The threat from ransomware attacks persists as online extortion potentially costing millions of dollars besieges Corporate America. And that’s good news for cybersecurity stocks.
Recent sell-offs have taken some of the air out of the sector, but many cybersecurity stocks have turned in a solid 2021 as client companies upped spending to fend off fast-evolving online threats. The coronavirus emergency expanded the cybersecurity battleground as companies shifted to remote work, opening up new targets for hackers.
Cybersecurity spending worldwide will pop an estimated 13% in 2021 to $172 billion, says market research firm Gartner, accelerating from 8% growth in 2020. In both 2022 and 2023, Gartner forecasts 11% growth in cybersecurity spending.
“The concept of ransomware is not new. It just continues to get worse and worse,” Mike Sentonas, chief technology officer at cybersecurity specialist CrowdStrike Holdings (CRWD), told Investor’s Business Daily. “They’ve changed the way they target victims. Ten years ago, if you got hit by ransomware it was on a personal machine. Maybe your photos and files were encrypted and for a few hundred dollars away they went.”
He added: “Now we see criminal groups targeting large businesses, governments and there are examples of ransomware demands of well over $10 million. They’re becoming much more brazen because a lot of money is being made. And there’s a huge ecosystem now. You’ve got criminal groups that build a platform, rent it out and take a percentage of the profits.”
Computer Security Stocks Retreat
Meanwhile, the IBD computer security group advanced 35% at one point this year. It’s now up about 20% amid a broad correction in software growth stocks as more investors shun lofty valuations. Some cybersecurity stocks now trade below their 50-day moving averages after selling off on earnings reports. The IBD computer security group now ranks No. 17 out of 197 industry groups tracked.
Companies like Fortinet (FTNT) and Palo Alto Networks (PANW) have withstood a rash of recent selling in the sector and their stocks remain solid. Others, like CrowdStrike, Zscaler (ZS) and Cloudflare (NET) — the latter of which is part of a different sector but also plays in the cybersecurity space — have stumbled.
Fortinet, Palo Alto Networks and Zscaler were added to the Nasdaq 100 starting Dec. 20.
The industry outlook, though, remains favorable. As in the case of the coronavirus pandemic, there’s a long game in the ransomware battle.
Cyber extortionists pulled in $422 million in cryptocurrency payments in 2020, up some 344% from a year earlier, says Chainalysis. The group provides cryptocurrency market intelligence to government agencies, financial institutions and crypto businesses.
The average ransomware payment was $139,739 in the third quarter of 2021, said a Coveware report. That was down from $223,817 in the same quarter a year earlier but still more than triple the $41,198 for the same quarter of 2019. Coveware provides ransomware incident response and recovery services to companies.
Companies plan to step up investments to counter ransomware attacks, upgrade out-of-date computer network software and reduce vulnerability to their supply chains.
In ransomware attacks, hackers seize control of an organization’s computer system and data by installing malware. They lock up a victim’s computers with data-encrypting software. One ransomware variant threatens to release confidential data to the public.
In a growing number of incidents there’s “double extortion.” That’s when cybercriminals demand payment to de-encrypt an organization’s data and they also threaten to release data on the internet.
Ransomware-as-a-service enables less computer-savvy cybercriminals to engage in attacks without developing their own malware. They obtain malware and extortion tools via the dark web from criminal gangs. The names include DarkSide, REvil, Sodinokibi and Black Matter. These gangs take a share of ransomware payments.
The U.S. government aims to crack down on digital cryptocurrencies that make it easier for ransomware hackers to collect payment over the internet anonymously. The Treasury Department recently placed sanctions on Russia-based Suex, a crypto over-the-counter broker, for making ransomware transactions.
The ransomware threat has become so severe that the U.S. military in early December acknowledged that it has taken actions against criminal cyber groups. Previously, the U.S. government had viewed ransomware attacks as a problem for law enforcement.
The ransomware battle presents a host of challenges for cybersecurity stocks as well as small businesses, large corporations, hospitals, colleges, government and others.
