Home Tags Share Price

Tag: Share Price

This is how much your share price falls when you get...

The impact of data breaches can be measured in a company's share price and customer churn.

Biz overlords need to give a stuff about what they’re told...

Data breaches smack bottom line, cautions survey Companies that suffer a data breach can expect to see their share price fall by five per cent and watch two to three per cent of customers take their business elsewhere.…

Consulting M&A volumes reach a nine-year high, despite turbulent political backdrop

19/Apr/2017 2016 reached a nine-year high in consulting M&A volumes, according to Equiteq’s Global Consulting Mergers & Acquisitions Report 2017.

Despite deal activity falling in the quarter prior to the US Presidential election and the UK’s Brexit vote, deal volumes were up 1%. Outperforming the S&P 500, the strength of the consulting sector was further demonstrated as the Equiteq Consulting Share Price Index ended 2016 up 14%, a 10-year high.The top consulting segments for deal... Source: RealWire

Tesla is worth more than General Motors or Ford

At more than $311 a share, Wall Street pegs Tesla as the most valuable US automaker.

Symantec doubles down on consumer security by buying LifeLock

Bid to mitigate damage in face of declining anti-virus sales Symantec has bought identity theft protection firm LifeLock for $2.3bn. The deal, announced Sunday, represents a brave bid by Symantec to shore up a consumer security business eroded by dwindling anti-virus sales. Selling Norton consumer security alongside identity protection and remediation services from LifeLock will enable sustainable "consumer segment revenue and profit growth", according to Symantec.

The security giant said it plans to finance the transaction with cash supplemented by $750m of new debt.

The deal – which is subject to LifeLock stockholder approval and US regulatory approval – is not expected to affect Symantec's FY17 results. Symantec's share price dropped marginally on the announcement of a deal that effectively involves it "doubling down" on the consumer security market.

Data breaches and the identity theft that sometimes results are a growing problem but whether the sometimes controversial LifeLock offers a comprehensive defence is far from convincing. LifeLock's identity theft protection system is designed to alert subscribers about fraudulent applications for loans, credit cards or other financial services. The $2.3bn price tag ($24 per share) offered from Symantec represents a 16 per cent premium on LifeLock's Friday closing share price of $20.75, itself a year-long high. LifeLock was also reportedly being pursued by private equity firms Permira, TPG, and Evergreen Coast Capital, as well as Symantec. Symantec sold data storage software firm Veritas to Carlyle Group for $7.4bn earlier this year.
Since then it has purchased Blue Coat for $4.65bn and now LifeLock for $2.3 billion in a bid to redefine itself as a pure play cybersecurity firm. The purchase price looks high even though LifeLock is profitable.

The company's net income for 3Q16 came out at $14.4m on sales of $170.3m. Last year LifeLock was obliged to pay $100 million to settle charges (PDF) of failing to maintain a comprehensive information security program and deceptive advertising.

The court order followed FTC enforcement action against LifeLock for alleged violations of an earlier 2010 order. ® Sponsored: Customer Identity and Access Management

Crooks and kids (not scary spies paid by govt overlords) are...

Troy Hunt talks down the state-sponsored hack threat Interview Despite the hype about state-sponsored hackers, most breaches are actually the result of either criminal activity or "kids messing around", according to breach expert Troy Hunt. Hunt, operator of the breach notification service Have I Been Pwned, noted that many of the current spate of breach disclosures actually stem from attacks that took place in or around 2012. “We’ve seen anything on this scale since Adobe,” Hunt told El Reg. “Motives differ with LinkedIn, for example, designed to make money.
Sony was state sponsored and Yahoo – if we take them at their word – was state-sponsored.” Hunt expressed doubt about Yahoo!'s contention of a state-sponsored attack which led to half a billion accounts being exposed, referencing recent research by InfoArmor that offered up the theory that criminals were behind the attack. “Blaming state hackers has become like a ‘dog ate my homework’ excuse,” he added. El Reg caught up with Hunt for 30 minutes shortly after he spoke about data breaches and other matters at the ScotSoft conference in Edinburgh on Thursday. He said that large datasets such as the LinkedIn cache were commonly dumped online by hackers when when they are “no longer profitable to sell”.

