HomeBusiness & FinanceCybersecurity stocks grab eyes amid Uber data breach

Cybersecurity stocks grab eyes amid Uber data breach

Cybersecurity stocks grab eyes amid Uber data breach

Everyone is at risk of a data breach or cyber attack, no matter how small or large a company is. Hackers and cybercriminals come up with new ways every day to steal sensitive information or personal data that they can potentially sell or ransom for money.

According to a report published by the Identity Theft Resource Center (ITRC), a record number of 1862 data breaches occurred in 2021 in the US. This number broke the previous record of 1506 set in 2017 and represented a 68% increase compared to the 1108 breaches in 2020. Sectors like healthcare, finance, business, and retail are the most commonly attacked, impacting millions of Americans every year. Many cybersecurity experts believe that this number will continue to increase in 2022 and beyond.

So it’s time to move into cybersecurity stocks amid the latest data breach involving ride-sharing service Uber Technologies (UBER). But right now, the IBD Computer-Software Security group ranks only No. 151 out of 197 industry groups tracked.

Also, private equity firms continue to target the sector. Vista Partners, a long-standing investor in KnowBe4 (KNBE), on Sept. 19 offered to buy the company for $24 per share in cash. The deal represents a 39% premium for KNBE stock.

Meanwhile, in the Uber data breach, a hacker used social engineering techniques to gain entry to its computer system.

Social engineering is the art of manipulating people so they give up confidential information. The hacker claimed to be a member of Uber’s information technology team and tricked an employee into handing over a password.

“We believe a breach of this stature can act as a tailwind to long-term security budget growth, especially as those conversations become more difficult in the current macro environment,” said Wolfe Research analyst Joshua Tilton in a report.

Most likely, the Uber data breach will lead to more companies to focus on employee security awareness training programs.

With the summer earnings reporting period over, customer conferences loom as possible catalysts. CrowdStrike Holdings (CRWD) hosts its Fal.con conference from Sept. 19 to Sept. 22. An investor day for CRWD stock is slated for Sept. 20.

Fortinet (FTNT) hosted a security summit as part of the new PGA golf season on Sept. 15. At the summit, Fortinet touted its growing relationships with cloud computing giants such as Amazon.com (AMZN) and others, noted Wells Fargo analyst Andrew Nowinski in a report.

Cybersecurity Stocks: Cloud Computing Synergy
“While each hyperscaler works with nearly all the security vendors, this channel represents a strong route-to-market, given that AWS alone has 45,000 sales people, Azure has over 30,000, and GCP has 25,000,” Nowinski said.

“We believe Fortinet is well-positioned with these hyperscalers, given the large installed base of Fortinet. Fortinet has nearly 600,000 customers, far more than all other security vendors, which provides a lot more opportunities for the hyperscalers to cross-sell their services.

The IBD security group is down nearly 25% in 2022, under-performing the S&P 500. The S&P 500 is down about 19%. But some cybersecurity stocks hold high Relative Strength Ratings, such as Palo Alto Networks (PANW). Palo Alto has completed a 3-for-1 stock split.

Meanwhile, the iShares Expanded Tech-Software ETF (IGV) fell nearly 5% in August. The IGV index has retreated nearly 33% in 2022.

According to a Morgan Stanley survey of chief information officers in July, cloud computing and security software remain at the top of priority lists, followed by business intelligence/analytics, digital transformation and artificial intelligence.

Cybersecurity Stocks Report Mixed Earnings
Zscaler (ZS) stock jumped on stellar fiscal fourth quarter results.

PANW stock jumped on better-than-expected fiscal Q4 earnings and guidance. Palo Alto Networks has been building a broad cloud-based services platform via acquisitions. Palo Alto Networks has spent more than $3 billion on 10 acquisitions over the past three years.

CrowdStrike reported reported Q2 annual recurring revenue, or ARR, of $2.14 billion. Analysts expected $2.11 billion, up 59%. Analysts consider ARR a key metric in CrowdStrike results, as it links to subscription customer growth.

Check Point Software Technologies (CHKP) reported earnings on Aug. 1. CHKP stock fell on guidance.

