PYMNTS-MonitorEdge-May-2024

Amazon Sizzles, zCash Fizzles And ‘Cyber-9/11’ Is A When, Not An If

As November kicks off and the Halloween season officially passes to the Holiday season (sorry Thanksgiving), the sizzle of the week award should doubtlessly go to the World Series Champion Chicago Cubs who finally broke their 108 year old curse.

Cleveland, all we can say to you in consolation is that at least blowing a three game lead wasn’t the fizzle of the week — that honor goes to U.S. cyber-security and its preparedness for a major attack. Also in the hot seat this week are Wells Fargo and its ever-heavier bag of rocks, and Target, which is bleeding senior executives.

But there was lots of sizzle to offset this week as well. Amazon Prime is hitting its… prime as it goes more global and expands it parcel of inducements. Google had another good week and even Square showed some strength.

Want to get the rest of the scoop? We have it all here.

Sizzles

Amazon Prime: Could Prime be gearing up for its prime time?  The service is pushing into China, as reported earlier this week, and Chinese Prime customers will be able to gain free shipping on orders above a certain amount, cross-border.  The service will apply to orders shipped within China (with no minimum).  Not first to market, Amazon should be able to score at least some share gains on brand recognition and a reputation for quality. And there there’s the fact that Amazon Bookstore customers get goodies if they are Prime members. Sizzles for Amazon and its Prime customers.

Square:  Not long ago, Square was being written about in funereal terms.  Slowing growth, a distracted CEO, and deep dives into new markets had investors running for the exits.  The stock has been a busted IPO for a long time.  But the 3Q numbers just reported offer up some hope.  Big traction among larger merchants and a strong showing by its Square Capital business point toward the firm moving beyond its one trick pony status as a processor for SMBs.  Sizzle, finally, for Square.

GOOG: Mobile was, and is, the name of the game for Google, which saw overall ad sales in its latest quarter up 18 percent year over year.  The YouTube business was strong, paid clicks were up, and more and more activity is done via devices (not desktops).  Sizzle for a tech standout amid uneven earnings reports.

Fizzles

Target: Yikes. Target may well have a target on its back when it comes to bleeding senior execs.  Not long ago the firm lost its digital chief.  Before that, its CMO defected to Uber.  Now comes the news that Anne Dament, head of the grocery unit, is leaving, just one and a half years after taking the job.  Brevity is the soul of wit, they say, and it is also the soul of tough jobs in highly competitive categories – of which grocery reigns supreme.

zCash: Digital currencies are all the rage.  Except when they just cause, well, rage.  Zcash just bowed — but right out of the gate, a bug in the software made it all but impossible for private transactions to go through.  Can’t have a more anonymous transaction than one where one party doesn’t send currency and the other one doesn’t get it. But we doubt that was the plan. Fizzle for buggy tech.

Wells Fargo: Wells Fargo was a bit like Charlie Brown at Halloween time.  You know, where everyone else gets candy and Charlie gets just…rocks…in his bag.  Wells Fargo’s bag is full of rocks and is no doubt getting heavier to lug around.  The news this week that the firm entered into a $50 million settlement tied to markups on appraisals forced on mortgage holders in default added fuel to the fire that just about every segment of Wells has been touched by an inordinate focus on gouging to make a buck — at the long time expense of reputation. Then, there’s that $1.7 billion reserved for litigation on the basis of the SEC investigation into its sales practice. A continued fizzle for Wells and its shareholders.

Fizzle Of The Week: U.S. Cybersecurity

Until about a few weeks ago, cybersecurity breaches were an annoying part of life — but also sort of an expected annoyance that became a bit of background noise.

That all changed with the big bot attack that took down about 1,200 sites around the web — including some perennial favorites like Amazon, Netflix and PayPal. Far from a background irritation, it was a front and center problem for consumers and scores of businesses that suddenly found their sites crashing for no apparent reason.

Or not apparent at the time — it was quickly evident that a series of web-connected devices had been co-opted by cybercriminals that hacked them and turned them into an army of deranged server swamping bots.

The aftermath of that has been pretty much of a buffet of bad news ever since.

