The Biggest Threat to America

The No. 1 security risk on Americans' minds is no longer terrorism. In a recent survey by Unisys, hackers and viruses outranked terrorism as the nation's No. 1 security threat. Read on, and I'll explain the growing problem, how you can protect yourself, and the stocks I think are best-positioned to gain from battling ever-expanding cybersecurity risks.

The huge rise of cyber attacks
It's no surprise Americans are scared. In the past two years, we've seen:

  • Sony's Playstation Network hacked, with 77 million accounts exposed -- credit card numbers included.
  • Nasdaq's computer systems hacked.
  • Hackers from Anonymous cripple the websites of the CIA, Visa, Mastercard, and Paypal.
  • The world's first cyber weapons, Stuxnet and Flame.
  • Malware Monday.
  • 6.5 million user passwords hacked at LinkedIn, 1 million at Gawker, and 400,000 at Yahoo!.
  • 600,000 Apple Macs hacked and controlled by the Flashback Trojan.
  • Reuters, Dropbox, and the MLB hacked -- all in the last week.
  • And a Wired magazine writer's digital life get completely destroyed last Friday

Our infrastructure is also under attack. Earlier this year, America's natural-gas pipelines were attacked by sophisticated spear-phishing attempts. The Head of the NSA said last month there has been a 17-fold increase in the number of computer attacks on the U.S. infrastructure in just the past three years.

Hackers aren't just going after big companies and infrastructure; Verizon's forensic analysis unit reported that 72% of the data breaches worldwide that it analyzed last year were at companies with 100 or fewer employees.

These aren't minor incidents. A separate survey by the Computing Technology Industry Association found that 76% of responding companies had had a cybersecurity incident within the past 12 months resulting in the loss of money, data, intellectual property, or the ability to conduct day-to-day business.

The really scary part, though, is thinking about all the attacks that go unnoticed or unreported. Shawn Henry, a former executive assistant director at the FBI's cyber division, recently said, "What the general public hears about -- stolen credit card numbers, somebody hacked LinkedIn -- that's the tip of the iceberg, the unclassified stuff."

Five simple tips to boost your cybersecurity
Many of the above hacks could have been prevented by some simple precautions.

  1. Use complicated passwords with numbers, symbols, uppercase letters, and lowercase letters. If it's available, use two-step authentication. It's alarming how many people use simple passwords such as "12345" or "password."
  2. Don't reuse the same password across multiple websites.
  3. Choose obscure answers to your password retrieval questions.
  4. Use antivirus software.
  5. Use BillGuard to monitor your credit card. BillGuard is a free monitor for your credit and debit cards (truly free, unlike freecreditreport.com, with its annoying commercials).

My top stock for cybersecurity
You can profit from growing cyber risks by investing in the companies whose business is protecting other companies. While Cisco (Nasdaq: CSCO  ) and Juniper Networks (Nasdaq: JNPR  ) are No. 1 and 2 in the network security market, my top pick is third by market share: Check Point Software Technologies (Nasdaq: CHKP  ) . You might be familiar with Checkpoint's ZoneAlarm product for consumer. However, Checkpoint makes most of its money selling network security services to large companies. Checkpoint counts 98% of the Fortune 500 as customers and 100% of the Fortune 100.

The company uses a razor-and-blades model, selling standardized security appliances (the "razor") with customizable software add-ons that cost extra (the "blades"). This model has led to 16% annual revenue growth since its introduction three years ago. It has also been very profitable for the company, as net income has grown 22% annually over the same time period.

Check Point was founded by Gil Shwed, who now runs the company and owns a 12% stake, and Marius Nacht, who is the current vice chairman and has an 11% stake. Check Point has been repurchasing shares for years, and it recently announced a $1 billion share buyback. With an $11 billion market cap, nearly $800 million in free cash flow, no debt, and $3 billion in cash and bonds on its balance sheet, the company seems to be making good use of its capital.

There are other interesting stocks in the network security space, particularly Sourcefire (Nasdaq: FIRE  ) and Symantec (Nasdaq: SYMC  ) . However, neither has the low valuation, balance sheet strength, or insider ownership that Check Point has.

