now browsing by tag
Kenya is set to become a major recipient of foreign direct investments in cloud computing.
This is as international investors rush to fund a data centre boom spawned by the proliferation of smartphones, mass adoption of business software and 5G.
Huawei, Microsoft and Amazon Web Services are some of the international players currently enticing small businesses with free data storage in preparation for a looming expansion in data fanned by 5G networks and fibre optic cables.
“So there’s a big opportunity there, as more people begin to use cloud services instead of having their own data servers. These are going to become more valuable,” said Xalam Analytics in their latest report on Africa data centre boom.
Another incentive for the localisation of data storage is that it improves internet speeds since users no longer have to fetch data from the other side of the world.
It is also being driven by clamours by government officials to have local data hosted domestically for national security purposes.
Banks such as Absa Kenya are making investments in machine learning and artificial intelligence tools to improve customer experience and credit risk. New “digital banks” such as Tala, Branch, Zenka are cloud-based.
Since cybersecurity is not an expert capability field for banks, continuous upgrading and development of data centres have been expensive.
Saccos have not been left behind either, as most of them are running on software that allows customers to access their services on the phone.
They also need to store this data somewhere given that in-house data centres are too costly for them. Governments are using cloud and virtualised infrastructure to enhance public service delivery.
Large retail firms also use computer capabilities such as Amazon Web Services databases to transform how they reach a predominantly mobile and digital customer base. Corporates whose expertise is not data storage are slowly giving up their small in-house data centres to major players – helping to drive demand while scores of cloud-native startups are leveraging the cloud to disrupt entire industry sectors.
“The fast-rising requirements of cloud-based technology businesses and their customers, as well as the search for the smallest possible delays in transaction times, has seen businesses seek alternative cloud options,” said the managing director, Carrier Services Division at Telkom Kenya Kebaso Mokogi.
The Kenyan market is currently served by Safaricom, Liquid Telecom, MTN business and other regional players who are set to face competition from the deep-pocketed multinationals who are able to outprice them.
However, Kenya alone does not have the market to attract such high profile investments but is acting as a Launchpad for regional business. It is, however, one of the most active in internet and tech-driven business hubs alongside South Africa and Nigeria.
Africa currently accounts for less than one per cent of total available global data centre capacity, according to data from Xalam Analytics, despite the continent being home to about 17 per cent of the world’s population.
However, its capacity has doubled in the past three years.
Xalam Analytics says the key players in Africa – South Africa, Kenya and Nigeria are set to see investments from multiple investors among them Warren Buffet backed Berkshire Partners and London-based private equity firm Actis, which is injecting Sh25 billion into African data centres over the next three years.
Actis is the investor behind Garden City Mall in Nairobi.
“If you look at the trends around data, its consumption, and cloud migration globally — those trends have played out in many markets and have led to significant growth of the data centre sector,” said Kabir Chal, director at Actis.
“Africa is no different: you see digitisation, the inexorable migration to cloud, and really the advent of big data but, as a consequence, the supply of data hasn’t kept up.”
For data-storage companies operating in Africa, a big hurdle is the continent’s lack of infrastructure, which complicates an already capital-intensive, power-hungry business.
Kenya’s power supply remains low at less than 2,000MW compared to South Africa’s 40,000MW. The two have nearly equal population size.
Companies must often rely on large-scale generators running on costly diesel and petrol to provide electricity, while slow internet speeds, high data costs and a lack of fibre networks constrain their operations.
Nevertheless, the Actis investment is part of a broader trend of international players looking to become involved in the data centre sector in sub-Saharan Africa — where the total data centre capacity equals about a quarter of London’s or half of Frankfurt’s, according to Xalam Analytics.
Microsoft also launched its first African cloud data centres last year, which is a key growth market alongside Nigeria, Kenya and Ghana.
It already accounts for roughly half of Africa’s data centre capacity. Meanwhile, Amazon Web Services plans to open a cluster of data centres in the coming months — the company’s first foray on the continent.
Do not miss out on the latest news. Join the Standard Digital Telegram channel HERE.
Xalam AnalyticsSafaricomGarden City MallMicrosoftHuawei
The post #deepweb | <p> Kenya’s data storage boom entices global tech giants : The Standard <p> appeared first on National Cyber Security.
View full post on National Cyber Security
biometrics, machine learning, privacy and being a woman in tech – Naked Security Podcast – Naked Security
To celebrate International Women’s Day we invite you to this all-female splinter episode. We discuss privacy, biometrics, machine learning, social media, getting into cybersecurity and, of course, what it’s like to be a woman in tech.
Host Anna Brading is joined by Sophos experts Hillary Sanders, Michelle Farenci and Alice Duckett.
View full post on National Cyber Security
#cybersecurity | #hackerspace | NEW TECH: CyCognito employs offensive bot network to put companies a step a head of attackers
When it comes to defending their networks, most companies have had it drilled into them, by now, that it’s essential to erect layered defenses.