The perpetrators behind that hack remain unknown, and while the tools of the trade applied are well known — the solution is far less apparent. At this point, the majority of the experts believe that in fact the web is every bit as vulnerable in the U.S. today as it was on the day of the big crash, or perhaps more so since it is now pretty well known that anyone with a $1000 in bitcoin and Tor or JonDonym software can buy a bot army of their very own to try and take down the web.

And the news gets worse — those bot armies will likely be pretty effective, since the Internet of Things is creating thousands of new access points each day that would make terrific launching grounds for massive DDOS like we saw last week.

But that’s not the worst news — because as it turns out, bot armies are annoying but also more or less amateur hour at the cybercrime bar. The elite professionals working for dangerously high paying and government-backed groups can do things far, far more destructive than taking down popular consumer sites.

Losing access to Twitter might actually be good for Americans periodically — losing access to electricity or taking down the stock exchanges has no upside and a potential to get dangerous and ugly fast.

And if you’re feeling sea sick right now, you might just want to take a minute — because the above wasn’t the worst news.

That was the appetizer — not why they got the fizzle.

The worst news is that the majority experts are about 100 percent sure one of those really destructive attacks is on the way and the U.S. isn’t really prepared for it.

So what’s the good news? Well there isn’t much.

Gulp.

Hackers Will Hack (No Matter What)

So far, the two most common methods of dealing with cybercrime — counter hacking or physical reprisal — haven’t been terribly effective.  The U.S. allegedly used malware to shut down Iran’s nuclear program, and drones have been dispatched to physically eliminate hackers.  But an army of invisible hackers all over the world go right on chipping away at the internet’s protective walls.

There is, within the Pentagon, a Cyber Command with both defensive and, increasingly, offensive capabilities. But retired Adm. James Stavridis, former supreme allied commander of NATO, says as of now it is mostly a “pickup team” of personnel from other military branches and deals almost exclusively in military hacking.

Adm. Stavridis notes that there needs to be a more robustly conceived  “cyber force,” and  a director of cybersecurity, just as we created a director of national intelligence in the wake of 9/11.

The purview of this force would be to respond to government and military hacks — but  also hacks of U.S. citizens, companies and infrastructure.

Infrastructure in particular, because most experts say their concerns for the “cyber 9/11” will be an attack on older infrastructure with systems that predate the internet that were patched on as an afterthought.

“Personally, I’m most worried about the water industry,” noted Jim Gillespie, whose Gray Matter Systems secures industrial-control systems. Notably, seven Iranians were indicted in March for allegedly attempting to hack a damn in New York.

The Solutions

According to the experts, there are a lot of improvements possible — but no knock-down fixes.  The most widely lauded was a regulatory change that is currently slated to go into effect on December 1.  This change is to rule 41 of the Federal Rules of Criminal Procedure. It would allow for broad latitude in how much access to consumers’ web connected devices authorities can have — it would allow judges to issue warrants allowing agents to block or disable any computer, be it a private company’s web server or a smart TV in someone’s house.

But that change is controversial — a bi-partisan group of lawmakers has written Attorney General Loretta Lynch to note that the change gives the government and its agents surveillance powers that are far too broad.  Congress has the power to block the change before it goes into effect in December.

The Rule 41 change is the favored solution — though some others had somewhat more out-of-the-box suggestions. Dave Aitel, chief executive of cybersecurity firm Immunity Inc. and a technical adviser to the U.S. Department of Commerce, says lawmakers could consider authorizing victims to “hack back” at attackers.  While that sounds exciting, many other experts have noted that hacking back only makes sense if you know who you are hacking back to — if you don’t, you might accidentally trigger World War III when you find your target is a nation.  Other experts favor a civil court based system that would allow firms negatively affected by a breach — i.e. Twitter — to sue firms “responsible” for not securing their devices.

But whatever it is, it should probably come soon, considering the next big hack is coming — and the experts are pretty sure it will be a lot worse that just Twitter going down. The most consistent upside that experts offer, in fact, was that perhaps a bad enough attack could push real progress in this area in much the way 9/11 sped up the development of U.S. national security.

Though we hope that isn’t the catalyst we need to ignite progress.

 

PYMNTS-MonitorEdge-May-2024