There are exceptions to this rule such as Ashley Madison, where hackers immediately leaked the purloined data as wide as possible in an effort to embarrass and pressurise the business. Hunt criticised TalkTalk as “negligent” over its October 2015 reach and criticised the record £400k fine imposed by data privacy watchdogs at the ICO as insufficient to serve as any deterrent. “TalkTalk was fined 0.02 per cent of revenue, something that will have no impact on its business,” Hunt said. “TalkTalk was hit by a 15 year old kid using free software, not a sophisticated attacker.” TallkTalk was “negligent” in being unable to defend against the attack it suffered, according to Hunt, a Microsoft regional director and MVP for developer security. Some breaches can have an effect on share price.

For example, the share price of Paysafe dipped before recovering after it emerged that Neteller and acquired firm Skrill had suffered a breach. Running haveibeenpwned has given Hunt a singular insight into major data breaches, how hackers operate and the weaknesses they exploit within organisations.
Some cases show that at least some large organisations are beginning to follow industry best practice of password handling.

For example, metadata from the Dropbox breach shows that the organisation was halfway through moving from the ageing SHA1 technology to pcrypt for password hashing. ®

MedSec’s ‘hackable pacemaker’ report autopsy: Bombshell crash claim in doubt

No conclusive evidence of bricked devices, say uni experts Researchers at the University of Michigan (U-M) have poured doubt on one claim by MedSec that St Jude Medical's implanted pacemakers and defibrillators are remotely breakable. Last week MedSec went public with a report saying that life-giving devices sold by St Jude Medical could be wirelessly compromised by hackers – who could either brick the vital equipment or empty their batteries of charge by sending malicious signals from afar. Rather than try to get the issue fixed with the manufacturer, MedSec partnered with investment firm Muddy Waters Capital to short St Jude's stock.

This allowed the pair to cash in when they made their vulnerability findings public and the healthcare company's share price fell. St Jude called the damning MedSec dossier "false and misleading." Now U-M says some of the security shortcomings detailed in the MedSec report aren't as serious as first feared.

The uni researchers attempted to recreate MedSec's attacks and found that in one case so far, the evidence the security firm presented is flawed. "We're not saying the report is false. We're saying it's inconclusive because the evidence does not support their conclusions. We were able to generate the reported conditions without there being a security issue," said Kevin Fu, U-M associate professor of computer science and engineering and director of the Archimedes Center for Medical Device Security. "To the armchair engineer it may look startling, but to a clinician it just means you didn't plug it in.
In layman's terms, it's like claiming that hackers took over your computer, but then later discovering that you simply forgot to plug in your keyboard." MedSec's report includes a photo of error messages on a wireless monitoring station for a defibrillator as evidence that a radio-based attack successfully crashed the implanted widget. When the station's wand is waved over the defibrillator, fault alerts are shown that suggest the gadget has died because there's no live information coming from it.

The dossier reads: In many cases, the Crash Attack made the Cardiac Device completely unresponsive to interrogations from Merlin@home devices and Merlin programmers.
It was therefore impossible to tell whether, and how the Cardiac Devices, are functioning. MedSec strongly suspects they were in many cases “bricked” – i.e., made to be non-functional.
It is likely physicians would explant a device that did not respond to the programmer. In some cases, a Cardiac Device subjected to a Crash Attack was still able to communicate with the programmer, and the information displayed was alarming. According to U-M's team, though, the implanted pacemaker or defibrillators can and will continue operating as normal even if readings to the monitoring station are disrupted. In other words, there's no conclusive evidence that the pacemaker or defibrillator actually stopped working after the radio communications were jammed.
It's more of an annoyance for whoever is using the monitoring terminal than a potentially lethal situation. "We believe the pacemaker is acting correctly," Fu said. Youtube Video "It's obviously not an attempt to recreate the attack," a Muddy Waters spokesperson told The Register. MedSec declined to comment on the matter. In El Reg's view, if the communications are temporarily disrupted it's hard to see how this is a super serious issue. On the other hand, if the radio jamming stops all further communication from the implant to a monitoring terminal, that's going to potentially require surgery to fix, which is not optimal. However, bear in mind, there is no hard evidence that a device is "bricked" – merely MedSec's strong hunch that this has happened. That's what all of last week's screaming headlines were based on. "While medical device manufacturers must improve the security of their products, claiming the sky is falling is counterproductive," Fu noted. "Healthcare cybersecurity is about safety and risk management, and patients who are prescribed a medical device are far safer with the device than without it." The U-M researchers are still going through the MedSec report, so there's room for more discoveries or revisions to their conclusions.
In the meantime, the whole case has raised concerns among many in the computer security industry that the startup's unorthodox tactics may have needlessly terrified patients using St Jude's products. "It's my personal view that ethically it's really hard to understand why people would have to go through this," Sam Rehman, CTO of application security vendor Arxan Technologies, told The Reg. "The whole point of the security industry is to build trust by protecting systems." ® Sponsored: 2016 Cyberthreat defense report

Muddying the waters of infosec: Cyber upstart, investors short medical biz...

