Howard Schmidt has a long history of studying cyberwarfare.
In the late 1960s, Schmidt served in the U.S. Air Force. He learned about chemical weapons, high explosives and nuclear weapons while attending munitions school.
Over the next few decades, he worked numerous security jobs, including working for the FBI, becoming the chief security officer for Microsoft and eventually becoming the first ever cyber czar for the U.S. under President Obama’s administration.
Schmidt’s job was to ensure the safety of stored data throughout the internet. In other words, it’s up to him to make sure America’s greatest secrets — which are stored online — are protected at all times.
Before Schmidt was hired in 2009, the U.S. faced claims it was losing the “cyberwar.” In the few months prior to his hiring, the U.S. electricity grid was hacked. Security officials said computer hackers from Russia and China were trying to steal our infrastructure plans.
Even before that… in 2007, hackers broke into the Department of Defense, Department of Energy and Department of Commerce, stealing loads of classified information.
As of today, officials claim they still do not know who was responsible for the theft.
Schmidt gave his first interview as cybersecurity czar at the RSA Security Conference in San Francisco in March 2010. RSA is one of the largest internet security firms in the world and is owned by tech giant EMC.
During the interview, Schmidt said: “There is no cyberwar in the U.S.”
One year after this speech, defense contractors Northrop Grumman, Lockheed Martin and L-3 Communications disclosed that their computer networks were hacked. The defense companies were using RSA’s internet security system.
After our largest defense contractors were breached, the Pentagon sang a different tune than Schmidt had a year earlier. Online cyberattacks, the military brass declared, are now considered an “act of war.”
In other words, the U.S. will employ military force if a foreign nation hacks into our government computer systems.
The defense contractors continue to downplay cybersecurity threats today. Yet according to a recent FBI report from this year, security experts “have compromised and stolen sensitive information from various government and commercial networks since at least 2008.”
In my view, cybersecurity has become one of our biggest threats to our well-being, and most corporations are not doing enough to protect themselves from cyberattacks.
Everyone Is at Risk
Hillary Clinton never thought her deleted emails would come back to haunt her.
The former Secretary of State said she “accidently” deleted tens of thousands of business-related emails on her private server at home. Some of these were listed as classified documents.
Hackers were able to get into her server and somehow retrieve thousands of her deleted emails. These hackers published her emails (through WikiLeaks). Several intelligence agencies believe these hackers are based in Russia.
If you watched the past few presidential debates, I’m sure you know all about Hillary’s emails. Many media outlets joked about them.
I suggest the media take these cyberattacks much more seriously.
For example, there are now more than 3.5 billion active internet users. And over 3.6 billion people are mobile phone users. That’s more than half of the world’s population storing personal and business data over some sort of digital platform.
Our utility companies and transit systems are run on computers. Almost every Fortune 500 company has huge amounts of data stored within their networks.
In fact, a dormant virus (believed to be of Russian origin) was found hidden and awaiting activation in the software that runs the Nasdaq exchange in 2013. Once activated, this virus could have started a chain reaction of “panic selling” leading to a worldwide financial crisis.
All our health records are being converted to digital systems. Someone hacking into a health care database can have access to your health records and prescription information.
Pacemakers use electronic pulses to regulate a person’s heartbeat. Defibrillators and other implantable medical devices use the same technology. These devices also have wireless connections where data are transmitted in real-time for doctors to monitor.
MIT published an article saying someone could hack a pacemaker, causing it to deliver a lethal shock. In fact, the Federal Communications Commission (FCC) recently moved implantable medical devices to a new frequency to protect from these kinds of hacks.
Hacking a pacemaker may sound far-fetched, but think about the fact that former Vice President Dick Cheney has a pacemaker. Other senior leaders of the U.S. government have implantable medical devices. This could open up a new potential weapon for would-be assassins.
Google keeps track of all the sites its users visit. Credit card companies store all of our personal information. Many of us pay our bills electronically. We post the places we visit on social networking sites like Facebook and Twitter. These sites also list all of our friends and family members.
Over the past few years, some of our largest companies have been hacked.
In 2014, Sony acknowledged its PlayStation network was broken into. More than 100 million user identities were compromised. Citigroup was hacked. Data for about 200,000 bank card holders in North America were compromised.
Home Depot was hacked. Data on 56 million customers were compromised. Target was hacked. Data on over 70 million of its customers were compromised. JPMorgan was hacked. Data on 76 million of its customers were compromised.
