Security Market Update: Q3 2019 in Review

Cyber Security Investing

INN looks at some of the key trends in security over the third quarter following the towering CapitalOne and DoorDash data breaches.

The cybersecurity arena continued to show core vulnerabilities in Q3, with DoorDash and CapitalOne (NYSE:COF) making news over breaches exposing a combined 104.9 million accounts.

Looking back over the quarter, one key move was the US Department of Defense’s (DoD) August release of new cybersecurity standards for businesses that it contracts.

“Every company within the DoD supply chain — not just the defense industrial base, but the 300,000 contractors — are going to have to get certified to do work with the Department of Defense,” Katie Arrington, chief information security officer for the DoD’s Office of the Assistant Secretary of Defense for Acquisition, said at the Intelligence and National Security Summit, according to Federal News Network.

As the US federal government makes moves to standardize cybersecurity practices, ransomware attacks on municipalities continue to rise in number. Just weeks after the report was released by the DoD, 22 cities throughout Texas were subject to a ransomware attack. One or more hackers held them ransom for millions of dollars in an attempt to gain access to their data.

Mark Stone, one victim from the attacks, told the New York Times, “Our security operations center is fending off attacks in the terms of millions every month, and many of those are attempted ransomware.”

Overall, it remains clear that attacks are increasing and becoming more prevalent. Here the Investing News Network (INN) reviews some of the most notable events that took place in the security sector in the third quarter, including major trends, vulnerabilities and the future outlook.

Security update Q2 2019: Major trends

During the period, the Forbes Technology Council noted six trends in cyberattacks: sandbox evaders, internet of things (IoT) ransomware, higher sophistication, multi-factor authentication, lagging General Data Protection Regulation (GDPR) compliance and state-sponsored attacks.

Sandbox technology fends off a form of malware called sandbox-evading malware. It is untraceable by security detection systems and can take over 500 different forms.

Similarly, IoT ransomware is a form of cyberattack that can target any IoT system, whether it’s a connected heating system, vehicle or appliance. The dangers are present on both an individual and commercial level, implicating security systems and manufacturing processes.

On a more positive note, as cyber attackers become more advanced, so too do the security systems that are fighting them off. Some recent examples of more sophisticated security controls include endpoint systems and creating fake data to bait and deceive hackers.

While two factor authentication is commonly known in cybersecurity solutions, now it may not be enough. As Forbes notes, perhaps surprisingly, most data leaks are still the result of bad passwords. Multi-factor authentication takes it one step further for protection.

Along with the emergence of multi-factor regulation, problems with the GDPR were a trend in the quarter, and will likely continue into the end of the year. After the GDPR was introduced in May 2018, requirements became quite onerous, leading to potential fines for companies that don’t adequately comply. As a result, adopting practices to protect customer data has been slow.

As mentioned, state-sponsored attacks were another trend in Q3. These attacks, which rippled worldwide during the quarter, can attack both pillars of democracy and major operational systems such as voting systems, power grids, utilities and government branches, to name a few.

Security update Q2 2019: Physical security in focus

When it comes to physical security, a number of technological advancements from university labs have come to the forefront. For example, by integrating machine-learning systems to detect attacks, Liberty Defense’s (TSXV:SCAN) security system is designed to prevent physical threats.

Speaking to INN, Bill Riker, the company’s CEO, defined the four primary areas within physical security: public venues, buildings and perimeters, transportation and others. “Since 2015, in the US there have been over 350 mass shootings per year, and we’re well over 360 in 2019,” he said.

Similarly, First Responder Technologies is cultivating new technologies in the physical security space, such as applying commercial WiFi systems to detect potential threat objects. Its security technology was developed at Rutgers University, winning a peer-reviewed best paper award.

Robert Delamar, CEO of First Responder, told INN the company was founded by a former RCMP officer.

“He had a heart for trying to find a way to capture what they call ‘the magic 10 or 15 seconds’ in the context of a crisis situation,” he said. “And the idea was if you can provide a first responder with better information and analytics before they run into a threatening situation, the end result can save lives.”

