Compared to several years ago, there are a number of internet browsers one can use on desktop, laptop, smartphone or a tablet to surf the web and do all of the digital things associated with Tematica’s Digital Lifestyle investing theme. While the more commone ones are Microsoft’s Internet Explorer, Google’s Chrome, and Apple’s Safari, there have been functionality, compatibility as well as privacy concerns with those products. In fact, in a bid to protect our privacy and block data-grabbing ads and trackers, members of Team Tematica prefer to use Brave,Firefox andDuckDuckGo as well as NordVPN, Norton VPN and Cloudflare. Given all of that it, as well as Apple talking up how it values the privacy of its customers, it comes as little surprise that Microsoft would discuss its improved privacy with Edge, its new internet browser. Now to see what Google does…
Our browser privacy promise is to provide you with the protection, transparency, control and respect you deserve. To uphold commitments to give you transparency into Microsoft products, the Microsoft Edge team provided a privacy whitepaper that explains how Microsoft Edge features and services work and how each may affect your privacy. The goal of the Microsoft Edge team is to give you a full understanding into how your data is used, how to control the different features, and how to manage your collected data, so you have the info you need to make the right privacy decisions for you.
Similar to the explosive adoption in videoconferencing service Zoom Video Communications, traffic for short-form mobile video platform TikTok has soared of late more than likely due in part to the coronavirus lockdowns and self-cocooning that has taken place over the last several weeks. However, as the authors below point out, “HTTP traffic can be easily tracked, and even altered by malicious actors.”
After the cybersecurity and data privacy issues that were uncovered with Zoom, we suspect much more will be made of this privacy vulnerability at TikTok in the coming days. Let’s remember that the average number of days between a breach being discovered according to Accenture is roughly 50 days.
TikTok’s continued use of HTTP to move sensitive data across the internet is allowing the videos and other content being sent by the app’s users to be tracked and altered, according to two web developers.
Talal Haj Bakry and Tommy Mysk noted in a blog that the CDN used by TikTok still uses unencrypted HTTP for data transfers instead of HTTPS creating a gap in their security that can be exploited.
“While this [using HTTP] improves the performance of data transfer, it puts user privacy at risk. HTTP traffic can be easily tracked, and even altered by malicious actors,” they said.
TikTok’s high risk factor has already pushed the U.S. military to ban its members from using the Chinese-owned app due to its privacy and security issues. The company has rejected those claims, but the app’s activity has spurred some legal action. In early 2019, the Federal Trade Commission said Musical.ly, TikTok’s earlier iteration, illegally gathered and used children’s personal data, and levied a $5.7million fine on the app for violating the Children’s Online Privacy Protection Act (COPPA).
Part of the problem is TikTok takes advantage of the fact that Apple and Google still allow developers to not use HTTPS, a loophole that allows for backward compatibility. But the Bakry and Mysk said doing so should be a rare exception and not for such a heavily used app. The versions of TikTok for iOS, 15.5.6, and Android, 15.7.4, still send content to their CDN using HTTP.
“Consequently, TikTok inherits all of the known and well-documented HTTP vulnerabilities. Any router between the TikTok app and TikTok’s CDNs can easily list all the videos that a user has downloaded and watched, exposing their watch history. Public Wifi operators, Internet Service Providers, and intelligence agencies can collect this data without much effort,” they wrote.
This leaves anyone using the TikTok app open to man in the middle attacks where a threat actor could replace the video, photo or text being transmitted with spam or fake news designed to embarrass the sender.
Never underestimate people’s ability to take advantage of a crisis, including the current coronavirus as cyber-criminals have been quick to take advantage of the understandable levels of fear. This morning NortonLifeLock (NLOK) sent an email to its clients warning about a phishing email going around that uses the logo of the CDC Health Alert Network claiming to provide a list of local active infections. Recipients are asked to click a link where they are then to enter email login credentials, which are then stolen.