Yahoo was hacked. Data on 500 million accounts were stolen. In November of last year, a coordinated attack on a popular web hosting site caused major outages at Twitter, Netflix, Yelp, Spotify, Reddit, The New York Times and Amazon. These sites have hundreds of millions of members combined!
And the list goes on and on…
EBay… Adobe… AOL… Zappos… Apple… AT&T… Ohio, Texas and California Berkley Universities… hospitals… banks in South Korea and Australia… Experian… British Airways… Uber… Ashley Madison and thousands of other businesses have already been hacked.
If you have an account with any of these companies, chances are your personal information has been compromised.
You may think I’m just being paranoid. Maybe you’re thinking your information is 100% protected and your personal data will never be compromised. But the conversation I recently had with one of the world’s best hackers will likely change your mind.
The Ultimate Cyber Insider
John was one of the first hackers I ever met. (By the way, John is not his real name. For his own safety, he asked me to keep his name a secret.)
He had a successful business as a teenager more than 15 years ago. He hacked into his high school’s database where he changed the grades for most of the students. He charged each student $50 for each grade change and made a fortune over three years.
By his senior year, he was arrested by the Federal Bureau of Investigation (FBI). Hacking into a school network is a federal offense. He says this arrest was one of the best things that ever happened to him.
Today, John helps the government crack cybercrimes. He is a consultant to ABC Television and the Discovery Channel, helping them investigate cyberattacks. Right now, he is working on improving the internet security for one of the largest U.S. banks and is doing some work for the Pentagon.
I spoke to John about the surge in cyberattacks. He said, “It’s getting worse by the month.” Hundreds of millions of people have already had their data stolen. And he doesn’t see a short-term solution in sight.
When I asked him about corporate hacking, he said he believes almost every Fortune 500 company has been hacked. Most companies just don’t disclose this information.
In fact, corporations force security companies to sign a nondisclosure agreement. This way if a hack occurs, security firms can’t share this information with the public.
Yahoo is a great example of this. When the internet search engine was in the process of being acquired by telecom giant Verizon, Verizon discovered that Yahoo’s 500 million users were hacked back in 2014. They were buying the company and they hadn’t been told!
Sony is another example. The consumer tech company waited more than two weeks before telling users that its PlayStation network had been hacked. Its original intention was to shut down its network, fix the problem and never disclose its system was hacked. Target also waited weeks before alerting customers that its network was hacked back in 2014.
John told me that once a company is hacked, the data are immediately sold on the black market. So when our largest defense companies were hacked, any data that were stolen were immediately sold.
Imagine how much money our enemies would pay for the blueprints to our state-of-the-art weapons!
Businesses are taking huge measures to protect their secrets. As you can see from the chart below, companies are spending more and more money to protect their greatest assets.
And this trend is not expected to slow down anytime soon.
Global research firm MarketsandMarkets expects the cybersecurity market to grow to more than $200 billion by 2021. That’s about twice the size of the market to treat cancer patients is right now!
But that’s just half the story.
Most companies won’t purchase security directly. A large part of their capital spending goes to upgrading and improving software. The best software platforms have built-in, state-of-the-art internet security systems. So the $200 billion number may actually prove to be conservative.
Also, the MarketsandMarkets estimate does not include government spending on cybersecurity. In fact, it’s one of the few defense programs where spending is projected to increase every year for decades.
There are a lot of cybersecurity companies that will be big beneficiaries of all this spending.
My Favorite Cybersecurity Stocks
I am focusing on companies who are making cybersecurity and protective software a bigger piece of their overall business. This includes some of the largest companies in technology.
Six of these companies are listed here:
Keep in mind, these companies are not pure plays on cybersecurity. In short, cybersecurity only accounts for a small piece of their overall revenue. However, these companies will give you some exposure to this blockbuster trend.
My next group includes a list of six pure-play cybersecurity stocks. Nearly all of their revenue is generated from cybersecurity.
These pure-plays carry a higher degree of risk compared with the first list of large-cap names. However, most of these companies could easily double or triple their sales within the next few years. They are also more likely to be acquired by some of the bigger industry-leading names I mentioned above.
Yes, cybersecurity is scary. And yes, we’re at war with hackers from all over the world right now as we speak.
But protecting people from this emerging risk is going to be a massive business opportunity over the next few decades. The companies above are well-positioned to benefit, and investors would do well to watch developments in the space for new opportunities.