WEBVTT 1 00:00:00.120 --> 00:00:02.910 Anna Delaney: Hello, I'm Anna Delaney. Welcome to the ISMG 2 00:00:02.910 --> 00:00:06.060 Editors' Panel, where we discuss a selection of the week's most 3 00:00:06.090 --> 00:00:09.600 interesting cybersecurity stories. And this week's party 4 00:00:09.600 --> 00:00:12.060 includes Matthew Schwartz, executive editor of 5 00:00:12.090 --> 00:00:15.360 DataBreachToday and Europe; Marianne Kolbasuk McGee, 6 00:00:15.450 --> 00:00:18.450 executive editor of HealthcareInfoSecurity; and 7 00:00:18.450 --> 00:00:21.510 welcoming for the first time, our excellent colleague, Michael 8 00:00:21.540 --> 00:00:25.770 Novinson, managing editor for Business. Welcome and great to 9 00:00:25.770 --> 00:00:26.820 see you, Michael. 10 00:00:27.570 --> 00:00:28.470 Michael Novinson: Thank you for having me. 11 00:00:28.000 --> 00:00:31.450 Anna Delaney: So, Michael, start us off. Where are you today? 12 00:00:32.230 --> 00:00:34.630 Michael Novinson: So, I am just outside of Providence, Rhode 13 00:00:34.630 --> 00:00:38.650 Island, which is where I've been living for the past four years. 14 00:00:39.430 --> 00:00:41.410 This is a picture of the Providence skyline with the 15 00:00:41.410 --> 00:00:45.430 Providence River in front. Fun fact: Providence uncovered all 16 00:00:45.430 --> 00:00:48.520 of its rivers that were covered by roads up until the mid-1980s. 17 00:00:48.520 --> 00:00:52.090 And they were uncovered about 35 years ago. And now there's a 18 00:00:52.330 --> 00:00:55.090 giant festival called WaterFire in the summer, where they 19 00:00:55.420 --> 00:00:59.560 essentially put cauldrons in the river and play some nice music 20 00:00:59.560 --> 00:01:02.590 and you can walk around the river that's been uncovered. 21 00:01:02.000 --> 00:01:08.090 Michael Novinson: No, probably about an hour or so. 22 00:01:02.580 --> 00:01:04.587 Anna Delaney: I love that. I always learn something new on 23 00:01:04.633 --> 00:01:06.960 these panels. And you're not too far from Marianne. 24 00:01:11.810 --> 00:01:12.950 Anna Delaney: Where are you, Marianne? 25 00:01:13.550 --> 00:01:18.200 Marianne McGee: This is a photo I took walking the dog, a couple 26 00:01:18.200 --> 00:01:23.510 of weeks ago, at twilight. It's sort of behind our house. 27 00:01:23.990 --> 00:01:29.330 There's like a golf course, down yonder. So I liked the colors. 28 00:01:29.810 --> 00:01:32.510 Anna Delaney: Yeah, favorite moment of the day, I think, 29 00:01:32.660 --> 00:01:36.560 twilight. And Matthew, another moody shot for us. 30 00:01:36.540 --> 00:01:39.776 Matthew Schwartz: Yeah, a little bit of an artistic treatment 31 00:01:39.851 --> 00:01:44.292 here on a photograph of East Sands, down the road for me in 32 00:01:44.367 --> 00:01:49.034 St. Andrews, home of the famous Cathedral University, and also 33 00:01:49.109 --> 00:01:53.400 this year's Open Golf Championship coming up this summer. 34 00:01:53.990 --> 00:01:56.870 Anna Delaney: Nice. Okay, well, I've got a bit of a noisy 35 00:01:56.870 --> 00:02:00.680 background this week. But I just wanted to show you, preparations 36 00:02:00.680 --> 00:02:03.980 are underway in London for a very big event. And you can see 37 00:02:03.980 --> 00:02:07.820 a row of British flags behind me lining Oxford Street, which is 38 00:02:07.820 --> 00:02:11.150 one of our busiest shopping streets in London. And the big 39 00:02:11.150 --> 00:02:14.990 event is, of course, the Queen's Platinum Jubilee, which is 70 40 00:02:15.050 --> 00:02:19.610 years since her reign or since she came to power, her throne. 41 00:02:21.950 --> 00:02:26.540 Yes, long live the Queen. And it's quite impressive, really. 