Profiting (Legally) From Cyber Insecurity
No one wants to see the hackers who prey on cyber security flaws profit from their actions. But given the widespread nature of the threat, investors have an opportunity to capitalize on a sector that’s only growing in importance.
The recent security breach of Sony’s PlayStation Network and Qriocity music service has once again put the issue of cyber security front and center. Additionally, the proliferation of mobile devices has created a whole new demand for security.
“Sony’s just one of many. We’ve seen several major intrusions that have happened over the last 12 to 18 months,” says Rob Owens, analyst at Pacific Crest Securities. He cites the 2010 attack on Google’s corporate network that originated in China and the intrusion into the Nasdaq’s computer servers earlier this year.
“I believe at some point this is going to start to drive an accelerated pace of adoption of these technologies,” Owens says.
But analysts point out that while the security sector as a whole stands to benefit in the long run, there are near-term hurdles to overcome, which means investors will need to place their bets wisely.
Adapting to New Threats
Analysts believe the computer security sector as a whole stands to benefit from an ever-increasing cyber security threat environment. But Timothy Quillin, analyst at Stephens Inc., says it’s best to focus on a company that can respond quickly to the dynamic nature of cyber threats. That’s his rationale for being bullish on Sourcefire (FIRE), which develops intrusion prevention systems that are used heavily in government environments.
"Just because security is hot doesn't mean the stocks are going to outperform."
“They are located in Columbia, Md., close to where the National Security Agency is headquartered,” Quillin says. “There’s probably no organization in the world that’s seen the type of threats that NSA has. You tend to learn at the speed of your customers. Because they have a relatively large government business, they’re seeing more serious and more relentless threats from nation states and organized crime. That puts them in a position to help large companies manage their threats as well.”
Gary Spivak of Noble Financial Capital Markets also favors Sourcefire, noting that the company is at the forefront of a security strategy called “whitelisting” that’s gaining traction in large organizations. Unlike the more common blacklist approach, which allows all connections by default unless specifically prevented, whitelisting denies all connections by default except for ones that are explicitly granted access.
“Sourcefire addresses the critical need of firewalls and intrusion prevention,” Spivak says. “It’s a pure play in that area. I think you’ll see more and more firms looking to deploy some element of whitelisting in their environments.”
The explosive growth of mobile communications is also providing more opportunities in the security sector. As more people depend on smartphones and tablets to access information, it’s tougher for corporate network administrators to protect their data.
“It used to be that a company would set up a computer network and have a relatively defined perimeter where you would have relatively few Internet connections and you would just protect those connections coming into your organization,” Quillin says.
“With the mobile enterprise, with things like mobile phones and iPads, there’s no perimeter anymore, so it creates more challenges. I think that’s where the enemy’s trying to find areas where there’s the most vulnerabilities.”
Analysts note that established players like Symantec and McAfee, which was acquired by Intel earlier this year, will likely be the leaders in responding to new mobile threats. Spivak also points out that Vasco Data Security, which develops two-factor authentication systems for mobile banking transactions, is a company to watch in this space.
Given that information security is always a primary concern in the technology world, the sector would seem to be a safe bet for investors. But analysts warn that’s not necessarily the case.