• Dark Dante and the problem with hacking
  • The most promising cyber stock for investors

This article is the forth in a series about investing in technology — arguing that the key to finding great opportunities and negotiating the next few years of wild industrial weather is to focus on technologies that produce actionable data, and in particular, those companies that are terraforming the planet for digital life.

In the 1995, Kevin Poulsen became one of the first hackers to achieve a public profile when a judge banned him from using the internet following his release from a five year stretch in prison.

Operating under the handle Dark Dante, Poulsen had pulled off a string of notorious stunts before becoming a fugitive of the FBI. His most famous was taking over the telephones of a Los Angeles radio station so that he could guarantee himself as the 102nd caller, collecting a Porsche 944 S2 as his prize.

When he was featured on NBC’s Unsolved Mysteries, the show’s 1-800 telephone lines crashed mysteriously.

mo1609aIn the intervening period, we have seen an explosion in connected devices and vast stores of actionable data collecting on the servers of public and private agencies. Cybercrime has become a thriving criminal industry, and one that is increasingly an arena for warfare and industrial espionage by governments.

And Poulsen, now an editor at Wired, has an interesting perspective on how we might begin to address this crisis.

As he puts it: “Information is secure when it costs more to get it than it’s worth”.

This is a useful idea because it acknowledges several realities about cybersecurity…

First, the cost of conducting a hack — in terms of labour, the time it takes to achieve a goal and the risk of getting caught — is now extremely low. The tools and methods for conducting attacks are freely available in online clearing houses, and with so many devices connecting online, there is a vast surface for launching an attack, with little chance of getting caught.

Secondly, the attack surface is getting larger. With 5 billion more people connecting to the internet, there are 5 billion more points of attack for states, corporates and lone wolf hackers.

Thirdly, valuable information continues to stockpile on corporate servers, providing lucrative targets for criminals, with little hope of protection from overstretched security staff.

Many large corporates have up to 100 security suppliers and dense patchworks of security products which overstretched IT security departments simply can’t manage. After a spate of breathless overselling by the cyber security companies in the ‘panic period’ of 2014 and 2015, Cisco sees a shortfall of over 1.5 million cyber-security staff by 2019.

There’s a huge problem, for example, with false positives and false tip-offs, while currently the job of CISO is a hiding to nothing: breaches are just going to happen and malware will always be lurking undetected in corporate systems. The average life of a CISO is 1.5 years! A bad environment for stressed and overwhelmed people.

In fact, despite the threats to digital assets and reputations, according to Gartner, corporates en mass will spend less than 5% of their IT budget on cyber-security this year — partly because it’s been shown to be a poor investment.

Let the machines take over

The goal of cybersecurity, then, is not to make successful attacks impossible, but to make it more costly for cybercriminals to access critical data.

This is not a job fit for humans.

That’s why for the past two years, the most advanced cybersecurity systems have been using machine learning algorithms to spot and direct responses to suspected breaches.

Machine learning has been used in the financial sector for some time to identify potential fraud. The large datasets collected on credit card use, for example, have allowed algorithms to learn how to recognise normal behaviour, and in turn to highlight anomalies in the system. IBM researchers working with a large US bank claimed a 15% increase in fraud detection with a 50% reduction in false alarms and a total savings increase of 60%.

The algorithms are still primitive, but once spotted, they are learning to misdirect and confuse, lifting the cost of conducting an attack, sometimes persuading the hacker to move on.

The most advanced systems have even been using machine learning to mimic the human immune system, first learning about the system itself, then spotting intruders by their actions. The more they interact the smarter the algorithms become.

Flash Crashes and Cascading Error

The kicker is that, as security analyst Stuart Winter-Tear points out, the hackers will partner with machine learning algorithms themselves.

In prospect: swarms of algorithms competing from vastly different domains, conducting surveillance on networks, entrapping and seizing upon perceived anomalies with the very real risk of flash crashes and cascading errors.

As systems scientist Dirk Helbing has pointed out, by connecting networks from vastly different domains, we have created “highways of disaster” in a financial and economic system that is increasingly beyond human control or comprehension.

Helbing: “We have created highways of disaster”


Still security, in itself, is a problem that we have faced before. If we are wrestling with the threat of criminal and terrorist groups, “look to the age of sail and how the original pirates and privateers were chased from the seas through a mix of action against the marketplaces and creation of international norms,” notes political scientist Peter W. Singer. If the problem is private hackers, “we might turn to the legal and economic tools used to fight environmental pollution.”

The immediate takeaway for investors is that the $70-$80 billion cyber security industry is at a tipping point as companies strip back their list of suppliers just as data breaches keep rising, and as they look to deploy more complex platform technologies to supercede the widespread ‘old world’ approach of the last decade of simply patching known vulnerabilities, and installing firewall and anti-virus software.

In short, a new order is emerging based on condition and behavioural analysis yielding manageable actionable data, and the systematic automation of human cyber security tasks. At the core will be the arrival of self-learning systems in the world of security.

Splunk looks a very attractive prospect

There are several implications for investors.

Among other things, it means a consolidation over the next two to three years of an over-supplied industry sporting too many ‘old world’ niche players.

We can expect the likes of IBM, Cisco, Check Point and Palo Alto Networks and a glut of new start-ups such as Darktrace, Deep Instinct and HackerONE to be in the vanguard of applying AI and machine learning to cyber-security.

I think any portfolio warrants the inclusion of Check Point and/or Palo Alto Networks on a five year view given the industry dynamics in process.

But I especially like the look of Splunk (Nasdaq: SPLK), which is widely perceived to be the leader in middleware that extracts operational intelligence from huge volumes of fast moving machine generated data.

The company has over 1000 customers ranging from BlackRock and CocaCola to Symantec and Vodafone.

Note Symantec — one of the big three pure pay cyber security companies. It will be relying on Splunk to sharpen up its service offering. And among others Adobe, Autodesk and BlackRock are using Splunk middleware to sharpen up their cyber defences.

Splunk will attract a high media profile as it develops its cyber business. The company has cut a dash in a key arena and is set fair for sustained growth, while being an obvious candidate for a roll-up or acquisition by one of the big dog IT conglomerates.

This is one for momentum, future biased investors as it’s not yet profitable.

PS: If you would like to discuss how I can work with you and/or your company please get in touch here.