What do Adobe, eBay, and Microsoft all have in common?

Wait, before you answer, let me add a few more names to that list, like Yahoo, Capital One, Uber, Marriott, and Home Depot.

All of these companies have been the target of criminal cyber-attacks. Like cancer, malicious hacking doesn’t discriminate… it infects organizations large and small, young and old. Attackers have become ever more brazen – and sophisticated – in their digital assaults on corporate and government entities.

And as my colleague Jimmy Butts has pointed out, this is (already) leading to a huge opportunity for companies combatting this threat — and for the investors who deploy their money in them.

The Birth (And Growth) Of Cybercrime

This is nothing new, of course. Some of the earliest cyber heists date back to the 1980s when the internet was still in its infancy. But the first major attack in the online era occurred in 2005 when DSW Shoes discovered that the names and credit card numbers of more than a million customers had been pilfered. As things go, that was a small-scale theft.

A few years later, attackers found a backdoor entrance into the files of merchant credit card processor Heartland and walked away with 100 million Visa and Mastercard account numbers. Heartland had to cough up nearly $150 million to cover subsequent fraudulent transactions.

Then there was the high-profile security breach at Target back in 2013. As you may recall, hackers gained entry by first breaking into a third-party vendor (a regional air conditioning and heating company) whose technicians still had Target’s private network credentials stored on their systems.

The attackers were then able to download malware software on Target’s cash registers and card terminals to capture sensitive information (including email addresses and card numbers) on more than 40 million shoppers. It didn’t help that this breach occurred during the busy holiday season. It was an embarrassing gaffe for the retailer – and an expensive one, costing over $200 million in civil fines, lawsuits, and lost sales. The damaging software was ultimately traced back to a Latvian computer programmer.

More recently, a software engineer in Seattle recently exploited a weakness at Capital One. The thief didn’t steal currency from the vault but did abscond with the next best thing… 80,000 bank account numbers and 140,000 Social Security numbers. A subsequent investigation found lax security procedures, and the bank was hit with an $80 million fine.

_{Source: Statista}

The Threat Is Growing

I could go on all day, but I think we all understand how pervasive this threat has become. From banks to retailers to healthcare providers, nobody is safe. Cybercriminals are employing all kinds of devious tactics to steal sensitive information – which is then posted for sale or auctioned off at various dark websites.

The cat-and-mouse game between attackers and defenders is constantly evolving. Security protocols that would have seemed airtight a few years ago might look porous by today’s standards. Still, even with stronger defenses, infiltrations occur daily.

Organizations can’t let their guard down and must remain hyper-vigilant to threats. A leak isn’t just damaging to a company’s pocketbook, but also its reputation. And all it takes is one remote employee falling prey to a simple phishing email to jeopardize an entire network.

The stakes are high.

Just ask Colonial Pipeline. The privately-held energy infrastructure company was crippled by a cyber-attack last year. Hackers needed only a single password (there was no multi-factor authentication) to take control of the company’s operations.

Colonial’s pipelines carry over 100 million gallons of gasoline, diesel fuel, and other products per day across a network stretching from Texas to New York. The ransomware attack triggered the first shut-down in company history, leading to fuel shortages up and down the east coast. The FBI has since determined the perpetrators were linked to a Russian cyber-crime group known as Darkside. Colonial complied with their demands and forked over more than $4 million to regain control.

It’s certainly not alone. Ransomware attacks have disrupted the Louisiana Department of Revenue, the California Department of Motor Vehicles (DMV), and countless other corporate and government targets. On average, ransomware attacks cost their victims $4.4 million.

_{Source: Statista}

Keep in mind, financial gain isn’t always the goal. Some groups are out to cause mayhem and destruction – imagine the chaos if they took control of a hospital, or an airport, or a power utility…

Needless to say, businesses and governments around the world are spending heavily to defend their territories from encroachment on this 21st-century battlefield. Back in 2004, global spending to thwart cyber-attacks totaled approximately $3.5 billion. By 2017, the market had already expanded to $120 billion – a powerful 35-fold increase.

And with the ongoing data migration to the cloud, the industry has continued to grow at a dizzying pace. Studies by accounting firm Deloitte have concluded that businesses in some industries (such as financial services) are now allocating 10% of their IT budgets to cyber-security. Microsoft plans to invest $1 billion annually to shore up its defenses. That’s peanuts compared to Uncle Sam… The Treasury Department alone has a $688 million cyber-security budget in 2021, while the Department of Homeland Security will spend $2.6 billion.

How We Can Profit

Put it all together, and research firm Gartner is projecting global cyber-defense spending to reach $150 billion. Some of those dollars will be geared towards network security equipment; others will be spent on application security or identity access management.

It’s a large revenue pie. Yet, it’s still cheaper to proactively discourage or fend off an attack than to clean up the mess after one strikes. To be sure, investors have noticed the massive sums of cash being thrown around. One of the leaders in this space, Palo Alto Networks (Nasdaq: PANW), has tripled in value since March 2020.

Palo Alto has a great story to tell, and it could still go higher from these levels. CrowdStrike (Nasdaq: CRWD) is another leader in this space worth considering — especially after taking a 50% haircut in the face of rising interest rates and a broad tech selloff in this bear market.

But at a $47 billion market cap for PANW and $32 billion for CRWD, I think there’s a chance for investors to profit from smaller players in this space. In fact, I think cybersecurity will be one of the hottest grounds for takeovers in the next few years. Palo Alto itself has closed several significant deals over the past couple of years. I wouldn’t be surprised to see CRWD on the hunt in the near future as well.

How you decide to proceed in this space is up to you, of course. You could do just fine by investing in names like PANW or CRWD, but consider looking at one of the smaller players in this space for even more upside.

P.S. My team and I have just uncovered what we think is the Mother of All Oil Booms, and the number one stock that’s set to profit…

Fresh off of a transformative merger, one little-known Texas-based energy company could uncork nearly a billion barrels of oil, and unleash a surge of mega-profits. Click here now for all the details.