Also this morning, the European Central Bank warned banks that there may be a jump in cyber attacks as hackers look to exploit virus-related chaos.
The watchdog urged banks in a letter this week to test the capacity of their technology systems “also in light of a potential increase of cyber-attacks and potential higher reliance on remote banking services.”
The outbreak has prompted lenders to ask more employees to work from home or spread them across different offices, while more clients may choose online banking over going to branches. While banks have improved defenses against hackers in recent years, the ECB has called cybercrime and technology deficiencies some of the top risks for the industry this year.
The ECB letter is part of efforts to ensure banks can keep functioning in case they’re directly affected by the coronavirus outbreak that’s rippling through the global economy.
These warnings follow a recently published blog post by Fortinet (FTNT) on how it has seen a significant increase in malicious activity surrounding the coronavirus. In the post, the company shared it has found reports appearing from “trusted sources, such as governmental agencies, news outlets, etc. that were actually malicious.” Fortinet goes on to point out the World Health Organization (WHO) is contending with malicious activity as “criminals are disguising themselves as WHO to steal money or sensitive information.”
We suspect in the coming months we are likely to see a spike in companies reporting cyber attacks and data privacy violations, which will not only shortcomings but also spur demand for companies found in the Foxberry Tematica Research Cybersecurity & Data Privacy Index. Our advice is to wash your hands frequently and be wary of what you click on and where you click. It’s a viral world.
The headlines are increasingly dominated by frightening images of people wearing masks or encased in hazmat suits along with words like “pandemic,” not exactly pleasant over morning coffee. We are being told that this virus isn’t all that much worse than the usual flu, yet cities are being quarantined, travel is being restricted or outright banned, and companies are making all kinds of severe contingency plans. How can this be no worse than the usual flu if everyone seems to be having a total meltdown?
I did some simple math to show why this virus could be both:
(A) something I personally don’t need to get overly worked up over when it comes to my own health, while at the same time
(B) a major medical threat on a global level.
Sounds like I’ve lost my mind right? Just give me a few minutes and we’ll walk through the numbers.
The breakdown for the impact of the typical influenza virus every season is illustrated in this chart from the Center for Disease Control (CDC). Since 2010 the number infected by an influenza virus every year ranges from 9.3 million to 45 million. The number hospitalized ranges from 140,000 to 810,000 and the number that die from the virus ranges from 12,000 to 61,000.
In the chart below I took the midpoint of each of the ranges shown above. I realize that those ranges are quite large so simply taking the midpoint of the numbers loses some meaning, but bear with me here as we are just looking to understand magnitudes. On average 8.23% of the population of the United States has been infected by the seasonal influenza virus every year since 2010. Of those who have been infected, 1.75% have needed hospitalization and 0.134% have died.
If we assume that the coronavirus is just an average flu bug, then we can use these averages. In the example below I assume that 1.75% of those that contract the virus need hospitalization and 0.134% will die. In the chart below I show how many will need hospitalization and how many will die based on 5% to 50% of the population contracting the virus.
(Please note on the chart below that I took the total number of hospital beds from the 2020 American Hospital Association’s 2020 AHA Hospital Statistics, developed from the 2018 AHA Annual Survey. I estimated the number of ICU beds using data from the Society of Critical Care Medicine which referenced AHA data that found the ration of ICU beds to total beds to be 14.3% in a 2015 study. Surprisingly enough the number of ICU beds is not an easy number to find.)
The problem quickly becomes evident. Under our assumptions, when the percent of the population infected by the virus gets between 15% and 20% of the total population, there simply aren’t enough hospital beds in the country even if every single bed is dedicated to someone with the coronavirus. This is the problem. It isn’t the health risks to any one particular person, but rather the sheer number of people that this virus may be able to infect.
So while the risk to me of needing hospitalization may be no worse with coronavirus that the usual flu, there may be no beds available to treat me if I end up needing one! Now I’m worried.