Some sharks wear suits and ties Analysis A team of security researchers tipped off an investment firm about software vulnerabilities in life-preserving medical equipment in order to profit from the fallout. Researchers at MedSec Holdings, a cybersecurity startup in Miami, Florida, found numerous holes in pacemakers and defibrillators manufactured by St Jude Medical.
Instead of telling the maker straightaway, the crew first went to investment house Muddy Waters Capital to make money off the situation. MedSec offered Muddy Waters the chance to short sell the stock of St Jude Medical so that when details of the flaws are made public, MedSec and Muddy Waters could all profit.

The more the shares fell, the higher MedSec's profits would be. Muddy duly published details of the flaws earlier today, on Thursday, and sent this doom-laden alert to investors: Muddy Waters Capital is short St. Jude Medical, Inc. (STJ US).

There is a strong possibility that close to half of STJ’s revenue is about to disappear for approximately two years.
STJ’s pacemakers, ICDs, and CRTs might – and in our view, should – be recalled and remediated. (These devices collectively were 46% of STJ’s 2015 revenue.) Based on conversations with industry experts, we estimate remediation would take at least two years.

Even lacking a recall, the product safety issues we present in this report offer unnecessary health risks and should receive serious notice among hospitals, physicians and cardiac patients. We have seen demonstrations of two types of cyber attacks against STJ implantable cardiac devices (“Cardiac Devices”): a “crash” attack that causes Cardiac Devices to malfunction – including by apparently pacing at a potentially dangerous rate; and, a battery drain attack that could be particularly harmful to device dependent users.

Despite having no background in cybersecurity, Muddy Waters has been able to replicate in-house key exploits that help to enable these attacks. St Jude's share price fell 4.4 per cent to $77.50. MedSec claims it used Muddy Waters in order to draw attention to insecurities in St Jude's products and to fund its research efforts admittedly in a rather unorthodox manner. "We acknowledge that our departure from traditional cyber security practices will draw criticism, but we believe this is the only way to spur St Jude Medical into action," said MedSec's CEO Justine Bone on her company blog. "Most importantly, we believe that both potential and existing patients have a right to know about their risks.

Consumers need to start demanding transparency from these device manufacturers, especially as it applies to the quality and functionality of their products." Alternatively they could have simply gone to the device maker, showed them the holes, and got them fixed.
If they wanted to force the manufacturer into action, MedSec could have presented a paper at any one of the many security conferences – as car hackers Charlie Miller and Chris Valasek did in the Chrysler hacking case. Instead MedSec decided to hook up with Muddy Waters and short the stock to earn a tidy profit.

Carson Block, founder of Muddy Waters, took to Bloomberg TV to put the frighteners on folks about the severity of the flaws, which could help depress the share price further and thus boost his profits. "The nightmare scenario is somebody is able to launch a mass attack and cause these devices that are implanted to malfunction," he gushed. But based on his own company's report today into the St Jude devices, that seems unlikely.

The two attack vectors mentioned include a battery draining attack and one that could crash a pacemaker, but both require the attacker to get access to the device's home control unit for about an hour. The report blames St Jude Medical for using off-the-shelf parts in its devices that any hacker could buy and analyze, and for not making a custom operating system with extra security.
It estimates the faults will take years to rectify. Dr Hemal Nayak, a cardiac electrophysiologist at the University of Chicago, recommends in the Muddy report that users turn off their home controllers and says he will not implant any of St Jude Medical's devices. Nayak just happens to be a board member of MedSec. The report claims that it would be theoretically possible to carry out a widespread attack using St Jude Medical's network, but says MedSec didn't try it because that would be morally wrong.
So it seems they publicized that some flaws were merely present instead and cashed in on short selling. Medical device hacking has been demonstrated for years now, so much so that's it's almost considered old hat. Nevertheless, it seems a cunning firm has found a way to make big bucks out of the issue. ® Sponsored: 2016 Cyberthreat defense report

