no breaches.
Targeted by hackers looking to steal source codes, R&D information, trade secrets and other data, such as credit card, password and email information, firms increasingly need to make security a strategic priority.
We all know that businesses now have employees using smartphones and tablets to access corporate data, however the majority of those same companies have yet to implement security policies for those devices. The most serious current risk is that users will download applications that include malicious code, giving hackers access to user information or even control over the device. As mobile devices continue to become more critical to business in the coming years, a sharp increase in destructive software developed specifically for these devices is likely.
According to computer security firm McAfee, which was acquired by Intel (NASDAQ:INTC) last year, one such threat was a malicious Google Android application that once downloaded would use a security vulnerability to take control and quietly begin sending premium rate text messages. Per McAfee, the number was set up by the malware developers, netting them instant profits. Those same and similar vulnerabilities could allow hackers to to spy on smartphone users, recording calls and text messages, for example to steal banking information.
The same holds true for consumers as well given our increasing dependence on the Internet and cloud computing be it at the desktop, on a smartphone or some other device.
Essentially, it is no longer sufficient to simply protect against these attacks; in fact, the good guys have to ensure they are constantly ahead of the bad guys and by a few steps no less. To me that is the key difference between having a solid defense and being secure. After all, one of the definitions of security offered by Merriam-Webster is “measures taken to guard against espionage or sabotage, crime, attack, or escape.”
Some are no doubt scratching their heads saying to themselves “...but is it really that bad?” Not to make you paranoid but yes it is.
According to Symantec’s (NASDAQ:SYMC) self titled Internet Security Threat (IST) Report volume 16 published this past April, the company recorded over 3 billion malware attacks, including those on social networks such as FaceBook and smart phones, and more than 286 million new threats in 2010. With more than 240,000 sensors in more than 200 countries and territories that monitor attack activity through a combination of Symantec products and services and additional third-party data sources, the IST report has become a key source of data when it comes to internet security. Unfortunately, the number of attacks has done nothing but grow in recent years.
Symantec’s findings showed the attacks ran the gamut from publicly traded, multinational corporations and governmental organizations to smaller companies and individuals. Very simply, hackers do not care what the size of your business is, but rather whether or not they can get past your defenses and relieve you of your valuables. Consumers in particular have a false sense of security on social networks, making them susceptible to social engineering tricks.
Security is not something new, however, as I mentioned above it does need to be a priority. This is especially true given the shift away from desktop computers toward mobile and the cloud, which requires new security systems to match.
That to me means a shift in IT spending to a greater emphasis on security; according to the Poneman Institute and Juniper Networks survey, a majority of respondents said 10 percent or less or their IT budget is dedicated to security.
Keep in mind that global IT spending this year is slated to be up 7.1 percent vs. last year reaching $1.69 trillion according to Forrester Research. Even if security spending were to account for all of the year on year spending increase, which it’s not, there would still be a significant shortfall in security compared to the rising number and complexity of cyberattacks.
As such, demand for cyber security products and services offered by the likes of Sourcefire (NASDAQ:FIRE), Symantec, Websense (NASDAQ:WBSN), EMC Corp. (NYSE:EMC), Fortinet (NASDAQ:FTNT) and others are poised to pick up significantly in coming quarters. As always, I tend to look at these companies on a reward to risk basis and the recent outbreak of cyberattacks has led to some nice moves in a number of these stocks, but also resulted in rich valuations. For example, FTNT currently trades at 55 times consensus 2011 earnings of $0.37 per share while FIRE is trading at 58 times on a similar basis with 2011 earnings expected to be $0.47 per share.
In the coming weeks, I’ll be revisiting a number of these companies as I think the threat and the resulting pain point are very real. As I noted in Education: Tooling & Re-tooling, picking a stock in the theme is easy but picking the best name at the best price with the best reward to risk tradeoff is something else entirely. As my father-in-law always says, better to measure twice and cut once.
More on this to come.
Disclosure: I have no positions in any stocks mentioned, and no plans to initiate any positions within the next 72 hours.