According to the Center for Disease Control (CDC), on average, about 8% of the US population gets sick from the flu every season, with a range of between 3% and 11% depending on the year. What about the contagiousness of the typical flu? This is from the CDC:
People with flu are most contagious in the first 3-4 days after their illness begins.
Some otherwise healthy adults may be able to infect others beginning 1 day before symptoms develop and up to 5 to 7 days after becoming sick.
Some people, especially young children and people with weakened immune systems might be able to infect others for an even longer time.
Part of why the typical flu is not as contagious as the coronavirus is because you know more quickly when you are sick. The problem with the coronavirus is we are seeing evidence that people can be contagious for more than 14 days and may not have any symptoms. This gives the coronavirus the potential to totally blow away the usual 3% to 11% infection rate during a typical season.
This is why the virus can have the same health risk to any particular person as the usual flu bug while at the same time being an enormous health risk on a city, state and national level. Recall the movie Mission Impossible 2 where our hero Ethan Hunt needs to stop the biological weapon “Chimera” from getting out? Chimera was fatal within 20 hours and those infected quickly experienced severe symptoms. That movie got it all wrong. The most dangerous virus would be one that infects its host and is easily transmitted from one person to the next for years without its host having any symptoms. With such a virus, by the time we even knew of its existence, the majority of the world’s population could already be infected.
As a final note, in the example above we assumed a fatality rate (meaning the percent of those infected that die) of just 0.134%. In China, as of February 11, 2020, according to data compiled by Statista, the fatality rate has been much higher – 21.6x higher in Hubei, 17.2x higher nationwide and 3x higher in other regions excluding Hubei.
As of February 27, 2020 at 18:00 Central European time, there were 650 confirmed cases in Italy, 17 deaths and 45 healed. This makes for a mortality rate of 2.6% which is 19.5x more deadly than our example. Current statistics can be found here.
In South Korea, as of the writing of this piece, the total confirmed cases had reached 2,022 with 13 deaths. This makes for a mortality rate of 0.64% which is 4.8x more deadly than our example.
According to LiveScience.com, as of the afternoon of February 28, 2020 there are have about 83,704 confirmed cases and 2,859 deaths. This makes for a mortality rate of 3.4% which is 25.5x more deadly than our example.
On that note, I’m going to go wash my hands… again.
Here at Tematica, one of the things we like more than anyone of our investing themes is when two or more of them intersect as it forms a super-theme of sorts. We’ve seen numerous examples over the last several quarters, but there are also times when the tailwind of one of our themes presents a headwind for another. We are seeing that unfold between the cashless consumption aspect of our Digital Lifestyleinvesting theme and our Middle Class Squeeze and Safety & Security ones.
There are benefits to be had with the move by business to digital commerce…
Some retailers are cutting out cash to speed up transactions, reduce the risk of theft and accommodate the increased use of credit and debit cards, as well as digital wallets like Apple Pay and Google Pay, to purchase services and products.
… and there are times when having to pay only by cash can be a hassle, especially if you’ve gotten used to paying with a swipe or a tap. There are also those folks that are tapping their credit cards harder than others as they look to make ends meet. According to the Federal Reserve Bank of New York’s latest Household Debt and Credit Report, consumer household debt balances have been on the rise for five years and quarterly increases continued on a consecutive basis, bringing the second quarter 2019 total to $192 billion.
But as the below excerpts note, not everyone in the entire population is able to participate in cashless consumption be it because they lack a debit or credit card. Others have those but are wary about leaving a digital trail that could be exploited by cyber attackers and compromise their privacy.
But with 6.5% of U.S. households in 2017 not having bank accounts, according to the FDIC, and 18.7% having accounts but also using financial services outside of insured institutions, some are pushing back on the trend
But it’s not just those without credit and debit cards who may balk at being told they can’t use cash. In an era when data breaches have occurred at institutions such as Capital One and credit rating agency Equifax, some consumers worry that cashless payments can infringe on their privacy.
