Tag Archives: request

Hackers, Insiders Can Threaten M&A Activity, Say IBM, Fortinet

Chinese hackers had already roamed Nortel’s systems for nearly 10 years when, five years after the breach discovery, business communications firm Avaya acquired bankrupt Nortel Enterprise Solutions — and, unknowingly, also acquired that company’s attackers. That was a bellwether moment for the M&A world, says Caleb Barlow,  IBM ( IBM ) vice president of security. Until then, an acquisition target’s cybersecurity situation wasn’t a box on the usual M&A checklist. “It was the moment everyone in the M&A community woke up,” Barlow told IBD. “They said, ‘We better be looking at their security posture as well, otherwise you could not only legitimately acquire the company, but also the attacker.” As Barlow recounts, Nortel’s downfall came down to seven passwords, including the chief executive officer’s. Hackers with Chinese IP addresses gained access to Nortel’s network as early as 2000 and so thoroughly dug in that they weren’t discovered until 2004. Avaya, which acquired that Nortel business for $900 million in 2009, didn’t learn of the breach until after its acquisition closed. And even then, the hackers were still entrenched in the system. “No one had really thought about this type of problem before because cybersecurity wasn’t one of the normal things you’d think about in the M&A process,” Barlow said. “In my view, it’s now a critical component.” Quantifying Risk In A Bidding War Consulting firm Deloitte found 70% of 2,500 firms surveyed in 2015 considered security to be a “high” or “very high” priority in M&As. That’s up from 64% in 2014. Both corporate and private equity respondents increased their due diligence efforts over the span of the year. But also in the 2014 Deloitte survey, 78% of firms said security wasn’t a general piece of M&A due diligence, and 66% said rapid-fire M&A bidding made cyber risks “very difficult” to quickly quantify. Deloitte didn’t reiterate those questions in its 2015 survey. Rapid-fire M&As include  Apple ( AAPL ) chip supplier Skyworks Solutions ( SWKS ) and Microsemi ( MSCC ) last year facing off in a month-long bidding battle for PMC-Sierra ( PMCS ). Due diligence might or might not have been rushed in that deal, but such aggressive bidding wars are infrequent, Fortinet ( FTNT ) CFO Drew Del Matto told IBD. More often, an acquirer examines a target’s products, financials, policies and systems. IT security is just a new layer of the necessary due diligence. This mindset is new, and there are built-in risks with every piece of due diligence, NSS Labs CEO Vikram Phatak says. NSS Labs independently tests and reports on the efficiency of cybersecurity products, similar to Consumer Reports. It’s likely an acquirer has “a really good handle on the debt the company will have, the expense structure of the company, the historical growth rates,” he told IBD. “Where you get a little sticky is they may not have time to do all the (security-related) due diligence by calling the customers.” Cybersecurity works along the same lines, Phatak says. Tech companies, especially, should have a keen understanding of the security measures in place, BitSight CEO Stephen Boyer told IBD. BitSight rates the cybersecurity posture of about 40,000 companies, similar to a FICO score, so customers can assess their own security risk but also the risks of potential or current partners, vendors and customers. “If you go in and say, ‘Who’s in charge of this (security)?’ and everyone looks around, then you probably have a problem,” Boyer said. Avoiding Post-Merger Slip Even including cybersecurity within due diligence isn’t a surefire protection, Boyer said. Former telecom provider Pacnet discovered a breach on April 3, 2015, after Telstra finalized its $697 million acquisition of Pacnet. Telstra was notified on April 16 — the day the merger completed. An SQL code injection on a Pacnet Web service application server opened hackers to the network, email and administrative processes. Acquirers should be “monitoring that window of due diligence up until the week the deal closes,” Boyer said. “Monitor it all through the process, because there would be a slip-up along the way.” Before signing off on a merger, an acquirer should get a sense of the target’s cybersecurity culture, Barlow says. Examine past incidents — processes, logs and reports. if those documents aren’t available, then there might be a problem. That goes double for a tech company. “If they don’t have those policies in place, then you start asking other questions,” Barlow said. “If they weren’t paying attention to security, what else weren’t they looking at?” Phatak suggests acquirers also scope out a target’s security vendors. Not every cybersecurity vendor is built the same and the quality of a target’s security purchases can be very telling, he told IBD. “Make sure the company you’re acquiring didn’t skimp on security,” he said. “(Products) are not all equal, but from a compliance perspective, a check-box perspective, they all look the same.” Breaches From The Inside Del Matto estimates two-thirds of breaches come from the inside, at the hands of either careless or disgruntled employees. M&A, often accompanied by layoffs, can breed the latter. “When people feel like they’re at risk, they’re more