Category Archives for "Managed Services News"

Jan 08

COVID-19 Doesn’t Stop Record Tech, Telecom M&A in 2020

By | Managed Services News

Both spending and deals were up last year.

Despite the global pandemic, tech and telecom M&A hit a new record in 2020, topping $600 billion in total value.

That’s according to 451 Research, part of S&P Global Market Intelligence.

Tech and telecom M&A spending last year soared to its highest level since the dot-com collapse. And last year’s record performance came in a historically abrupt boom-bust cycle.

A recession-led decline that can last years only knocked dealmakers out of the market for a few months in 2020. By summer, acquirers’ pent-up demand, combined with Wall Street’s confidence in the tech sector to thrive, not just survive, during the pandemic, flooded into the tech M&A market

Scott Denne is a senior research analyst with S&P Global Market Intelligence.

451 Research's Scott Denne

S&P Global Market Intelligence’s Scott Denne

“Both spending and deals were up last year,” he said. “According to 451 Research’s M&A KnowledgeBase, acquirers spent $604 billion on 3,993 global tech targets, compared to $476 billion on 3,729 targets in 2019.”

Collapse and Recovery

Acquisition spending dropped in the second quarter of 2020 to its lowest quarterly level in a decade. However, the average totals for both the third and fourth quarters was more than six times higher than spring’s slump.

Last year was the busiest overall year for tech deals since 2016.

Semiconductors accounted for three of the five largest tech acquisitions this year,” Denne said. “As a mature, cyclical industry, it’s not uncommon for chip companies to take up a big chunk of tech M&A spend. What’s unusual this year is that those companies fetched premium valuations. All three of them – Arm, Maxim and Xilinx – were valued at or above nine times trailing revenue. The median multiple for a $1 billion-plus semiconductor target, according to the M&A KnowledgeBase, is just 3.5 times since 2010.

The against-the-odds recovery in tech M&A even outpaced the stunning bull market rebound on Wall Street. On a total return basis, the S&P 500 climbed 18% in 2020, led by a 44% gain by the tech names in the benchmark index, according to S&P Global Market Intelligence.

Denne expects the momentum to continue in 2021.

“Though it’s impossible to predict how the entire year will unfold, the conditions that facilitated a strong tech M&A market in 2020 – a rising stock market, stabilizing IT budgets and an acceleration of digital living and working – are still in place,” he said.

Jan 08

COVID-19 Doesn’t Stop Record Tech, Telecom M&A in 2020

By | Managed Services News

Both spending and deals were up last year.

Despite the global pandemic, tech and telecom M&A hit a new record in 2020, topping $600 billion in total value.

That’s according to 451 Research, part of S&P Global Market Intelligence.

Tech and telecom M&A spending last year soared to its highest level since the dot-com collapse. And last year’s record performance came in a historically abrupt boom-bust cycle.

A recession-led decline that can last years only knocked dealmakers out of the market for a few months in 2020. By summer, acquirers’ pent-up demand, combined with Wall Street’s confidence in the tech sector to thrive, not just survive, during the pandemic, flooded into the tech M&A market

Scott Denne is a senior research analyst with S&P Global Market Intelligence.

451 Research's Scott Denne

S&P Global Market Intelligence’s Scott Denne

“Both spending and deals were up last year,” he said. “According to 451 Research’s M&A KnowledgeBase, acquirers spent $604 billion on 3,993 global tech targets, compared to $476 billion on 3,729 targets in 2019.”

Collapse and Recovery

Acquisition spending dropped in the second quarter of 2020 to its lowest quarterly level in a decade. However, the average totals for both the third and fourth quarters was more than six times higher than spring’s slump.

Last year was the busiest overall year for tech deals since 2016.

Semiconductors accounted for three of the five largest tech acquisitions this year,” Denne said. “As a mature, cyclical industry, it’s not uncommon for chip companies to take up a big chunk of tech M&A spend. What’s unusual this year is that those companies fetched premium valuations. All three of them – Arm, Maxim and Xilinx – were valued at or above nine times trailing revenue. The median multiple for a $1 billion-plus semiconductor target, according to the M&A KnowledgeBase, is just 3.5 times since 2010.