Some ransomware attacks do not encrypt data. Instead, they aim to disrupt business operations by taking over computer networks. The threat is growing in manufacturing and industrial control systems. One example: the attack on Colonial Pipeline in early May. The hack took down the largest fuel pipeline in the U.S. and led to shortages across the East Coast.
Cybersecurity Stocks: Do Criminals Have Edge?
A wave of highly publicized ransomware incidents has hit since late 2019. Along with Colonial Pipeline, incidents have struck software maker Solarwinds (SWI), meat producer JBS, and tech company Kaseya. REvil demanded $50 million from Kaseya, which sells software tools to information technology providers.
Read IBD’s The Big Picture For Perspective On The Market Day
Many companies are more aware of the ransomware threat than a year ago. And, they’re focused on vulnerabilities such as phishing emails, poorly secured remote access log-ins, or software updates. But ransomware victims are sometimes harmed by things out of their control, like flaws in Microsoft (MSFT) software or vulnerabilities in their supply chain.
Meanwhile, cybercriminals continue to refine their tactics.
“Right now the game is very disproportionate on the attacker side when it comes to ransomware. Many of these attackers and operators can do their work without much risk and without repercussions,” said Wendi Whitmore, senior vice president of cyber consulting and threat intelligence at Palo Alto Networks.
“Ransomware-as-a-service has enabled more and more people to effectively get in the game,” Whitmore told IBD. “Ransomware-as-a-service has operated as a global business in some cases but more recently almost like retail franchises, where the operators provide all the tools to aspiring criminals. They recruit affiliates through websites available on the dark web. They market their capabilities very similar to traditional consumer businesses.”
According to Palo Alto’s Unit 42 threat intelligence and analytics arm, a fast-growing number of incidents involve ransomware demands over $1 million.
Cybersecurity Stocks In New Defense Program
Palo Alto Networks, CrowdStrike and Mandiant (MNDT) are taking part in the Joint Cyber Defense Collaborative, or JCDC, set up by the Biden administration in August to improve cybersecurity. Mandiant was formerly known as FireEye.
When the White House hosted a cybersecurity summit in August, technology and financial industry giants pledged to help in the fight against ransomware attacks. Also invited to the summit were four cyber insurance companies. The hope was that their industry could also play a big role in setting higher security standards.
Taking part in the summit were cyber insurance startups Coalition and Resilience as well as established carriers Vantage Group and Travelers (TRV). Coalition in late September closed a $205 million funding round at a valuation of more than $3.5 billion. Its security partners include Okta (OKTA) and SentinelOne (S).
Cyber insurers have been hard hit by the ransomware explosion. Ransomware accounted for 75% of all cyber losses in 2020, according to an AM Best report.
The $5.5 billion global cyber insurance market remains small compared with autos and property. Less than 15% of organizations globally buy cyber insurance. That includes about one-third of all large companies in the U.S., said the Ransomware Task Force report.
Cyber Insurance Invites Attacks?
To get better actuarial estimates on computer security risk, seven top insurance companies in June formed CyberAcuView. It will combine their data collection activities and analysis.
One view is that ransomware hackers target businesses that they believe or know have coverage. That way it’s easier to pay up.
“The bad guys are figuring out how to make money and ransomware has been a very effective way to do that,” said Brian Beyer, chief executive and co-founder of cybersecurity firm Red Canary. “There’s a relatively new cybersecurity insurance industry. Now that we’re a couple of years into it, you have a lot of those insurance companies asking questions of whether they can keep underwriting ransomware losses.”
Here’s Where To Find Cybersecurity Stocks To Buy And Watch
“Those questions are really going to change the future of how ransomware affects organizations,” Beyer told IBD. “Because if insurance companies and their policies aren’t paying behind the scenes, then a lot more companies are going to say, ‘No, I’m not going to be able to pay that ransom.’ And that could change the nature of how ransomware is monetized.”
Cyber insurance premiums rose 20% in 2020, according to an Aon report. Premiums jumped in early 2021 as ransomware attacks revved up.