42 00:02:26.720 --> 00:02:29.870 So Matt, you'll see all this fanfare next week when you're in 43 00:02:29.870 --> 00:02:30.320 town. 44 00:02:31.190 --> 00:02:32.690 Matthew Schwartz: For the London summit, I can't wait. 45 00:02:33.890 --> 00:02:36.620 Anna Delaney: So Matthew, starting with a novel story this 46 00:02:36.620 --> 00:02:40.400 week, there's a Dr. Evil ransomware in town. Tell us 47 00:02:40.400 --> 00:02:40.730 more. 48 00:02:40.990 --> 00:02:44.710 Matthew Schwartz: Indeed there is. So the Feds this week 49 00:02:44.740 --> 00:02:49.210 unsealed an indictment charging a man with Venezuelan and French 50 00:02:49.210 --> 00:02:53.290 citizenship but who's based in Venezuela, working as a 51 00:02:53.290 --> 00:02:59.680 cardiologist, in his spare time having developed ransomware. At 52 00:02:59.680 --> 00:03:03.640 least two strains were detailed in the charging document that's 53 00:03:03.640 --> 00:03:08.410 been released to the public. So we don't have all of the alleged 54 00:03:08.950 --> 00:03:14.860 facts or evidence against him. But Moises Luis Zagala Gonzalez, 55 00:03:14.950 --> 00:03:21.250 will call him Dr. Zagala, has been accused of developing two 56 00:03:21.250 --> 00:03:24.940 kinds of ransomware, which are particularly well-known. One is 57 00:03:24.970 --> 00:03:30.790 Jigsaw, and that came to light back around 2016. It was notable 58 00:03:31.030 --> 00:03:37.090 because the lock screen featured an image from the torture porn 59 00:03:37.090 --> 00:03:43.300 horror film series, Saw. And the film, I've not seen it but as I 60 00:03:43.300 --> 00:03:47.050 read, has a fictional serial killer named the Jigsaw Killer. 61 00:03:47.380 --> 00:03:50.020 And it communicates with victims using a puppet called Billy, 62 00:03:50.380 --> 00:03:55.090 which is what Jigsaw featured in its ransom note. And it said, 63 00:03:55.210 --> 00:03:58.210 "If you don't pay me, I'm going to start deleting your files, 64 00:03:58.330 --> 00:04:02.620 and the cost of your ransom is gonna go up." So great, right? 65 00:04:02.980 --> 00:04:05.740 And then fast forward a little bit. And there's another strain 66 00:04:05.740 --> 00:04:09.460 of ransomware, which was much more prevalent called Thanos, 67 00:04:09.490 --> 00:04:14.680 which was first spotted in August 2020. And this strain of 68 00:04:14.680 --> 00:04:19.240 ransomware was not top of the pops, but often the top 10 when 69 00:04:19.240 --> 00:04:24.310 it came to security firms reviewing the most widely seen 70 00:04:24.370 --> 00:04:29.950 and damaging ransomware in the wild. So it's fascinating that 71 00:04:30.070 --> 00:04:33.190 allegedly, we have what prosecutors are calling a 72 00:04:33.190 --> 00:04:38.290 multitasking doctor, in his spare time developing 73 00:04:38.590 --> 00:04:42.490 particularly virulent strains of cryptolocking ransomware. 74 00:04:42.850 --> 00:04:46.570 Obviously, if you're a medic, you're meant to take an oath of 75 00:04:46.570 --> 00:04:51.820 do no harm. I don't exactly know how this alleged activity would 76 00:04:51.820 --> 00:04:55.600 square with that obligation, shall we say? 77 00:04:57.040 --> 00:04:59.380 Anna Delaney: Fascinating. Marianne, do you often cover 78 00:04:59.380 --> 00:05:02.980 stories like these on your healthcare site? 79 00:05:03.020 --> 00:05:06.031 Marianne McGee: I've written about a lot of healthcare cyber 80 00:05:06.099 --> 00:05:10.411 crimes. This one is definitely a first. I don't know if there's 81 00:05:10.480 --> 00:05:14.518 other doctors that have been, you know, nabbed for hacking, 82 00:05:14.586 --> 00:05:18.419 but masterminding ransomware is a new one. And it's very 83 00:05:18.488 --> 00:05:22.731 alarming, frankly. And you know, as Matt said, you know, do no 84 00:05:22.800 --> 00:05:27.111 harm. Now, that's the oath that doctors take, you know, talking 85 00:05:27.180 --> 00:05:31.355 to prosecutors and attorneys that sort of follow these cases, 86 00:05:31.423 --> 