The against-the-odds recovery in tech M&A even outpaced the stunning bull market rebound on Wall Street. On a total return basis, the S&P 500 climbed 18% in 2020, led by a 44% gain by the tech names in the benchmark index, according to S&P Global Market Intelligence.

Denne expects the momentum to continue in 2021.

“Though it’s impossible to predict how the entire year will unfold, the conditions that facilitated a strong tech M&A market in 2020 – a rising stock market, stabilizing IT budgets and an acceleration of digital living and working – are still in place,” he said.

Jan 07

COVID-19 Doesn’t Stop Record Tech, Telecom M&A in 2020

By | Managed Services News

Both spending and deals were up last year.

Despite the global pandemic, tech and telecom M&A hit a new record in 2020, topping $600 billion in total value.

That’s according to 451 Research, part of S&P Global Market Intelligence.

Tech and telecom M&A spending last year soared to its highest level since the dot-com collapse. And last year’s record performance came in a historically abrupt boom-bust cycle.

A recession-led decline that can last years only knocked dealmakers out of the market for a few months in 2020. By summer, acquirers’ pent-up demand, combined with Wall Street’s confidence in the tech sector to thrive, not just survive, during the pandemic, flooded into the tech M&A market

Scott Denne is a senior research analyst with S&P Global Market Intelligence.

451 Research's Scott Denne

S&P Global Market Intelligence’s Scott Denne

“Both spending and deals were up last year,” he said. “According to 451 Research’s M&A KnowledgeBase, acquirers spent $604 billion on 3,993 global tech targets, compared to $476 billion on 3,729 targets in 2019.”

Collapse and Recovery

Acquisition spending dropped in the second quarter of 2020 to its lowest quarterly level in a decade. However, the average totals for both the third and fourth quarters was more than six times higher than spring’s slump.

Last year was the busiest overall year for tech deals since 2016.

Semiconductors accounted for three of the five largest tech acquisitions this year,” Denne said. “As a mature, cyclical industry, it’s not uncommon for chip companies to take up a big chunk of tech M&A spend. What’s unusual this year is that those companies fetched premium valuations. All three of them – Arm, Maxim and Xilinx – were valued at or above nine times trailing revenue. The median multiple for a $1 billion-plus semiconductor target, according to the M&A KnowledgeBase, is just 3.5 times since 2010.

The against-the-odds recovery in tech M&A even outpaced the stunning bull market rebound on Wall Street. On a total return basis, the S&P 500 climbed 18% in 2020, led by a 44% gain by the tech names in the benchmark index, according to S&P Global Market Intelligence.

Denne expects the momentum to continue in 2021.

“Though it’s impossible to predict how the entire year will unfold, the conditions that facilitated a strong tech M&A market in 2020 – a rising stock market, stabilizing IT budgets and an acceleration of digital living and working – are still in place,” he said.

Jan 07

COVID-19 Doesn’t Stop Record Tech, Telecom M&A in 2020

By | Managed Services News

Both spending and deals were up last year.

Despite the global pandemic, tech and telecom M&A hit a new record in 2020, topping $600 billion in total value.

That’s according to 451 Research, part of S&P Global Market Intelligence.

Tech and telecom M&A spending last year soared to its highest level since the dot-com collapse. And last year’s record performance came in a historically abrupt boom-bust cycle.

A recession-led decline that can last years only knocked dealmakers out of the market for a few months in 2020. By summer, acquirers’ pent-up demand, combined with Wall Street’s confidence in the tech sector to thrive, not just survive, during the pandemic, flooded into the tech M&A market

Scott Denne is a senior research analyst with S&P Global Market Intelligence.

451 Research's Scott Denne

S&P Global Market Intelligence’s Scott Denne

“Both spending and deals were up last year,” he said. “According to 451 Research’s M&A KnowledgeBase, acquirers spent $604 billion on 3,993 global tech targets, compared to $476 billion on 3,729 targets in 2019.”

