The consistently growing number of cyber incidents across the globe makes investing in cybersecurity stocks one of the best investment decisions to make in 2017.
In 2016, we saw a relentless increase of cyber attacks and cybercrime. Some of the patterns have remained relatively consistent, specifically the focus on exposing large amounts of breached consumer data, unauthorized access into retail point-of-sale systems and unprecedented distributed denial of service (DDoS) attacks leveraging the Internet of Things (IoT). But one incident trumped all the rest, a recent intelligence report that Russian President Vladimir Putin ordered the hacks of the Democratic National Committee (DNC) to help Donald Trump win the 2016 United States presidential election.
As an ethical hacker, my job includes knowing the latest cyber trends and attack methodologies being used by malicious hackers. To make the best cybersecurity investments, you must follow the latest trends and methods.
Latest Trends and Attack Methodologies
Technology has become the heart of business in our world. More specifically, the internetworking of physical devices, embedded with electronics, software, sensors and always-on connectivity is driving our daily lives. Today, more than 4.9 billion things are connecting us to the Internet. A recent Gartner report predicts that number will reach 21 billion by 2020. This interconnected web of life is creating new security challenges for every industry. It has become abundantly clear that no one is safe. Given the ever-expanding threat surface, malicious hackers — both state and non-state sponsored — have more opportunities to attack. In fact, research firm Forrester (FORR) predicts that, over the next year, the new U.S. president will face a major cyber crisis within the first 100 days, a Fortune 1000 company will fail because of a cyber breach and more than half a million IoT devices will be compromised.
In 2017, we will see an increase of state-sponsored cyber attacks escalating into a next-generation state-to-state cyberwar. Internet-enabled appliances will continue to make their way into the home, making it easier for malicious hackers to take aim at individuals and their families. In some cases, hackers will take control of these home appliances and use them in state-sponsored attacks against companies and the government; thereby making American families part of the attack.
These attacks will come in the form of targeted espionage, denial of service and data breaches. Ransomware will continue to be a high priority concern for businesses and malicious hackers will resort to using embarrassment tactics to pressure companies into paying the ransom. As car manufacturers continue to build connected automobile systems, we will see more sophisticated cyber attacks against cars with a specific focus on vehicle entertainment systems, engine control units, remote key systems and other components.
Cybersecurity is Resilient
Despite fragility in the stock market, cybersecurity investments continue to soar. The necessity of innovative defenses against cyber attacks has made cybersecurity companies highly valuable to our way of life. Analysts expect worldwide spending on cybersecurity to eclipse $1 trillion cumulatively for the five-year period from 2017 to 2021. Companies and governments are unable to keep pace with the dramatic rise of cybercrime, ransomware of epidemic proportions, the large number of rogue hacker mercenaries and increasing sophistication of cyber attacks. The best way for investors to prepare for the world-changing series of crises to come in 2017 is to invest in a concentrated mix of innovative cybersecurity companies.
The Safe Bets
For investors seeking the safe bests in cybersecurity, look to the large companies that have broad offerings. Symantec (SYMC), a $16.3 billion market cap company known for its firewall and anti-virus technologies, has made substantial moves to solidify market position. More specifically, the company enhanced its offering by acquiring both Blue Coat Systems, an innovative provider of cloud-based malware technologies, and LifeLock (LOCK), the highly recognized identity theft protection company (acquisition expected to close in Q1). It is likely that Symantec will use the technology acquired from Blue Coat to entice enterprise buyers with an innovative malware analysis platform. This will help mitigate risks against massive data breaches. Acquiring LifeLock will enable Symantec to take a more active role in helping consumers deal with identity theft which is bound to increase as they integrate more Internet-enabled devices into their lives.
Palo Alto Networks (PANW), with a $12.7 billion market cap, is another company to watch this year. Palo Alto has developed an innovative platform to stop cyber attacks before they have a chance to happen. Malicious hackers are constantly seeking to exploit unknown vulnerabilities; what we in the hacking community refer to as zero-day exploits (or 0-days, pronounced oh-days). The Palo Alto platform can adjust to rapidly changing attack methodologies, making it incredibly valuable for combating against zero-days. The company saw its stock price drop 29% in 2016, which many have attributed to investor concerns regarding loose spending. This is a buying opportunity as the company is a solid play for the long term (see “Cyber opportunity,” below).
More Adventurous Stocks
Investing in cybersecurity companies with broad offerings makes it hard for investors to benefit from specific trends, such as ransomware or phishing. Remember phishing is what enabled the DNC hack. Considering the cybersecurity trends for 2017, a portfolio with a mix of larger cybersecurity companies and a few smaller, innovatively nimble companies is recommended.
A few companies well-placed to make solid moves in 2017 are Cyren (CYRN) a $95.4 million market cap firm and Imperva (IMPV) with a $1.3 billion market cap (see “Tab the cyber tote,” below). Cyren has a cloud-based platform, based on patented pattern detection technology, that proactively identifies phishing attacks before users like Podesta have had an opportunity to click on the malicious link. Studies indicate that more than 90% of successful cyber attacks happen through phishing, making Cyren a great company to watch.
Imperva offers a portfolio of services, including web application security and protection from DDoS attacks, like the one that took out Dyn last year. However, their data protection capabilities are particularly attractive to me. Their technology monitors the behavioral patterns of typical enterprise users and detects deviations from normal behaviors, like when a malicious hacker is attempting to access financial data. With expected increases in data breaches and ransomware, this company’s technologies are becoming a necessity. Keep an eye on them.
Timothy Summers, Ph.D, is CEO of Summers & Company, a cyber strategy consulting firm. Founder of WikiBreach. Professor in iSchool at University of Maryland College Park. @HowHackersThink