In June 2017, Russian hackers launched a malware attack on Ukraine called NotPetya. The attack, which locked users out of their own files unless they paid a ransom in bitcoins, was just another tactic in the conflict between the two nations that began three years earlier. But viruses do not respect borders, and this one has spread far beyond Ukraine.
It has infected computers in Europe and the United States, and even in Russia itself. Mondelez (MDLZ), a giant global food company based in Chicago, has been hit hard. NotPetya disrupted email and logistics and caused $ 100 million in damage. The White House called it “the most destructive and most expensive cyber-attack in history.” Total international destruction: $ 10 billion.
Almost five years later, the Russians invaded Ukraine and the war raged. Experts expected even more cyber devastation, but Russia has so far not cut off Ukraine’s electricity grid or other important infrastructure.
“I think the biggest surprise so far has been Russia’s lack of success in cyber attacks on Ukraine,” Stephen Wertheim, a senior fellow at Carnegie Endowment for International Peace, told Vox.
Not because of a lack of attempts. The U.S. government’s cybersecurity and infrastructure security agency issued a warning revealing that Russia, which led to its invasion, “deployed destructive malware against organizations in Ukraine to destroy computer systems and make them inoperable.”
It is also surprising that Russia has not successfully launched cyber attacks on the United States, the United Kingdom, Germany or other NATO allies. One reason is that NotPetya – as well as the attack on WannaCry launched by North Korea the same year – taught companies and governments key lessons about protection itself.
The other is that the Russians know that the United States is using a deterrence strategy, similar to its policy on the use of nuclear weapons, as a primary defense against a major attack. If Russia shuts down our power grid, or large parts of it, the United States has indicated that it will react en masse, throwing the Russians into the cold and darkness, or worse.
The cybersecurity sector is booming as demand grows
However, there is no reason to be complacent.
Don’t forget that the Colonial Pipeline, the largest fuel network of its kind in the U.S., was breached last year, shutting it down. This was caused by a single compromised password and could have been prevented by multifactor authentication, a basic cyber security tool that can include simply sending text to a user with a code number. Colonial paid a $ 4.4 million ransom to Russian hackers.
Vulnerability called Log4j in free software has led to attacks by hackers in Russia, China, Iran and other US antagonists The Wall Street Journal reports “10 million attempts to exploit vulnerability Log4j per hour in the US” CISA website carries a giant banner at the top that reads “SHIELDS UP,” a warning that times are dangerous.
In the cyber world, hackers always have the upper hand, but defenders are catching up. Companies that use software, hardware, intelligence and attack prevention training have become better at what they do. Companies know that they have to invest in cyber security or risk huge losses or complete failure.
As a result, the cybersecurity sector is booming. Gartner, a research firm, set global revenue at $ 150 billion in 2021, a 12% increase over 2020 and roughly double sales in 2017. Even before the Russian invasion, Fortune Business Insights predicted that spending would rise to $ 376 billion by 2029, an annual growth rate of 13%.
Almost all internet giants, including Alphabet (GOOGL) and Microsoft (MSFT), offer cyber security programs. Microsoft’s security revenue last year was $ 15 billion – more than any other standalone company.
Pure games among cyber security stocks
Among the more focused opportunities, first address the largest such section, Palo Alto Networks (PANW), with a market capitalization (outstanding price shares) of $ 60 billion. NotPety’s revenue has tripled and the company’s stock price more than quadrupled.
Palo Alto is known for its firewalls that scan internet traffic and protect against viruses, spyware and data leaks – as well as identify vulnerabilities. Like many cyber security stocks, Palo Alto is still unprofitable. But you are buying a future in which what the company sells is absolutely necessary. (The stocks I like are in bold; data is from April 8.)
Another major cyber security company, Fortinet (FTNT), offers a wide range of tools, including intrusion prevention software and anti-malware software. Fortinet’s sales grew 29% last year and made a small profit. Shares have risen nearly 20% since the start of the war in Ukraine, and the price-to-earnings ratio of the stock is 68, based on analysts’ earnings forecasts for next year.
It is also among the larger companies CrowdStrike (CRWD), which is particularly adept at protecting endpoints – devices such as smartphones and workstations that communicate with broader corporate networks. CrowdStrike’s revenue, almost all of recurring subscriptions, jumped 66% for the fiscal year ending January 2022. Shares have risen accordingly, but it’s still worth a closer look.
A recent update of the cybersecurity industry by Needham & Co. Tenable Holdings (TENB) as the best way to play the convergence of information technology and operational technology.
For many firms, information technology, housed in a firm’s own computer systems or in the cloud, drives the operating technology or operation of its machines and other physical assets. This convergence is great for business, but it also leaves the company open to catastrophic attacks. Tenable is unprofitable, and its market capitalization is more than 10 times higher than sales. But I think the risk is worth taking.
Tenable is also a potential takeover candidate in the consolidating sector. NortonLifeLock (NLOK), a powerful manufacturer of cybersecurity on the consumer side, is awaiting regulatory approval to complete its merger with Avast, a Czech-based company focused on protecting small businesses. Norton has a solid franchise and provides a good balance for faster growing and more expensive companies in the sector. Norton trades at an P / E of only 14.
Other companies that I like (they all have a market capitalization of between 4 and 6 billion dollars) include KnowBe4 (KNBE), whose shares are still about one-third below their all-time high; SailPoint Technologies Holdings (SAIL), specializing in identity security; i Qualys (QLYS), with sales up nearly 50% in the past three years.
Among the funds traded on the stock exchange, consider Global X cyber security (BUG), with a cost ratio of 0.5%. In 2020, its first full year, it returned 70.8% and gained another 13% in 2021. So far, even in 2022, Alto, Fortinet, CrowdStrike, Tenable, NortonLifeLock and Qualys have fallen, so the ETF provides a handy way to buy some of my favorites.
James K. Glassman chairs Glassman Advisory, a public affairs consulting firm. He doesn’t write about his clients. His latest book is Safety Net: The Strategy for De-Rising Your Investments in a Time of Turbulence. Of the shares mentioned, he owns Microsoft. contact him at James_Glassman@kiplinger.com.
Comments are closed.