Recent high-profile cyberattacks against the Democratic National Committee have pushed cybersecurity into “6 o’clock news” territory.
But the problem goes so much deeper than the media is reporting. This country is embroiled in nothing less than a full-scale global cyberwar right now. There may not be any casualties (yet), but everything is up for grabs -and the stakes are very high.
For instance, the cost of fighting this war is set to eclipse $1 trillion between 2017 and 2021, making the battlefield one of the largest new markets on Earth.
Today I’m going to show you how you can profit from our efforts to win this war.
The Worm Turns
The release of the so-called Stuxnet worm around 2010 can be thought of as the Fort Sumter or Pearl Harbor of this cyberwar, even though, unlike those historic battles, the United States won… or appeared to.
No one in government will talk on the record about it, but independent security research has all but definitively linked the worm to U.S. and Israeli intelligence services. The scope and complexity of the worm’s code suggests that it could only be the work of a nation state… with deep pockets.
The target in this case was the laptop computer of an anonymous nuclear scientist employed at Iran’s nuclear research facility in Natanz. The worm was able to spread into the facility itself and cause the labs working uranium centrifuges – running Windows-based Siemens Step7 software – to spin out of control. Stuxnet destroyed roughly one-fifth of them and dealt a crippling blow to Iran’s nuclear ambitions.
So the world’s first “cyber use of force” likely helped keep nuclear weapons out of a hostile state’s arsenal. A win for the “good guys,” and a validation of our national cybersecurity strategy.
What’s the downside?
Well, Stuxnet didn’t really stop in Natanz…
It’s in the wild now, and as of just a few weeks ago, it’s available to the highest bidder, all courtesy of the Shadow Brokers.
The National Security Agency’s internal team of elite hackers, the Equation Group, suffered a breach this summer. A hacker collective known as the Shadow Brokers made off with a digital haul of cutting-edge, next-gen malware like Duqu and Flame and – you got it – the code for Stuxnet.
It may only be a matter of time before Stuxnet is used against the United States or one of its allies. And considering the very real physical havoc this worm is capable of creating (it literally left Iran’s centrifuges a smoking ruin), we may not have long to wait for the first flesh-and-blood casualties of this global secret war.
Stuxnet and Stuxnet-like attacks notwithstanding, our national security faces cyber threats from countries like Russia, China and North Korea. Individual hackers, with unknown motives and acting on behalf of no state, are also responsible for plenty of security breaches.
These attacks have reached such a fever pitch that the U.S. Department of Homeland Security (DHS) wants to step in to “safeguard” U.S. elections, especially the upcoming presidential contest.
That might be a good idea… if DHS weren’t so often the victim of cyberattacks itself.
The way things stand with current security measures, no one in the world is safe.
As grim as this situation is, it’s only one facet of the complex threat picture we’re facing now…
Petty Criminals Are Having a Rich Payday
Entire countries are slugging it out on the cyber battlefield, but the hacker back alleys aren’t much safer.
According to security firm McAffee/Intel Security, cyber theft is a $400 billion-a-year industry. And consulting firm PwC reports that there were nearly 60 million discovered attacks last year – more than 164,383 each day.
The numbers of undiscovered attacks or worms and viruses lying in wait are unknown.
Ransomware often starts with a “drive-by download,” where a victim is duped into downloading an executable file or macro that, when activated, then checks to see if certain criteria have been met – often the hackers operate in Russia, and if the program finds the potential victim is from the old Soviet bloc, it will do nothing.
But if the computer is located in the European Union or United States… watch out.
The ransomware will lock the hapless user out of their own data and send a message that, for a fee – often a few hundred dollars or euros – the hackers will unlock the computer. For businesses, the stakes (and the ransom payments) are often far higher.
As nearly 200 million people connect to the Internet each year, with good intentions and ill, the cybersecurity challenges grow exponentially.
Add to that the growing Internet of Everything (IoE), with its 5.4 billion new connected devices, and you have a flat-out security nightmare.
But pressing challenges often make for lucrative opportunities. Now that you know the scale of the problem, I’m going to show you an easy-to-buy cybersecurity investment that gives the broadest possible exposure to the dynamic, high-profit companies in this rapidly expanding tech sector.