Related:Promise vs. pitfalls of IoT
For small- and mid-sized businesses, firewalls, antivirus suites and access management systems represent the entry stakes for participating in today’s digital economy. Security-mature SMBs go the next step and embrace incidence response and disaster recovery planning, as well
Meanwhile, large enterprises pour tens of billions of dollars annually into next-gen firewalls, EDR, DLP and IDS technologies, each system generating a fire-hose of threat feeds, with all of this threat intel flooding, hour-by-hour, into SIEMs, UEBAs and other analytics platforms.
And yet, after a couple of decades of piling up layer upon layer of defenses, catastrophic breaches persist — they’re occurring as often as ever, and causing more harm than ever. Threat actors simply seek out the endless fresh attack vectors arising as an unintended consequence of digital transformation. In short, layered defenses have turned out to be cheesecloth.
Acknowledging this, a few cybersecurity innovators are taking a different tack. Instead of offering up more layers of defense, they’ve slipped on the shoes of the attackers and taken an offensive approach to defending IT assets. One of the most single-minded of these security vendors is startup CyCognito.
The company was launched in Tel Aviv in 2017 by a couple of former Israeli military cyber ops attack specialists, Rob Gurzeev and Dima Potekhin. Gurzeev and Potekhin set out to mirror the perspective of threat actors — and then help companies tactically leverage this attackers’ view to shore up their porous networks.
“The attackers need only to find a single blind spot to gain entry – it’s like singling out the weakest zebra in the herd,” says Gurzeev, CyCognito’s CEO. “Defenders, meanwhile, have to guard everything all of the time, and most organizations have many more Internet pathways than they even know about, much less are taking steps to defend.”
CyCognito’s employment of a bot network is what struck me most after I sat down with the team and learned in more detail what they’re up to. They’re not just borrowing a few pages from the attackers’ handbook; they’re actually utilizing the bad guys’ core tool – botnets They’ve set out to boldly redirect botnet-power towards helping, instead of exploiting, the good guys.
I first wrote about criminal botnets at USA TODAY in 2004. Botnets at the time were just emerging; they’ve since become entrenched as the engine that drives all of cybercrime. A bot is a computing nodule that strictly obeys instructions from a command and control server. A criminal botnet is a network of bots under control of an individual attacker.
Botnets are the nimble infrastructure that enables criminals to blast out massive ransomware and denial of service attacks and also to execute intricate advanced persistent threat (APT) hacks that play out over months and go very deep. Bots traditionally have arisen from compromised, or “pwned,” computing devices. Today bots are more often spun up as virtual instances of computing devices. Bad actors are spinning up these virtual bots by the million, utilizing computing resources sold, no questions asked, by the major cloud service providers, Amazon Web Services, Microsoft Azure and Google Cloud .
By contrast, CyCognito’s 60,000 nodule-strong bot network is comprised of computing instances distributed globally with the expressed intent to help enterprises protect themselves. Bots do what they’re told. CyCognito’s bot network actively crawls the Internet identifying and mapping all exposed IP assets, fingerprinting each asset. This is essentially identical to the ground-level crawling and probing reconnaissance tasks that criminal botnets perform every day.
Upon finding an exposed IT asset, say a web server or a gateway router, CyCognito can pinpoint the IP address, confirm what type of asset it is and check whether the asset has any open ports; it can even ferret out snippets of coding or text, such as a copyright, that indicates more granularly what specific functions the asset performs, who the asset belongs to and what other assets it communicates with.
CyCognito’s bots feed this ground-level intelligence back to an analytics platform, which makes correlations and may ask for more information. This results in an assessment of the business context surrounding each asset. “We’re building a live picture of what’s out there, not specifically looking for problems, at that stage,” explains Raphael Reich, CyCognito’s vice president of product marketing. “We’re collecting information to build associations between assets that other solutions miss: assets in the cloud, in subsidiaries, in third-party networks.”
Another thing about bots, they do what they’re told — for as long as they’re told to do it. Over the past couple of years, CyCognito’s botnet has surveilled and fingerprinted some 3.5 billion Internet-exposed IT assets, resulting in rich data sets that are fed into the company’s analytics. CyCognito has been able to map details of specific assets to thousands of organizations in much the way a criminal ring would do, which allows it to understand attackers’ easiest pathways i
Last November, the company released findings from an analysis it conducted to identify what it calls “shadow risk” – exposures that, for whatever reasons, enterprise IT and security teams are often blind to. Shadow risk creates attack vectors that are externally exposed to anyone with the skill and desire to go find them. The data reveals that a stunning percentage of organizations have a significant number of security blind spots, most often stemming from third-party and cloud interconnectivity. For instance, CyCognito’s research found:
•Organizations are unaware of as much as 75% of their attack surface.
•Some 82% of these hidden assets impact the organization’s cybersecurity posture and are managed by their cloud providers, partners or subsidiaries.
•Some 87% of organizations have critical exposures that are visible to attackers at a given point in time.
These findings are not at all surprising. Quite the opposite, they ring very true. Companies never found a way to stop intruders from breaching and plundering with impunity, even when all they had to defend were on-premises IT systems. Today we’re in the throes of digital transformation. Agility, speed, and modular transactions happen on the fly and in the cloud. This sets up a much more complex security challenge than setting up trip-wire alarms around an on-prem data center.