Final Foolish thought
Cybersecurity will only become more important as the number of devices connected to the Internet continues to grow exponentially. The Motley Fool recently released a free report named "The Next Trillion-Dollar Revolution" that shows why this seismic shift will dwarf any other technological revolution seen before it. The report also reveals a stock we have singled out as the front runner of this trend. Thousands have already requested access to this report, and you can get your copy today by clicking here -- it's free.

Dan Dzombak can be found on his Facebook page. Click here and like his Facebook page to follow his investing articles. He owns shares of Cisco Systems, but he holds no other position in any company mentioned. The Motley Fool owns shares of Cisco Systems and Check Point Software Technologies. Motley Fool newsletter services have recommended buying shares of Check Point Software Technologies and Sourcefire. The Motley Fool has a disclosure policy. We Fools may not all hold the same opinions, but we all believe that considering a diverse range of insights makes us better investors. Try any of our Foolish newsletter services free for 30 days.


Read/Post Comments (29) | Recommend This Article (43)

Comments from our Foolish Readers

Help us keep this a respectfully Foolish area! This is a place for our readers to discuss, debate, and learn more about the Foolish investing topic you read about above. Help us keep it clean and safe. If you believe a comment is abusive or otherwise violates our Fool's Rules, please report it via the Report this Comment Report this Comment icon found on every comment.

  • Report this Comment On August 07, 2012, at 5:29 PM, agwisreal wrote:

    I would say that the greatest threat is the changing climate. Look at the cost of this year's drought, with the accompanying fires in CO and OK [so far].

    We can, potentially, invent and develop countermeasures to hacking that will be robust and cheap. We cannot so easily escape the physics of carbon dioxide.

    We cannot instantly abstain from coal, oil, and natural gas either. And if we did, there would still be the production from China, Europe, India, etc. They, by the same logic, are reluctant to go first for fear we would leverage our electricity cost advantage if they went over to somewhat more expensive wind and solar.

    So this threat, because it's so slow moving and so intractable, rates as the most serious, all things told, as I see it.

  • Report this Comment On August 07, 2012, at 5:41 PM, pjwilliams2 wrote:

    Comment on step one of five for boosting your security: there's no need to make your password that complicated as long as websites allow you to make it longer. Prime explanation why: http://xkcd.com/936/

  • Report this Comment On August 07, 2012, at 5:49 PM, TMFMTHead wrote:

    I am not sure that I would list Check Point over Cisco. While CHKP has no debt, Cisco, after paying off it's debt still has $32 billion or so in cash on hand. Yes, Cisco may not grow revenues as quickly as CHKP, but still they are cheaper based on PE, plus they are paying a 2% dividend and I am becoming a huge fan of dividend stocks.

    My question is why doesn't CHKP start paying a dividend? With no debt, they could pay out 25% of levered free cash flow, or about $.70 per share annually, for a dividend of 1.4%. Not great, but a nice return to investors.

  • Report this Comment On August 07, 2012, at 5:54 PM, TheHungryBear wrote:

    I guess people see terrorism as gangsters with guns and/or bombs. But to me, I see think of terrorists as people who want to take America down any way they can. And I believe there are terrorists behind many of the attacks in cyberspace. So I would say that terrorism is still our main security risk.

  • Report this Comment On August 07, 2012, at 6:05 PM, ryanalexanderson wrote:

    > I am not sure that I would list Check Point over Cisco.

    Perhaps, but a bet on bellwether Cisco is a bet on broad economic recovery. I can't see security being a huge part of their portfolio when they are primarily a switch and router company.

    CHKP seems to be the purer cybersecurity play.

  • Report this Comment On August 07, 2012, at 6:27 PM, PeakOilBill wrote:

    As soon as the Chinese no longer need the US market, get ready for them to shut down the US electric grid with a cyber attack. Another 10 years, maybe?

  • Report this Comment On August 07, 2012, at 6:29 PM, nwaluli wrote:

    If one stopped and thought about hackers being able to block access to your checking and savings accounts, investment accounts and use of your credit cards how concerned you would be. Imagine going to the bank and being told that there is no record of your accounts or going online and not being able to sign into your investment accounts. I think the threat of hackers being able to disrupt our financial systems is the most serious threat of all.

  • Report this Comment On August 07, 2012, at 6:33 PM, marei wrote:

    I do all my passwords in Cherokee Indian. How's that for security??--Tom Reilly

  • Report this Comment On August 07, 2012, at 6:46 PM, spinindog wrote:

    Most of the problem with hackers lies in the fact that we don't go after them. They attack with no fear of repercussions.

