Académique Documents
Professionnel Documents
Culture Documents
Executive Summary
Introduction
Over the past three years, the Information Technology sector has been a relative underperformer
in the U.S. equity market, primarily because of a difficult macroeconomic backdrop that
has strained both corporate and consumer budgets. As a capital expenditure, technology is
susceptible to budget uncertainties, and as a result, the sector generally lags during periods of
risk aversion in the markets.
70%
66.2%
Cumulative Return
60%
50%
50.2%
40%
30%
20%
10%
0%
Jul-10
Oct-10
Jan-11
Apr-11
Jul-11
Oct-11
Jan-12
Apr-12
Jul-12
Oct-12
Jan-13
Apr-13
S&P 500
Source: Bloomberg
No investment strategy or risk management technique can guarantee returns or eliminate risk in any market environment.
This type of threat is aimed at a specific target i.e., an industry, company or individual.
Advanced Persistent
Threat (APT)
This threat, usually in corporate networks, encrypts information and merges it with regular corporate
traffic to send it out of the network. Such data theft is often motivated by sabotage or industrial
espionage. It can persist for a long period of time, as it is difficult to detect.
BOT Zombies
These are infected PCs that are controlled by a hacker and often used to launch attacks on other users.
Denial of Service
Attacks (DNS)
These occur when BOT zombies bombard a targeted website with a high volume of traffic, which can let
bad traffic through or crash the site, affecting its users.
Fake Anti-Virus
This malware deceives users into believing they have a virus, prompting them to download fake antivirus software that ultimately infects their devices.
Malware
It is a malicious piece of code that attaches itself to email or other types of downloaded data. It is
designed to steal data, spy and/or propagate onto new targets.
Ransomware
This threat encrypts data and effectively disables a targets device, requiring the user to pay ransom.
Watering Holes
These threats infect a website, which in turn infects other users and websites that come in contact with
it. Small and medium businesses are frequent targets, providing hackers a way into larger companies.
As cyberhazards grow more pervasive and robust, key targets now include governments, financial companies and
health-care institutions. However, individuals are also being targeted more specifically, with corporate executives,
knowledge workers and financial staff being selected for their access to key information.
No investment strategy or risk management technique can guarantee returns or eliminate risk in any market environment.
www.thebostoncompany.com
2
14%
11% Finance
8%
7% Legal & Consulting Services
7%
Pharmaceuticals
4%
6% Telecommunications
25% Other
pharmaceuticals up from 1% to 4%
Finance up from 7% to 11 %
Source: Mandiant
Cybercrime is gaining a greater foothold given several driving factors in the technology landscape. Perhaps the most
forceful is the rise in mobility, resulting in greater connectivity to the Internet. According to IMS Research, the
number of devices connected to the Internet is expected to climb from roughly 10 billion at the end of 2012 to 28
billion by the end of 2020.3
37%
63%
2% by a customer
4% by a business partner
This proliferation is exponentially expanding the opportunity for more infection, as many of these devices are mobile
in nature, such as smartphones and tablets, and thus more exposed to threats. From March 2012 to March 2013, the
Juniper Networks Mobile Threat
reported
a 614% growth rate in mobile malware
threats,
to notified
276,259 total
ofCenter
victims
discovered
of victims
were
malicious applications.4 Such threats
are frequently
downloaded in apps from dubious
appexternal
stores. entity
the breach
internally
by an
For instance, some apps for Android mobile devices are written in original Java source code, but slightly altered to
include a threat. User activity can secretly trigger a monthly payment (later disclosed on a monthly bill) or elicit the
user to send messages to premium text-messaging sites. Other free apps have an increased likelihood of embedding
spyware and sending user-activity-based data back to hackers. Because of its open source code and growing market
M-Trends
attack the security gap
2
share,
Android is becoming an especially popular target, attractingMandiant
92% of
all mobile-malware
threats this year,
according to Juniper.
Another source of susceptibility for the corporate sector is the BYOD bring your own device trend. Increasingly,
companies are enabling their employees to use their own devices to connect to their networks. As these employees
use their devices to store, send and transact with sensitive company data, they are also at greater risk of introducing
threats into the corporate network and of having data stolen via malware. Use of social media sites can also pose
an additional risk for both businesses and consumers. Phishing attacks on social-media sites rose 123% in 2012,
according to Symantec.5
Widespread adoption of cloud computing may also provide criminals a key entry point into sensitive information.