“Most organizations have expanded and broadly diversified their IT resources on-premises and in the cloud, making continuous monitoring and timely mitigation extremely challenging,” observes Potekhin, CyCognito’s CTO. “The inspiration for the CyCognito platform was the realization that the explosive growth in the numbers of threat actors and the sophistication of their tools has leapfrogged the capabilities of legacy security solutions and most of today’s enterprises, even those who are highly security-aware.”
What CyCognito has set out to do is outflank attackers and one of the results is a high-definition snapshot of the threat landscape, on any given day. That’s a major step forward. I hope they are able to trigger a new era of advances in the overall field of attack surface monitoring.
Meanwhile, as you might expect, the company has also designed its botnet and analytics platform to be available for hire — to drill down on individual companies’ IT assets. This can help companies identify and address open attack vectors — before the bad guys can get to them. “We looked to create a new class of solution to beat the attackers at their own game,” Gurzeev says. “It’s heartening that from Day One on our platform, customers are finding, assessing and closing open pathways.”
I expect layered defenses will continue to have a place, moving forward. But it’s going to be fascinating to see how adding a bit of offensive punch to defending networks catches on, and how much of a difference offensive security solutions will make, overall. I’ll keep watching.
Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.
(LW provides consulting services to the vendors we cover.)
*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/new-tech-cycognito-deploys-offensive-bot-network-to-put-companies-a-step-a-head-of-attackers/
View full post on National Cyber Security
#deepweb | Google’s New Messaging App To Unify Gmail, Drive, And Hangouts…And Other Small Business Tech News
Source: National Cyber Security – Produced By Gregory Evans KRAKOW, POLAND – 2019/01/23: In this photo illustration, the Google Hangouts logo is seen displayed … [+] on an Android mobile phone. (Photo Illustration by Omar Marques/SOPA Images/LightRocket via Getty Images) LightRocket via Getty Images Here are five things in technology that happened this past week […] View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans For years, financial technology (fintech) companies have used screen-scraping to retrieve customers’ financial data with their consent. Think lenders, financial management apps, personal finance dashboards, and accounting products doing useful things: like, say, your budgeting app will use screen-scraping to get at the incoming and outgoing […] View full post on AmIHackerProof.com
The United States Congress made some significant progress this session when it comes to data privacy, but cybersecurity remains a blind spot for lawmakers.
Congress currently is considering a
national privacy law that mirrors legislation enacted in the European Union. It would allow people to access, correct and request the deletion of the personal information collected from them. Though there are several ideas as to the final form the bill should take, a path became clear during the Senate Commerce Committee’s
privacy hearing last month.
Congress also seems willing to address the consequences of new technologies. Last month it passed the National Quantum Initiative Act, which is expected to disperse US$1.275 billion for quantum research over the next four years. Some have argued that this newfound enthusiasm for tech might be used
to fix the impeachment process.
When it comes to cybersecurity, though, Congress is still in the dark ages. Efforts to pass a privacy law often are seen as addressing both data privacy and cybersecurity, but in reality, they do not. Companies and consumers have been forced to take matters into their own hands, reflected in the recent announcement that Facebook
has banned deepfakes, and the rising use of VPNs among the general population.
Privacy Means Nothing Without Security
This oversight with respect to security could have huge consequences for the efficacy of data privacy legislation. Though data privacy and data security are separate concerns, there is an inherent link between them. Security has been overlooked in the current proposed law, as well as in similar legislation — like Europe’s GDPR and the Australian privacy bill
passed two years ago.
To understand how privacy and security are linked, consider an app that collects location data from its users. The types of data privacy law proposed (or already in force) would impose strict requirements on the company behind this app, such as telling its users what it is collecting, and what it does with the data. If the app is not properly secured, however, and the information is stolen or leaked, strong privacy policies will be of little comfort to users.
This oversight is apparent in almost all the legislation on data privacy in the U.S. The
Information Transparency & Personal Data Control Act, which was introduced in the House last spring, contains a passage that requires lawmakers and tech companies “to protect consumers from bad actors in the privacy and security space,” but it doesn’t include any further details. The
Consumer Online Privacy Rights Act goes a little further, but only two of its 59 pages give vague cybersecurity requirements for private companies.
United States Consumer Data Privacy Act of 2019 provides only the broad instruction that companies should “maintain reasonable administrative, technical, and physical data security policies and practices to protect against risks to the confidentiality, security, and integrity of sensitive covered data.”
A Lack of Leadership
At best, the failure of Congress to tackle cybersecurity has left the data of millions of Americans unprotected. At worst, it represents a lack of leadership that has left responsible companies completely confused as to what their legal, moral and ethical responsibilities are when it comes to protecting user data.
In this context, there has grown a huge and unregulated market for cybersecurity tools and services, each claiming to offer class-leading protection against cybercrime. For companies, website security is now a major component of
website maintenance costs. This is because CEOs are acutely aware of the risks of cybercrime, a form of criminality that
will cost the global economy $6 trillion a year by 2021, according to Cybersecurity Ventures’ annual report.