    I know that most of the problem lies outside our borders. However, we should calculate the cost of the attack from any foreign country and subtract it from their aid checks unless they prosecute the offenders.

    Hackers, left unpunished, will do what they do regardless of our defenses, unless they fear prosecution.

  • Report this Comment On August 07, 2012, at 7:21 PM, mythshakr wrote:

    I don't believe anyone has been killed or maimed as a result of cyber warfare [yet] so I see it more as a threat to business and possibly parts of the economy rather than our sovereignty.

    No one should be surprised if Stuxnet and Flame were sourced from a sovereign government. Only the sources know for sure and they won't be talking for a long time. While the U.S. and Israel would be the first most would point fingers at, there are other mice with the means, motive and opportunity to roar in the world of cyber warfare.

    Actually, I would see a quick dramatic deleveraging of the US government in the economy of the US, and the world for that matter, as more of a threat to America. Just how many homeless, hungry and feeling hopeless people would it take for a spark of internal violence to grow beyond the ability of the state and federal governments to cope? Less than you would think. Particularly if the response is seen as heavy handed or uncaring.

  • Report this Comment On August 07, 2012, at 8:19 PM, xetn wrote:

    " The world's first cyber weapons, Stuxnet and Flame "

    The is evidence that these were developed by the US and Isreal and has been aimed at Iran.

    http://www.washingtonpost.com/world/national-security/stuxne...

  • Report this Comment On August 07, 2012, at 8:58 PM, petrogold wrote:

    The greatest threat is wars by George Bush, that crippled the world followed by recession. Now economists, finance ministers, or PM, or presidents could not fix it. Most threat is due to dealing with interests in all institutes accross America or EU nations.Let the bankers think how to come out of interests, all threats will be over.

  • Report this Comment On August 08, 2012, at 7:50 AM, dbtheonly wrote:

    xetn,

    You say that as if it's somehow relevant.

    But just for it, in stopping an Iranian nuclear weapons programme, would you rather fry their computers or fry their cities?

  • Report this Comment On August 08, 2012, at 10:04 AM, Miketoz wrote:

    This article points up a worst case scenario - and it's not the only one - perpetrated by a nefarious and brilliant individual. Interestingly, most of the comments have to do with doomsday scenarios. But this is a serious near term consumer problem that routinely affects thousands of individuals.

    When a website asks to store a credit card number "for my convenience" I always say no. For some some sites I have to go back and remove the number manually. Nonetheless, it is impossible to remove all instances of my credit card data on line, unless I want to write checks, or choose to prohibit myself from doing business with a company.

    The U.S. banks need to adopt more stringent credit card data security standards, but in the meantime this vulnerability will remain.

  • Report this Comment On August 08, 2012, at 12:42 PM, TMFDanDzombak wrote:

    @agwisreal Climate change is a bigger threat to the poorer countries around the world than to the U.S. The U.S. is a major food exporter with large amounts of arable land and water. We will be able to adapt and feed our population while the rest of the world will face major challenges.

    The U.S.'s wealth is built around intellectual property and ingenuity. We are losing that to hackers.

    Jeremy Grantham, CIO of GMO which manages $180 billion, wrote his quarterly letter around climate change, the global food crisis, and the rising water crisis and how he believes everyone is underestimating the problem. Well worth a read (20 page PDF, it's long but good)

    http://www.gmo.com/websitecontent/GMOQ2Letter.pdf

  • Report this Comment On August 08, 2012, at 12:45 PM, TMFDanDzombak wrote:

    @pjwilliams2 That's a great point.

    Would like to take a moment and stress the importance of using double authentication if possible. Use it!

  • Report this Comment On August 08, 2012, at 12:56 PM, TMFDanDzombak wrote:

    @TMFMTHead Also a fan of dividends. They recently upped their buyback to $1 billion to return cash to shareholders. Would like a dividend but can see how the two shareholders that own 25% of the company would rather the company buy back stock at a cheap price rather than pay a dividend

  • Report this Comment On August 08, 2012, at 12:57 PM, TMFDanDzombak wrote:

    @TheHungryBear. Good point

  • Report this Comment On August 08, 2012, at 12:57 PM, TMFDanDzombak wrote:

    @RyanAlexanderson Exactly

  • Report this Comment On August 08, 2012, at 12:59 PM, TMFDanDzombak wrote:

    @PeakOilBill @nwaluli I see the electrical grid being attacked as a much bigger threat than the financial system being attacked. Electrical grid being shutdown would cost lots of lives, food disruptions, etc.