“It’s getting a lot harder to get cyber insurance and it’s getting more rigid in terms of the policies,” said CrowdStrike’s Sentonas. “We’re starting to see insurance companies mandating certain security technologies and standards. If companies don’t have the right types of security they’re probably not going to get insurance.”
Zero Trust Security
The coronavirus emergency and shift to remote work have impacted spending on cybersecurity, said an RBC Capital report in November.
“While megatrends such as cloud adoption and digital transformation are well-established, we believe Covid has accelerated this transition by up to five years or potentially more,” said RBC analyst Matthew Hedberg. “Covid pushed the network perimeter far beyond the traditional hub-and-spoke design of an on-premise data center.”
The cybersecurity stocks expected to have a bigger role in deterring ransomware include those that specialize in multifactor authentication, a concept known as Zero Trust, vulnerability management and endpoint detection.
Multifactor authentication requires a second source of identity verification. That includes random security codes embedded in text messages sent to mobile phones, in addition to passwords.
Zero Trust security focuses on identity verification and limiting administrative privileges.
Once verified, users receive access only to specific apps and data aligned with their jobs, not entire networks. Companies call the security process segmentation. It’s important because ransomware spreads across a network through data file paths to which an infected user has access.
Palo Alto Networks and Zscaler take part in the National Cybersecurity Center of Excellence pilot program on Zero Trust.
XDR Threat Detection Technology
A Barclays survey of chief information officers, released in October, ranked cybersecurity spending priorities. The Barclays survey said top priorities were endpoint security, identity and access management and vulnerability management.
Endpoint security technology aims to detect and remove malware on personal computers, laptops and mobile devices that access company networks.
Cybersecurity stocks also see potential for an early detection technology called XDR, or extended detection and response. It’s an advanced form of threat analytics.
XDR improves upon security information and event management, or SIEM. XDR security platforms monitor and analyze endpoints as well as web and email gateways. They also examine web application firewalls, cloud business workloads and information technology infrastructure.
In addition, XDR uses automated tools to gather network incident data, also called telemetry, to identify signals of malicious activity
Cybersecurity Stocks That Sell XDR Technology
Palo Alto Networks sells XDR technology. It’s been making acquisitions to add artificial intelligence tools to a cloud-based threat detecting platform.
CrowdStrike acquired Humio, a cloud log management and observability startup, to beef up its XDR offerings. Fortinet, Rapid7 (RPD) and Mandiant also have made XDR-related acquisitions.
The New America: The Place To Find New Stock Ideas
Many cybersecurity startups such as Cybereason, Illumio, Exabeam and Recorded Future do business in the XDR market. Amid the spike in ransomware incidents, venture capital has also been flowing. Recipients include Netskope, Menlo Security, Deep Instinct and Lacework.
Cybersecurity stocks aren’t the only plays for investors eyeing the extortion economy. There’s also the growing market for data backup and recovery.
Anti-virus software maker Emsisoft says in 2020 it took 287 days on average for a business to fully recover from a ransomware attack.
Data Backup And Recovery
According to research firm Gartner, top vendors in the data backup market include CommVault Systems (CVLT), Veritas, Rubrik, Veeam and Acronis. Microsoft in August invested in startup Rubrik. Dell in June invested in Calamu.
Some cybersecurity stocks prioritize data backup and recovery, aiming to have the ability to just say no to ransomware demands. But ransomware hackers target data backup systems as well.
Once inside a company’s computer systems, hackers spend weeks or months laying the groundwork to initiate demands. That prep work includes corrupting backup data systems.
“The best cure for ransomware is not getting it in the first place,” said Gartner analyst Nik Simpson. “Protecting the backup data systems has become a key part of any ransomware strategy.”
Follow Reinhardt Krause on Twitter @reinhardtk_tech for updates on 5G wireless, artificial intelligence, cybersecurity and cloud computing.
How This IBD Tool Simplifies The Search For Top Stocks
Find Compelling Growth Stocks With IBD’s Stock Of The Day
Get A Free Trial Of IBD Leaderboard
Best Growth Stocks To Buy And Watch: See Updates To IBD Stock Lists