3 analysts weigh in: What are Andy Jassy’s top priorities as Amazon’s new CEO?

/0 Comments/in /by

It’s not easy following a larger-than-life founder and CEO of an iconic company, but that’s what former AWS CEO Andy Jassy faces this week as he takes over for Jeff Bezos, who moves into the executive chairman role. Jassy must deal with myriad challenges as he becomes the head honcho at the No. 2 company on the Fortune 500.

How he handles these challenges will define his tenure at the helm of the online retail giant. We asked several analysts to identify the top problems he will have to address in his new role.

Ensure a smooth transition

Handling that transition smoothly and showing investors and the rest of the world that it’s business as usual at Amazon is going to be a big priority for Jassy, said Robin Ody, an analyst at Canalys. He said it’s not unlike what Satya Nadella faced when he took over as CEO at Microsoft in 2014.

Handling the transition smoothly and showing investors and the rest of the world that it’s business as usual at Amazon is going to be a big priority for Jassy.

“The biggest task is that you’re following Jeff Bezos, so his overarching issue is going to be stability and continuity. … The eyes of the world are on that succession. So managing that I think is the overall issue and would be for anyone in the same position,” Ody said.

Forrester analyst Sucharita Kodali said Jassy’s biggest job is just to keep the revenue train rolling. “I think the biggest to-do is to just continue that momentum that the company has had for the last several years. He has to make sure that they don’t lose that. If he does that, I mean, he will win,” she said.

Maintain company growth

As an online retailer, the company has thrived during COVID, generating $386 billion in revenue in 2020, up more than $100 billion over the prior year. As Jassy takes over and things return to something closer to normal, will he be able to keep the revenue pedal to the metal?

Cloud security platform Netskope boosts valuation to $7.5B following $300M raise

/0 Comments/in /by

Netskope, focused on Secure Access Service Edge architecture, announced Friday a $300 million investment round on a post-money valuation of $7.5 billion.

The oversubscribed insider investment was led by ICONIQ Growth, which was joined by other existing investors, including Lightspeed Venture Partners, Accel, Sequoia Capital Global Equities, Base Partners, Sapphire Ventures and Geodesic Capital.

Netskope co-founder and CEO Sanjay Beri told TechCrunch that since its founding in 2012, the company’s mission has been to guide companies through their digital transformation by finding what is most valuable to them — sensitive data — and protecting it.

“What we had before in the market didn’t work for that world,” he said. “The theory is that digital transformation is inevitable, so our vision is to transform that market so people could do that, and that is what we are building nearly a decade later.”

With this new round, Netskope continues to rack up large rounds: it raised $340 million last February, which gave it a valuation of nearly $3 billion. Prior to that, it was a $168.7 million round at the end of 2018.

Similar to other rounds, the company was not actively seeking new capital, but that it was “an inside round with people who know everything about us,” Beri said.

“The reality is we could have raised $1 billion, but we don’t need more capital,” he added. “However, having a continued strong balance sheet isn’t a bad thing. We are fortunate to be in that situation, and our destination is to be the most impactful cybersecurity company in the world.

Beri said the company just completed a “three-year journey building the largest cloud network that is 15 milliseconds from anyone in the world,” and intends to invest the new funds into continued R&D, expanding its platform and Netskope’s go-to-market strategy to meet demand for a market it estimated would be valued at $30 billion by 2024, he said.

Even pre-pandemic the company had strong hypergrowth over the past year, surpassing the market average annual growth of 50%, he added.

Today’s investment brings the total raised by Santa Clara-based Netskope to just over $1 billion, according to Crunchbase data.

With the company racking up that kind of capital, the next natural step would be to become a public company. Beri admits that Netskope could be public now, though it doesn’t have to do it for the traditional reasons of raising capital or marketing.

“Going public is one day on our path, but you probably won’t see us raise another private round,” Beri said.

To guard against data loss and misuse, the cybersecurity conversation must evolve

Netskope hauls in another $340M investment on nearly $3B valuation

 

Spike in “Chain Gang” Destructive Attacks on ATMs

/0 Comments/in /by

Last summer, financial institutions throughout Texas started reporting a sudden increase in attacks involving well-orchestrated teams that would show up at night, use stolen trucks and heavy chains to rip Automated Teller Machines (ATMs) out of their foundations, and make off with the cash boxes inside. Now it appears the crime — known variously as “ATM smash-and-grab” or “chain gang” attacks — is rapidly increasing in other states.

Four different ATM “chain gang” attacks in Texas recently. Image: Texas Bankers Association.

The Texas Bankers Association documented at least 139 chain gang attacks against Texas financial institutions in the year ending November 2020. The association says organized crime is the main source of the destructive activity, and that Houston-based FBI officials have made more than 50 arrests and are actively tracking about 250 individuals suspected of being part of these criminal rings.

From surveillance camera footage examined by fraud investigators, the perpetrators have followed the same playbook in each incident. The bad guys show up in the early morning hours with a truck or tractor that’s been stolen from a local construction site.

Then two or three masked men will pry the front covering from the ATM using crowbars, and attach heavy chains to the cash machine. The canisters of cash inside are exposed once the crooks pull the ATM’s safe door off using the stolen vehicle.

In nearly all cases, the perpetrators are done in less than five minutes.

Tracey Santor is the bond product manager for Travelers, which insures a large number of financial institutions against this type of crime. Santor said investigators questioning some of the suspects learned that the smash-and-grabs are used as a kind of initiation for would-be gang members.