Collapse and Recovery

Acquisition spending dropped in the second quarter of 2020 to its lowest quarterly level in a decade. However, the average totals for both the third and fourth quarters was more than six times higher than spring’s slump.

Last year was the busiest overall year for tech deals since 2016.

Semiconductors accounted for three of the five largest tech acquisitions this year,” Denne said. “As a mature, cyclical industry, it’s not uncommon for chip companies to take up a big chunk of tech M&A spend. What’s unusual this year is that those companies fetched premium valuations. All three of them – Arm, Maxim and Xilinx – were valued at or above nine times trailing revenue. The median multiple for a $1 billion-plus semiconductor target, according to the M&A KnowledgeBase, is just 3.5 times since 2010.

The against-the-odds recovery in tech M&A even outpaced the stunning bull market rebound on Wall Street. On a total return basis, the S&P 500 climbed 18% in 2020, led by a 44% gain by the tech names in the benchmark index, according to S&P Global Market Intelligence.

Denne expects the momentum to continue in 2021.

“Though it’s impossible to predict how the entire year will unfold, the conditions that facilitated a strong tech M&A market in 2020 – a rising stock market, stabilizing IT budgets and an acceleration of digital living and working – are still in place,” he said.

Jan 07

COVID-19 Doesn’t Stop Record Tech, Telecom M&A in 2020

By | Managed Services News

Both spending and deals were up last year.

Despite the global pandemic, tech and telecom M&A hit a new record in 2020, topping $600 billion in total value.

That’s according to 451 Research, part of S&P Global Market Intelligence.

Tech and telecom M&A spending last year soared to its highest level since the dot-com collapse. And last year’s record performance came in a historically abrupt boom-bust cycle.

A recession-led decline that can last years only knocked dealmakers out of the market for a few months in 2020. By summer, acquirers’ pent-up demand, combined with Wall Street’s confidence in the tech sector to thrive, not just survive, during the pandemic, flooded into the tech M&A market

Scott Denne is a senior research analyst with S&P Global Market Intelligence.

451 Research's Scott Denne

S&P Global Market Intelligence’s Scott Denne

“Both spending and deals were up last year,” he said. “According to 451 Research’s M&A KnowledgeBase, acquirers spent $604 billion on 3,993 global tech targets, compared to $476 billion on 3,729 targets in 2019.”

Collapse and Recovery

Acquisition spending dropped in the second quarter of 2020 to its lowest quarterly level in a decade. However, the average totals for both the third and fourth quarters was more than six times higher than spring’s slump.

Last year was the busiest overall year for tech deals since 2016.

Semiconductors accounted for three of the five largest tech acquisitions this year,” Denne said. “As a mature, cyclical industry, it’s not uncommon for chip companies to take up a big chunk of tech M&A spend. What’s unusual this year is that those companies fetched premium valuations. All three of them – Arm, Maxim and Xilinx – were valued at or above nine times trailing revenue. The median multiple for a $1 billion-plus semiconductor target, according to the M&A KnowledgeBase, is just 3.5 times since 2010.

The against-the-odds recovery in tech M&A even outpaced the stunning bull market rebound on Wall Street. On a total return basis, the S&P 500 climbed 18% in 2020, led by a 44% gain by the tech names in the benchmark index, according to S&P Global Market Intelligence.

Denne expects the momentum to continue in 2021.

“Though it’s impossible to predict how the entire year will unfold, the conditions that facilitated a strong tech M&A market in 2020 – a rising stock market, stabilizing IT budgets and an acceleration of digital living and working – are still in place,” he said.

Jan 07

US Capitol Rioters Pose Cybersecurity Threat Due to Device Access, Theft

By | Managed Services News

It’s not yet known what all the rioters got their hands on or saw.

Cybersecurity experts say U.S. Capitol rioters pose a threat to national security because they accessed and stole government officials’ devices.

And it’s not yet known what all the rioters got their hands on or saw.