00:05:35.667 it's pointed out that, who knows who some of these affiliated, 87 00:05:35.735 --> 00:05:39.636 you know, clients of his, who they attack. Were there any 88 00:05:39.705 --> 00:05:43.948 healthcare entities that were, you know, the victims? They are 89 00:05:44.017 --> 00:05:48.192 very dangerous, potentially, you know. Systems going offline, 90 00:05:48.260 --> 00:05:52.504 patients are hooked up to all sorts of equipment, keeping them 91 00:05:52.572 --> 00:05:56.200 alive. It just seems to be totally opposite of what a 92 00:05:56.268 --> 00:06:00.443 doctor should do. And as Matt mentioned, you know, if he's so 93 00:06:00.512 --> 00:06:04.755 busy, any free time that he has, it's busy taking care of, you 94 00:06:04.824 --> 00:06:08.930 know, creating this destructive sort of malware. It's pretty 95 00:06:08.999 --> 00:06:13.174 amazing. And then, the other thing is that you kind of wonder 96 00:06:13.242 --> 00:06:17.485 if there was anybody within his circle, who had any inkling of 97 00:06:17.554 --> 00:06:21.250 what was going on. And, you know, if I were a security 98 00:06:21.318 --> 00:06:25.562 leader at any of the practices or hospitals that he, you know, 99 00:06:25.630 --> 00:06:29.805 was able to care for patients that I'd be taking a look at my 100 00:06:29.874 --> 00:06:33.843 audit logs right now. See if he's done anything, you know, 101 00:06:33.912 --> 00:06:36.650 kind of alarming in the past. Who knows? 102 00:06:36.000 --> 00:06:41.040 Matthew Schwartz: It's fantastic advice. Yeah. One of the details 103 00:06:41.040 --> 00:06:44.610 released was not a healthcare entity that got targeted. But 104 00:06:44.730 --> 00:06:48.090 the fact that Iranian nation-state hackers appeared to 105 00:06:48.090 --> 00:06:52.890 be one of the users of Thanos malware. And we know that the 106 00:06:52.890 --> 00:06:56.430 Iranians were targeting health care facilities, certainly. So 107 00:06:56.580 --> 00:07:00.420 second or third order effects, I suppose on the attack front, 108 00:07:00.510 --> 00:07:03.990 certainly a possibility. One of the fascinating things about 109 00:07:04.020 --> 00:07:09.240 this charging document is the details it contains, but also 110 00:07:09.300 --> 00:07:12.750 probably what it doesn't say, because the prosecutors won't 111 00:07:12.750 --> 00:07:15.900 put everything they have into a charging document. It's just 112 00:07:15.900 --> 00:07:21.750 enough to get a judge to approve the arrest warrant for a 113 00:07:21.750 --> 00:07:25.830 suspect. We don't know where this suspect is. He's probably 114 00:07:25.830 --> 00:07:29.370 at large in Venezuela, which does have an extradition treaty 115 00:07:29.520 --> 00:07:33.390 with the United States. So it is very possible that we'll see 116 00:07:33.510 --> 00:07:37.560 this suspect to get extradited to face these charges in the US 117 00:07:37.560 --> 00:07:38.070 courtroom. 118 00:07:38.730 --> 00:07:40.140 Anna Delaney: But not anytime soon. 119 00:07:41.560 --> 00:07:43.030 Matthew Schwartz: No, extradition proceedings don't 120 00:07:43.030 --> 00:07:46.030 proceed quickly. Marianne, I know you spoke with somebody who 121 00:07:46.030 --> 00:07:48.640 was reckoning it, might be on the order of a year or two, I 122 00:07:48.000 --> 00:07:51.870 Marianne McGee: Yeah, it could take a while. There is a treaty 123 00:07:48.640 --> 00:07:48.940 think. 124 00:07:51.870 --> 00:07:56.340 between Venezuela and the US. And again, I don't know, do they 125 00:07:56.340 --> 00:08:01.260 know where he is or they don't know where he is. Hiding? And, 126 00:08:01.260 --> 00:08:05.010 you know, not that this is the technology side, but I'm just 127 00:08:05.010 --> 00:08:08.340 kind of curious about this guy. You know, what was his practice 128 00:08:08.340 --> 00:08:10.800 again? Yeah, I know, they said he's multitasking doctor with a 129 00:08:10.800 --> 00:08:14.940 cardiology practice. How busy was he? Was he a good doctor? 