likely to do something that may expose the company to a cyber risk,” Del Matto said. More benign actions, like inadvertently visiting an infected website, can lead to malware attaching on the system. But Del Matto is more concerned about the damage a disgruntled employee with absolute access can wreak. Barlow suggests a company identify its “crown jewel” and then tuck it into a protected place with limited access. That crown jewel could be IP, financial information, client lists, personal information — basically anything worth stealing, Phatak told IBD. “If someone is able to get into the customer list, they could see what deals are in the (pipeline),” Del Matto said. “They may monetize those by selling them or, worse, leaving the company with those lists in their hands.” Beyond guarding that data, an M&A-engaged company should embrace employees into the new culture, he said. Because, “when you buy a company, you buy a competitive advantage. If that leaks out in some other way, you’re destroying the value of the M&A.”

Comedians Mostly Sidestep iPhone Issue, Joke About Facebook Buttons

While Apple ( AAPL ) has garnered the support of the tech industry and civil liberties groups for its stance on smartphone security, the issue appears to have been too complex or serious for most comedians to want to touch. Among the late-night comedians, only Seth Meyers of NBC’s “Late Night” took aim at the subject of smartphone encryption and explained why it’s important that consumers know about it. Meyers devoted a nearly seven-minute segment, called “ A Closer Look, ” of his show to examine Apple’s refusal to unlock iPhones for law enforcement officials. Of course, Meyers couldn’t resist making some jokes at Apple’s expense. “Apple is fighting back against critics and says it has no ‘sympathy for terrorists’ despite refusing FBI orders to unlock private iPhone data. In fact, Apple hates terrorists so much, it’s releasing a new U2 album just for them,” Meyers said. Meyers’ late-night rivals devoted much more time to mocking Facebook ’s ( FB ) new reaction buttons. What follows are recent jokes from America’s late-night comics on issues of science and technology. In addition to Facebook, other targets of jokes included Amazon.com ( AMZN ), eBay ( EBAY ), Fitbit ( FIT ), LinkedIn ( LNKD ), and the humanoid robot Atlas developed by Alphabet ( GOOGL )-owned Boston Dynamics. Joining Meyers in on the fun were Jimmy Fallon, Conan O’Brien, Jimmy Kimmel, James Corden and Stephen Colbert. Conan: In addition to the “like” button, Facebook has now added buttons for “love,” “wow,” “haha,” “sad” and “angry.” In other words, Facebook copied the emotional journey of any Adele album. Kimmel: Facebook today rolled out a new thing called “Reactions.” Now instead of “liking” when a friend’s dog passes away, which is weird, you can be much more thoughtful and sensitive, posting a sad emoji with a giant tear squirting out of its face. Corden: Facebook has launched new alternatives that go beyond its trademark “like” button. Basically Facebook is doing what I tried and failed at with so many women — moving beyond just “like.” Fallon: Some crazy tech news. I saw that a company in Boston built a 5-foot-9 robot that can open doors, and can actually get back up if it’s punched. They didn’t MEAN to test whether it can get up after being punched, but well, it’s Boston. (BOSTON) “Not so tough, are ya, Terminator?” Meyers: Engineers at Boston Dynamics have unveiled a humanoid robot that can withstand getting pushed in the chest with a hockey stick without falling over. Which is definitely the most Boston way to test a robot. Conan: In France, a robot has been programmed to develop its own taste in art. The robot’s favorite paintings? Naked robots. Conan: Chase bank ATMs are getting a new feature that will allow customers to withdraw cash without using a card. The feature is called “a crowbar.” Conan: A recent study found that bottlenose dolphins sometimes murder other dolphins. However, police say it’s easy to find the culprit because dolphins love to squeal. Fallon: This is a little controversial. I saw that Oral Roberts University is now telling students that wearing Fitbits is mandatory, and logging less than 10,000 steps a day will affect their grades. So finally, some good news for students doing the walk of shame. “12,000 steps — zero regrets!” Meyers: President Obama posted on LinkedIn today about his first job — scooping ice cream. He’s the first president to post on LinkedIn — other than, of course, Abraham LinkedIn. Meyers: A recent study suggests that it’s harder to concentrate in the winter. Said researchers, “For example, this study was supposed to be about traffic accidents.” Colbert: You guys like the website Amazon.com? It’s like eBay, but the things you buy don’t arrive smelling like cigarettes. Colbert: Amazon’s always been on the cutting edge. From drone delivery, to automated warehouses, to shipping six AA batteries in a box the size of a mini fridge. Colbert: Amazon is planning to open hundreds of actual physical bookstores. That’s exciting because you don’t see those much anymore and I think this could be the start of a whole trend of online retailers going real-world. For example, Tinder could open a singles bar, where everybody walks around stating their height.