Kevin Coleman is executive director of the National Cyber Security Alliance. He said Capitol rioters stole U.S. Sen. Jeff Merkley’s laptop. And any rioters ransacking House Speaker Nancy Pelosi’s office could have seen or accessed sensitive information.

The silver lining is that lawmakers’ classified information typically is stored on sensitive compartmented information facilities (SFICs), he said.

NCSA's Kevin Coleman

NCSA’s Kevin Coleman

“But the dangers and threat vectors that surface from unprotected physical devices are still very prevalent,” Coleman said. “We’ve seen screenshots of Pelosi’s email inbox already posted to Twitter, which means that perpetrators could have accessed email lists and records that can potentially be used to conduct phishing attacks.”

Don’t Underestimate the Rioters

Understating the capabilities of individuals among the Capitol rioters would be a mistake as well, Coleman said.

“It’s impossible to know at this point if any were aligned with opposing nation-state interests or if any devices that weren’t stolen might have been targets for malware installations,” he said. “Conversely, a stolen device no longer belongs to its original owner.”

Due to a lapse in device security, thieves shouldn’t have any difficulty combing through the entirety of an endpoint’s hard drive, Coleman said.

This potential security breach could compound government vulnerabilities beyond the SolarWinds hack, he said.

“While reports have asserted that any accessible data that could potentially have been stolen was unclassified and relatively low level in terms of sensitivity, this event will certainly be another wakeup call for government security teams,” Coleman said. “SolarWinds was a proof point that third-party supply chain attacks — although not incredibly sophisticated — can be devastating. It called into question how government IT teams were vetting third-party partners, how they were collecting and storing sensitive data.”

And the targeted federal organizations will have to overhaul their entire security playbooks moving forward, he said.

The Capitol riot data thefts likely won’t be anywhere near as disastrous as SolarWinds, Coleman said. But they add to the mix of security issues the government will have to sort out.

“While SolarWinds was a backend system vulnerability, yesterday’s incident proves that a lack of sufficient endpoint security can be a problem, and that continued awareness and education for staffers about not leaving key information on an idle device will be equally important moving forward,” he said.

Better Protection Could Have Been in Place

Better device security could have been in place to minimize the risk, Coleman said.

“It’s impossible to have a foolproof plan,” he said. “But it is possible to minimize risks with a layered approach that consists of better device security software, better data monitoring and storage policies, and continued education for staffers about the dangers of unprotected data.”

Jerry Ray is SecureAge‘s COO. He said Wednesday’s Capitol rioters brought an “empirical and tangible threat” to systems and data throughout the Capitol.

SecureAge's Jerry Ray

SecureAge’s Jerry Ray

“Whether an unsuspecting and gleeful Trump supporter lost in the moment and running in for the selfies, or a trained agent of a foreign government sporting a MAGA hat and face gaiter armed with USB flash drives, malicious dongles or peripherals to attach to systems, the mere presence of unauthorized people in the offices of legislators renders every system and every file compromised and dirty,” he said.

Any digital device within those Capitol office spaces and exposed to intruders now poses a threat, Ray said.

“Even a quick grab of a sticky note with a handwritten password on it opens up entire networks of information with national security implications to compromise,” he said.

Less Obvious Threats

Personal information left behind during the evacuation poses less obvious threats, Ray said.

“Using that information for identity theft is just as likely as it is for sophisticated phishing attacks or unsophisticated blackmail attempts for monetary or espionage purposes,” he said.

All account names, passwords, keys, directory path and file names need to be changed, Ray said.

The long-term strategy includes a lengthy and comprehensive sweep of all devices, Coleman said. In the short term, Capitol IT teams will have to prioritize any glaring vulnerabilities before combing through other devices.

“Additionally, we’re not truly privy to how exhaustive the IT team’s network monitoring and policy management protocols are,” he said. “Is there a detailed record of every login attempt? Can they cross-reference timestamps of any attempts to determine unauthorized access? And do compromised devices have encryption automatically enabled? These are all very important questions that government security teams and officials will need to reassess.”