“One of the things they found out during the arrest was the people wanting to be in the gang were told they had to bring them $250,000 within a week,” Santor said. “And they were given instructions on how to do it. I’ve also heard of cases where the perpetrators put construction cones around the ATM so it looks to anyone passing by that they’re legitimately doing construction at the site.”

Santor said the chain gang attacks have spread to other states, and that in the year ending June 2021 Travelers saw a 257 percent increase in the number of insurance claims related to ATM smash-and-grabs.

That 257 percent increase also includes claims involving incidents where attackers will crash a stolen car into a convenience store, and then in the ensuing commotion load the store’s ATM into the back of the vehicle and drive away.

In addition to any cash losses — which can often exceed $200,000 — replacing destroyed ATMs and any associated housing can take weeks, and newer model ATMs can cost $80,000 or more.

“It’s not stopping,” Santor said of the chain gang attacks. “In the last year we counted 32 separate states we’ve seen this type of attack in. Normally we are seeing single digits across the country. 2021 is going to be the same or worse for us than last year.”

Increased law enforcement scrutiny of the crime in Texas might explain why a number of neighboring states are seeing a recent uptick in the number of chain gang attacks, said Elaine Dodd, executive vice president of the fraud division for the Oklahoma Bankers Association.

“We have a lot of it going on here now and they’re getting good at it,” Dodd said. “The numbers are surging. I think since Texas has focused law enforcement attention on this it’s spreading like fingers out from there.”

Chain gang members at work on a Texas bank ATM. Image: Texas Bankers Association.

It’s not hard to see why physical attacks against ATMs are on the rise. In 2019, the average amount stolen in a traditional bank robbery was just $1,797, according to the FBI.

In contrast, robbing ATMs is way less risky and potentially far more rewarding for the perpetrators. That’s because bank ATMs can typically hold hundreds of thousands of dollars in cash.

Dodd said she hopes to see more involvement from federal investigators in fighting chain gang attacks, and that it would help if more of these attacks were prosecuted as bank robberies, which can carry stiff federal penalties. As it is, she said, most incidents are treated as property crimes and left to local investigators.

“We had a rash of three attacks recently and contacted the FBI, and were told, ‘We don’t work these,’” Dodd said. “The FBI looks at these attacks not as bank robbery, but just the theft of cash.”

In January, Texas lawmakers are introduced legislation that would make destroying an ATM a third degree felony offense. Such a change would mean chain gang members could be prosecuted with the same zeal Texas applies to people who steal someone’s livestock, a crime which is punishable by 2-10 years in prison and a fine of up to $10,000 (or both).

“The bottom line is, right now bank robbery is a felony and robbing an unattended ATM is not,” Santor said.

KrebsOnSecurity checked in with the European ATM Security Team (EAST), which maintains statistics about fraud of all kinds targeting ATM operators in Europe. EAST Executive Director Lachlan Gunn said overall physical attacks on ATMs in Europe have been a lot quieter since the pandemic started.

“Attacks fell right away during the lockdowns and have started to pick up a little as the restrictions are eased,” Gunn said. “So no major spike here, although [the United States is] further ahead when it comes to the easing of restrictions.”

Gunn said the most common physical attacks on European ATMs continue to involve explosives —  such as gas tanks and solid explosives that are typically stolen from mining and construction sites.

“The biggest physical attack issue in Europe remains solid explosive attacks, due to the extensive collateral damage and the risk to life,” Gunn said.

The Texas Bankers Association report, available here (PDF), includes a number of recommended steps financial institutions can take to reduce the likelihood of being targeted by chain gangs.

Dropbox is reimagining the workplace with Dropbox Studios

/0 Comments/in /by

The pandemic has been a time for a lot of reflection on both a personal and business level. Tech companies in particular are assessing whether they will ever again return to a full-time, in-office approach. Some are considering a hybrid approach and some may not go back to a building at all. Amidst all this, Dropbox has decided to reimagine the office with a new concept they are introducing this week called Dropbox Studios.

Dropbox CEO and co-founder Drew Houston sees the pandemic as a forcing event, one that pushes companies to rethink work through a distributed lens. He doesn’t think that many businesses will simply go back to the old way of working. As a result, he wanted his company to rethink the office design with one that did away with cube farms with workers spread across a landscape of cubicles. Instead, he wants to create a new approach that takes into account that people don’t necessarily need a permanent space in the building.

“We’re soft launching or opening our Dropbox Studios [this] week in the U.S., including the one in San Francisco. And we took the opportunity as part of our focus to reimagine the office into a collaborative space that we call a studio,” Houston told me.

Houston says that the company really wanted to think about how to incorporate the best of working at home with the best of working at the office collaborating with colleagues. “We focused on having really great curated in-person experiences, some of which we coordinate at the company level and then some of which you can go into our studios, which have been refitted to support more collaboration,” he said.

Dropbox Studio coffee shop

Dropbox Studio coffee shop. Image Credits: Dropbox

To that end, they have created a lot of soft spaces with a coffee shop to create a casual feel, conference rooms for teams to have what Houston called “on-site off-sites” and classrooms for organized group learning. The idea is to create purpose-built spaces for what would work best in an office environment and what people have been missing from in-person interactions since they were forced to work at home by the pandemic, while letting people accomplish more individual work at home.

As tech offices begin to reopen, the workplace could look very different

The company is planning on dedicated studios in major cities like San Francisco, Seattle, Tokyo and Tel Aviv with smaller on-demand spaces operated by partners like WeWork in other locations.

