Cyber security has emerged as the most discussed topic in the technology market over the last few months. As corporations, government agencies, banks and video game companies have been plagued by cyber attacks, online security has become a major concern for all.
However, the last few months have been particularly embarrassing for cyber security providers such as EMC Corp. (EMC), after some high-profile hacking was reported at Sony Corp. (SNE), EMC’s own RSA division, defense contractor Lockheed Martin Corp. (LMT), banker Citigroup Inc. (C), search company Google Inc. (GOOG), video game companies Electronic Arts (ERTS) and Sega Sammy Holdings Inc.
Moreover, government agencies like the IMF and CIA were also targeted. The Oak Ridge National Laboratory, which works closely with the U.S. Energy Department, also fell prey to cyber attack. In February 2011, France’s finance ministry suffered a cyber attack, aimed at stealing files on the G-20 summit in Paris.
Earlier in June, Citigroup reported that around 360,083 North America Citi-branded credit cards were hacked. According to a report in The Wall Street Journal, around 3,400 customers of Citigroup whose credit card information was hacked incurred losses totaling approximately $2.7 million.
According to Symantec Corp.’s (SYMC) State of Spam & Phishing monthly report, total phishing attacks increased by 6.7% from June 2010 to May 2011. The number of non-English phishing sites increased 18% month over month.
Amid the growing number of cyber attacks, corporations and companies are looking for stricter and more stringent cyber security measures to plug the loopholes in the system.
Government Initiatives
This has prompted the U.S. government to issue an updated list of the 25 most dangerous software errors and guidelines to help programmers identify and avoid them. The system aims at sealing the common security holes, such as SQL injection, which the hacker group LulzSec used to break into Sony and into InfraGard, an outreach center used by the Federal Bureau of Investigation (FBI) to liaise with private businesses.
The Department of Homeland Security and MITRE, a government-backed research organization, has been issuing a list of software vulnerabilities once a year since 2009. The latest update involves a standardized scoring system, which a customer can refer to at the time of purchasing a particular software. A high score indicates that the software is safe, whereas a low score reflects security problems.
MITRE has been trying to assign a common name for software errors instead of different names as given by different software analyzers. The organization is also urging software analyzers to use a common language called common weakness enumeration to analyze the bugs.
The streamlining of the process is extremely important for standardizing the codes and the organization achieved some success when Fortify, a division of Hewlett-Packard Co. (HPQ) and privately held Cenzic announced that they would deploy MITRE's language and scoring system.
We believe the Government initiative will be helpful in thwarting further hacking attacks. The string of attacks on major corporations and government agencies has exposed the vulnerability of the present security systems.
Although software developers, enterprises and the federal government may have heaved a sigh of relief after the retirement of hacker group LulzSec, we believe strict vigilance from all sectors is the need of the hour.
More Initiatives
Countries and corporations are tightening Internet security to tackle cyber crime, developing strategies to upgrade government computer systems and expand cooperation with other countries. Efforts to improve coordination within the private sector are also increasing.
According to the latest survey by research firm IDC, 31.0% of executives considered spending on security initiatives as the top priority for 2011.
To effectively tackle attacks targeting decision makers such as CEOs and executives, Intel Corp. (INTC) is deploying software to analyze employees’ log-in patterns. Under the system, if a user logs in at New York an hour after logging in from a California web address, the system may limit or deny access.
California-based FireEye unveiled a system designed to stop spear-phishing. Another vendor, CertiVox, has started selling a product that encrypts Web e-mails and online posts on Facebook or blogs, so only the recipients can read them.
Conclusion
With increasing spending from government and large enterprises, we believe companies such as EMC, Symantec and McAfee (acquired by Intel) would be encouraged to develop new and innovative products. EMC recently announced its intention of spending $3.0 billion on acquisitions, with security the other priority besides storage. We believe this policy will boost EMC’s dominant position (70.0%) in the cyber security market over the long term.
While mere listing and coding of security loopholes may not be the answer to the hacking problem, it will serve as a first step to solving the extremely complex problem. However, training and education on security matters are equally important we feel, since users often unknowingly and innocently help hackers through their actions.
We are Neutral on EMC, Symantec and Intel over the long term (6-12 months). Currently, all the companies have a Zacks #3 Rank, which implies a Hold rating on a short-term basis.
CITIGROUP INC (C): Free Stock Analysis Report
EMC CORP -MASS (EMC): Free Stock Analysis Report
ELECTR ARTS INC (ERTS): Free Stock Analysis Report
GOOGLE INC-CL A (GOOG): Free Stock Analysis Report
HEWLETT PACKARD (HPQ): Free Stock Analysis Report
INTEL CORP (INTC): Free Stock Analysis Report
LOCKHEED MARTIN (LMT): Free Stock Analysis Report
SONY CORP ADR (SNE): Free Stock Analysis Report
Be the first to comment