According to data compiled by Cisco, global data-center traffic is expected to quadruple over the next five years,
and the fastest-growing component is cloud data. By 2016, global cloud traffic will make up nearly two-thirds of all
No investment strategy or risk management technique can guarantee returns or eliminate risk in any market environment.
www.thebostoncompany.com
3
15% by an outsource
Investment Opportunities
While cybercrime is complex and problematic, companies with effective solutions exist. Many are emerging, smallcap growth companies with the new technology needed to combat todays threats. These companies are taking share
from legacy vendors. Some are beginning to leverage the breadth and power of the cloud to monitor, update and
prevent future attacks through real-time analysis. These are the companies we believe have the potential to grow
No investment strategy or risk management technique can guarantee returns or eliminate risk in any market environment.
www.thebostoncompany.com
4
in this dynamic environment, as they can provide their customers with higher levels of protection, prevention and
visibility in an uncertain IT landscape.
We expect to see increased M&A activity as larger legacy vendors look to broaden their reach and deepen their
product set. Interested parties include both hardware and software companies that are looking to differentiate their
products and/or improve the security of their products. In addition, we believe that IPO activity will remain robust
as newer companies with emerging technologies and products become public to fund their growth in this rapidly
expanding segment of the market.
As we consider the secular threat posed by cybercrime, we believe it will fundamentally alter the purchasing of
Information Technology products and services as well as the structural design of networks.
No investment strategy or risk management technique can guarantee returns or eliminate risk in any market environment.
www.thebostoncompany.com
5
Disclosure
Any statements of opinion constitute only current opinions of The Boston Company Asset Management, LLC (TBCAM), which are subject to change and which
TBCAM does not undertake to update. Due to, among other things, the volatile nature of the markets and the investment areas discussed herein, they may
only be suitable for certain investors.
This publication or any portion thereof may not be copied or distributed without prior written approval from TBCAM. Statements are correct as of the date of
the material only. This document may not be used for the purpose of an offer or solicitation in any jurisdiction or in any circumstances in which such offer or
solicitation is unlawful or not authorised. The information in this publication is for general information only and is not intended to provide specific investment
advice or recommendations for any purchase or sale of any specific security.
Some information contained herein has been obtained from third party sources that are believed to be reliable, but the information has not been independently
verified by TBCAM. TBCAM makes no representations as to the accuracy or the completeness of such information.
No investment strategy or risk management technique can guarantee returns or eliminate risk in any market environment.
References
1
2
3
The Boston Companys Core Research Technology Team, A Renewed Emergence of Creative Destruction in Technology, September 2012.
2013 Internet Security Threat Report, Vol. 18, Symantec Corp., April 2013.
Internet Connected Devices Approaching 10 Billion, to exceed 28 Billion by 2020, IHS Inc. press release, Oct. 4, 2012.
Juniper Networks finds mobile threats continue rampant growth as attackers become more entrepreneurial, Juniper Networks Inc. press release,
June 26, 2013.
4
Paul Wood, Phishing on Social Networks: Whats the value of your small biz Twitter account? Symantec official blog, May 16, 2013.
Joel P. Fishbein Jr. et al, Key security themes ahead of RSA conference, Lazard Capital Markets, Feb. 22, 2013, page 1.
Claudette Roulo, Cybercom Chief: Culture, Commerce Changing Through Technology, American Forces Press Service, Oct. 12, 2012.
10
11
12
Radware Global Application & Network Security Report, 2012, page 11.
13
Andy Sullivan, Obama budget makes cybersecurity a growing U.S. priority, Reuters, April 10, 2013.
14
Joseph Menn, SEC issues guidelines on hacking, Financial Times, Oct. 14, 2011.
15
16
Gartner says worldwide security software market grew 7.9 percent in 2012, Gartner Inc. press release, May 30, 2012.
17
Gartner says worldwide security market to grow 8.7 percent in 2013, Gartner Inc. press release, June 11, 2013.
For more information on the market perspectives of The Boston Company Asset Management, please visit our website at
http://www.thebostoncompany.com/literature/views-and-insights.html
No investment strategy or risk management technique can guarantee returns or eliminate risk in any market environment.