Hewlett Packard Enterprise Rockets On Q1; Could It Reign In Cloud?

While investors applauded Hewlett Packard Enterprise ‘s first quarterly performance as an independent company — beating Wall Street estimates and driving its stock up more than 13% Friday — some analysts and owners are pushing CEO Meg Whitman to compete harder. That means more aggressively taking on cloud enterprise leaders Amazon ( AMZN ) and Microsoft ( MSFT ), and buying up software  rivals such as  Workday ( WDAY ) or Salesforce.com ( CRM ), rather than directing cash to shareholders. “I think we need to give Meg a chance to see if she can take advantage of the opportunities in servers with the cloud migration led by Amazon Web Services, Alphabet ‘s ( GOOGL ) Google and Microsoft on the service and software side,” said Daniel Morgan, vice president of Synovus Trust, which holds 251,971 shares of HPE, in a Friday interview with IBD. “Further, the 54% year-over-year growth in the Q1 2016 quarter in networking allows HPE to build more momentum in this space” vs. rivals Cisco Systems ( CSCO ) and Juniper Networks ( JNPR ), he said. “And finally as we discussed before, the huge opportunity to expand the software unit with its 17%-plus operating margins (enables) a large acquisition in the cloud space. Right now software is just 8%-10% of total HPE revenues.” Buying enterprise software rivals Salesforce or Workday specifically is “a chance to make that unit significant by bringing it up to 20%-25% of revenues,” he said. “Post-split, Hewlett Packard Enterprise was supposed to be the growth portion of the Hewlett-Packard Co., (creating) a reinvigorated growth company.” Nevertheless, happy with HPE’s earnings performance issued after Thursday’s market close, investors bid up its stock up 13.5% to close at 15.44 in the stock market today . That’s less than 3% below its Dec. 1 high since splitting from its parent Nov. 1. For now, HPE stockholders interested in growth of any kind will need patience because the company is still shrinking, despite the slight Q1 beat. Hewlett Packard Enterprise reported earnings of 41 cents per share in the fiscal Q1 ended Jan. 31, on sales down 3% to $12.72 billion vs. pro forma figures from a year earlier. The results slightly beat the average view of analysts polled by Thomson Reuters, which called for EPS of 40 cents on sales of $12.68 billion. The non-GAAP 41 cents EPS is down from 47 cents a year earlier. (However, if HPE had been a standalone company at the time, Q1 2015 adjusted EPS would have been 44 cents, the company said in a March 1 note.) That’s pretty much as planned, with HPE not projecting much growth until fiscal 2018. For Q2 ending in April, HPE expects EPS ex items of 39 cents to 43 cents.  Analysts polled by Thomson Reuters expected Q2 EPS ex items of 42 cents on sales of $12.297 billion before Thursday’s earnings release, but on Friday, the revenue consensus was revised up to $12.332 billion. For the entire fiscal 2016 ending Oct. 31,  analysts  polled by Thomson Reuters projected $1.87 EPS ex items for fiscal 2016 ending Oct. 31, on revenue revised up Friday to $50.805 billion. HPE earlier had modeled $50.81 billion in revenue in fiscal 2016, down 2.5% from a $52.12 billion pro forma in fiscal 2015. The slightly smaller half of the old Hewlett-Packard Co., now called HP Inc. ( HPQ ), kept the legacy PCs, printers and ticker. HP Inc. lifted 0.6% to 11.18 Friday. Hewlett Packard Enterprise kept the enterprise software, servers, networking and financial services businesses. “Backing Up The Truck” To Buy HPE Stock To encourage patience among Hewlett Packard Enterprise shareholders, CFO Tim Stonesifer said HPE will “return at least 100% of our free cash flow outlook to shareholders” in fiscal 2016, after devoting $1.3 billion to share repurchases and dividends in Q1. In “addition,” Stonesifer said, shareholders will receive a “majority” of proceeds from the sale of a 51% stake in its Chinese server and storage business to Tsinghua Holdings, valued at $2.3 billion at the time the deal was announced last May. The transaction was supposed to be done by February, but Whitman said regulatory delays have pushed back closing to May, after which the cash will flow to shareholders. To UBS analyst Steve Milunovich, who complained in the post-earnings-release conference call that HPE shares were priced too low, Whitman chuckled: “We appreciate that, which is why we’re backing up the truck” to buy back more shares, which helps boost the price. Avoiding “Frankenstein Of Architecture” Whitman advised analysts that by investing internally and encouraging organic growth “you don’t end up with a Frankenstein of architecture” as the company would risk doing by  growing through acquisitions. She cited HPE for pursuing both paths. “Our innovation engine is firing on all cylinders, and you’re going to see some amazing new introductions in the coming quarters in key areas of the portfolio, including servers, cloud, high-performance computing, IoT (Internet of Things), all-flash storage, Aruba and converged systems.” Aruba Networks is a networking leader in mobile enterprise that the old Hewlett-Packard agreed to buy last March for about $3 billion, strengthening the new HPE’s rivalry with Cisco Systems and Juniper Networks. As for “taking advantage of the disruption in the marketplace,” Whitman said, “we learned a lot about how to do this in the context of IBM’s ( IBM ) sale of their server business to Lenovo. … We have a big opportunity to go take (merging) Dell and EMC ( EMC ) business, much as we took a lot of the Lenovo business that would have gone to Lenovo.” She told CNBC on Friday that “in the last quarter, we had about 107 deals that we actually took from Dell/EMC.” She also told analysts that HPE has become the “leading infrastructure provider for SAP ( SAP ) HANA (application server) with nearly twice the number of shipments over the next competitor.” In the cloud, she said, “following a major wave of product releases across our HPE Helion portfolio in the second half of 2015, we are seeing strong customer traction. In fact, since separation, Helion has gained over 200 customer wins, including some of the world’s largest banks, service providers and industrials.” It just wasn’t enough for Needham analyst Richard Kugele, who chided the company in a research note issued Friday, arguing that the $2.3 billion windfall from Tsinghua should be spent on organic or M&A growth, not shareholders’ short-term benefit. “We had hoped that post-split, HPE would be able to focus on getting its house in order and leverage its cash and balance sheet to buy/invest in solutions that solve their product gaps,” Kugele said. “Instead, the company seems intent on continuing financial engineering by doubling its cash return to shareholders (including the pending Tsinghua cash). In our view, this creates no sustainable value for the company or its investors but merely provides a floor for the stock during a period of poor enterprise spending. “With no material growth, revenue improvement or product strategy to build a buy thesis around, we reiterate our hold rating on the stock.” Said Morgan, the Synovus Trust portfolio manager who wants to give Whitman time to execute: “I did hear HPE management touting its share repurchases and FCF (free cash-flow) generation capability on the call. And this is very reminiscent of when Mark Hurd was leading HPQ  (the former Hewlett-Packard Co.) and grew the share price through financial engineering and not new product growth.” Hurd is now co-CEO of Oracle ( ORCL ), one of HPE’s toughest software rivals, and another legacy giant growing slowly.