130 00:08:15.090 --> 00:08:20.790 Was he's strange? I don't know, it's just alarming. 131 00:08:20.000 --> 00:08:22.739 Anna Delaney: Well, on that multitasking front, he was also 132 00:08:22.800 --> 00:08:26.513 quite a talker. Wasn't he, Matt? Because I think, just taking 133 00:08:26.574 --> 00:08:29.557 from your piece, he revealed to an FBI informant, 134 00:08:29.618 --> 00:08:33.392 confidentially, that big profit comes from RDP. So my question 135 00:08:33.453 --> 00:08:37.349 is, what can we learn? What can organizations learn from what he 136 00:08:37.410 --> 00:08:40.880 was able to exploit. What he said he was able to exploit? 137 00:08:42.280 --> 00:08:44.200 Matthew Schwartz: It's unfortunately the same old, same 138 00:08:44.200 --> 00:08:48.790 old. Remote Desktop Protocol has been widely targeted, repeatedly 139 00:08:48.790 --> 00:08:52.330 targeted by ransomware organizations, operations 140 00:08:52.330 --> 00:08:56.110 groups, crime syndicates. Quarterly reports from security 141 00:08:56.110 --> 00:09:00.250 firms giving us updates on the top attack techniques continue 142 00:09:00.250 --> 00:09:05.080 to call out RDP phishing. They usually vie for first or second 143 00:09:05.080 --> 00:09:08.080 place overall. Software vulnerabilities are another big 144 00:09:08.080 --> 00:09:12.430 one, amongst other things. So organizations really need to get 145 00:09:12.430 --> 00:09:17.110 their remote connections locked down. That continues to be a top 146 00:09:17.110 --> 00:09:20.590 recommendation and also a top deficiency that we see when 147 00:09:20.590 --> 00:09:23.380 these attacks come to light. So yes, as you say, he was very 148 00:09:23.380 --> 00:09:27.550 verbose in private chats. There was FBI agent he managed to 149 00:09:27.580 --> 00:09:32.650 obtain a copy to pay the license fee. The Bureau says it traced 150 00:09:32.680 --> 00:09:36.670 the cryptocurrency account where the person paid it to and they 151 00:09:36.670 --> 00:09:39.850 appear to have gotten the suspect's identity card — 152 00:09:39.850 --> 00:09:43.750 Venezuelan identity card — from that cryptocurrency exchange. 153 00:09:43.930 --> 00:09:48.250 Not great operational security here with the suspect. But they 154 00:09:48.250 --> 00:09:51.970 had some shots, and he revealed some interesting details. He was 155 00:09:51.970 --> 00:09:55.960 running affiliates, allegedly between 15 and 20 people maximum 156 00:09:55.990 --> 00:09:59.200 down to five at the minimum, and the FBI agent had tried to sign 157 00:09:59.200 --> 00:10:02.590 up as an affiliate and he said, "I'm too busy. But if you want 158 00:10:02.590 --> 00:10:04.330 to do your own affiliate program, I'll give you some 159 00:10:04.330 --> 00:10:08.830 tips." So fascinating stuff as always in the cybercrime 160 00:10:08.860 --> 00:10:10.420 ecosystem here. 161 00:10:10.000 --> 00:10:14.320 Anna Delaney: Yeah, not designed for criminal work as he should 162 00:10:14.320 --> 00:10:19.450 have stuck with his day job, perhaps. Marianne, what else has 163 00:10:19.450 --> 00:10:21.280 been happening in the healthcare sector? 164 00:10:21.570 --> 00:10:24.030 Marianne McGee: Well, you know, there's never a shortage of 165 00:10:24.060 --> 00:10:28.230 ransomware attacks and other sorts of hacking incidents. 