Fortinet reported second-quarter earnings, revenue and billings that topped estimates but the size of the beats disappointed. For the September quarter, Fortinet forecast sales of $1.12 billion, below estimates of $1.13 billion.

Consolidation Impacts Cybersecurity Stocks
Private equity firms continue to be active.

Thoma Bravo acquired Ping Identity Holdings (PING) for $2.8 billion.

Thoma Bravo also has acquired cybersecurity firms SailPoint Technology, Proofpoint, Sophos and Barracuda. The private equity firm has invested in cybersecurity startups, such as Illumio.
Also, PE firm Permira in May completed its purchase of Mimecast for $5.8 billion. PE firms aren’t the only acquirers.

Google-parent Alphabet (GOOGL) on March 7 said it’s acquiring cybersecurity firm Mandiant (MNDT) in an all-cash $5.4 billion deal. Mandiant will be part of Google’s cloud computing business.
Also Google in January acquired Siemplify, a security orchestration, automation and response provider, for around $500 million.

“Increased acquisition activity is being spurred by depressed valuations in the current uncertain macroeconomy,” Cowen analyst Shaul Eyal said in a recent note to clients. “We believe that acquirers are increasingly seeking targets that demonstrate a balance of growth versus profitability and positive cash flow.”

Corporate Spending On Cybersecurity
Meanwhile, Qualys and Fortinet have dropped off the IBD 50 roster of growth companies.

At an investor day for FTNT stock on May 10, Fortinet unveiled 2025 financial targets that call for billings of $10 billion and revenue of $8 billion, implying a three-year average growth rate of 22% for both metrics.

Cybersecurity spending worldwide climbed 13% in 2021 to $172 billion, estimated market research firm Gartner, accelerating from 8% growth in 2020. In both 2022 and 2023, Gartner forecasts 11% growth in cybersecurity spending.

Bank of America in a recent report said cybersecurity stocks that deliver services via cloud computing platforms will be better positioned.

“We believe ‘born-in-the-cloud’ companies like Zscaler, CrowdStrike and SentinelOne (S) to be relatively resilient to any spending slowdown, also given how critical their solutions are to cyber defense efforts,” said BofA analyst Tal Liani in a note to clients.

Cybersecurity stocks got a lift in February as Russia’s invasion of Ukraine began. Analysts said attacks aimed at shutting down websites could increase.

Further, Congress has finally passed legislation funding infrastructure projects, which is expected to include funding for federal, state and local cybersecurity infrastructure.

Ransomware remains a big threat, though fewer highly publicized incidents occurred in the back half of 2021.

The rise of cryptocurrency Bitcoin has been linked to a spike in ransomware attacks. In ransomware attacks, hackers take over computer systems, encrypt files and demand digital payment to restore access to critical data.

Cybersecurity Stocks With High Composite Ratings
Cybersecurity stocks with Composite Ratings above 90 include Qualys, Fortinet and Palo Alto Networks.

The Composite Rating is a blend of the other five IBD stock ratings: the earnings per share or EPS Rating, Relative Price Strength Rating, Accumulation/Distribution Rating, Industry Group Relative Strength Rating and the SMR Rating.

The latter measures sales growth, profit margins and return on equity. The all-encompassing Composite Rating helps investors easily measure the quality of a stock’s fundamental and technical metrics.
No security stocks currently are members of the IBD Leaderboard. It’s IBD’s curated list of leading stocks that stand out on technical and fundamental metrics.

Hot Cybersecurity Startups Eye IPOs
And initial public offerings are on the table. SentinelOne’s IPO raised $1.2 billion. SentinelOne is a rival of CrowdStrike.

Meanwhile, analysts say Netskope, Illumio and Menlo Security are among cloud security startups that could launch IPOs.

Analysts say a new wave of startups seems to be taking share from industry incumbents.

Darktrace (DARK) launched its IPO on the London stock exchange in April. Darktrace utilizes self-learning artificial intelligence tools in security automation.

Further, consolidation may be coming in the cybersecurity industry. Okta (OKTA) in early 2021 acquired privately held Auth0 in a $6.5 billion, all-stock deal. Also, Okta is expanding into new security markets to take on CyberArk Software (CYBR) and SailPoint.