Even the National Security Agency
has warned that cybercriminals are “becoming more sophisticated and capable every day in their ability to use the Internet for nefarious purposes.” Yet many companies
fail to take basic precautions, such as deleting expired accounts.
To be fair to Congress, crafting a data security law that covers every private company is complex. Today, data is unlikely to be held by one company in one place, and assigning responsibility for protecting it has become a difficult issue. Any such law, therefore, would have to take into account the widespread adoption of cloud storage,
SaaS business models, and other forms of distributed data storage and processing. In this context, it’s understandable that most
state-level laws on data security require companies only to take “reasonable” security practices, without specifying what those are.
On the other hand, there finally does appear to be an appetite in Congress to address these issues. An increasing number of data protection laws cover individual industries, such as
financial institutions, and the FTC has brought some data breach-related
enforcement actions under its relatively weak and vague
consumer protection powers.
Looking to the future, these industry-specific laws could form an excellent model for a national data protection law, as could state-level legislation. The state most mentioned in this regard is New York, which arguably has the most comprehensive requirements. Financial services companies in the state must meet more than 10
specific requirements, which include encryption of nonpublic information, penetration testing, vulnerability assessments, and oversight of service providers’ cybersecurity.
New York also offers another lesson for Congress. In order to draft and enact the new law, the state convened an expert panel that brought together lawmakers, cybersecurity professionals, and the CEOs of major companies.
The development of an effective data protection law at a national level is going to require the same level of expertise and consultation. This is why some have suggested that a
federal Department of Cybersecurity is the way forward. Such a department could bring together responsibilities that currently are fragmented across a huge number of departments.
Lacking even a basic indication from the government as to what constitutes adequate cybersecurity, many people are taking cybersecurity into their own hands. VPNs — security tools that encrypt user data in transit — are experiencing explosive growth. Just a few years ago, they were regarded as semi-legal tools that enabled consumers
to get around Netflix geo-blocks or
avoid cryptocurrency bans. Now, they are used by a significant proportion of the populace.
Whatever the outcome of these new legislative initiatives, data protection is no longer an issue that Congress can ignore. Protecting consumer data is important for the economy. At the broadest level, ensuring data security is also critical to the efficacy of data privacy legislation that already has been passed. That is to say nothing of the reputation of Congress, which would be severely damaged if it should fail to take leadership on one of the most important issues facing the U.S. today.
The post #nationalcybersecuritymonth | Is Congress Finally Ready to Take On Cybersecurity? | Tech Law appeared first on National Cyber Security.
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans In terms of technology, the world had been unifying for years. Now it is reverting back to the likes of the VHS-versus-Betamax era, with much bigger consequences. Imagine two countries with completely different sets of hardware and software for the internet, electronic devices, telecommunications, and even […] View full post on AmIHackerProof.com
Should big tech be broken up? That question was raised at CES this week following months of discussion and antitrust inquiries from lawmakers and regulators in Washington.
The subject of both a tech think tank panel and a Federal Trade Commission-focused panel at CES this week is timely given ongoing investigations by the Department of Justice and the FTC into anti-competitive behavior of companies including Facebook, Amazon, Google and Apple. The House Judiciary Committee is also conducting its own tech antitrust probe.
Robert Atkinson, president of the think tank Information Technology and Innovation Foundation, said in a panel yesterday he was against the idea of a break-up. “The simple fact that big technology companies are big, is not a problem in itself, in fact it’s a benefit,” he said. Atkinson said large tech companies, such as Alphabet and Amazon, are among the top investors in research and development in the world and without their size, they couldn’t innovate.
His remarks mirrored those of Christine Wilson, a commissioner at the Federal Trade Commission, who said in an earlier FTC session that proposals from Sen. Elizabeth Warren (D-Mass.) and others to break up large, successful companies because they are large and successful “is not an approach that I would embrace.”
FTC Commissioner Rebecca Slaughter defended the intent behind some of the break-up proposals. “What they are doing is saying that we are concerned about the effects across the market, and in the market, and on consumers, of the market power that particularly large companies have, and how they are using that market power,” Slaughter said during the FTC session. “So it may be that either more regulation or breaking up is an appropriate way to remedy those concerns.”
Charlotte Slaiman, senior policy counsel at non-profit Public Knowledge, also raised the alarms over big tech’s dominance. “I am very concerned about the power of big tech, which I define as dominant digital platforms,” she said in yesterday’s panel. She did agree that antitrust laws are not necessarily well-suited to address the network effects that have led to big tech’s growth, but said new laws are needed to remedy consumer harms that are the result from dominant tech, including a federal privacy bill.
She also contested Atkinson’s premise that tech companies’ large R&D spending is the best way to measure innovation. A small company that is trying to gain market share is going to do much more disruptive innovation, she said. “A company that is already doing well, that is very comfortable in its market position, is going to do some innovation on the margins,” she said. But if a large companies discovers a great innovation that could potentially limit their market power, they might want to sit on that versus innovate, she added.