“You do hear a good portion of people saying ‘Once we move to this cashless economy, there is a digital trail for every single one of my purchases, and I’m not entirely comfortable with that,’’’ Santana says. “And there’s a possibility there could be a data breach where your information gets compromised. The probability of a data breach happening is very low, but it is isn’t zero.”
Interestingly enough, despite these headwinds, the tailwind for cashless consumption continues to blow as evidenced by the continued decline in using cash.
Square Inc. found that four years ago, shoppers used cash for 46% of purchases that were less than $20. But this year, shoppers used cash for 37% of transactions in the same price range.
And while there may be some overlap in the user numbers, earlier this year Paypal’s (PYPL) Venmo reported 40 million users that completed one transaction in the prior 12 months, while Square reported 15 million Square (SQ) Cash App users for “monthly actives (at least one transaction in the past month).” While those numbers are larger than some digital user figures at banks — Bank of America (BAC) reported that its active base of digital users was 37 million in the March 2019 quarter and for the same period Wells Fargo & Co. (WFC) had 29.8 million active digital users – during the June 2019 quarter Apple (AAPL) Apple’s Apple Pay completed nearly 1 billion transactions per month, nearly transaction levels in the year-ago quarter.
What those figures tell us is in today’s increasingly connected world filled with more consumers embracing digital shopping and mobile ordering, for both convenience and in many cases better affordable prices, we will likely see a continued movement away from cash usage… but we may not see the use of cash disappear just yet. In thematic speak, two powerful tailwinds may be impeded by one headwind, but that will likely only slow the impact, not eliminate it.
As that shift away from cash continues, odds are we will see more companies embrace our Disruptive Innovatorstailwind and bring new solutions to market. One such company is Tematica Select List resident USA Technologies (USAT) that is bringing mobile payments to vending machines and unattended retail.
Another is the cash to debit card ReadyStation kiosk found at the now cashless Mercedes Benz stadium in Atlanta. The kiosk by ReadyCard that converts cash to a prepaid debit card that can be used anywhere VISA is accepted. That is but one solution that could thwart regulatory headwinds, especially if like the ReadyStation kiosk the resulting debit card is fee free.
From Philadelphia to San Francisco, several cities and states have passed or are considering bills that prohibit retailers from refusing to accept cash, a policy they say shuts out the millions of Americans who don’t have a bank account, lack credit cards or don’t have photo identification.
Another reminder that where there is a pain point, solutions tend to result.
A look at the thematic outlook we can piece together from the flow of earnings reports we’ve received thus far.
On this episode of the Thematic Signals podcast, we find ourselves in the thick of earnings season and Tematica’s Chris Versace not only provides an overview for how all of these reports are coming together to form a larger picture, he shares a thematic look at what’s moving several stocks, including Amazon (AMZN), Apple (AAPL), International Airlines Group (ICAGY), IBM (IBM), Netflix (NFLX), Skyworks Solutions (SWKS) and the impact of spending on cybersecurity. In thematic speak, it’s the Digital Lifestyle, Digital Infrastructure, Disruptive Innovators, and the Safety & Security themes, with an added dash of privacy. Of particular note, Chris is really excited about one of the latest signals for Tematica’s Cleaner Living investing theme as Nestle SA has found a way to dramatically reduce the sugar content of its KitKat bar. Why? Because it and other food and beverage companies are under pressure from consumers and governments alike to make healthier products amid rising obesity and diabetes rates. If Nestle keeps this up maybe one day it could land in the Tematica Research Cleaner Living Index.
Boosting our stop loss on Middle-Class Squeeze Thematic Leader Costco Wholesale (COST) to $240.
Safety & Security Thematic Leader Axon Enterprise Inc. (AAXN) catches a TAZR win.
Housekeeping: The next issue of Tematica Investing will be published during the week of July 29th. Why? Because next week I will be on vacation. Even though I’ll be catching up on some reading and thematic thinking, I’ll be kicking back and recharging for what lies ahead.