Dropbox Studio Classroom

Dropbox Studio classroom space. Image Credits: Dropbox

As Houston said when he appeared at TechCrunch Disrupt last year, his company sees this as an opportunity to be on the forefront of distributed work and act as an example and a guide to help other companies as they undertake similar journeys.

“When you think more broadly about the effects of the shift to distributed work, it will be felt well beyond when we go back to the office. So we’ve gone through a one-way door. This is maybe one of the biggest changes to knowledge work since that term was invented in 1959,” Houston said last year.

He recognizes that they have to evaluate how this is going to work and iterate on the design as needed, just as the company iterates on its products and they will be evaluating the new spaces and the impact on collaborative work and making adjustments when needed. To help others, Dropbox is releasing an open-source project plan called the Virtual First Toolkit.

The company is going all-in with this approach and will be subletting much of its existing office space as it moves to this new way of working and its space requirements change dramatically. It’s a bold step, but one that Houston believes his company is uniquely positioned to undertake, and he wants Dropbox to be an example to others on how to reinvent the way we work.

Dropbox CEO Drew Houston says the pandemic forced the company to reevaluate what work means

Rootly nabs $3.2M seed to build SRE incident management solution inside Slack

/0 Comments/in /by

As companies look for ways to respond to incidents in their complex microservices-driven software stacks, SREs — site reliability engineers — are left to deal with the issues involved in making everything work and keeping the application up and running. Rootly, a new early-stage startup wants to help by building an incident-response solution inside of Slack.

Today the company emerged from stealth with a $3.2 million seed investment. XYZ Venture Capital led the round with participation from 8VC, Y Combinator and several individual tech executives.

Rootly co-founder and CEO Quentin Rousseau says that he cut his SRE teeth working at Instacart. When he joined in 2015, the company was processing hundreds of orders a day, and when he left in 2018 it was processing thousands. It was his job to make sure the app was up and running for shoppers, consumers and stores even as it scaled.

He said that while he was at Instacart, he learned to see patterns in the way people responded to an issue and he had begun working on a side project after he left looking to bring the incident response process under control inside of Slack. He connected with co-founder JJ Tang, who had started at Instacart after Rousseau left in 2018, and the two of them decided to start Rootly to help solve these unique problems that SREs face around incident response.

“Basically we want people to manage and resolve incidents directly in Slack. We don’t want to add another layer of complexity on top of that. We feel like there are already so many tools out there and when things are chaotic and things are on fire, you really want to focus quickly on the resolution part of it. So we’re really trying to be focused on the Slack experience,” Rousseau explained.

The Rootly solution helps SREs connect quickly to their various tools inside Slack, whether that’s Jira or Zendesk or DataDog or PagerDuty, and it compiles an incident report in the background based on the conversation that’s happening inside of Slack around resolving the incident. That will help when the team meets for an incident post-mortem after the issue is resolved.

4 women in engineering discuss harassment, isolation and perseverence

The company is small at the moment with fewer than 10 employees, but it plans to hire some engineers and sales people over the next year as they put this capital to work.

Tang says that they have built diversity as a core component of the company culture, and it helps that they are working with investor Ross Fubini, managing partner at lead investor XYZ Venture Capital. “That’s also one of the reasons why we picked Ross as our lead investor. [His firm] has probably one of the deepest focuses around [diversity], not only as a fund, but also how they influence their portfolio companies,” he said.

Fubini says there are two main focuses in building diverse companies including building a system to look for diverse pools of talent, and then building an environment to help people from underrepresented groups feel welcome once they are hired.
“One of our early conversations we had with Rootly was how do we both bring a diverse group in and benefit from a diverse set of people, and what’s going to both attract them, and when they come in make them feel like this is a place that they belong,” Fubini explained.

The company is fully remote right now with Rousseau in San Francisco and Tang in Toronto, and the plan is to remain remote whenever offices can fully reopen. It’s worth noting that Rousseau and Tang are members of the current Y Combinator batch.

How you react when your systems fail may define your business

 

Achieving digital transformation through RPA and process mining

/0 Comments/in /by
Alp Uguray
Contributor

Alp Uguray is an award-winning technologist, adviser and investor with 2x UiPath (MVP) Most Valuable Professional Award and is a globally recognized expert on intelligent automation, AI (artificial intelligence), RPA, process mining and enterprise digital transformation.

Understanding what you will change is most important to achieve a long-lasting and successful robotic process automation transformation. There are three pillars that will be most impacted by the change: people, process and digital workers (also referred to as robots). The interaction of these three pillars executes workflows and tasks, and if integrated cohesively, determines the success of an enterprisewide digital transformation.

Robots are not coming to replace us, they are coming to take over the repetitive, mundane and monotonous tasks that we’ve never been fond of. They are here to transform the work we do by allowing us to focus on innovation and impactful work. RPA ties decisions and actions together. It is the skeletal structure of a digital process that carries information from point A to point B. However, the decision-making capability to understand and decide what comes next will be fueled by RPA’s integration with AI.

From a strategic standpoint, success measures for automating, optimizing and redesigning work should not be solely centered around metrics like decreasing fully loaded costs or FTE reduction, but should put the people at the center.

We are seeing software vendors adopt vertical technology capabilities and offer a wide range of capabilities to address the three pillars mentioned above. These include powerhouses like UiPath, which recently went public, Microsoft’s Softomotive acquisition, and Celonis, which recently became a unicorn with a $1 billion Series D round. RPA firms call it “intelligent automation,” whereas Celonis targets the execution management system. Both are aiming to be a one-stop shop for all things related to process.