Security FUD and malware outbreaks boost Sophos’ coffers

Targeting the 'underserved mid-market' pays off nicely Revenues at Sophos were buoyed by the growing threat of ransomware and the like to its target mid-market customer base. For the quarter ending 30 June 2016, Sophos recorded revenues of $127.4m, 12.2 per cent up from the $113.5m its business brought in during Q1 2016. Kris Hagerman, chief executive officer, commented: "Our compelling strategy of targeting the underserved mid-market with a complete security offering through the channel that serves them continues to drive positive performance." For the financial year ending 31 March 2017, the Sophos board expects to deliver mid-teens percentage billings growth.
Sophos – which has long been enterprise rather than consumer focused – specialises in marketing cloud-enabled enduser and network security software products and services. Sophos’ share price reached a peak of £242 in early trading on Thursday, up more than 5.9 per cent from its Wednesday closing price of £228.60. Sponsored: Global DDoS threat landscape report

Why Google’s monopoly abuse case in Europe will run and run

Joi ItoIf you've ever wondered how Google defines the term "backrub," then look no further than its search engine for the answer, where we're told that it's "a brief massage of a person's back and shoulders." For many of the complainants in the long-running European Commission competition case against Google's alleged Web search monopoly abuse, that pithy definition goes a long way to explaining their experience of the multinational's vast online estate. For those among you who don't know your Google history, the search engine started out with the curious name of BackRub at Stanford 20 years ago, until, that is, its servers greedily gobbled their way through the university's bandwidth, and it was time for the cofounders to shift up a gear.

A year earlier, in 1995, the planets had aligned when Larry met Sergey at the famous Californian university for the first time. The two men eventually created an algorithm—dubbed PageRank after Larry Page—that recognised links from important sources, while penalising links that were less relevant.

Their BackRub search tool sorted results by relevance, and only looked for words in page titles.

The end result was a search engine that appeared to be far superior to the competition of the time, such as Alta Vista. Indeed, Brin and Page made clear their intentions in a Stanford paper in 1996, entitled The Anatomy of a Large-Scale Hypertextual Web Search Engine. Enlarge / Google's search result for "backrub definition."They explained the rationale behind their academic project, now known as Google in recognition of the word "Googol," which means a large number that—written out explicitly—looks like this. The prototype search engine at that point had "a full text and hyperlink database of at least 24 million pages," having been designed to not only "crawl and index the Web efficiently," but to do so at a vast scale—so its potential power was clear.
It has been well documented—and at times heavily lampooned—that Google, in its early years, had a corporate motto that said "don't be evil." Returning to the nuts and bolts of the BackRub paper, that slogan is writ large. Here's a cracking example of Sergey Brin and Page's lofty intentions for Google, in direct response to what they described at the time as "insidious" search engine bias among other players in what was then a nascent market: In general, it could be argued from the consumer point of view that the better the search engine is, the fewer advertisements will be needed for the consumer to find what they want.

This of course erodes the advertising-supported business model of the existing search engines. However, there will always be money from advertisers who want a customer to switch products, or have something that is genuinely new.

But we believe the issue of advertising causes enough mixed incentives that it is crucial to have a competitive search engine that is transparent and in the academic realm. Google, however, would eventually grow to be the biggest ad broker in the world.
Its brand became a verb, different tech products sprouted out from the Googleplex, and—for many ordinary folk—Google is the Internet. Fast forward to 2013, and then-Google chairman Eric Schmidt cowrote a book—The New Digital Age—in which he acknowledged the power his company now wielded online.
Schmidt said in the intro to his somewhat pompous tome: We believe that modern technology platforms, such as Google, Facebook, Amazon and Apple, are even more powerful than most people realise, and our future world will be profoundly altered by their adoption and successfulness in societies everywhere. These platforms constitute a true paradigm shift, akin to the invention of television, and what gives them their power is their ability to grow—specifically, the speed at which they scale. Almost nothing short of a biological virus can spread as quickly, efficiently or aggressively as these technology platforms, and this makes the people who build, control, and use them powerful too. And on that final point Schmidt is absolutely right.

