Cyber-security market expected to grow 12-15% p.a.

The Stuxnet worm, unprecedented in sophistication and malice, works in three phases. First, it replicates itself across Microsoft Windows networks and machines. Then it seeks out a very specific target, in this instance Siemens Step7 software that is used to program industrial control systems used to operate physical machinery. Finally, and perhaps most impressively, it subverts the programmable logic controllers allowing the worm's authors to spy on the system and cause it to destroy itself physically, entirely unknown to the human operators at the plant. The sophistication of the programming of this worm is such that it's estimated it would have taken a team of 10 expert programmers 2 to 3 years to develop. An anonymous interview with a CIA agent in 2012 suggested what was long suspected - that this was a joint operation by the US and Israel aimed at curtailing Iran's ability to develop nuclear weapons.

Sometime after the initial cyber-attack on Iran, a programming error allowed the destructive computer code to escape and spread throughout the internet, infecting computers around the world. Although the original code was designed to affect only the Siemens software used for specific industrial purposes, the sophistication of Stuxnet has been harnessed through the reverse engineering of the virus, creating a whole new family of malware. Duqu and Flame, both discovered shortly after Stuxnet and confirmed as direct hybrids, work by stealing digital certificates and private keys to achieve their aim of monitoring and extracting information. This includes secretly sending information to other servers, recording audio, screenshots, keyboard activity and network traffic from infected machines. According to McAfee (owned by Intel), these capabilities are most frequently used to extract sensitive personal information such as bank account details, passport numbers and all other information that would be useful to carry out identity theft.

This type of malware threatens the security of information for businesses, individuals, and governments. Former US Defense Secretary, Leon Panetta, has warned that the US is vulnerable to a "cyber Pearl Harbour" that could derail trains, poison water supplies, and cripple power grids. The threat of cyber-attacks is increasingly entering the public consciousness. Facebook's Mark Zuckerberg inadvertently revealed to the world that he puts tape on the camera and microphone port of his computer, as the last line of defense against cyber-attacks. The size of the cyber-security market is large and growing. It is expected to grow at a rate of 12-15% per annum to a projected size of US$75 billion by 2020.

Makers of the well-known Norton antivirus software, Symantec Corp (SYMC.NAS), offers an opportunity for investors to gain a large cap, pure play exposure to the cyber security sector. Symantec's recently announced acquisition of Blue Coat will complement their existing services for large corporations in endpoint email security by increasing their existing capability for network-born threats.

Investors can also gain exposure to this growing market through Palo Alto Networks Inc (PANW.NYSE) which has been experiencing annual increases in revenue of over 50% since its IPO in 2012. Palo Alto has a grand vision to provide an enterprise security platform that prevents both known and unknown cyber threats for all users on any device across any network. However, the stock is very expensive, and some analysts question excessive marketing costs in the drive to grow sales.

[Screen Shot 2016-07-27 at 8.57.44 AM.png]

Two Australian small cap stocks operating in the sector are Senetas Corp (SEN) and Prophecy International Holdings (PRO). Senetas is a leading provider for high-assurance encryption protected networks designed specifically to protect without compromising network performance. Prophecy International designs, develops and distributes computer software applications and services. PRO's products are Basis 2, e-foundation, SNARE and Promadis. PRO distributes its products through a network of business partners in the Americas, the Middle East, Africa and throughout the Asia Pacific.

For investors who want a more diversified exposure to the sector, there are two notable ETFs - First Trust's NASDAQ Cybersecurity ETF (CIBR.NAS) and PureFunds ISE Cyber Security ETF (HACK.NYSE). Both ETFs hold companies that develop and support the implementation of cyber security technology. However, HACK (for a higher management fee) is more likely to own smaller up-and-coming companies that are at the cutting edge of technology breakthroughs, although these companies lack a substantial track record and potentially carry higher risk.

Article contributed by Mason Stevens:  (VIEW LINK)