Sen. Rosen Talks STEM Bill, Tech Innovation: Sen. Jacky Rosen (D-Nev.) wasn’t able to make it to CES in Las Vegas this week due to the Senate schedule, but in a phone interview praised the state’s tech sector and highlighted STEM and tech legislation she’s pushing in Congress.
“I’m proud that Nevada is leading the nation in innovation and software job growth,” Rosen told Bloomberg Government. “I will continue to support legislation, like my bipartisan Building Blocks of STEM that was recently signed into law, to ensure that the Silver State is educating and training the workforce of tomorrow.”
Rosen and Victoria Espinel, president and CEO of BSA The Software Alliance, co-authored an opinion article yesterday in the Las Vegas Sun noting that Nevada has the fastest growing software job sector in the country.
Rosen’s bill (S. 737), signed into law by President Donald Trump late last year, expands STEM education initiatives at the National Science Foundation for young children and creates new research grants to increase the participation of girls in computer science.
She also highlighted her bipartisan Mapping to Save Moms’ Lives Act (S. 3152), which she released this week. That measure would require the Federal Communications Commission to map remote areas with internet service gaps and high rates of poor maternal health outcomes.
“In Nevada we have real frontier land, particularly in northern Nevada,” she said. “We know about 5G, we have places with no ‘G,’ We have to get everybody connected.”
She said she is working on legislation with Girls Who Code, a nonprofit that trains girls in computer coding, to require schools that receive federal funding for computer science programs to provide information on demographics in the classroom. “So many school districts say, ‘We have computer science education.’ But are we sure that we’re making it accessible, available and open or recruiting everybody to do that or just a select group,” she said.
Rosen has experience with technology, having worked as a computer programmer and software developer for numerous companies in Nevada, including Summa Corporation, Citibank, and Southwest Gas.
Happening on the Hill
Legislation & Letters:
- House Lawmakers Unveil Bill to Revamp Children’s Privacy Law: A bipartisan House bill announced yesterday aims to modernize children’s privacy laws by raising the age of parental consent and protecting the geolocation and biometric data of minors. The measure, introduced by Republican Rep. Tim Walberg (Mich.) and Democratic Rep. Bobby Rush (Ill.), would update the Children’s Online Privacy Protection Act of 1998, known as COPPA. The bill would raise age of parental consent protections for children from age 13 to 16, and affirm the law applies to children’s privacy on mobile apps. Sens. Josh Hawley (R-Mo.) and Ed Markey (D-Mass.) introduced a similar bill to update COPPA in the Senate last March. See the House bill text here.
- Wyden, Others Ping FCC on Wireless Scams: Sen. Ron Wyden (D-Ore.) and five House and Senate members yesterday asked the FCC to protect consumers from scammers hijacking phone numbers to steal bank and other personal information. “As the primary regulator of the wireless industry, the FCC has the responsibility and authority to secure America’s communication networks and protect consumers who rely on those networks. To that end, we urge the FCC to initiate a rulemaking to protect consumers from SIM swaps, port outs and other similar methods of account fraud,” the members wrote.
Happening Next Week:
- Facial Recognition: The House Oversight and Reform Committee on Wednesday holds the third installment in a series of hearings on facial recognition, focusing on “ensuring commercial transparency and accuracy.”
- Future Industries: The Senate Commerce, Science and Transportation Committee plans a hearing Wednesday on industries of the future. Witnesses include National Institute of Standards and Technology Director Walter Copan, National Science Foundation Director France Cordova, U.S. Chief Technology Officer Michael Kratsios, and FCC Commissioners Jessica Rosenworcel and Michael O’Rielly.
Industry and Regulation
Business Group Chief Urges Congress to Step Up on Privacy, Labor: Congress should move past gridlock and take the reins on issues such as privacy, where liberal states have enacted new laws, the leader of the U.S. Chamber of Commerce plans to say in a Thursday speech. “Washington’s inability to make progress on data privacy is resulting in a patchwork of state rules and regulations that will stifle the free flow of goods and services across state borders,” chamber Chief Executive Officer Tom Donohue said in prepared remarks.
As part of his annual “State of American Business” address, Donohue expressed worry about state-by-state approaches, particularly regarding data protection and worker classification in the gig economy, according to excerpts provided by the chamber, one of the most influential and highest-spending business associations in Washington. Read more from Ben Brody.
Apple Stole Tech for Watch, Masimo Claims: Apple is accused of stealing trade secrets and improperly using Masimo inventions related to health monitoring in its Apple Watch. Masimo, which develops signal processing technology for health-care monitors, and its spinoff, Cercacor Laboratories, claim in a lawsuit that Apple got secret information under the guise of a working relationship and then hired away key employees, including Michael O’Reilly, who became vice president of Apple’s health technology efforts. The business segment that includes the Apple Watch, Apple TV and Beats headphones is the company’s fastest-growing category and generated more than $24 billion in sales in the fiscal year that ended in September. Read more from Susan Decker and Mark Gurman.