Jan 07

SolarWinds MSP President: Rebrand Will ‘N-Able’ Partner Opportunity

By | Managed Services News

The “new” name is resurfacing from the high-profile 2013 acquisition of N-able, maker of the N-central software platform.

SolarWinds MSP president John Pagliuca says the company’s decision to rebrand as N-able extends the roots of what SolarWinds is as a company.

“It’s all about the performance, protection and partnerships MSPs need to power their clients – and their business – forward. It’s the next step in our exploration of a potential spinoff, which is anticipated to occur in the second quarter,” said Pagliuca.

The rebranding as N-able is part of a potential spinoff, first announced in August, from parent company SolarWinds.

The N-able name might sound familiar. Nearly eight years ago, SolarWinds acquired N-able, maker of the N-central software platform, for $120 million. No small deal, it was actually one of the first major remote monitoring and management (RMM) software acquisitions in the MSP industry. 

Now, SolarWinds MSP will essentially resurrect the N-able name as part of the potential spinoff from SolarWinds.

SolarWinds MSP's John Pagliuca

SolarWinds MSP’s John Pagliuca

Additionally, the company submitted a Form 10 to the SEC last month, regarding the potential spinoff. The impact of separating from SolarWinds primarily concerns operations. 

Background

Today, SolarWinds MSP operates as a wholly owned subsidiary of its parent, SolarWinds Corporation.

  • SolarWinds MSP has a separate and distinct executive leadership team.
  • The company has independent technical support, partner success and sales teams that provide resources and best practices specifically designed to help MSP partners protect and serve their customers.
  • SolarWinds MSP’s product and R&D teams have their own leadership, standalone road maps, and separate repositories and build environments.
Jan 07

COVID-19 Doesn’t Stop Record Tech, Telecom M&A in 2020

By | Managed Services News

Both spending and deals were up last year.

Despite the global pandemic, tech and telecom M&A hit a new record in 2020, topping $600 billion in total value.

That’s according to 451 Research, part of S&P Global Market Intelligence.

Tech and telecom M&A spending last year soared to its highest level since the dot-com collapse. And last year’s record performance came in a historically abrupt boom-bust cycle.

A recession-led decline that can last years only knocked dealmakers out of the market for a few months in 2020. By summer, acquirers’ pent-up demand, combined with Wall Street’s confidence in the tech sector to thrive, not just survive, during the pandemic, flooded into the tech M&A market

Scott Denne is a senior research analyst with S&P Global Market Intelligence.

451 Research's Scott Denne

S&P Global Market Intelligence’s Scott Denne

“Both spending and deals were up last year,” he said. “According to 451 Research’s M&A KnowledgeBase, acquirers spent $604 billion on 3,993 global tech targets, compared to $476 billion on 3,729 targets in 2019.”

Collapse and Recovery

Acquisition spending dropped in the second quarter of 2020 to its lowest quarterly level in a decade. However, the average totals for both the third and fourth quarters was more than six times higher than spring’s slump.

Last year was the busiest overall year for tech deals since 2016.

Semiconductors accounted for three of the five largest tech acquisitions this year,” Denne said. “As a mature, cyclical industry, it’s not uncommon for chip companies to take up a big chunk of tech M&A spend. What’s unusual this year is that those companies fetched premium valuations. All three of them – Arm, Maxim and Xilinx – were valued at or above nine times trailing revenue. The median multiple for a $1 billion-plus semiconductor target, according to the M&A KnowledgeBase, is just 3.5 times since 2010.

The against-the-odds recovery in tech M&A even outpaced the stunning bull market rebound on Wall Street. On a total return basis, the S&P 500 climbed 18% in 2020, led by a 44% gain by the tech names in the benchmark index, according to S&P Global Market Intelligence.

Denne expects the momentum to continue in 2021.

“Though it’s impossible to predict how the entire year will unfold, the conditions that facilitated a strong tech M&A market in 2020 – a rising stock market, stabilizing IT budgets and an acceleration of digital living and working – are still in place,” he said.

Jan 07

IBM Names CEO of New Managed Services Spinoff

By | Managed Services News

The former IBM CFO is well-known to those within NewCo.