We have seen investments in various product categories for each stage in the intelligent automation journey. Process and task mining for process discovery, centralized business process repositories for CoEs, executives to manage the pipeline and measure cost versus benefit, and artificial intelligence solutions for intelligent document processing.

For your transformation journey to be successful, you need to develop a deep understanding of your goals, people and the process.

Define goals and measurements of success

From a strategic standpoint, success measures for automating, optimizing and redesigning work should not be solely centered around metrics like decreasing fully loaded costs or FTE reduction, but should put the people at the center. To measure improved customer and employee experiences, give special attention to metrics like decreases in throughput time or rework rate, identify vendors that deliver late, and find missed invoice payments or determine loan requests from individuals that are more likely to be paid back late. These provide more targeted success measures for specific business units.

The returns realized with an automation program are not limited to metrics like time or cost savings. The overall performance of an automation program can be more thoroughly measured with the sum of successes of the improved CX/EX metrics in different business units. For each business process you will be redesigning, optimizing or automating, set a definitive problem statement and try to find the right solution to solve it. Do not try to fit predetermined solutions into the problems. Start with the problem and goal first.

Understand the people first

To accomplish enterprise digital transformation via RPA, executives should put people at the heart of their program. Understanding the skill sets and talents of the workforce within the company can yield better knowledge of how well each employee can contribute to the automation economy within the organization. A workforce that is continuously retrained and upskilled learns how to automate and flexibly complete tasks together with robots and is better equipped to achieve transformation at scale.

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

/0 Comments/in /by

Last week cybercriminals deployed ransomware to 1,500 organizations, including many that provide IT security and technical support to other companies. The attackers exploited a vulnerability in software from Kaseya, a Miami-based company whose products help system administrators manage large networks remotely. Now it appears Kaseya’s customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.

On July 3, the REvil ransomware affiliate program began using a zero-day security hole (CVE-2021-30116) to deploy ransomware to hundreds of IT management companies running Kaseya’s remote management software — known as the Kaseya Virtual System Administrator (VSA).

According to this entry for CVE-2021-30116, the security flaw that powers that Kaseya VSA zero-day was assigned a vulnerability number on April 2, 2021, indicating Kaseya had roughly three months to address the bug before it was exploited in the wild.

Also on July 3, security incident response firm Mandiant notified Kaseya that their billing and customer support site —portal.kaseya.net — was vulnerable to CVE-2015-2862, a “directory traversal” vulnerability in Kaseya VSA that allows remote users to read any files on the server using nothing more than a Web browser.

As its name suggests, CVE-2015-2862 was issued in July 2015. Six years later, Kaseya’s customer portal was still exposed to the data-leaking weakness.

The Kaseya customer support and billing portal. Image: Archive.org.

Mandiant notified Kaseya after hearing about it from Alex Holden, founder and chief technology officer of Milwaukee-based cyber intelligence firm Hold Security. Holden said the 2015 vulnerability was present on Kaseya’s customer portal until Saturday afternoon, allowing him to download the site’s “web.config” file, a server component that often contains sensitive information such as usernames and passwords and the locations of key databases.

“It’s not like they forgot to patch something that Microsoft fixed years ago,” Holden said. “It’s a patch for their own software. And it’s not zero-day. It’s from 2015!”

The official description of CVE-2015-2862 says a would-be attacker would need to be already authenticated to the server for the exploit to work. But Holden said that was not the case with the vulnerability on the Kaseya portal that he reported via Mandiant.

“This is worse because the CVE calls for an authenticated user,” Holden said. “This was not.”

Michael Sanders, executive vice president of account management at Kaseya, confirmed that the customer portal was taken offline in response to a vulnerability report. Sanders said the portal had been retired in 2018 in favor of a more modern customer support and ticketing system, yet somehow the old site was still left available online.

“It was deprecated but left up,” Sanders said.

In a written statement shared with KrebsOnSecurity, Kaseya said that in 2015 CERT reported two vulnerabilities in its VSA product.

“We worked with CERT on responsible disclosure and released patches for VSA versions V7, R8, R9 and R9 along with the public disclosure (CVEs) and notifications to our customers. Portal.kaseya.net was not considered by our team to be part of the VSA shipping product and was not part of the VSA product patch in 2015. It has no access to customer endpoints and has been shut down – and will no longer be enabled or used by Kaseya.”

“At this time, there is no evidence this portal was involved in the VSA product security incident,” the statement continued. “We are continuing to do forensic analysis on the system and investigating what data is actually there.”

The REvil ransomware group said affected organizations could negotiate independently with them for a decryption key, or someone could pay $70 million worth of virtual currency to buy a key that works to decrypt all systems compromised in this attack.

But Sanders said every ransomware expert Kaseya consulted so far has advised against negotiating for one ransom to unlock all victims.

“The problem is that they don’t have our data, they have our customers’ data,” Sanders said. “We’ve been counseled not to do that by every ransomware negotiating company we’ve dealt with. They said with the amount of individual machines hacked and ransomwared, it would be very difficult for all of these systems to be remediated at once.”

In a video posted to Youtube on July 6, Kaseya CEO Fred Voccola said the ransomware attack had “limited impact, with only approximately 50 of the more than 35,000 Kaseya customers being breached.”

“While each and every customer impacted is one too many, the impact of this highly sophisticated attack has proven to be, thankfully, greatly overstated,” Voccola said.