166 00:10:28.680 --> 00:10:34.170 Speaking of ransomware attacks, the ransomware group AvosLocker 167 00:10:34.170 --> 00:10:37.620 recently claimed it stole sensitive patient data of a 168 00:10:37.620 --> 00:10:41.820 large Texas-based health system that operates more than 600 169 00:10:41.820 --> 00:10:46.890 facilities in the US, Mexico, and South America. That entity 170 00:10:46.890 --> 00:10:50.340 Christus Health, earlier this week, said, it was investigating 171 00:10:50.340 --> 00:10:53.910 an incident involving unauthorized activity on its 172 00:10:53.910 --> 00:10:57.990 computer network and claimed that so far, the incident 173 00:10:57.990 --> 00:11:01.620 appeared to be limited and did not impact any of Christus 174 00:11:01.620 --> 00:11:06.060 Health's patient care or clinical operations. The entity 175 00:11:06.060 --> 00:11:09.420 didn't say anything about whether or not they were aware 176 00:11:09.420 --> 00:11:14.250 of data supposedly being leaked on the OPPO soccer site, which 177 00:11:14.250 --> 00:11:19.470 included some details about patients who end their cancer 178 00:11:19.470 --> 00:11:23.700 and their tumors and some other details that were up for 179 00:11:23.730 --> 00:11:27.180 discussion at a conference that some of their doctors were 180 00:11:27.180 --> 00:11:31.410 attending. And in the meantime, there's also fallout growing 181 00:11:31.440 --> 00:11:36.150 from a December 2021 hacking incident that involved a 182 00:11:36.150 --> 00:11:40.050 cloud-based electronic health records vendor, Eye Care 183 00:11:40.050 --> 00:11:44.970 Leaders. Over the last week or so, more breaches were filed to 184 00:11:44.970 --> 00:11:48.660 federal regulators by eye practices that were affected, 185 00:11:48.720 --> 00:11:52.080 the incident had been made public. And as of this morning, 186 00:11:52.080 --> 00:11:57.210 there are nearly a dozen ophthalmology practices and more 187 00:11:57.210 --> 00:12:02.040 than 348,000 patients affected by the incident, which involve 188 00:12:02.100 --> 00:12:08.040 the deletion of EHR databases, and system configuration files. 189 00:12:08.460 --> 00:12:11.460 More details of the incident are also emerging. One of the 190 00:12:11.460 --> 00:12:15.120 practices that were affected by the incident revealed that the 191 00:12:15.120 --> 00:12:19.920 affected EHR databases were hosted on Amazon Web Services. 192 00:12:20.250 --> 00:12:23.610 So we'll see in coming weeks how many more eye practices and 193 00:12:23.610 --> 00:12:27.570 their patients have been impacted. Again, for this, the 194 00:12:27.570 --> 00:12:32.730 disturbing side is that these EHR databases were deleted. And 195 00:12:32.730 --> 00:12:36.120 in some cases, including that practice, I just mentioned, that 196 00:12:36.510 --> 00:12:41.880 the AWS says that their backups can't be restored. Some of the 197 00:12:41.880 --> 00:12:45.600 backups could be restored, but then others couldn't. So we'll 198 00:12:45.600 --> 00:12:47.910 see how big this breach grows. 199 00:12:49.260 --> 00:12:51.360 Anna Delaney: Does anything surprise you anymore, Marianne? 200 00:12:52.950 --> 00:12:56.550 Marianne McGee: Dr. Zagala. That's the biggest surprise 201 00:12:56.550 --> 00:12:57.060 lately. 202 00:12:58.290 --> 00:12:59.520 Matthew Schwartz: Dr. Ransomware. 203 00:12:59.690 --> 00:13:03.110 Marianne McGee: Yeah. Like a killer, allegedly. 204 00:13:03.380 --> 00:13:03.950 Michael Novinson: Allegedly. 205 00:13:05.370 --> 00:16:29.040 Anna Delaney: Michael, we are seeing some interesting market 206 00:13:13.530 --> 00:13:16.046 Michael Novinson: Absolutely. So those are, I would say four 207 00:13:16.106 --> 00:13:19.521 separate but interconnected trends that have been playing 208 00:13:19.580 --> 00:13:22.876 themselves out since last November. After a very strong 209 00:13:22.935 --> 00:13:26.410 market throughout 2021, the public stock market started to 210 00:13:26.470 --> 00:13:30.245 soften in November. And then the issues have really accelerated 211 00:13:30.304 --> 00:13:33.839 kind of across the economy in recent months between runaway 212 00:13:33.899 --> 00:13:37.194 inflation, rising interest rates, and now the war — the 213 