New DHS Cybersecurity Assistant Director Starts: Bryan Ware earlier this week stepped into a top cyber role at Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency that was vacated by longtime assistant director Jeanette Manfra, according to a statement yesterday. Ware steps into the position just as the U.S. faces potential Iranian cyber attacks following its assassination of a top general. Sam Kaplan will fill Ware’s former position at the department later this month, Michaela Ross reports.
To contact the reporters on this story: Rebecca Kern in Washington at email@example.com; Giuseppe Macri in Washington at firstname.lastname@example.org
To contact the editors responsible for this story: Zachary Sherwood at email@example.com; Brandon Lee at firstname.lastname@example.org
The post #nationalcybersecuritymonth | TECH & CYBER BRIEFING: CES Debates Breaking Up Big Tech appeared first on National Cyber Security.
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans My family recently saw “Star Wars: The Rise of Skywalker” in a local movie theater, and we were not disappointed. The characters, action, plot, and almost everything else we experienced, met or exceeded our high expectations. As we were leaving the theater, almost everyone had an […] View full post on AmIHackerProof.com
On bikes and scooters, messengers with bright orange satchels whipped and weaved through Manhattan’s teeming streets. Their bags held snacks, DVDs, and diapers for a start-up called Kozmo.com, which promised deliveries in under an hour. It was the year 2000. And it all seemed magical.
The real magic, it soon turned out, was Kozmo’s ability to raise more than $250 million in funding despite running a money-losing operation. As the dot-com bubble burst later in 2000, a planned initial public offering was canceled. Kozmo was liquidated in April 2001. Among the investors left holding the bag were
(ticker: AMZN) and the venture-capital arm of SoftBank Group (9984.Japan).
Two decades later, Kozmo-like businesses are raising huge sums of money and delighting consumers. New movies get streamed straight to TVs, car service shows up instantly, and meals and goods arrive with the push of a button. Companies like
and SoftBank are still footing the bill.
Each new service undercuts the incumbents.
(LYFT) are cheaper than city cabs. A month of content from
(NFLX) costs less than one movie ticket; and Amazon makes every day feel like Black Friday.
But now we are on the precipice of another Kozmo-like reckoning. WeWork’s failed IPO—and a sudden focus on profits—has forced venture capital to rein in its voracious appetite. Investors have begun to feel the pain of a more discriminating market.
Consumers are likely to be next. Their free lunch—fueled by technology and generous private capital—is coming to an end. As the spigot turns off in both public and private markets, consumers will probably see changes from ride-sharing to food delivery that pinch their pocketbooks.
Billionaire investor and owner of the National Basketball Association’s Dallas Mavericks Mark Cuban says it will be difficult for many companies to adapt to the new reality. And it will be painful for consumers who have grown accustomed to great tech and low prices.
“It’s hard to sustain the growth rates that IPO investors look for, and it’s even harder to retrain customers to accept higher and profitable pricing after [companies’] subsidizing the cost for so long,” Cuban tells Barron’s in an email.
Several customers of these start-up services agree. “There is a tipping point,” says Kristen Ruby, president and founder of the Ruby Media Group, who spends $30 to $40 on food delivery multiple times a week. “Consumers will be put over the edge if the fees continue to get any higher.”
Andy Bachman, a rabbi who works as executive director of a New York City organization called the Jewish Community Project Downtown, says he orders with Seamless or
(GRUB) a couple of times each month. “Many people in the city who have more disposable income, they’re not going to have a problem with a small rise in delivery price,” he says. “But a normal family like ours, we’d stop using it.”
For much of the past decade, investors poured billions of dollars into start-ups, choosing to judge success by scale. Profits were for another day. Then, investors started to fear that the day might never come.
First came the weak performance of the unicorn IPOs. The share prices of hotly anticipated new stocks like Uber and
(PINS) have tumbled by more than 30% from their summer highs. The direct listing for
(WORK) has also proved to be a disappointment.
The turning point was the failed IPO of WeWork, the shared office-space company. At its peak, the company was worth $47 billion in the private market. Its IPO filing—which detailed huge losses and bewildering managerial decisions—triggered a reawakening among investors who suddenly remembered lessons from the internet bubble. WeWork was forced to shelve its offering and ultimately needed a bailout from SoftBank to stay solvent.
“The WeWork IPO process instilled a level of discipline in the market that hadn’t been there for a while,” says Mario Cibelli, manager of hedge fund Marathon Partners Equity Managment. “From the summer to the fall, you have gotten into a completely different environment. That exit opportunity that a lot of the private companies would be eyeing essentially dissipated. The public markets are demanding a different kind of risk profile and behavior.”
Jim Chanos, the short seller best known for predicting the collapse of Enron, blames SoftBank and its $100 billion dollar Vision Fund for fueling many of the unsustainable strategies. The Japanese company was WeWork’s largest investor.
“It’s very clear now that SoftBank got swept up and led the vanguard on this and maybe didn’t spend the time they should have on the business models,” says Chanos, the founder and managing partner of Kynikos Associates. “The whole WeWork thing was silly from the beginning.”