The zero-day vulnerability that led to Kaseya customers (and customers of those customers) getting ransomed was discovered and reported to Kaseya by Wietse Boonstra, a researcher with the Dutch Institute for Vulnerability Disclosure (DIVD).

In a July 4 blog post, DIVD’s Victor Gevers wrote that Kaseya was “very cooperative,” and “asked the right questions.”

“Also, partial patches were shared with us to validate their effectiveness,” Gevers wrote. “During the entire process, Kaseya has shown that they were willing to put in the maximum effort and initiative into this case both to get this issue fixed and their customers patched. They showed a genuine commitment to do the right thing. Unfortunately, we were beaten by REvil in the final sprint, as they could exploit the vulnerabilities before customers could even patch.”

Still, Kaseya has yet to issue an official patch for the flaw Boonstra reported in April. Kaseya told customers on July 7 that it was working “through the night” to push out an update.

Gevers said the Kaseya vulnerability was discovered as part of a larger DIVD effort to look for serious flaws in a wide array of remote network management tools.

“We are focusing on these types of products because we spotted a trend where more and more of the products that are used to keep networks safe and secure are showing structural weaknesses,” he wrote.

Cyber Insurance: Navigating A Tough New World In the Age of Ransomware

/0 Comments/in /by

This week, REvil ransomware operators exploited a bug in Kaseya VSA software and then requested a lump sum of $50 million for a universal decryption key for all victims of the Kaseya attack. To put that in context, last year, all ransomware extortion payments were calculated at $350 million in cryptocurrency. Insurance carriers are paying those claims, but the increased cost and frequency/timeline to pay is outside the scope of traditional insurance.

No market segment or industry group has been spared by ransomware. In this threat environment, two things are certain: organizations need better security stacks/fewer bugs, and they need to transfer risk via cyber insurance. Unfortunately, a lot of companies viewed this as an “either/or” proposition and that has driven losses and dramatic change in the way that insurers price cyber risk.

Marsh Insurance reported a 35% increase in cyber insurance premiums last month, the largest in 5 years. Unsustainable loss ratios have led to higher premiums for less coverage and higher retentions (deductibles). Many companies will not qualify for renewal if their tech stack is not up to par. Brokers report all markets are requiring higher technical standards and many now require EDR. Companies that don’t present well will not qualify for coverage.

For those that are new to this area, Cyber insurance is a two-tiered market. You need a broker to purchase the coverage from a carrier (AXA, Chubb, etc.). The carriers use Reinsurance to share the losses, and now the reinsurers are tightening their guidelines under their ‘treaties’ with carriers and reducing capacity.

Brokers must navigate the risk management issues with each client as they attempt to secure coverage. It’s a lengthy process and ‘real-time’ network security reports are difficult to obtain. Most company-specific cyber analysis reports are from the outside of the network, looking in. While this data is useful, it doesn’t tell you what evil may be hiding on systems inside the company.

What should companies expect during the new underwriting process? We spoke with several Cyber insurance brokers to determine how companies can qualify for cyber insurance given the stringent new guidelines.

Our panel of experts include:

  • Chris Keegan, Sr. Managing Director of Beecher Carlson
  • Anthony Dagostino, EVP at Lockton Companies
  • David Lewison, EVP of AmWINS Insurance
  • Jesus Gonzalez, Cyber Chief of Staff, Aon Insurance

Are your clients able to keep their Cyber policy coverage intact? How has coverage and policies changed?

David: The main reaction to the ransomware pandemic is to cut limits. A small handful of insurers are pushing coinsurance for all ransomware related expenses. The rates are unpredictable at the moment. The underwriters don’t want to lose good risks – at least those they think are good. Retentions are rising. Brokers would rather sell higher premiums than restrict coverage. The last thing we want is to see premiums paid, but losses not covered. Many markets are making their ransomware applications mandatory. Any answers that they don’t like and they won’t quote or stay on a renewal. They used to just charge more if a risk didn’t look as locked up. Now they walk. It’s made it tougher to find a home for the companies that are behind on their security posture.

Anthony: Many are in-line but some high, much higher, and some lower. It depends on the industry, loss history and controls in place. Capacity is getting a bit more strict and large clients are seeing a push to higher retentions in some cases.

Chris: As we started the first quarter of 2021, we were aware the frequency and severity of ransomware claims would require cyber insurance markets to make major adjustments to their books. Directionally this meant reducing limits, increasing premiums by 30% to 40%, and in some cases, reducing their exposure to ransomware through sub-limits and coinsurance.

All relatively manageable, but as we come towards the end of Q2, the landscape has changed dramatically with increases for large clients in the 40% to 50% range and some smaller clients seeing increases of over 100%. Markets have contacted us that they are pulling out of the cyber insurance market entirely. Furthermore, insurance carriers are informing us they have a limit to how much business they can write. In other words, once they’ve reached a total number of exposed limits, they are done for the year. BCS, who support us on a number of large accounts that renew in Q4, contacted us to say they have only half the limits available and to reserve those limits now; and as for the large leading markets, namely AIG, Chubb and Axis, be prepared to have limits reduced by half.

Whether we continue to see carriers leaving the market or not, one thing is for sure, the underwriting process is much more intense and we need to be prepared to help assess our clients risk, determine where our clients are in their cybersecurity maturity lifecycle, and assist in creating a plan forward towards a comprehensive solution.