Last week, we started the June-quarter earnings season. While there were only 20 reports, what we heard from BASF SE, Fastenal (FAST), and MSC Industrial (MSM) served to remind us that, even though the Fed will likely cut interest rates, odds are the current earning seasons will be a challenging one. That view was reaffirmed this week with results from JB Hunt (JBHT) and CSX (CSX) that confirmed the slowdown in freight traffic, an indicator that we here at Tematica watch rather closely as a gauge for the domestic economy’s health.
Given the declines in the Cass Freight Index over the last seven months, the results out of JB Hunt, CSX and other shippers should hardly be news to the investment community. On the other hand, what is somewhat concerning to me is that these declines in freight are coming in even as June Retail Sales surprise to the upside and e-tailers, like Thematic King Amazon (AMZN), Walmart (WMT), Target (TGT) and others, are embracing one-day and same-day shipping from the prior table stakes that were two-day shipping. The growing concern that I have is that despite the tailwind associated with our Digital Lifestyle investing theme, continued declines in the Cass Freight Index and other freight indicators could signal that the domestic economy is moving from one that is slowing into one that is in contraction territory.
Despite the upside surprise in the June Retail Sales report, it was counterbalanced by a revelation contained in the June Industrial Production & Capacity Utilization report. What we learned yesterday from that report was that domestic factory production fell at an annualized rate of 2.2% in the June quarter. Paired with the slowing freight-related signals mentioned earlier, there is little question over the vector of the domestic economy. Clearly the June quarter will be slower than the March one, but the real question we need to face as investors is, how slow will it be in the current third quarter, as well as the fourth quarter this year? That speed along with the degree of the expected July Fed rate cut and the continuation of the current US-China trade war will influence business spending and earnings expectations for the back half of the year.
As far as the June Retail Sales report goes, while I am all for consumers spending, I’m not in love with the fact that it is increasing credit card debt that is likely driving it. According to data collected by the FDIC and published by MagnifyMoney, “Americans paid banks $113 billion in credit card interest in 2018, up 12% from the $101 billion in interest paid in 2017, and up 49% over the last five years.” And as we’ve seen in the monthly Consumer Credit Report issued by the Federal Reserve, revolving consumer credit, which includes credit card balances, has only grown year to date. In other words, consumers are using credit card debt to fund their spending and rising interest payments will squeeze disposable income levels.
While increasing consumer debt is not exactly an uplifting thought, and certainly a headwind for the economy in the coming quarters, these development are a tailwind for Middle-Class Squeeze Thematic Leader Costco Wholesale (COST):
Year to date, COST shares are up some 37%, and we are only now heading into the seasonally strongest time of the year for the company’s business. We should continue to hold COST shares, but we will also increase our stop loss to $240 from roughly $225.
Thematic Leader dates to watch
With investor attention turning to corporate earnings, here are the announced reporting dates for the Thematic Leaders:
Netflix (NFLX) – July 17
Chipotle Mexican Grill (CMG) – July 23
Amazon (AMZN) – July 25
AMN Healthcare (AMN) – August 6
Dycom Industries (DY) – N/A
Costco Wholesale (COST) – N/A
Alibaba (BABA) – N/A
Axon Enterprises (AAXN) – N/A
Not all of the Leaders have shared the reporting dates for their latest quarterly earnings, but no worries as I’ll be filling the calendar in as the missing ones announce them. And it goes without saying that as the June 2019 earning season continues, I’ll be sifting through the sea of reports looking for thematic data points to be had.
As I was putting this issue of Tematica Investing to bed, I saw that Safety & Security Thematic Leader Axon Enterprises (AAXN) announced a big win for its business — a significant order for its TASER Conducted Energy Weapons from agencies across the United States. These orders, which were landed during the first half of 2019, will ship in multiple phases in the coming quarters.