The Googles of this world, then, have a duty to their users and customers not to mistreat that power. Here in Europe, however, Google's monopolistic abuse of dominance in the search market continues to dog it, in an antitrust case that isn't questioning its innovative prowess, but is instead challenging accusations about its brutish behaviour which have—it is claimed—hit businesses of all shapes and sizes across the EU. Google has already been formally charged twice over its monopoly abuse.
It stands accused of systematically favouring its own price comparison shopping product over that of its rivals in Web search. More recently, the European Commission concluded in a preliminary decision that Google had abused its dominant position by imposing restrictions on Android device makers. It's understood that, in a matter of weeks, Google will also face a record-breaking fine rumoured to be around $3 billion, which—based on Alphabet Inc's 2015 figures—represents a little under five percent of its annual turnover. More significantly, however, Google will also be told by the commission's antitrust officials to stop manipulating its search results. A very personal fight against algorithmic policy UK vertical search price comparison site Foundem was founded a little over 10 years ago by a husband and wife team, Adam and Shivaun Raff, who are both computer scientists. However, for much of the firm's existence, it has been battling Google's alleged anti-competitive practices. Foundem co-founders Adam and Shivaun Raff. Foundem suffered what it has described as a devastating demotion in June 2006 when traffic to its service—which covers product price comparison, travel search, jobs search, and property search—plummeted, after an "algorithmic Google search penalty" was applied across the site. By August of that year, Google's algorithms attacked Foundem once again, this time with a site-wide penalty on AdWords—Google's online auction house where Web operators can buy keywords. To use the jargon, Foundem's Landing Page Quality had nose-dived overnight.

The result? The company's minimum bids for its ads to be eligible for display on Google's AdWords rocketed from roughly 5 pence per click, to around £5 per click. Foundem concluded that it had been the victim of Google's seemingly blunt approach to penalise sites that "lack original content." Foundem said (PDF): The value of search services lies not in the production of original content but in their ability to efficiently organise, search, and summarise the content of others. Other than fundamentally changing from a search service to a content publisher, Foundem's only way back into Google’s search results and ad listings was to have Google intercede to manually lift the penalties. Mayer: "With universal search, we're attempting to break down the walls that traditionally separated our various search properties, and integrate the vast amounts of information available into one simple set of search results."After more than a year of Foundem going back and forth with various different employees at Google, it manually intervened by whitelisting the site, which in turn lifted the AdWords penalty.

The search penalty against Foundem however remained stubbornly in place for another two years. During that time, it's worth noting that Foundem hadn't been subjected to similar search penalties via Microsoft and Yahoo's search engines, and in 2008 the company was named the UK’s best price comparison site by Channel 5's The Gadget Show. So why is it that Foundem's site—for so long—could continue to be labelled poor quality by Google's search team, while the AdWords side of the house was satisfied with the UK vertical price comparison outfit? On the surface it appeared as though one part of Google wasn't talking to another in order to fix such a seemingly errant algorithmic quirk affecting Foundem's online business.

But, surprisingly, the policy was in fact a deliberate one. "One of the core principles underpinning Google's Web search has always been that natural search rankings [are] made independently of whether a website advertises with us," a Google spokesperson told the Guardian in an article published in 2009, not long after the Raffs finally went public, having quietly fought for three years against their site's search demotion—which meant that none of its pages ranked anywhere for keywords. "Both natural search and AdWords make automatic quality assessments to help the ranking process, but each system looks primarily at different signals, which we publish in our guidelines," Google's spokesperson added at the time. Note use of the word "automatic" there.

The suggestion being that Google doesn't meddle with its algorithms.

But we know from the AdWords penalty applied to Foundem that the whitelisting process does require human intervention—a judgement call that can override those auto quality assessments when apparent gremlins in the machine are flagged up. Enlarge / Foundem's homepage as it looks today. By the end of 2009—some three and a half years since Foundem was hit by Google's search penalty—it was finally whitelisted. Nearly all of its Google search rankings, and keywords were "instantly restored to 'normal' or something approaching 'normal'." With the penalty lifted, traffic to Foundem from Google soared by some 10,000 percent. Hit me baby one more time The story doesn't end there, however.

During Foundem's wilderness years, a great deal of change was taking place at Google's Mountain View HQ, steered by then-search product veep, Marissa Mayer—the current boss of Yahoo. Google unveiled "Universal Search" in May 2007, which Mayer described at the time as "one of the biggest architectural, ranking, and interface challenges" Google had ever faced.