00:13:37.254 --> 00:13:40.969 ongoing war between Russia and Ukraine — which doesn't seem to 214 00:13:41.028 --> 00:13:44.623 have an end in sight. So how it affects cybersecurity, we've 215 00:13:44.683 --> 00:13:48.457 seen four different things. The first thing which we've seen is 216 00:13:48.517 --> 00:13:51.932 private equity firms coming in and taking publicly traded 217 00:13:51.992 --> 00:13:55.707 companies private; we've seen Mimecast, Proofpoint, Tufin, and 218 00:13:55.766 --> 00:13:59.421 McAfee. And now SailPoint, all under agreement or having gone 219 00:13:59.481 --> 00:14:03.016 private. These private equity firms are realizing that they 220 00:14:03.076 --> 00:14:06.790 can get a good deal. The stock prices are down. In the case of 221 00:14:06.850 --> 00:14:10.085 certainly some of these companies like SailPoint has a 222 00:14:10.145 --> 00:14:13.859 pretty healthy business that's growing at 20% a year. Category 223 00:14:13.919 --> 00:14:17.694 leader and identity governance, so we're seeing these companies 224 00:14:17.754 --> 00:14:21.228 go private and I think the PE firms are figuring. Three to 225 00:14:21.288 --> 00:14:25.063 five years from now, the market will be healthier, and they can 226 00:14:25.123 --> 00:14:28.597 make a nice return on their investment. For the late-stage 227 00:14:28.657 --> 00:14:31.952 startups, it's a tough time. Because there are a ton of 228 00:14:32.012 --> 00:14:35.128 companies that got huge valuations between $4 and $8 229 00:14:35.188 --> 00:14:38.842 billion last year off a very little revenue, oftentimes, less 230 00:14:38.902 --> 00:14:42.377 than $10 million of annual recurring revenue. And now many 231 00:14:42.437 --> 00:14:46.091 of those companies were talking about going public companies, 232 00:14:46.151 --> 00:14:49.806 like Arctic Wolf had talked late last year about going public 233 00:14:49.866 --> 00:14:53.460 this year. IPO market's pretty much dead right now. And it's 234 00:14:53.520 --> 00:14:57.055 just a question for a lot of these companies about how long 235 00:14:57.115 --> 00:15:00.710 can they make the cash that they have in hand last? Are they 236 00:15:00.769 --> 00:15:04.184 going to seal hiring? Do they have to consider layoffs or 237 00:15:04.244 --> 00:15:08.019 delay kind of product rollouts and scaling, for some companies? 238 00:15:08.079 --> 00:15:11.853 And I think for other companies, it's a question of really what 239 00:15:11.913 --> 00:15:15.627 do they do going forward? Are they willing, especially for the 240 00:15:15.687 --> 00:15:18.922 ones that got generous valuations, are they willing to 241 00:15:18.982 --> 00:15:22.637 take a cut to their valuation to get more money, which is not 242 00:15:22.697 --> 00:15:26.172 something most companies are eager to do. But if a company 243 00:15:26.231 --> 00:15:29.467 does need money, they may in this market, they're very 244 00:15:29.527 --> 00:15:33.301 unlikely to get the valuations that they were getting six to 12 245 00:15:33.361 --> 00:15:36.656 months ago. So two other developments that we're seeing 246 00:15:36.716 --> 00:15:40.370 related to that is we're seeing a lot of companies who are in 247 00:15:40.430 --> 00:15:43.965 negotiations for money, late last year and early this year, 248 00:15:44.025 --> 00:15:47.380 when some of the warning signs were on the horizon, were 249 00:15:47.440 --> 00:15:51.034 essentially grabbing as much money as they could while I had 250 00:15:51.094 --> 00:15:54.389 spoken with the CEO of Tailscale, which is a zero trust 251 00:15:54.449 --> 00:15:58.104 VPN startup. And even though they only had 35 employees, they 252 00:15:58.164 --> 00:16:01.938 decided to raise $100 million of funding just because they were 253 00:16:01.998 --> 00:16:05.772 concerned about their access to capital in the