Jesus: On January 1, 2021 many reinsurance treaties renewed albeit at a significantly higher cost due to loss ratios and coupled with more stringent underwriting requirements. The term ‘hardening’ insurance market took on new meaning for network security and privacy liability (cyber) space due to recent events including SolarWinds and MSFT exchange server vulnerabilities. In terms of coverage changes, a handful of insurers are injecting coinsurance as part of the cyber extortion (ransomware) insuring agreement. This has not previously been seen in the cyber insurance space.

As far as capacity is concerned, we are seeing a vast range of behaviors; from many insurance market partners reducing their limits on any particular risk to non-renewing terms and conditions even for risks that have no claims history and better than average cyber controls. As far as business interruption coverage is concerned, many are pulling back on contingent business interruption (BI) coverage extended to cover an insured’s loss of income due to a vendors’ cyber event. Ensuring that the client has a strong vendor due diligence program in place is key to maintaining this coverage.

How does the Broker help the client maintain/secure coverage? Are you utilizing network scans or similar to meet with carrier underwriting requirements?

David: We don’t have any scan technology of our own so we rely on the offerings of the insuretech’s and carriers that have been doing that. One thing I’ve been watching is what scan is being used. A few insurtech’s have built their own scan while many other insurers are outsourcing, often to the same one or two vendors. If they all use the same vendor, do they get a competitive edge? If they don’t scan, are they going to be victims of bad risk selection? What if the scan is looking at the wrong things? I believe scans are good for assessing a portfolio of risks for the carriers.

Another interesting thing is who gets to see the scan. The insuretech’s share the scan data so clients can work on their weaknesses. Other carriers use the scan as part of risk selection, but don’t share it. The best way we have to maintain coverage is to be in tune with the huge range of insurers and their appetites. With 100+ insurers and fluctuating appetites, it’s very challenging to find the perfect carrier partner for every unique risk. We get there by collaborating and sharing what we are seeing across industry groups, revenue sizes, insurer appetites, loss trends, etc.

Anthony: We’ve really shifted over the past 12 months or so to more cyber risk management in addition to just the placement of the policy. We utilize risk quantification tools and network scans in some cases to preempt the underwriting response.

Chris: We are utilizing external network scans (Binary Edge) to allow our clients to see what the underwriters are seeing. For us, its advising where the most critical issues are from, combined with the underwriter’s perspective in helping our clients develop a narrative for those areas where there are weaknesses and helping them to express where they’re strong.

Will your larger enterprise accounts be able to keep their coverage at current levels or will the renewal costs be prohibitive or cause a reduction in coverage?

David: We are definitely seeing cases where the insurers are reducing their limits on larger risks and there aren’t enough insurers jumping in to fill those gaps. We’ve had some challenging placements higher up on towers as insurers have reduced limits and dropped lower where the premiums are higher. Higher retentions are one way for the client to share in the risk and find more interested insurers. Accepting a level of coinsurance for ransomware is another.

Anthony: It depends on the client, the program, and their approach to risk. Some have bought more limit in the environment given the exposures while others manage to budgets and explore higher self insured retentions, loss corridors, and increased captive use.

Chris: This is a work in progress at the moment. The capacity available is shrinking so towers are reducing. We are often working to replace gaps with Co-insurance from the clients captive. Decisions on risk transfer versus self-insurance are being made on a case by case basis looking at cost benefit. Going forward we think the market will find some level of equilibrium so we find many of our clients continuing to purchase the cover rather than self-insure where they can in the hope that they will be able to hold onto their programs through this period to a point where the market normalizes.

Jesus: Larger enterprise accounts, those defined by annual revenues of $2B or greater, can expect a 10-fold effort to renew their program and should allocate a sufficient amount of time by aligning internal resources including CISO, legal, compliance, and procurement to successfully address all insurance market inquiries surrounding their E&O/Cyber program. Cyber insurance markets are now requiring baseline application, supplementals (including ransomware), and a formal underwriting meeting to address any/all questions surrounding their cybersecurity hygiene. We are advising clients to start four to six months in advance of their renewal date.

Even if the large enterprise entity addresses all required underwriting information, we are still seeing renewal costs surge. All sensitivity analysis that were previously provided for budgeting purposes to clients have been completely blown, due to primary programs experiencing greater than 50% YoY premium increases in the second quarter for expiring terms and conditions on various risk profiles. As a broker, we have to provide the client options including raising the self-insured retention level, a reduction in total capacity, or removing some insuring agreements. We are seeing a significant increase in the use of captives to address capacity shortfalls or to maintain a reasonable pricing structure from the more sophisticated risk managers.

What is your best guidance for companies seeking new policies or renewals in this environment?

David: As is always the case in insurance, any uncertainty leads to higher prices and fewer options. Come prepared to be transparent with underwriters. They are being selective on risks and want to be sure they are getting good risks. If you hide details, they’ll just take a pass.

Anthony: Know the marketplace, know the key controls needed to get the best coverage, and work with your broker. If renewing coverage, start the process very early.

Chris: Start preparing your submission for the insurance well in advance. For large companies that may mean six months or more in advance of the renewal. Critically review key controls for ransomware attacks and prepare your ID security team to be able to talk to those controls and provide a well-crafted presentation to the underwriting community.

