Sony Hack Ignites Cybersecurity Market, But Human Element Remains Weak Link

Following hacks that crippled Sony Pictures and caused numerous other high-profile data breaches in 2014, cybersecurity has caught the attention of Wall Street. With companies and government agencies looking to secure their computer networks more tightly than ever, stocks of antivirus and network-protection specialists are hot. But even the most sophisticated software can’t stop an employee from clicking on a legit-looking email link that opens their corporate data to the world.

FireEye, the firm hired to clean up Sony’s network, saw shares jump 7.7 percent on Friday. The PureFunds cybersecurity exchange-traded fund HACK has seen a 6.8 percent spike over the past week. Symantec gained a percent midday Monday following a rise of 2.45 percent last week. Overall, worldwide spending on information security is expected to reach $71.1 billion this year and grow 8.2 percent in 2015 to $76.9 billion, according to research firm Gartner.

“It’s a good time to be in the cybersecurity space,” said Julie Conroy, research director at Aite Group.

But despite the perceived value of these companies’ products, they were unable to prevent some of the largest hacks of the year, from the Sony breach to the millions of credit card numbers and email addresses stolen from Home Depot and other retailers.

“The reality is that there is very little in the way of a deterrent to these cybersecurity attacks, whether they’re perpetrated by nation states or organized crime gangs intent on financial gain," Conroy said. "So we see the trajectory of cyberattacks going up at a scary pace.”

There’s a limit to what security software can do, and it can be difficult to implement. “It’s so complicated that the bulk of IT departments don’t really understand how it works,” said David Gorodyansky, CEO of security vendor AnchorFree. “There are instances where the hackers are ahead of us -- but the bigger problem is the solutions are so hard to figure out.”

Add to that the tens of thousands of false alarms security staff see on a daily basis and the problem can be overwhelming. Some of the burden may be reduced through improved software and analysis models. But it doesn't eliminate one of the biggest problems that exists in every computer network: the user.

More often than not, the weak link often lies in a worker accidentally giving out their credentials through a phishing website, which is a fake page designed to look like a bank login or other legitimate destination. It's a problem that has existed for years and isn't going away any time soon.

Education has helped reduce such breaches, but the approach is far from perfect. “I think the challenge of the security industry at large is to make it understandable to regular people," Gorodyansky said. “The people who want to steal information make it easy for us. The challenge for security companies is to make it as simple to use as a ‘like’ button on Facebook.”

Even with the limitations of cybersecurity, Wall Street is keen on the sector. “Right now, we’re seeing a huge level of hype around cybersecurity,” Conroy said. “From a price-to-earnings perspective, it’s a little overblown.”