future. And they 254 00:16:05.832 --> 00:16:09.247 did. They wanted to make sure that they didn't run out of 255 00:16:09.307 --> 00:16:12.842 money. So even though they really didn't need that level of 256 00:16:12.902 --> 00:16:16.437 funding, given their current size, they decided to take the 257 00:16:16.496 --> 00:16:20.031 money while they still could. The other behavior that we're 258 00:16:20.091 --> 00:16:23.506 seeing from investors is that they're really moving their 259 00:16:23.566 --> 00:16:27.161 money to what they consider to be safer investments. So it's 260 00:16:27.220 --> 00:16:30.875 not that they're leaving the cybersecurity market, as much as 261 00:16:30.935 --> 00:16:34.530 they're trying to put their capital in mature companies with 262 00:16:34.589 --> 00:16:38.244 large bases of revenue. And in particular, companies that are 263 00:16:38.304 --> 00:16:41.958 profitable. Profitability and margins are seeming to be a lot 264 00:16:42.018 --> 00:16:45.733 more important to investors. A data point I would give is that 265 00:16:45.793 --> 00:16:49.088 Check Point, which is a consistently profitable company 266 00:16:49.148 --> 00:16:52.862 that is modestly growing, one has seen the stock price rise by 267 00:16:52.922 --> 00:16:56.337 5% since November, while SentinelOne, which last year had 268 00:16:56.397 --> 00:17:00.231 the biggest IPO of all time and was times-trading at high double 269 00:17:00.291 --> 00:17:04.065 digits multiple on the revenue, has seen their stock price fall 270 00:17:04.125 --> 00:17:07.780 by 64% over the past six months as investors move toward more 271 00:17:07.840 --> 00:17:11.375 conservative investments. There has not been a trickle-down 272 00:17:09.480 --> 00:17:30.360 developments recently, especially with late-stage 273 00:17:11.434 --> 00:17:14.730 market yet this seems to be mostly a late-stage startup 274 00:17:14.789 --> 00:17:18.264 problem. Early-stage startups are still getting funding or 275 00:17:18.324 --> 00:17:21.799 getting money. But the people who I've spoken to have said 276 00:17:21.859 --> 00:17:25.334 that they do expect in the next six to nine months for the 277 00:17:25.394 --> 00:17:28.928 funding environment to get more difficult for even series A 278 00:17:28.988 --> 00:17:32.283 series B, C type companies as investors worry about how 279 00:17:31.170 --> 00:17:33.090 startups. What's happening? 280 00:17:32.343 --> 00:17:34.860 they'll be able to exit those investments. 281 00:17:33.000 --> 00:17:39.450 Anna Delaney: How do you think this all impacts cybersecurity 282 00:17:39.450 --> 00:17:42.090 innovation? Or actually, are there too many products out 283 00:17:42.090 --> 00:17:44.820 there and this is quite healthy pause? 284 00:17:44.000 --> 00:17:46.498 Michael Novinson: It's a good question. I mean, certainly, I 285 00:17:46.558 --> 00:17:49.711 think there's a feeling that it's going to force some 286 00:17:49.770 --> 00:17:53.399 consolidation. I mean, we nearly saw it in the email security 287 00:17:53.458 --> 00:17:56.909 market where Proofpoint was pushing pretty aggressively to 288 00:17:56.968 --> 00:18:00.657 combine with Mimecast. Mimecast decided that from a regulatory 289 00:18:00.716 --> 00:18:04.524 standpoint, they were concerned the deal wouldn't go through one 290 00:18:04.583 --> 00:18:07.915 with Permira instead. But obviously, something like that 291 00:18:07.974 --> 00:18:11.424 had happened that you are having the two largest pure play 292 00:18:10.790 --> 00:19:17.870 Anna Delaney: Well, this has been an excellent overview, 293 00:18:11.484 --> 00:18:15.351 security vendors combining would have been considerable. So yeah, 294 00:18:15.410 --> 00:18:19.039 I mean, I think you do have the potential. Also for strategic 295 00:18:19.099 --> 00:18:22.787 buyers, we've seen