Here’s the ticker…
The Cybersecurity “Pure Play”
What I like most about the PureFunds ISE Cyber Security ETF (NYSE Arca: HACK) is that it’s a “pure play” in the sector.
Built to track the ISE Cyber Security Index, HACK is a great way to take advantage of the “arming” of businesses, governments, and individuals.
The index is made up of all the big players and many of up-and-comers in the cybersecurity sector. That means you get a play on federal, state and local governments beefing up their security – and on the huge array of business cybersecurity solutions… all in one spot.
This fund’s holdings are like a “Who’s Who” of cybersecurity.
Here are some of my favorites from the list…
The Big Daddy
Symantec Corp. (Nasdaq: SYMC) is one of the oldest and largest firms in the market and is a major player in the U.S. government’s cybersecurity platforms – and, at a “weight” of 5.41%, it is the largest of HACK’s holdings. It also owns the Norton brand security programs that are popular with individuals, as well as enterprise solutions for both mobile and computer security.
For good or ill, the federal government’s computer systems are set up on various protocols and security platforms. Some of this is for security purposes, but generally it was because each massive department built out its own systems organically over the decades, and no one was overseeing “the big picture.”
Symantec is the go-to player to take on this challenge. It has the skills and the knowledge deal with this mammoth task in the United States and abroad as well. And this expertise is then passed down among all its divisions.
The stock is up nearly 36% in the past six months, largely because investors and Wall Street are starting to understand the long-term growth explosion in this sector. And I expect at least another 25% out of the stock just in the short term.
The New Kid on the Block
Palo Alto Networks Inc. (Nasdaq: PANW), which composes 4.22% of HACK’s holdings, is one of the newest players to become a familiar name in any IT department and one of my favorite single plays in the sector. It operates in three divisions: Next-Gen Firewall, Advanced Endpoint Protection and Threat Intelligence Cloud.
The company’s rise can be pegged on the latter of these three divisions. Palo Alto has been on the cutting edge of discovering and identifying threats for a while now.
It has clients in every sector, both public and private, but has had a tough time recently acquiring new clients because of the slack economy. But this is our advantage. The stock is off 6.5% in the past six months, but the overall trend is up – it’s up 176% since its IPO in mid-2012 – which makes now a great time to get in.
The Cloud Connection
Qualys Inc. (Nasdaq: QLYS), which makes up 4.21% of the ETF, is a cybersecurity player in the fast-growing cloud sector. This is where computing now resides and where the IoE will either sink or swim. Given the enormous corporate interests involved in IoE, it will be extremely important for every link in the cybersecurity chain be as strong as the next, and Qualys is building a reputation for just that.
With nearly 9,000 clients, including more than 60 Forbes 100 companies, Qualys is building a substantial reputation in the space. And part of the great advantage of buying HACK is you get a pure-play cloud security company like Qualys without missing out on other important security sectors.
Qualys stock is up 42.7% in the past six months, so there is real momentum here. It released its second-quarter earnings in early August, and even then, things were looking up. Revenue was up 20% for the quarter, as was gross profit. It also raised its guidance for the rest of 2016, always a bullish sign given the broad economy.
ManTech International Corp. (Nasdaq: MANT) keeps a low profile. That’s because it operates on highly sensitive projects for the U.S. intelligence community and the Federal Bureau of Investigation (FBI), as well as the Departments of Defense, State, Health and Human Services, Veterans Affairs and Justice.
Simply put, anywhere in the federal government where secure records are a top priority, ManTech is on the job.
ManTech, which makes up 1.52% of HACK, also provides secure networks for the intelligence community so that communications between outposts and command can be relayed without threat of hacking.
That’s why it’s not surprising the stock is up 31.7% year to date. The federal government is finally committing to beefing up its cybersecurity – and it needs a reliable integrated solution. ManTech is the kind of specialist organization that can work with the government at the highest levels.
And even now, the company is paying a solid 2% dividend – income you get by owning HACK.
HACK is up nearly 15% over the past six months, with most of that coming in the last three months. This is the beginning a very long train. It’s a great time to get involved, because once this trend gathers momentum, these prices will be distant memories.