Urgent lessons from a hacked Jeep

Everything’s connected – and that can be dangerous

Computer hacking has been hitting the headlines in recent weeks for somewhat salacious reasons. Ashley Madison – a website for facilitating extramarital affairs – had its database hacked by a group that threatened to “name and shame” its 37 million users by revealing their personal details online.

The story has been a gift to columnists debating the rights and wrongs of infidelity, and pondering on how long the concept of privacy can survive in our increasingly online world. Yet hacking isn’t just embarrassing – it could be deadly.

Last week, Fiat Chrysler recalled 1.4 million vehicles from its Chrysler, Dodge, Jeep and Ram brands due to fears that the cars could be hacked into. The recall came after two hobbyists, Charlie Miller and Chris Valasek, made headlines in America when they conducted an experiment where they hacked into a Jeep Cherokee that was driving along a highway in the US.

The whole story is captured in an article for Wired magazine by Andy Greenberg (who was driving the Jeep). The hackers – who were in a house ten miles away – started by fiddling with the radio and the air conditioning. But then they disabled the accelerator, bringing the car to a standstill on a busy road with no hard shoulder.

Of course, this was a controlled experiment, so no one was hurt – the trio did it to highlight potential security issues. But it’s easy to imagine a terrorist, or even just a bored prankster, causing chaos by doing the same during the rush hour. And this problem will only get worse the more we rely on technology.

Two years ago, when Miller and Valasek did a similar experiment, they had physically to connect their laptop to the target car. Now they are taking advantage of wireless technology – designed to make fault diagnosis easier – that comes as standard.

As Egil Juliussen of IHS Automotive, a consultancy, told the Financial Times, the story and Fiat’s response is likely to result in more reviews. Previously, says Juliussen, companies “were just trying to make sure the systems worked. Now, they’re going to have to look at them with a fresh pair of eyes from a security perspective, which they are not used to doing.”

The Jeep stunt has already prompted US politicians to propose legislation to force car firms to upgrade security on their cars’ networks. Last year, in an effort to get firms to spend more, the White House issued guidelines urging them to do more to protect their data. And this goes far beyond car manufacturers. You don’t have to be paranoid to worry about attacks on other essential infrastructure, especially as the number of devices connected to the internet continues to grow rapidly.

As a result, governments are increasing spending on online security, even as they cut back on other aspects of public spending. For example, America will spend a record $14bn this year to meet security threats across the country. And firms are doing the same – a recent Accenture survey suggested that 90% of financial institutions plan significantly to increase spending on cybersecurity, with two-thirds ranking cybersecurity as the most pressing operational issue, even above credit risk.

Estimates put the size of the global cybersecurity market at between $75bn and $85bn, with infrastructure firms accounting for $45bn alone, and on course to reach $120bn within a few years. We look at one company well placed to profit below.

How to profit from this growing industry

There are many companies operating in the cybersecurity industry, including various blue-chips in the defence sector. But one purer play that looks particularly interesting is US-listed cybersecurity group Symantec (Nasdaq: SYMC). The company sells security software to both consumers and businesses, such as the popular Norton Antivirus software.

Symantec is also the market leader in endpoint protection (which involves securing company networks when they are accessed by remote devices) and in data loss prevention (which is all about making sure particularly sensitive data doesn’t leave a company’s network).

The company’s most recent results showed that sales in both of these areas are growing strongly, and the market for these services is only going to grow larger as more and more people work remotely, or via mobile devices, such as laptops or smartphones.

Symantec is currently aiming to refocus on its core security business by selling or spinning off its information backup
and recovery division, Veritas, which itacquired in 2004 for $13.5bn. Analysts expect the struggling division to be valued at around $7bn-$8bn, and this month there were reports that private-equity group Carlyle is a possible buyer.

In any case, the sale or spin off should boost Symantec’s profitability, as the information management business attracts lower profit margins. Despite high profit margins and growing sales, Symantec trades at only 12 times 2016 earnings. It also pays a dividend yield of around 2.5%.

Leave a Reply

Your email address will not be published. Required fields are marked *