The overhaul stitched together products—such as News, Images, and Groups—from Google's gargantuan online estate, bringing them onto one search page for users of the now-ubiquitous service. Mayer had first come up with the "splashy" idea back in 2001, when she showed off a sample search results page, featuring pop star Britney Spears, to Schmidt.
Six years later universal search had became an integral part of Google's business strategy or, as Mayer explained at the time: "With universal search, we're attempting to break down the walls that traditionally separated our various search properties, and integrate the vast amounts of information available into one simple set of search results." The Raffs saw things very differently, however. "Foundem emerged from its three-and-a-half-year Google search penalty into a radically transformed online marketplace," the couple said.

They now faced the challenge of Google's universal search, which the Raffs claimed was a "new and insurmountable barrier to fair competition." In July 2009, Foundem had its first meeting with competition officials in the European Commission, and began preparing an antitrust complaint under Article 102—which, for the first time, brought into question Google's alleged abuse of dominance in search in Europe, where for years it has commanded more than 90 percent of the market. Although Foundem's search penalty was eventually lifted by Google at the end of that year, the Raffs felt it was essential that they proceeded with their competition complaint given the issues the company claimed it was facing with universal search.

At the end of 2009, Adam Raff had this to say in an articulate op-ed piece for the New York Times: Because of its domination of the global search market and ability to penalise competitors while placing its own services at the top of its search results, Google has a virtually unassailable competitive advantage.

And Google can deploy this advantage well beyond the confines of search to any service it chooses. Wherever it does so, incumbents are toppled, new entrants are suppressed and innovation is imperiled. By November 2010, the European Commission confirmed that it was formally investigating alleged antitrust violations by Google.

Fast forward nearly six years, and that probe continues, albeit with clear progress for Foundem at least. On April 15 2015, the EC concluded in a preliminary finding that Google had breached antitrust rules by favouring its own comparison shopping product over that of its rivals in its search results pages. Searching to destroy competition? "Flat-footed," "incompetent," and "tech luddite" are just some of the words used by sources over the years that I've been covering this story to describe one man: erstwhile EU competition commissioner Joaquin Almunia. Enlarge / One-time EU competition chief Joaquin Almunia was in the spotlight for years as he attempted—but ultimately failed—to thrash out a deal with Google.Georges Gobet/AFP/Getty Images Under Almunia's reign, Google was given three chances to negotiate a deal with the European Commission, which is the executive wing of the European Union.

The antitrust chief repeatedly made it clear that he wanted to secure an agreement that fell short of issuing a multi-billion fine of up to 10 percent of the ad giant's annual turnover.

Almunia had argued that hitting Google with a so-called Statement of Objections would prevent competition from being restored swiftly in the 28-member-state bloc. Instead, Almunia sought concessions from Google.

But with each fresh round of revisions, the antitrust wing of the EC—time and time again—told Google to tweak its proposals to fix its alleged abuse of dominance in the search market. Foundem, meanwhile, was no longer alone.
In early 2010, Google confirmed that it had received EC complaints from Microsoft-owned Ciao and French legal search engine eJustice.fr—both of which expressed grave concerns about the terms and conditions imposed on Google’s advertising syndication partners. Suddenly, the scope of the case brought against Google was widening way beyond the grievances of one well-respected British site. The list of companies and organisations submitting a range of complaints to the European Commission would snowball to 18 by May 2012, when Almunia tentatively concluded that Google had infringed competition rules.

At that point, the EC's antitrust boss outlined four different areas of concern. Here they are in full: First, in its general search results on the web, Google displays links to its own vertical search services.
Vertical search services are specialised search engines which focus on specific topics—for example restaurants, news or products. Alongside its general search service, Google also operates several vertical search services of this kind in competition with other players. In its general search results, Google displays links to its own vertical search services differently than it does for links to competitors. We are concerned that this may result in preferential treatment compared to those of competing services, which may be hurt as a consequence. Our second concern relates to the way Google copies content from competing vertical search services and uses it in its own offerings.

Google may be copying original material from the websites of its competitors such as user reviews and using that material on its own sites without their prior authorisation. In this way they are appropriating the benefits of the investments of competitors. We are worried that this could reduce competitors' incentives to invest in the creation of original content for the benefit of internet users.

This practice may impact for instance travel sites or sites providing restaurant guides. Our third concern relates to agreements between Google and partners on the websites of which Google delivers search advertisements.
Search advertisements are advertisements that are displayed alongside search results when a user types a query in a website's search box. The agreements result in de facto exclusivity requiring them to obtain all or most of their requirements of search advertisements from Google, thus shutting out competing providers of search advertising intermediation services.