Jesus: For new placements, our advice is that you work with an experienced broker to ensure that your company is prepared for the barrage of underwriting questions that will come across various domains including but not limited to:

  • Operational IT
    • Security Organization
    • Software/Network Connectivity (MFA in place across the firm)
    • Access Management (limited Domain Admin accounts)
  • Security Controls/Procedures
    • Intrusion Testing, Detection and Prevention (think endpoint protection, firewalls, etc.)
    • Policies & Procedures (documented and tested)
    • Hosting of Information + Encryption (DLPs)
  • Business Continuity & Incident Response Planning (documented, tested, updated)
  • Vendor Management (think SolarWinds)

For renewals, our recommendation is to start early. The risk manager should query the firm and gather as much intelligence in preparation for the renewal cycle from internal stakeholders to ensure the company’s risk profile has not changed significantly from the previous year, including a new acquisition/divestiture, new vendor partner providing key services (new MSSP perhaps), or new contract requirements stipulated a certain level of coverage and/or limits.

With an updated risk profile in hand, the risk manager should reach out to the broker to query all existing insurance partners for their concerns, appetite, and upcoming requirements but most importantly for their continued support of the risk transfer solution. Finally, the risk manager should confirm that the risk transfer program is in alignment with the corporate strategy especially since this ‘hardening’ market will impact budgeting.

What are your clients saying about the ransomware threat? Do they believe they are sufficiently protected? Do they expect insurance will cover their losses?

David: As a wholesaler, we don’t often get to talk to the clients. I know the clients are concerned about ransomware based upon the increase in first time buyers across the SME and middle market space. We’re not seeing companies dropping coverage, which they would do if they didn’t see value in the policy.

Anthony: It’s the biggest concern because it’s so real and in the news hitting all industries. Education and transparency is critical so they understand what’s covered, what isn’t, and how coverage may have changed upon renewal.

Chris: The more we are seeing ransomware events the more that our clients are becoming concerned about the threat. There are still companies out there who think that they are not likely to be a target even though some have controls that are less than they should be in this environment. They do believe that the insurance coverage will help them respond to ransomware attacks and cover their losses . The history has been very good in insurance markets making payments for ransomware.

Which industry groups are most concerned with the latest iteration of double ransom with data exfiltration? Do they expect the threat actor to delete data if ransom demands are met?

David: I would think any industry that holds a lot of PII and PHI or confidential corporate information would be the most concerned. Does anyone fully trust a threat actor?

Chris: Most companies are only now becoming aware of the double ransom and triple ransom in some instances where the threat actors are reaching out to the people whose personal information has been released and seeking extortion money from them. It seems that all groups of companies are concerned. Those companies without a large database of third party personal information are still concerned for their employee information.

What are Board Directors saying to management about steps they should take…most expedient way to get back online or follow the FBI guidance?

Chris: Almost all of the companies that we deal with are most concerned about the direct business impact and are taking whatever steps they deem necessary to most efficiently get their businesses back up. They are concerned about the OFAC and regulatory issues but are most concerned about their employees, clients and reputation.

Could the Federal Govt outlaw paying of Ransom demands in such a way as to not harm the victims further?

David: I’m concerned about this. The business interruption risk is already much larger than the ransom, otherwise why would anyone pay the ransom? If a company can’t pay the ransom, what’s the alternative? If the Govt wants to help, they need to counterattack or regulate cryptocurrencies. Without anonymous payments, the bad guys could get tracked down faster.

Chris: I don’t think so.

How does the recent Executive Order impact your clients? Are municipal governments able to secure coverage at reasonable rates?

David: We are already reeling from the majority of insurers getting out of municipal risks. By majority I’m talking about 95%+ of the market has left. I’d like to see the insuretech’s that purport to offer valuable risk management services come in and risk manage this class of business and insure them.

Chris: So far we have not seen any impact from the executive order. Municipalities is one class that is very difficult to find coverage for in the current market.

We would like to thank our expert panel for sharing their views. SentinelOne works closely with insurance carriers and brokers, to develop and deliver risk mitigation solutions. We believe the ransomware problem can be defeated and as our broker colleagues have stated, all solutions require a coordinated approach. If you would like to learn more about the SentinelOne insurance partners, contact us here.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

AnyVision, the controversial facial recognition startup, has raised $235M led by SoftBank and Eldridge

/0 Comments/in /by

Facial recognition has been one of the more conflicted applications of artificial intelligence in the wider world: using computer vision to detect faces and subsequent identities of people has raised numerous questions about privacy, data protection, and the ethics underpinning the purposes of the work, and even the systems themselves. But on the other hand, it’s being adopted widely in a wide variety of use cases. Now one of the more controversial, but also successful, startups in the field has closed a big round of funding.

AnyVision — an Israeli startup that has built AI-based techniques to identify people by their faces, but also related tech such as temperature checks to detect higher temperatures in a crowd — has raised $235 million in funding, the company has confirmed.

This Series C, one of the bigger rounds for an AI startup, is being co-led by SoftBank’s Vision Fund 2 and Eldridge, with previous investors also participating. (They are not named but the list includes Robert Bosch GmbH, Qualcomm Ventures and Lightspeed.) The company is not disclosing its valuation but we are asking. However, it has to be a sizable hike for the company, which had previously raised around $116 million, according to PitchBook, and has racked up a big list of customers since its last round in 2020.

Worth noting, too, that AnyVision’s CEO Avi Golan is a former operating partner at SoftBank’s investment arm.

AnyVision said the funding will be used to continue developing its SDKs, specifically to work in edge computing devices — smart cameras, body cameras, and chips that will be used in other devices — to increase the performance and speed of its systems.

Its systems, meanwhile, are used in video surveillance, watchlist alerts, and scenarios where an organization is looking to monitor crowds and control them, for example to keep track of numbers, to analyse dwell times in retail environments, or to flag illegal or dangerous behavior.