Martin Schroeter will lead the new IBM managed services spinoff, which the company plans to launch by year’s end. In naming Schroeter as CEO of the new company, for now dubbed “NewCo,” IBM is turning to a familiar face.

IBM's Martin Schroeter

IBM’s Martin Schroeter

Schroeter is a 28-year IBM veteran who once led the IT giant’s global technology services business. He has held key leadership roles, including CFO. At the time of Schroeter’s retirement last year, he was VP of IBM’s global markets, overseeing industries and integrated accounts.

“Martin has the strategic vision and business judgment to realize NewCo’s enormous potential as the global leader in managed infrastructure services,” IBM chairman and CEO Arvind Krishna, said.. “He has a deep understanding of the industry and has earned the trust of our clients and of the investor community.”

In October, the company announced the new IBM managed services spinoff as a standalone, publicly held company. IBM has identified managed technology infrastructure services as a $500 billion market opportunity. It believes that splitting its technology and hybrid cloud business from managed infrastructure services will boost growth for both companies.

NewCo, the working name for the IBM managed services business, posted nearly $19 billion in revenue last year. In an October blog explaining the spinoff, Krishna said that is twice the size of its nearest competitor. While IBM didn’t identify its nearest rival, Insight Enterprises, No. 1 on last year’s MSP 501 list, reported revenue of $6.7 billion.

IBM said NewCo has 90,000 employees and serves 4,600 enterprise clients across 115 countries.

“It will leverage its unrivaled expertise to offer hosting and network services, services management, infrastructure modernization, and migrating and managing multicloud environments,” Krishna said. “These are critical services that are core to client operations.”

Picking One of its Own

It’s not surprising that IBM picked a CEO for NewCo from its own ranks.

“Martin Schroeter is long-term IBMer that has the broad experience across the organization to lead the first phase of NewCo’s journey,” said Forrester analyst Jay McBain. “Probably most important was his experience as IBM’s CFO from 2014-2017, as it transformed its business from a services-led model that Louis Gerstner built in the ’90s to a multicloud, hybrid cloud company focused on emerging technology.”

While NewCo will become a separate and independent company, its DNA is firmly associated with IBM in terms of personnel, products, and shared customers and partners, according to Pund-IT principal analyst Charles King.

“That makes it vital for NewCo’s leadership to have a deep organizational and strategic understanding of IBM,” King said. “Equally important is Schroeter’s experience in a variety of IBM executive roles. In fact, you could say that he’s emblematic of IBM’s practice of preparing candidates for senior roles by rotating them through its business units and global organizations. Schroeter’s past positions, including SVP of global markets, CFO and GM of IBM Global Financing, and work in company offices in Japan, Australia and the U.S., make him an ideal candidate to lead and manage NewCo.”

Schroeter’s Leadership Priorities

Schroeter doesn’t officially begin his role as CEO of NewCo until Jan 15. During a December talk at Carnegie Mellon University, where he received his MBA, Schroeter shared his leadership priorities.

Key is a willingness to keep learning, he said. For example, when Schroeter ran IBM’s services business in Asia, he managing 60,000 people. So he learned the importance of speaking in superlatives.

“Part of this is, how do you build the leadership skills and interaction skills so that you can lead people at the right level?” he said.

The other part is understanding technology at a deeper level.

“The world is becoming more technical,” he said.

Schroeter recalled an instance where he was preparing to meet a client who wanted to understand IBM’s Red Hat acquisition.

“So I spent a few hours over the last few weekends just making sure I knew why OpenShift is the best container platform, understanding the Red Hat business model, to make sure I can really explain it clearly and crisply to clients. There’s a leadership element to continuous learning — and that’s an evolution.”

Jan 07

U.S Capitol Rioters Pose Cybersecurity Threat Due to Device Access, Theft

By | Managed Services News

It’s not yet known what all the rioters got their hands on or saw.

Cybersecurity experts say U.S. Capitol rioters pose a threat to national security because they accessed and stole government officials’ devices.

And it’s not yet known what all the rioters got their hands on or saw.