This potentially impacts advertising services purchased for example by online stores, online magazines or broadcasters. Our fourth concern relates to restrictions that Google puts to the portability of online search advertising campaigns from its platform AdWords to the platforms of competitors.

AdWords is Google's auction-based advertising platform on which advertisers can bid for the placement of search ads on search result pages provided by Google. We are concerned that Google imposes contractual restrictions on software developers which prevent them from offering tools that allow the seamless transfer of search advertising campaigns across AdWords and other platforms for search advertising. Enlarge / European competition commissioner Margrethe Vestager.John Thys/AFP/Getty ImagesGoogle was essentially thrown a lifeline by Almunia, if—that is—the search giant could quickly come up with "proposals of remedies" that would be considered palatable to the complainants in the case.

The commissioner then embarked on what would eventually prove to be years of horse-trading with Google, as he repeatedly found himself backed into a corner by openly signalling that he was close—several times—to striking a deal, before edging away again, only to grant the company more time to work on yet another revised offer. A Brussels source close to those negotiations told Ars that the three market tests subsequently carried out on Google's reworked proposals to Almunia were unprecedented in the history of competition cases in Europe.

By 2014, the commissioner was seeking a fourth tweaked package of concessions from Google when his tenure at the commission came to an end. One complainant—speaking to Ars on condition of anonymity—ridiculed Almunia's apparent inability to understand the complexities of the online search marketplace. "It was like showing your grandpa how to check his email," before adding that there had been a "political environment of mistrust" under Almunia's stewardship. His replacement, Margrethe Vestager, proved to be a breath of fresh air to the complainants in the case, however. Positive adjectives such as "conscientious," "diligent," and "fair-minded" have been used to describe Vestager, who—I'm told—has a very different approach: she has a comfy, stylish office, makes cups of tea, and apparently puts complainants at ease. Within five months of her arrival, a Statement of Objections had landed on Larry Page's desk, and a formal probe into Google's alleged licensing restrictions on Android device makers was launched. “Google violating antitrust law? I’m not speculating on x, y, or z” Google has had three different chiefs since Foundem first filed its antitrust case in 2009.

Eric Schmidt joined Google's board in 2001 before being anointed its CEO in August of that year.

Cofounders Page and Brin became presidents of Google's product and technology divisions respectively, while Schmidt—who had joined from software and services firm Novell—would go on to run Google for 10 years, during which time it would grow to be one of the biggest corporations in the world. In 2011, Page took over as Google's chief and Schmidt became chairman. However, Schmidt has continued as Google's senior point of contact for the EC competition case, having met several times with Almunia, and on at least one occasion with Vestager. Just two days after Almunia first revealed the European Commission's four areas of competition concern around Google's business practices, I found myself—on May 23, 2012—quizzing Schmidt on the allegations levelled against his company.
Eric Schmidt quizzed on Brussels' antitrust case, 48 hours after commissioner Almunia confirms areas of concern. "I for one am not going to speculate on x, y or z until I see the details of their concerns," Schmidt told me at the time. He added when pressed on the issue: "We disagree that we are in violation. Until they [the commission] are precise about what areas of the law we have violated, it will be very difficult for me to speculate." Nearly three years later—on April 15, 2015—Vestager finally had a clear response to Schmidt's dismissal of Europe's antitrust case by confirming that Brussels was proceeding with formal charges against Google's alleged abuse of dominance with its price comparison shopping services. "In the case of Google I am concerned that the company has given an unfair advantage to its own comparison shopping service, in breach of EU antitrust rules.

Google now has the opportunity to convince the commission to the contrary. However, if the investigation confirmed our concerns, Google would have to face the legal consequences and change the way it does business in Europe," Vestager said last year. A few months later—in August 2015—Sundar Pichai was named the new chief of Google, which underwent a significant reshuffle of its entire corporate structure with the birth of parent company Alphabet Inc. Enlarge / A long, long time ago, Google's brand—just like that other search engine, Yahoo!—came loaded with an exclamation mark.Kelly FiveashPage has said that the new publicly traded entity was created to allow Alphabet firms (the largest of which being Google) to operate independently, and have their own brands. Privately, critics have argued that the corporate rejig and change of leadership potentially gives the search titan plausible deniability: if regulators conclude that Google has harmed competition, then Pichai could say this hadn't happened on his watch. However, Vestager has signalled that Google can't hide behind Alphabet. "The Google case is about misuse of a dominant position, to promote yourself in a neighbouring market not on your merits but because you can.