Google come in and buy Mandiant at a pretty 296 00:18:22.847 --> 00:18:26.416 reasonable rate. You have to wonder for companies with large 297 00:18:26.476 --> 00:18:29.985 market caps like Cisco, or Google, or Microsoft, if they're 298 00:18:30.045 --> 00:18:33.614 going to just spend some money now to buy security companies 299 00:18:33.674 --> 00:18:37.243 and fold into their broader technology platforms. I think in 300 00:18:37.303 --> 00:18:40.515 terms of the early-stage startups, there's going to be 301 00:18:40.575 --> 00:18:44.144 the need, that the people are going to want more validation, 302 00:18:44.204 --> 00:18:47.832 that either founders who have strong credentials, or stronger 303 00:18:47.892 --> 00:18:51.640 business case, customers who've signed up, that I think there's 304 00:18:51.699 --> 00:18:55.209 a lot of investors last year who are willing, especially in 305 00:18:55.269 --> 00:18:58.660 emerging areas like cloud security to just place very big 306 00:18:58.719 --> 00:19:02.408 bets on good ideas without kind of much proof yet. And I think 307 00:19:02.467 --> 00:19:05.918 this year that, even for the early-stage companies who are 308 00:19:05.977 --> 00:19:09.308 seeking meaningful money, there's going to be a lot more 309 00:19:09.368 --> 00:19:12.640 validation aside and people wanting a much more clarity 310 00:19:12.699 --> 00:19:15.020 around kind of a path to profitability. 311 00:19:17.870 --> 00:19:19.880 Michael. We want you back on the Editors' Panel. 312 00:19:19.880 --> 00:19:23.270 Michael Novinson: Of course. It's great to be with all of 313 00:19:23.000 --> 00:19:28.070 Anna Delaney: No excuses now. So finally, conference season is 314 00:19:23.270 --> 00:19:23.570 you. 315 00:19:28.100 --> 00:19:31.520 upon us. We have RSA around the corner. InfoSec Europe and 316 00:19:31.610 --> 00:19:35.810 others of course. What are your conference survival tips? 317 00:19:36.290 --> 00:19:39.680 Michael Novinson: I've always enjoyed the old DEF CON tip, the 318 00:19:39.710 --> 00:19:42.860 3-2-1 rule. At least three hours of sleep, at least two meals a 319 00:19:42.860 --> 00:19:45.710 day, and at least one shower a day. You do find that advice 320 00:19:45.710 --> 00:19:48.320 holds up well for both conferences as well as for being 321 00:19:48.320 --> 00:19:52.730 a parent of a young child. So just always important to take 322 00:19:53.180 --> 00:19:56.600 care of basic needs and make sure you're feeling good and 323 00:19:56.600 --> 00:19:57.440 your mind's sharp. 324 00:19:58.040 --> 00:19:58.700 Anna Delaney: Love it. 325 00:19:59.080 --> 00:20:00.970 Matthew Schwartz: Yeah, slightly more hardboiled. I always think 326 00:20:00.970 --> 00:20:04.240 of the Jack Reacher books where even you can't sleep when you 327 00:20:04.240 --> 00:20:08.050 can because you just don't know what might be around the corner. 328 00:20:09.770 --> 00:20:11.450 Anna Delaney: That's great. Marianne? 329 00:20:12.170 --> 00:20:14.300 Marianne McGee: Bring comfortable shoes. And I guess 330 00:20:14.300 --> 00:20:17.300 nowadays bring a handful of masks, you know. 331 00:20:18.320 --> 00:20:22.040 Anna Delaney: For sure, and get some air. I think we forget that 332 00:20:22.040 --> 00:20:25.760 there's an outside world sometimes. So that's all great 333 00:20:25.760 --> 00:20:28.580 advice. Thank you very much. That's all we have time for. 334 00:20:28.820 --> 00:20:31.040 Matt, Marianne, Michael, it's been a pleasure. 335 00:20:31.370 --> 00:20:32.330 Matthew Schwartz: Happy Jubilee, Anna. 336 00:20:33.200 --> 00:20:33.650 Anna Delaney: Thank you very much. 337 00:20:33.650 --> 00:20:34.460 Michael Novinson: Thank you for having me. 338 00:20:35.510 --> 00:20:37.310 Anna Delaney: And thank you so much for watching. Until next 339 00:20:37.310 --> 00:20:37.700 time!