Why are we only hearing about this now?
Partly because Axon needed permission from the agencies make the announcement, and even with such permission granted, the company still needed further permission to name those agencies as customers. A full list of those announced orders can be found here.
Of course, this news is a positive for Axon, and it serves as a reminder that even though the headline story for Axon is the company’s ongoing transformation into a digital security company as it grows it body-camera and digital subscription storage business, the steadfast TAZR business remains a firearm alternative.
We’ve enjoyed a nice run in Axon shares since they were added to the Thematic Leader board, and year to date the shares are up more than 46%. I see no reason to abandon them just yet and our long-term price target of $90 remains intact. For now, our stop loss on the shares continues to sit at $51.
And for what it’s worth, as impressive as that year to date gain is for AAXN shares, it still trails behind Cleaner Living Leader Chipotle Mexican Grill (CMG), which as of last night’s close was up more than 76% year to date.
In the 1976 motion picture, All the President’s Men, the catchphrase “Follow the Money” was coined. It was the advice given by the Deep Throat character as reporters Woodward and Bernstein looked to uncover the scandal that came out of the Watergate break-in. When it comes to thematic investing, the same advice should be heeded.
Very recently an interesting stat came across my desk in an article on MarketingLand.com that sheds light directly on our Safety & Security investment theme. The article covers a survey of over 4,000 adults in the U.S. and the United Kingdom with regards to their sharing behavior online:
Asked whether Cambridge Analytica and other data and privacy scandals had impacted their online behavior, 78% of respondents said yes. Among that group, 74% said they are sharing less information online. For those whose behavior has not changed, the survey found that “they were already highly protective of their information, or that they had accepted a lack of privacy when engaging online.”
Further into the article, an even more concerning stat reveals that consumers have no hope of achieving a level of privacy anymore:
Compared with the 2018 survey, consumers in the U.S. and U.K. now overwhelmingly believe [online privacy is not achievable]. The “online privacy is possible” respondents have declined from 61% in 2018 to 32% in 2019.
Impact of the Change in Online Behavior
One would think that with all of the cyber scams, data hacks and “fake news” pervading social media, and even the internet as a whole, we would see most of the internet darlings taking it on the chin.
Such negative effects from consumers’ evaporation in confidence of online privacy are not readily apparent — at least in the near term — when we look at the likes of social media giants Facebook (FB) and Twitter (TWTR). By all accounts, Facebook knocked it out of the park in its latest earnings report, which was released back in April 2019 and summarized the company’s first quarter of 2019. Mark Zuckerberg’s empire produced revenue for the quarter that soared 26% and net income per share that came in at $1.89 versus expectations of $1.62. Twitter (TWTR) too killed it in the first quarter with $787 million in revenue and first-quarter earnings per share of 37 cents, compared with analyst estimates of $776.1 million and 15 cents per share.
The longer-term impact, however, of consumers sharing less and less, and lacking trust in online sites with their data is that the level of user engagement begins to wain.
Why log into Facebook five . . . six . . . ok 24 times per day, if none of your friends are sharing anything worth looking at?
That “Fear of Missing Out” (FOMO) quickly goes away when all you are missing out on is your friend’s latest cat photos or the toddler video you’ve seen 17 times. If the content isn’t fresh and refreshed, at some point, you and your attention span will move to where it is, which will be something to watch for Netflix (NFLX) as Apple (AAPL), Disney (DIS), AT&T (T) push into the video streaming market tapping our Digital Lifestyle investing theme.
So we’ll be on the look out for any confirming data points on this when Facebook (FB) announces its Q2 earnings on July 24, 2019 and Twitter’s on July 26, 2019.
Regulation and Fines Also Keeping CEO’s Up at Night
Losing the engagement of a customer base for privacy concerns can be terrible, but actual missteps in the handling of customer data and privacy can come along with some hefty costs as well.