SoftBank declined to comment on the criticism over its business-model analysis of WeWork. But in an investor presentation in November, SoftBank said that it was now telling companies to focus on generating free cash flow (a measure of profitability) and that they should aim to be “self-financing.” It also started a new “no rescue package” policy for its portfolio companies.
“SoftBank figured that out a little bit late,” Chanos says. “Maybe these companies should have a path to profitability.”
The shift in sentiment has hit private markets, too. In the third quarter, start-ups received $27.5 billion in new venture capital during the third quarter, down 17% from the previous quarter and the lowest total in nearly two years, according to Dow Jones VentureSource.
Some of the start-ups won’t survive the new environment, while established businesses will be forced to raise consumer prices.
Internet TV is a good lesson for what consumers can expect. Virtual cable bundles, or virtual MVPDs (multichannel video programming distributors), hit the market roughly three years ago, promising to allow cord-cutters to get the best of live TV at a fraction of the cost of cable. At first, YouTube TV, Hulu Live TV,
PlayStation Vue, and DirecTV Now (currently called AT&T TV Now) all offered live-TV packages streamed over the internet for just $30 to $40 a month.
The low prices didn’t last. Craig Moffett, MoffettNathanson’s telecom analyst, says the virtual bundlers wrongly assumed that the business would have the winner-take-all economics akin to Google and
But content businesses are weighed down by a cost structure that doesn’t scale like native web businesses.
“The math never made any sense,” Moffett says. “The programming costs alone were north of $30 for those packages. After customer-service and customer-acquisition costs, there was simply no way anyone was going to make money.”
Faced with rising losses, Moffett notes, the internet TV services were forced to replicate the same price increases that drove people to cut the cord in the first place. As the prices went higher, subscriber growth sputtered. In October, Sony announced that it would shut down its Vue service in January. AT&T TV Now, meanwhile, raised its price so high—$65 a month, from the initial $35—that customers started to defect. Net subscriber losses for the service totaled nearly 700,000 in the past four quarters, according to MoffettNathanson. Internet TV now looks much like cable TV—both in cost and subscriber trends.
“Everybody initially hoped they would be able to grab market share and build a position that would give them more negotiating leverage and eventually be profitable to raise prices,” Moffett says. “In retrospect, neither of those assumptions held water.”
Moffett thinks the virtual-cable story could be repeated in other markets.
So what can consumers expect to happen in the ride-hailing, food-delivery, and streaming-video-subscriptions markets in the near future? Here’s a breakdown by industry:
With stocks of the major U.S. ride-hailing players—Uber and Lyft—battered in recent months, consumers should expect to see a wave of price increases in the coming year.
Wall Street data indicate that the ride-hailing firms can get away with higher prices. Canaccord Genuity says its latest price tracker shows that Lyft and Uber fares were up 6% on average since May, adjusted by ride class. Last month,
released an analysis of New York City ride-hail data, suggesting that demand for the service was inelastic. The firm found that when per-ride pricing rose 23% because of a congestion surcharge, it resulted in only a 10% decline in volume.
There are strong signals that a sea change is already under way. On Lyft’s last earnings call, the company’s chief financial officer said there was “increasing rationality” in the market, noting that average ride prices were higher year over year, adjusted for type of ride. Moreover, the company’s September-quarter adjusted margin on earnings before interest, taxes, depreciation, and amortization, or Ebitda, improved 32 percentage points, to a negative 13%, from the prior year. Lyft has said that it expects to be profitable by late 2021.
Marcelo Lima, a hedge fund manager at Heller House whose firm owns Lyft shares, sees a brewing duopoly in the U.S. ride-hailing space. He is more optimistic about Lyft than Uber because of the former’s North American focus. “I like the focus of Lyft; it’s a clear story,” he says. “They have a good chance of reaching very good economics soon.”
Uber, meanwhile, is being held back by its other money-losing units, like autonomous driving and food delivery.
What kind of actual price changes can consumers expect in the near term? Mike Puangmalai, a private investor who spent eight years as an analyst at Relational Investors, says, “For a $25 trip, don’t be surprised if it’s $30 this coming year. I do think prices will go up.”
Uber’s willingness to lose money has thrown the nascent food-delivery business into disarray. Four well-funded players—DoorDash, Uber Eats, Grubhub, and Postmates—have been trying to outdo one another with wider networks and better discounts. Staggering losses and great deals for customers are the result.
Uber Eats lost more than $300 million in the September quarter, with losses up nearly 70% year over year. Grubhub shares plunged 43% in late October, when it offered profit guidance well below Wall Street expectations. Industry analysts widely believe that DoorDash and Postmates are losing money and will have difficulty going public, given recent trends.
DoorDash and Postmates didn’t respond to emailed requests for comment.
Chanos, whose firm is short shares of Grubhub, believes that the food-delivery companies are facing pressure from restaurants asking for lower commission rates. He also expects that consumers will see fewer coupons and promotions from the delivery firms, adding that higher prices would probably result in far lower delivery volume.
