Last week, a Voldemort-equivalent hacker group called the Shadow Brokers unleashed the WannaCrypt ransomware attack on the digital world, crippling tens of thousands of businesses, hospitals and agencies across 153 countries, according to Forbes. The malware encrypts data files until a $300 bitcoin "ransom" is paid by the user (bitcoin transactions are not traceable). Unfortunately, in many cases the files are never recovered, even after the ransom is paid.
Ransomware such as WannaCrypt is especially dastardly because they are "worms" -- they don't require someone to click on a phishing link to enable them. Once inside the backdoor of a computer, this malware can spread to any other connected devices (such as an external hard drive) and infect entire networks.
According to a CNN article, the attack "caused Britain's NHS [National Health Service] to cancel surgeries, a wide array of Russian and Chinese private and public institutions to be crippled most of the day, and the rest of the world to recoil in shock." Unfortunately, it seems the entire mess was avoidable. The same article explained how the vulnerability that allowed so many computers to be penetrated by the malware had been identified some time ago by the National Security Agency (NSA).
The attack didn't penetrate the U.S. to the extent that it did globally, but only due to a serendipitous find by a British researcher who pulled a "kill switch" by registering a domain name that essentially shut down the WannaCrypt malware. That's a little too close for comfort, considering the destruction this type of hacking can cause.
Clearly, the first line of defense against such a digital monster is to keep current on all updates issued by your software provider, as they offer patches against any recent vulnerabilities. For many businesses, however, the time and inconvenience associated with such updates lead them to procrastinate. But in situations such as this, the outcome can be dire.
The Forbes article quotes leadership consultant, author and former U.S. Army Ranger J.C. Glick: "Companies aren't prepared for what may happen. They're prepared for what they believe will happen." The trouble is, they don't have a contingency plan for when their beliefs and expectations don't line up with reality.
This isn't unlike the world of investing. Expectations are often what drive investor behavior and, subsequently, shifts in share value. As we know only too well, however, expectations don't drive reality, and reality can be sobering. As an investor, therefore, it's important to stay measured and cautious to guard against potentially costly missteps. At Validea, we use a company's fundamentals as the basis for evaluating attractive opportunities. While stock performance can be a wild card, strong business operations form a springboard for future success, profitability and shareholder returns.
Using stock screening models I created using the strategies of some of the most successful investors of all time, I have identified four high-scoring stocks of businesses that operate in the cybersecurity sector:
Verisign (VRSN) is a provider of domain-name registry services and internet security. The company earns high marks from our Joel Greenblatt-based investment strategy in light of its earnings yield (earnings before interest and taxes divided by enterprise value) of 7.72% as well as its return on total capital (total capital divided by EBIT) of 91.03%. When taken together, these two criteria rank the company 67th among the stocks in our database, and therefore passes this screen.
NICE Ltd. (NICE) is a global enterprise software provider that offers customer interactive solutions and financial crime and compliance solutions. The company scores well under our Peter Lynch-based investment strategy due to its ratio of inventory to sales, which has decreased over the past year. EPS growth of 21.9% falls within the preferred range under this model, and debt to equity of 30.78% adds appeal.
Qualys (QLYS) is a provider of cloud-based security and compliance solutions that is favored by our Validea Momentum stock screening model in light of annual earnings growth of 44.08%, nearly double the preferred level. The stock's price performance is reflected in the current share price of $42.10, which is within 15% of the 52-week high, a positive sign under this model, and the debt-free balance sheet adds appeal.
Mimecast Limited (MIME) is a provider of cloud security and risk management services for corporate information and email, and is favored by our Motley Fool-based investment strategy due to the stock's relative strength of 97 (the company has outperformed 97% of the market for the past year). The company's operations generate cash as evidenced by balances of $111.7 million, and the revenue base of $186.6 million (trailing 12-month) adds appeal (this model likes small-cap companies as they offer potential value to investors).