Microsoft Stock A Big Player In Cybersecurity
Also, Microsoft (MSFT) has moved into this space. The software giant recently disclosed that its cybersecurity revenue tops $10 billion annually. With 400,000 customers, Microsoft’s computer security franchise is growing at more than 40%, the company said.

Microsoft in July 2021 acquired RiskIQ, a security threat management company. Bloomberg reported that Microsoft paid around $500 million. Microsoft also bought CloudKnox Security in July.

In addition, Microsoft is integrating more security tools into its cloud-based Office 365 software. As it expands cloud-based security services, Microsoft could pressure more industry incumbents, such as Okta, CrowdStrike, and Splunk (SPLK).

“Microsoft is clearly pitching itself as offering a full security suite, a competitive advantage as customers increasingly want a unified view of threats,” UBS analyst Karl Keirstead said in a recent note.

Cybersecurity Stocks: Wide Range Of Products
Further, it behooves an investor to know which cybersecurity stocks address ransomware, phishing or other kinds of cyberattacks.

Meanwhile, CrowdStrike uses machine learning and a specialized database to detect malware on laptops, mobile phones and other devices that access corporate networks. In addition, many software companies are using artificial intelligence to get a competitive edge.

In addition, Zscaler is the biggest provider of cloud-based web security gateways that inspect customers’ data traffic for malware.

SailPoint, an identity management software maker, is among companies that garner more than 10% of revenue from government agencies.

Coronavirus Outbreak Boosted Demand For Cloud Security
Other cybersecurity firms with a sizable government business include Tenable Holdings (TENB), Rapid7 and CyberArk. Tenable in 2021 acquired France-based Alsid, which focuses on identity access management.

In addition, Rapid7 and Qualys specialize in vulnerability management services.

Amid the rapid global spread of Covid-19, many companies instructed employees to work from home. That has increased demand for computer security products that support remote work.

The coronavirus emergency and shift to remote work has accelerated the growth of cloud-based network security. So the industry now has a new term for the infrastructure that supports distributed workers and branch offices.

It’s spelled SASE — pronounced “sassy” — and it stands for Secure Access Service Edge.

SD-WAN Technology Changes Security Needs
Corporate America has hiked tech spending on security aiming to protect intellectual property as well as consumer privacy. Hackers continue to steal credit card data and intellectual property.

Spending on security technologies has evolved as companies shift business workloads to cloud computing service providers. Amazon Web Services, part of Amazon.com (AMZN), is the biggest cloud services firm. Amazon looms as a potential rival as it builds more security tools into its cloud services.

Also, Fortinet competes with Palo Alto Networks and others in the firewall security market. Firewalls reside between private networks and the internet. They block unauthorized traffic and check web applications for malware.

As large companies shift to off-premise cloud computing services, one view is that firewall technology will play a lesser role. Fortinet has targeted software-defined wide area networks, or SD-WANs, an emerging computer networking technology.

Aiming to catch-up in SD-WAN technology, Palo Alto Networks acquired startup CloudGenix.

Cybersecurity Products Battle Ransomware, Phishing
Cybersecurity stocks span a wide-range of products and services. In addition, some security vendors are shifting to software-based subscription business models from selling hardware appliances. Among them, Proofpoint specializes in email and data-loss protection.

Meanwhile, hackers often aim to compromise networks by targeting employees or management who have administrative access. CyberArk manages privileged accounts. In addition, Okta provides identity management services.

To slow down hackers, more companies are focusing on internal security threats though a strategy known as Zero Trust. In addition, traditional security measures aim to keep the bad guys out of corporate networks. Further, network firewalls focus on intruders from the public internet.

Zero Trust cybersecurity models focus on internal threats, such as hackers stealing someone’s security credentials. Security firms verify the identity of network users and limit access to applications.
CrowdStrike, Okta, Netskope and Proofpoint recently formed a Zero Trust alliance. Targeting Zero Trust security, Cisco Systems (CSCO) in 2018 acquired Duo Security for $2.35 billion.