In a statement, Grubhub said that it “has proved itself as the only food-delivery business in the U.S. with a profitable, transparent, and sustainable business model.”
“Several of our peers have achieved national scale,” Grubhub said, “but we are the only one that has grown without unsustainable shortcuts like incurring massive operating losses, offering irrational diner pricing, and giving drivers substantial subsidies.”
Cibelli, whose firm owns Grubhub shares, predicts that all of the players will have to fix their businesses by cutting back on the discounts that attracted customers in the first place. “Uber Eats, Postmates, and DoorDash are all going to have to approach break-even and cease their cash burn,” he says. “The odds of consolidation are quite high. Likely, you will eventually have two dominant players.”
The hedge fund manager believes that with fewer players, aggregate industry profitability will improve as the overlap in operating expenses such as marketing and administrative spending gets eliminated. After the consolidation, he predicts, the remaining companies will be able to raise prices, benefiting Grubhub’s stock price.
Bulls and bears agree that the current competitive landscape isn’t sustainable. Cibelli says that the private companies that used their enormous fund raising to chase low-profit-margin sales will face the biggest obstacles.
“DoorDash, especially, has created transactions more aggressively than would have occurred naturally by offering too good of a deal for consumers, especially on the fast-food-chain side,” Cibelli says. “It’s nice to press a button to have
delivered to you very cheaply, but these are inferior transactions.”
consumer survey revealed that 58% of diners said promotions and deals played a role in their food-delivery decisions. Furthermore, only 36% of consumers said they were exclusive to one platform.
Fast-food orders are especially problematic in terms of profitability. Morgan Stanley estimates that two-thirds of fast-food orders were under $7. In a typical $10 fast-food order, the firm says that a food-delivery company would lose $3.80 because of a $5 cost per delivery, net of fees.
Consumers are unlikely to readily accept higher delivery prices, as they might be with higher ride-hailing costs.
“If there are less promotions like free delivery, I’m not going to order as much personal meals,” says Puangmalai, 37, who is also a freelance software developer. “My usage will go down on the lower-ticket stuff.”
While the ride-hailing and food-delivery industries are due for a reckoning, online video streaming has a longer runway. The “free lunch” in video could last for a while, thanks to the deep pockets of big tech and media.
These companies have already told their investors to expect many years of continued losses, as they build their streaming libraries. AT&T, for example, expects its HBO Max to lose more than $4 billion before turning profitable in 2025.
The WeWork moment hasn’t hit the streaming business largely because video-streaming companies have other profitable businesses, like theme parks, movies, wireless services, and smartphones that can subsidize the streaming efforts at attractive price points.
(DIS) launched its Disney+ streaming service at just $7 a month, about 45% lower than Netflix’s standard plan. In its first year, Disney plans to have a library of 7,500 TV episodes and 500 movies—including the company’s Pixar, Star Wars, and Marvel films. Disney has told investors that it won’t make money on Disney+ until 2024.
Disney isn’t alone in firing large shots in the streaming wars. In October, WarnerMedia unveiled details for its HBO Max streaming service, which will start in May. Warner says the service will have 10,000 hours of content from HBO, Warner Bros., DC Entertainment, CNN, TNT, Cartoon Network, Adult Swim, and other WarnerMedia properties. It will have 50 “Max Originals” by 2021. Despite having double the content, HBO Max will cost $14.99 a month, the same current cost as standard HBO.
The low cost of streaming is all the more striking given the costs being spent on content to power the services. Cowen estimates that Netflix and Amazon will spend $15 billion and $8 billion, respectively, for content in 2019. The firm thinks that
(AAPL), which just introduced its Apple TV+ service at $4.99 a month, will spend $6 billion annually within two years.
“The pricing environment will definitely be more muted than in the past five years due to the increased competition,” says Cowen analyst John Blackledge.
Indeed, Netflix may be looking to cut the entry price in certain markets. It is already trying lower-priced mobile-only plans in India, suggesting that cheap plans may be the key to its international expansion.
The problem for Netflix is that running a streaming service continues to get more expensive. On its last earnings call, Netflix’s management acknowledged that the content cost for the hottest TV shows with multiple bidders had risen 30% over the past year. The bull case for Netflix stock has always been its potential to raise subscription prices over time. But new streaming options are sure to limit Netflix’s pricing power.
Over the past year, it was quite the roller-coaster ride for the streaming giant’s investors. Netflix’s stock price started 2019 strong, with a 40% rally through July, but it then lost all those gains in just two months after the company posted a disappointing second quarter. Netflix shares did rebound into year-end, closing up 21% for 2019, though materially lagging the major indexes. Shareholders should expect more volatility and lackluster relative returns for the next few years.
The uncertainty for the longtime market darling speaks to a new dynamic on Wall Street. Delighted consumers are no longer aligned with happy investors. As the unicorns grow up, they’ll look more like cable companies and less like nonprofits.
“If something is too good to be true, it probably is,” Moffett says.
Josh Nathan-Kazis contributed to this article.
Write to Tae Kim at email@example.com
View full post on National Cyber Security