Downward Pressure Is Increased

Cisco Systems Inc. (NASDAQ:CSCO), as the leader in the cyber security space, has suffered two disturbing revelations regarding security flaws in their switching gear and firewalls in recent weeks which are damaging to their reputation.

Having entered the early stages of a downturn in mid March 2017, these disclosures add weight to downward pressure on Cisco. They may also shed light on why the company has changed their business model, bringing attendant uncertainties as to future revenue. Still near its 15-year highs, Cisco presents an inviting short opportunity for traders at reduced risk.

For context, the cybersecurity market is substantial and growing exponentially, driven by widely publicized breaches of high profile targets over past years.

Cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015 … and global spending on cybersecurity products and services will exceed $1 trillion cumulatively over the next 5 years from 2017 to 2021. The world will need to defend 50x more data.

— CyberSecurity Ventures

Cisco Evidences Marked Retracement

Among leading companies in the market are Cisco, McAfee, Fortinet, Inc. (NASDAQ:FTNT), Palo Alto Networks, Inc. (NYSE:PANW), Trend Micro Incorporated (OTCPK:TMICY), Kaspersky Lab and FireEye, Inc. (NASDAQ:FEYE).

However, on April 5, 2017 Cisco closed below its 50-day moving average, a much used technical trading trigger, to initiate sell orders.

CSCO Chart

CSCO data by YCharts

Furthermore, Cisco is demonstrating amplified negative divergence to confirm a developing downtrend.

CSCO Chart

CSCO data by YCharts

A review of the original factors bringing about a downturn in Cisco is contained in a previous article on Seeking Alpha:

Disclosures Of Security Flaws

Now, with extreme irony for the leader in cybersecurity, recent disclosures of security flaws in their equipment have compounded the force of gravity being imposed on Cisco stock.

In early March, 2017 Wikileaks published documents which established that the Central Intelligence Agency had more than one year previously acquired the means by which to hack Cisco’s switches which channel data traffic, and were able to facilitate covert data acquisition.

The CIA did not inform Cisco of the flaws in their switches, and consequently Cisco’s customers, many of America’s largest corporations and government departments, were exposed to an extreme risk of competitive entities and foreign states obtaining their most confidential data.

National Security Implications

In excess of 300 of Cisco’s products were found to be a security risk. With customers in industries such as defense and semiconductors, as well as confidential government applications, these vulnerabilities have far reaching national security implications.

Only upon publication by Wikileaks of the relevant documents did Cisco learn of these vulnerabilities, at which time they raced to develop a stopgap alert for customers.

Thereafter, it was revealed by Reuters in April 2017 in computer files and documents published by a group called the Shadow Brokers that Cisco’s ASA firewalls in the SWIFT system for world money transfer between banks had been compromised by the National Security Agency, allowing them access.

Firewalls Were Breached

An ASA (Adaptive Security Appliance) is an IP router with a combination of firewall, intrusion preventor, antivirus software and a VPN. Cisco is the sole manufacturer of ASAs. Cisco has stated that over one million of them are in use.

Using Microsoft (NASDAQ:MSFT) exploits, once the firewalls were breached using a tool codenamed BARGLEE the NSA inserted back doors for ongoing access, data acquisition and for the installation of various other utilities into the SWIFT system. Neither Cisco nor the NSA responded to requests from Reuters for comment on these revelations.

The NSA targeted nine computer servers at a SWIFT contractor, Dubai-based service bureau EastNets, according to the documents. The U.S. intelligence agency then used lines of code to query the SWIFT servers and Oracle databases handling the SWIFT transactions, according to the documents.

— Reuters

The question may now be raised as to whether Cisco’s recent transition to a changed business model, whereby the company is prepared to market its software to customers while no longer requiring them to purchase its expensive hardware, has been at least in part a tacit reflection of a developing awareness of security vulnerabilities in their switching gear. Cisco’s new software, Lindt, allows customers to use less expensive switches from other manufacturers.

Critical Buffer Overflow Vulnerability

It was in 2016 that security analysts at Exodus Intelligence published the finding that Cisco’s ASA firewalls had a “critical buffer overflow vulnerability (CVE-2016-1287) that received a CVSS (Common Vulnerability Scoring System) score of 10”.

“The algorithm for re-assembling IKE payloads fragmented with the Cisco fragmentation protocol contains a bounds-checking flaw that allows a heap buffer to be overflowed with attacker-controlled data. A sequence of payloads with carefully chosen parameters causes a buffer of insufficient size to be allocated in the heap which is then overflowed when fragment payloads are copied into the buffer. Attackers can use this vulnerability to execute arbitrary code on affected devices.”

— Exodus Intelligence

Much hangs on the change of business model, as switching products generated 37% of the company’s revenue in the last fiscal year. It remains to be seen what impact this high stakes change will have on revenue. Uncertainty will inevitably act negatively on stock price.

With regard to the documented security breaches of Cisco’s products, it is possible they may open the way for law suits against the company, requiring the company to make advance financial provision for what may be substantial legal costs and damages.


Cisco’s share price has already demonstrated the beginnings of a downturn. The latest revelations of security flaws in the company’s switches and ASA firewalls will likely add momentum to this downward trend.

The impact of a change of business model affecting a sector which presently contributes 37% of revenue is uncertain, and must be observed over time as to its ramifications for company profitability.

There is also the possibility of legal action against the company as a result of recent grand scale breaches of its security products, which may come to represent a considerable drain on the company’s financial resources.

For these reasons, while still near its 15-year highs, Cisco is presenting an attractive proposition for a profitable short at reduced risk.

Elsewhere on Seeking Alpha by the same author:

Consider following this author. To receive immediate alerts upon publication of future articles by this author, please click on either of the “Follow” buttons at the top and bottom of this page, and then select “Real Time Alerts.”

To improve mobile viewing, select “Request Desktop Site” in your browser.

Disclosure: I/we have no positions in any stocks mentioned, and no plans to initiate any positions within the next 72 hours.

I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.

Source link