  • Report this Comment On August 08, 2012, at 1:00 PM, TMFDanDzombak wrote:

    @marei See pjwilliams2's comment. The longer the better. Brute force attacks don't care what language a password is in

  • Report this Comment On August 08, 2012, at 1:05 PM, TMFDanDzombak wrote:

    @spinindog That's fair to some extent. A problem arises though when it's state sponsored hacking.

  • Report this Comment On August 08, 2012, at 2:42 PM, mikecart1 wrote:

    What they should do in this country is change the way we go about education. It obviously isn't working much if you have been out lately and have conversations with some of these people that don't look like they could balance a check book let alone hold a steady job that requires responsibilities.

    Be like China. Decide what a person wants to do early on and train them on that occupation for years. What does history and biology and other worthless classes to a person that wants to study computer science or programming? Is it really any surprise that the best and smartest at these cyber security jobs are the ones that spent all their free time programming and could care less about getting A's in some of these worthless classes???

  • Report this Comment On August 08, 2012, at 3:06 PM, JadedFoolalex wrote:

    @mythshakr Drone attacks on terrorist leaders is about as close to a cyberattack as you can get!!

  • Report this Comment On August 09, 2012, at 4:03 PM, TMFDanDzombak wrote:

    Today Kapersky Labs announced another instance of Flame/Stuxnet which they are calling Gauss that targets Lebanese bank information.

    "Functionally, Gauss is designed to collect as much information about infected systems as possible, as well as to steal credentials for various banking systems and social network, email and IM accounts. The Gauss code includes commands to intercept data required to work with several Lebanese banks - for instance, Bank of Beirut, Byblos Bank, and Fransabank.

    http://www.securelist.com/en/analysis/204792238/Gauss_Abnorm...

  • Report this Comment On August 10, 2012, at 12:11 PM, hermitinvestor wrote:

    With regard to BillGuard, I would just point out that "If you are not paying for it, then YOU are the product."

    I suspect they make their money data-mining. In any event, they will know an awful lot about you.

    Just saying

  • Report this Comment On August 14, 2012, at 3:54 PM, Sunny7039 wrote:

    People no longer believe terrorism is the most serious threat? This is the most ominous thing I've read in a long time. Now you can be sure that terrorism is the most serious threat -- or if it isn't, it will be before this decade is over.

    I agree with the posters who cited climate change and education as very serious problems. The things that move slowly but persistently are always serious, and often ignored. (Note to the skeptics: I didn't say humans were the trigger behind climate change. That is a separate issue, and more contentious. Though if you've studied the question, you have to admit it is quite possible that our activities are the trigger. Also, it is possible -- at the very least -- that we can DO something to mitigate the negative effects of ANY long-term natural process. The fact that we are here, seven billion strong, is pretty good evidence of that.)

    I also believe that the end of privacy in the English-speaking world is a problem. Don't look now, but in other countries (that aren't dictatorships) privacy is taken more seriously. Here, anything that helps to change human beings into mere commodities is celebrated as "modern." (See the problem with education, mentioned above.)

  • Report this Comment On August 20, 2012, at 3:54 AM, foolsfancy wrote:

    I know that it is important to have a secure password but it seems to me that if these big corporations are being hacked, the hackers are able to obtain your credit information, anyway. Am I correct?

  • Report this Comment On September 03, 2012, at 12:22 PM, HLRINV wrote:

    Foolsfancy: Yes, I have thought about that as well.....

Add your comment.

Sponsored Links

Leaked: Apple's Next Smart Device
(Warning, it may shock you)
The secret is out... experts are predicting 458 million of these types of devices will be sold per year. 1 hyper-growth company stands to rake in maximum profit - and it's NOT Apple. Show me Apple's new smart gizmo!

DocumentId: 1975082, ~/Articles/ArticleHandler.aspx, 11/23/2014 6:30:32 AM

Report This Comment

Use this area to report a comment that you believe is in violation of the community guidelines. Our team will review the entry and take any appropriate action.

Sending report...


Advertisement