“AnyVision’s innovations in Recognition AI helped transform passive cameras into proactive security systems and empowered organizations take a more holistic view to advanced security threats,” Golan said in a statement in the investment announcement. “The Access Point AI platform is designed to protect people, places, and privacy while simultaneously reducing costs, power, bandwidth, and operational complexity.”

You may recognize the name AnyVision because of how much it has been in the press.

The startup was the subject of a report in 2019 that alleged that its technology was being quietly used by the Israeli government to run surveillance on Palestinians in the West Bank.

The company denied it, but the story quickly turned into a huge stain on its reputation, while also adding more scrutiny overall to the field of facial recognition.

That led to Microsoft, which had invested in AnyVision via its M12 venture arm, to run a full audit of the investment and its position on facial recognition investments overall. Ultimately, Microsoft divested its stake and pledged not to invest in further technology like it.

Since then, AnyVision has been working hard to spin itself as the “ethical” player in this space, acknowledging that there is a lot of work and shortcomings in the bigger market of facial recognition. But controversy has continued to court the company.

A report from Reuters in April of this year highlighted just how many companies were using AnyVision’s technology today, ranging from hospitals like Cedars Sinai in Los Angeles to major retailers like Macy’s and energy giant BP. AnyVision’s connections to power go beyond simply having big customers: it also turns out that the White House Press Secretary, Jen Psaki, once served as a communications consultant to the startup.

Then, a report published just yesterday in The Markup, combed through various public records for AnyVision, including a user guidebook from 2019, which also painted a pretty damning picture of just how much information the company can collect, and what it has been working on. (One pilot, and subsequent report resulting from it, involved tracking children in a school district in Texas: AnyVision collected 5,000 student photos and ran more than 164,000 detections in just seven days.)

There are other cases where you might imagine, however, that AnyVision’s technology might be deemed helpful or useful, maybe even welcomed. Its ability to detect temperatures, for example, and identify who may have been in contact with high-temperature people, could go a long way towards controlling less obvious cases of Covid-19, for example, helping contain the virus at mass events, providing a safeguard to enable those events to go ahead.

And to be completely clear, AnyVision is not the only company building and deploying this technology, nor the only one coming under scrutiny. Another, the U.S. company Clearview AI, is used by thousands of governments and law enforcement agencies, but earlier this year it was deemed “illegal” by Canadian privacy authorities.

Indeed, it seems that the story is not complete, either in terms of how these technologies will develop, how they will be used, and how the public comes to view them. For now, the traction AnyVision has had, even despite the controversy and ethical questions, seems to have swayed SoftBank.

“The visual recognition market is nascent but has large potential in the Western world,” said Anthony Doeh, a partner for SoftBank Investment Advisers, in a statement. “We have witnessed the transformative power of AI, biometrics and edge computing in other categories, and believe AnyVision is uniquely placed to redefine physical environment analytics across numerous industries.”

Opaque raises $9.5M seed to secure sensitive data in the cloud

/0 Comments/in /by

Opaque, a new startup born out of Berkeley’s RISELab, announced a $9.5 million seed round today to build a solution to access and work with sensitive data in the cloud in a secure way, even with multiple organizations involved. Intel Capital led today’s investment with participation by Race Capital, The House Fund and FactoryHQ.

The company helps customers work with secure data in the cloud while making sure the data they are working on is not being exposed to cloud providers, other research participants or anyone else, says company president Raluca Ada Popa.

“What we do is we use this very exciting hardware mechanism called Enclave, which [operates] deep down in the processor — it’s a physical black box — and only gets decrypted there. […] So even if somebody has administrative privileges in the cloud, they can only see encrypted data,” she explained.

Company co-founder Ion Stoica, who was a co-founder at Databricks, says the startup’s solution helps resolve two conflicting trends. On one hand, businesses increasingly want to make use of data, but at the same time are seeing a growing trend toward privacy. Opaque is designed to resolve this by giving customers access to their data in a safe and fully encrypted way.

Data is the world’s most valuable (and vulnerable) resource

The company describes the solution as “a novel combination of two key technologies layered on top of state-of-the-art cloud security—secure hardware enclaves and cryptographic fortification.” This enables customers to work with data — for example to build machine learning models — without exposing the data to others, yet while generating meaningful results.

Popa says this could be helpful for hospitals working together on cancer research, who want to find better treatment options without exposing a given hospital’s patient data to other hospitals, or banks looking for money laundering without exposing customer data to other banks, as a couple of examples.

Investors were likely attracted to the pedigree of Popa, a computer security and applied crypto professor at UC Berkeley and Stoica, who is also a Berkeley professor and co-founded Databricks. Both helped found RISELabs at Berkeley where they developed the solution and spun it out as a company.

Mark Rostick, vice president and senior managing director at lead investor Intel Capital says his firm has been working with the founders since the startup’s earliest days, recognizing the potential of this solution to help companies find complex solutions even when there are multiple organizations involved sharing sensitive data.

“Enterprises struggle to find value in data across silos due to confidentiality and other concerns. Confidential computing unlocks the full potential of data by allowing organizations to extract insights from sensitive data while also seamlessly moving data to the cloud without compromising security or privacy,” Rostick said in a statement

He added, “Opaque bridges the gap between data security and cloud scale and economics, thus enabling inter-organizational and intra-organizational collaboration.”

To guard against data loss and misuse, the cybersecurity conversation must evolve