Allied Market Research projects the global physical security market will reach US$292.4 billion by 2025.

Security update: Beyond Q3 2019

As reported by the Economist, US$1.5 trillion in revenue has been siphoned to cyber criminals worldwide. Or, in other words, cybercriminal activity has generated revenue equal to the gross domestic product of the 13th largest country in the world.

Needless to say, with the sophistication of threats only increasing, executives are focusing on core areas to protect their enterprises. After surveying 4,000 cybersecurity professionals, Deloitte reported that the three highest domains that professionals are addressing are cyber monitoring, cybersecurity government and cybersecurity resilience.

According to the report, challenges in the industry include prioritizing risks, cybersecurity framework agreements and data management.

“There will never be a time when the chief technology officer will sign an affidavit to his or her board of directors saying, ‘I hereby certify that we are completely finished and we achieved invulnerability to hacking’ because it’s just a moving, evolving threat,” Peter Andersen, founder of Andersen Capital Management, told  INN.

So long as there is the internet, the risk of cyber threats will not go away. What’s more, the cryptologic systems that give protection from security threats are highly advanced.

“That’s a very, very mathematical field. A lot of Wall Street analysts just simply don’t understand that business,” said Andersen. Having graduated from Yale with a master’s degree in physics, Andersen believes the math-intensive field will create a moat for those companies that truly understand the cryptology and mathematics behind it.

“With every new firewall technique or anti-hacking provision that’s put in place, it is a tremendous challenge for hackers to achieve. So this is never going to end in terms of computer security and email security for all kinds of enterprises,” he said.

Security update: Investor takeaway

With the NASDAQ CTA Cybersecurity Index (INDEXNASDAQ:NQCYBR) rising 20.69 percent year-to-date, outpacing both the S&P 500 (INDEXSP:.INX) and the Dow Jones Industrial Average (INDEXDJX:.DJI), it is evident that the cybersecurity industry has staying power.

Andersen has been a long-term investor in cybersecurity firms Palo Alto Networks (NASDAQ:PANW) and CyberArk (NASDAQ:CYBR), which have risen 16 percent and 44 percent year-to-date, respectively.

These companies have a different kind of culture, acting more like renegades in their fields as opposed to corporate actors, Andersen explained.

“You have a lot of very, very intelligent people working on preventing other intelligent people from hacking into their systems,” he said.

CyberArk, for example, pioneered the privileged account security market. Privileged accounts are the administrators that are granted access to enterprise domains. The company also has a solid balance sheet with low debt and a rising cash cushion.

Palo Alto Networks is different. Nir Zuk, its founder, was originally a computer hacker himself.

“The founder of Palo Alto Networks is an Israeli-born computer wiz, and when he was a teenager, he was caught hacking into an Israeli company,” said Andersen. “Rather than apprehend him, they actually asked him to come and work on their side because they figured it takes somebody that has been able to prove that they could penetrate their computer security to join their side.”

He later moved to the US and founded Palo Alto Networks in 2005. “He has hired some of the best brains in the cryptology business,” said Andersen. In the second quarter, Palo Alto Networks reported a 22 percent increase in revenues, reaching US$805.8 million, and a net loss of US$20.8 million.

When asked if these companies are undervalued, Andersen said that they are. “There’s a lot of things in a growing company that will impact the earnings, but in terms of the stock part that makes them very attractively valued, I remain a buyer,” he said.

Don’t forget to follow us @INN_Technology for real-time news updates!

Securities Disclosure: I, Dorothy Neufeld, hold no direct investment interest in any company mentioned in this article.

Editorial Disclosure: First Responder Technologies is a client of the Investing News Network. This article is not paid-for content.

The Investing News Network does not guarantee the accuracy or thoroughness of the information reported in the interviews it conducts. The opinions expressed in these interviews do not reflect the opinions of the Investing News Network and do not constitute investment advice. All readers are encouraged to perform their own due diligence.

The Conversation (0)