Back in March, I was one of two billion people across the planet left blinking at their computer screens in confusion. The internet wasn’t working properly. I assumed that my own internet connection was at fault. But the problem was with the internet – the whole global network had succumbed to what experts called “the biggest cyber-attack of its kind in history”. It started as a small argument between two internet companies, and grew until it threatened the entire system.
The dispute concerned a non-profit organisation called Spamhaus and a Dutch webhost called Cyberbunker. Spamhaus protects internet users from spam and malicious content. To do this it compiles databases of servers associated with any unwanted material. Email providers can then protect their users by blocking access to those malign servers.
Cyberbunker objected to being blocked, arguing that Spamhaus had no right to determine what goes and does not go on the internet. The dispute moved quickly from a libertarian debate to the biggest ‘distributed denial of service’ (DDoS) attack ever.
How they broke the internet
A DDoS attack involves bombarding the target’s servers with masses of internet traffic. The aim is to overwhelm their capacity, causing the victim’s servers to overload. Their website and ability to receive internet traffic will be crippled, effectively putting them out of online business.
It claims the attack was orchestrated by Eastern European and Russian criminal gangs. Spamhaus luckily managed to overcome this attack, but it caused a noticeable degradation in worldwide internet speed. At 300 gigabits per second, it was six times larger than the largest DDoS attack seen before then.
A smaller scale example of DDoS cybercrime occurred with the arrest of two men at Heathrow airport last month. They were accused of blackmailing a Manchester-based online casino operator by preventing access to its website. It was a form of virtual protection racket: “give us money and we’ll leave you alone to trade in peace. Otherwise, we’ll bring down your website”.
For an online gaming company, this is fundamental stuff. If gamblers can’t access the website, then the site makes no revenue. For sports betting websites, revenue can be permanently lost: the 3:30 at Ascot is a unique time-limited event. If punters can’t access your site, they will have to go elsewhere to place their bets.
"The only financial publication I could not be without."
John Lang, Director, Tower Hill Associates Ltd
The first line of defence in an $870m market
Clearly, it isn’t just online gaming and betting companies who are vulnerable. Most retailers have a significant online presence for e-commerce. Banks and financial services companies increasingly interact with customers in a virtual rather than a real environment.
According to Ponemon, a survey of 350 retail banks showed 224 of them to have suffered at least one DDoS attack in the last year. For banks, it’s not just a question of lost revenue, rather one of reputation damage. Customers need to have confidence in the integrity and security of a bank’s website and online systems.
Internet security is a huge market – research firm GIA forecasts it to reach $80bn by 2017. Within this, distributed denial of service prevention is expected by IDC to be an $870m market by 2017. Last week, I met a small UK company that is focused on this DDoS niche.
Corero Network Security (CNS) provides a “first line of defence” product. This is a piece of hardware that is plugged into the network in front of your firewall – it is the first thing a packet of data directed to your website encounters when seeking access. Corero’s product can be programmed simply to block traffic from selected servers or territories that are known to be high risk. Furthermore, it can detect DDoS attack behaviour at this initial stage – before it reaches the website.
For example, we can be confident that something making thousands of requests per second to change an account password is unlikely to be a bona fide customer trying to set up something more memorable. Traffic from this source is assumed to be hostile and will be rejected. It won’t get the chance to overwhelm the server and is stopped before the firewall.
Technology research house Gartner Group recommends this type of on-premises protection from DDoS attacks, but with firms increasingly using third parties to host their online operations in the cloud, Corero needs to address this segment of the market as well. The current hardware is sold to hosting companies who offer it as an add-on service and a new software version is about to be trialled for this market.
Corero needs to prove it can win sales
Corero has placed all its eggs in the DDoS protection basket having recently sold its education division for £13m. This has provided it with cash to invest in the product and the sales effort. It already counts Camelot, BWIN, City Index and Aetna among its customers and added 28 new contract wins in the first half of this year. However, the network security division’s sales in the first half of $4.2m were down compared to the year before. For the full year, the company expects revenue to recover to 2012’s levels of around $11.5m.
For this year and 2014, however, Corero will be loss-making. $6.5m is being invested in 2013 and a similar amount will follow next year. At June, the company had net cash of $15m (assuming the education division disposal proceeds had been received at that stage), so the strategy should be affordable. The new product developments are important, but sales execution will also be a key issue.
Providing the first line of defence protection in front of the corporate firewall is a niche within the broader internet security market and potential customers will usually be adopting this approach for the first time. They will need to be persuaded that it is right for them.
Clearly Corero is a risky stock. Management is focused solely on the DDoS product, following the disposal of the education business, and it is putting in the investment. Sales will need to respond to this and I wouldn’t consider investing until I had evidence of this happening. At 16p, however, the company is valued at only £13.7m. So if we did start to see meaningful growth in sales, Corero could be an interesting proposition. Another for the watch list.
• This article is taken from our free twice-weekly small-cap investment email, The Penny Sleuth. Sign up to The Penny Sleuth here.
Information in The Penny Sleuth is for general information only and is not intended to be relied upon by individual readers in making (or not making) specific investment decisions. The Penny Sleuth is an unregulated product published by Fleet Street Publications Ltd. Fleet Street Publications Ltd is authorised and regulated by the Financial Conduct Authority. FCA No 115234. http://www.fsa.gov.uk/register/home.do
New to MoneyWeek?
Here at MoneyWeek, our aim is simple. To give you intelligent and enjoyable commentary on the most important financial stories of the week, and tell you how to profit from them.
If you've enjoyed what you've read so far, I've got something you'll definitely be interested in.
Twice a week I send out an exciting small cap email, 'The Penny Sleuth'. The simple, plain talking insights and to-the-point small cap commentary – delivered straight to your inbox - will help you master the world of penny share investment.
With your permission, I'd like to send you the Penny Sleuth for FREE.
We hope you enjoy your stay on the site. Good luck with your investments!
Editor, The Penny Sleuth