Artificial Intelligence Changing Cybersecurity Market
Also, many fast-growing cybersecurity firms are in the endpoint market. Their tools detect malware on laptops, mobile phones and other devices that access corporate networks.

Further, CrowdStrike’s initial public offering in June 2019 raised $612 million, one of the largest cybersecurity offerings. CrowdStrike’s rivals include VMware’s (VMW) Carbon Black, Palo Alto and startup Cybereason.

The “Human Element” causes at least 75% of cyber breaches, according to a new study by Cowen Research and Boston Consulting Group. Many companies have stepped up employee training to deter ransomware attacks and other threats. Cowen favors Cloudflare (NET), Fortinet, CrowdStrike and KnowBe4 (KNBE).

In addition, state-sponsored hackers and cybersecurity firms are both using artificial intelligence to get an edge.

Artificial intelligence should improve computer security tools by speeding up incident responses. It could help thwart email-delivered ransomware or swarming botnets that knock out access to websites.

Top 10 Biggest Data Breaches in US History

Date: 2013-2016
Impact: Over 3 billion user accounts exposed
The data breach of Yahoo is one of the worst and most infamous cases of a known cyberattack and currently holds the record for the most people affected. The first attack occurred in 2013, and many more would continue over the next three years

Date: January 2021
Impact: 30,000 US companies (60,000 companies worldwide)
In one of the largest cyberattacks in US history, over 30,000 US businesses were affected by a sweeping attack on the Microsoft Exchange email servers, one of the largest email servers in the world. The hackers were able to exploit four different zero-day vulnerabilities that allowed them to gain unauthorized access to emails from small businesses to local governments.

First American Financial Corp.
Date: May 2019
Impact: 885 million file records leaked
In 2019, First American Financial Corp. suffered a major data leak due to poor data security measures and faulty website design. Although this incident was labeled a data leak instead of a breach (no hacking involved), it shows just how easily sensitive information can fall into the wrong hands.

Date: April 2021
Impact: 530 million users exposed
Although one of the world’s largest companies, Facebook is no stranger to data leaks and controversy. The social media giant has constantly dealt with security breaches of user data since the company went public in 2012.

Date: April 2021
Impact: Over 700 million user records
With about 750 million users in 2021, hackers were able to post the user identities of about 700 million people (>93% of the total user base) after performing a data scrape of the LinkedIn website. Although most of the information was publicly available, performing a data scrape by exploiting LinkedIn’s API violated the terms of service.

JPMorgan Chase
Date: June 2014
Impact: 76 million households & 7 million small businesses
In September 2014, JPMorgan Chase, one of the largest banks in the US, disclosed that cyberattacks compromised accounts of over 76 million households and 7 million small businesses. Although the attack was initially thought to have only affected 1 million accounts, investigations found that the attack was much worse, lasting about a entire month from June to July.

Home Depot
Date: April 2014
Impact: 56 million payment card numbers & 53 million email addresses
In 2014, hackers were able to steal over 56 million payment card records from Home Depot using custom-built malware. The attack lasted for five months before it was detected and finally removed from the networks of the popular home improvement store. However, it had already affected millions of customers spanning the US and Canada.

Date: June 2013
Impact: Over 360 million accounts
Although no longer the social networking site it once was, MySpace still attracts millions of visitors to their now predominantly music and band promotion site. In 2016, reports came out that a hacker accessed 360 million user logins, names, and dates of birth and posted them for sale on the dark web, making it one of the largest data breaches ever.

FriendFinder Networks
Date: November 2016
Impact: 412 million accounts
Popular adult entertainment company FriendFinder Networks faced a massive data breach in 2016 when six of its main databases were hacked, including its more well-known subsidiaries, AdultFriendFinder and Penthouse. Over 20 years of data were stolen, which amounted to about 412 million accounts, including 15 million deleted accounts that weren’t removed from the databases.

Marriott International
Date: September 2018
Impact: 500 million guests
On November 19, 2018, Marriott International released a statement acknowledging that an unknown third party had illegally accessed their Starwood reservation database. The Starwood database included every reservation made at major hotel chains under Marriott, including Westin, Sheraton, Four Points, St. Regis, and W Hotels.

This article was reported by IBD.