Kevin Coleman is executive director of the National Cyber Security Alliance. He said Capitol rioters stole U.S. Sen. Jeff Merkley’s laptop. And any rioters ransacking House Speaker Nancy Pelosi’s office could have seen or accessed sensitive information.

The silver lining is that lawmakers’ classified information typically is stored on sensitive compartmented information facilities (SFICs), he said.

NCSA's Kevin Coleman

NCSA’s Kevin Coleman

“But the dangers and threat vectors that surface from unprotected physical devices are still very prevalent,” Coleman said. “We’ve seen screenshots of Pelosi’s email inbox already posted to Twitter, which means that perpetrators could have accessed email lists and records that can potentially be used to conduct phishing attacks.”

Don’t Underestimate the Rioters

Understating the capabilities of individuals among the Capitol rioters would be a mistake as well, Coleman said.

“It’s impossible to know at this point if any were aligned with opposing nation-state interests or if any devices that weren’t stolen might have been targets for malware installations,” he said. “Conversely, a stolen device no longer belongs to its original owner.”

Due to a lapse in device security, thieves shouldn’t have any difficulty combing through the entirety of an endpoint’s hard drive, Coleman said.

This potential security breach could compound government vulnerabilities beyond the SolarWinds hack, he said.

“While reports have asserted that any accessible data that could potentially have been stolen was unclassified and relatively low level in terms of sensitivity, this event will certainly be another wakeup call for government security teams,” Coleman said. “SolarWinds was a proof point that third-party supply chain attacks — although not incredibly sophisticated — can be devastating. It called into question how government IT teams were vetting third-party partners, how they were collecting and storing sensitive data.”

And the targeted federal organizations will have to overhaul their entire security playbooks moving forward, he said.

The Capitol riot data thefts likely won’t be anywhere near as disastrous as SolarWinds, Coleman said. But they add to the mix of security issues the government will have to sort out.

“While SolarWinds was a backend system vulnerability, yesterday’s incident proves that a lack of sufficient endpoint security can be a problem, and that continued awareness and education for staffers about not leaving key information on an idle device will be equally important moving forward,” he said.

Better Protection Could Have Been in Place

Better device security could have been in place to minimize the risk, Coleman said.

“It’s impossible to have a foolproof plan,” he said. “But it is possible to minimize risks with a layered approach that consists of better device security software, better data monitoring and storage policies, and continued education for staffers about the dangers of unprotected data.”

Jerry Ray is SecureAge‘s COO. He said Wednesday’s Capitol rioters brought an “empirical and tangible threat” to systems and data throughout the Capitol.

SecureAge's Jerry Ray

SecureAge’s Jerry Ray

“Whether an unsuspecting and gleeful Trump supporter lost in the moment and running in for the selfies, or a trained agent of a foreign government sporting a MAGA hat and face gaiter armed with USB flash drives, malicious dongles or peripherals to attach to systems, the mere presence of unauthorized people in the offices of legislators renders every system and every file compromised and dirty,” he said.

Any digital device within those Capitol office spaces and exposed to intruders now poses a threat, Ray said.

“Even a quick grab of a sticky note with a handwritten password on it opens up entire networks of information with national security implications to compromise,” he said.

Less Obvious Threats

Personal information left behind during the evacuation poses less obvious threats, Ray said.

“Using that information for identity theft is just as likely as it is for sophisticated phishing attacks or unsophisticated blackmail attempts for monetary or espionage purposes,” he said.

All account names, passwords, keys, directory path and file names need to be changed, Ray said.

The long-term strategy includes a lengthy and comprehensive sweep of all devices, Coleman said. In the short term, Capitol IT teams will have to prioritize any glaring vulnerabilities before combing through other devices.

“Additionally, we’re not truly privy to how exhaustive the IT team’s network monitoring and policy management protocols are,” he said. “Is there a detailed record of every login attempt? Can they cross-reference timestamps of any attempts to determine unauthorized access? And do compromised devices have encryption automatically enabled? These are all very important questions that government security teams and officials will need to reassess.”

>