We already have the European Union’s GDPR regulation, which British Airways (BA) has run afoul of and hit with a $230 million fine and Marriott (MAR) as well with a $123 million fine. Additionally, the State of California’s California Consumer Privacy Act (CCPA) is to take effect in January of 2020 and we also have rumblings of Congress taking steps to impose GDPR-like regulations on a federal level.
So is Silicon Valley and the rest of Corporate America and beyond concerned about this?
While we can’t peak into the sleeping patterns of CEO’s and CIO’s of these companies, these kinds of concerns are being revealed when we . . . you guessed it . . . follow the money.
Yesterday, OneTrust, a privately held company focused providing tools and services to help companies comply with GDPR and assess their risk levels announced a $200 million Series A investment, which equals a not-to0-shabby $1.3 billion valuation for a company that is just three years old.
The OneTrust series A round came on the heels of a $70 million D round closed by San Francisco-based TrustArc. That latest round brings the total amount raised by TrustArc to over $100 million. In an article on VentureBeat.com covering the TrustArc news, the size of the privacy and compliance market as described as:
TrustArc competes to an extent with StandardFusion, LogicGate, Iubenda, and Netwrix Auditor, all of which are vying for a slice of enterprise governance, risk, and compliance market that’s estimated to be worth $64.62 billion by 2025. Bregal Sagemont partner Daniel Kim isn’t terribly concerned about rivals, though — he points out that TrustArc has engaged with over 10,000 customers to date across its client base of more than 1,000 clients.
Getting back to following the money, these are developments we monitor as we develop our themes where we look to identify those companies riding the tailwinds of a theme as reflected in operating profit or sales. In the case of privacy and compliance, it’s a key component of our Safety & Security investment theme and the planned release of a new index to go along with our Cleaner Living Index that was launched in June of 2019.
On this episode of the Thematic Signals podcast, Tematica’s Chris Versace gets investors and corporate leaders ready for what Fed Chairman Powell may do at this week’s semi-annual testimony in front of the House Financial Services Committee.
In June Powell signaled a more dovish tone with monetary policy citing the slowing global economy, trade related uncertainty and the lack of inflation. After Independence Day 2019, however, several pieces of new data may give Powell and the Fed some room to wait. What the data was and what it could mean, we discuss on the podcast. We’re also sharing several signals for our Digital Lifestyle, Cleaner Living, Living the Life and Safety & Security investing themes.
What’s going on in Oregon is more than likely typical of most governments and companies – a patchwork of systems that not only have difficulty talking to one another but also gaps that leave the government, company or other institution vulnerable to an cyber threat. Simply throwing money at the cyber security problem leads to silo solutions not a shrewd, cohesive cyber security system that is both proactive and reactive that protects the institution in full. Granted, cyber attacks are a moving target, but that also means their evolving nature combined with the growing adoption of our Digital Lifestyle and expanding access points under our Digital Infrastructure investing theme mean cyber security will likely remain a key growth driver for our Safety & Security investing theme. No wonder Broadcom is looking to scoop up Symantec.
Auditors say Oregon’s central administrative agency lacks basic controls to protect its information and systems from a cyber attack.
That means the Department of Administrative Services’ information and systems are at risk for “unauthorized use, disclosure, or modification,” according to a report released Wednesday, July 3, by Secretary of State Bev Clarno.
Auditors said a fragmented organizational structure and approach to managing security concerns may be parts of the problem. The agency’s roughly 30 subdivisions “receive varying levels of support” from the agency’s IT department, which supports only 16 of the 85 applications that workers use. The rest are supported by non-IT employees scattered throughout those divisions, and don’t receive oversight or involvement from the agency’s IT department, auditors said.
That has created inconsistency, and means the agency’s subdivisions may not be aligning with best practices when it comes to security.
Auditors said cyber-threats are a growing worry. “Cyberattacks, whether big or small, are a growing concern for both the private and public sector,” auditors wrote. “Recent breaches at Oregon state agencies have only escalated this concern.”