And no matter the course of the case, there should be a takeaway which can be understood," the commissioner told the Wall Street Journal in October 2015. Just last month, Vestager—only 18 months into her role as Europe's top competition chief—issued a second charge sheet against Google, after the commission said that it was likely that the multinational had breached EU law by favouring its own Android operating system and apps over those of its rivals. "A majority of smartphone and tablet manufacturers use Android in combination with Google's proprietary apps and services, such as Google Search, Google Play Store, and Google Chrome.

To be able to preinstall these applications and services on their devices, manufacturers need to obtain a licence from Google," the EC said, adding in a preliminary conclusion that Google had hampered competition in Europe by allegedly employing "restrictive licensing practices." Enlarge Interestingly, despite Google now being saddled with a brace of charges from the antitrust commissioner in Brussels, Alphabet's share price on Wall Street barely wobbled on April 20, 2016—the day the EC's Statement of Objections against the company's Android OS business practices landed. Exit FTC, pursued by a bear Google has repeatedly denied any wrongdoing in the EU, even as competition complaints against the search giant have grown louder and louder.

Across the pond in the US, however, the story has been muted by the country's antitrust regulators. The Federal Trade Commission opened a formal antitrust investigation into Google's search tactics in 2011, following a complaint from Foundem.

But, after a 19-month probe, the FTC closed its case on Google, declaring that competition in the US search market hadn't been harmed. Enlarge / Pieces of candy featuring the Google logo.Photo by Adam Berry/Getty Images “The evidence the FTC uncovered through this intensive investigation prompted us to require significant changes in Google’s business practices. However, regarding the specific allegations that the company biased its search results to hurt competition, the evidence collected to date did not justify legal action by the commission,” said Beth Wilkinson, outside counsel to the FTC, at the time. She added: “Undoubtedly, Google took aggressive actions to gain advantage over rival search providers. However, the FTC’s mission is to protect competition, and not individual competitors.

The evidence did not demonstrate that Google’s actions in this area stifled competition in violation of US law.” However, behind closed doors at the FTC, the agency's staff were urging the commission to mount a legal challenge against Google.

A 160-page report detailing that criticism only surfaced in 2015—more than two years after the FTC ended its investigation of Google, when the company agreed to make only minor changes (PDF) to its business practices. The Wall Street Journal—which was sent the report following a Freedom of Information request—quoted FTC staff's conclusions about Google. One such example apparently said that Google had "adopted a strategy of demoting, or refusing to display, links to certain vertical websites in highly commercial categories." While another FTC employee was quoted as saying that the search giant's behaviour had "helped it to maintain, preserve, and enhance Google's monopoly position in the markets for search and search advertising." Although the criticism levelled against Google appeared to be damning, the FTC's five commissioners decided not to bring antitrust charges against the company.

Google's general counsel, Kent Walker said last year: "After an exhaustive 19-month review, covering nine million pages of documents and many hours of testimony, the FTC staff and all five FTC commissioners agreed that there was no need to take action on how we rank and display search results." He added: "Speculation about potential consumer and competitor harm turned out to be entirely wrong.

And our competitors are thriving." But are they thriving? Google—which commands a mammoth 90 percent chunk of the search market in Europe—has argued that Amazon and eBay are clear rivals because they are shopping sites.

A deeply misleading claim, critics have said, given that the aforementioned competitors aren't offering price comparison shopping or vertical search results: the very thing being investigated by the European Commission.
Google claims to offer a "true equaliser for business and competiton." Returning to Vestager's first charge sheet against Google in April 2015, the commissioner had this to say: Our preliminary view in the Statement of Objections is that in its general Internet search results, Google artificially favours its own comparison shopping service and that this constitutes an abuse. Our investigation so far has shown that, when a consumer enters a shopping-related query in Google's search engine, Google's comparison shopping product is systematically displayed prominently at the top of the search results. This display is irrespective of whether it is the most relevant response to the query.

Thus, Google's commercial product is not subject to the same algorithms as other comparison shopping services.

Google has engaged in this conduct in a broad number of member states since 2008, and continues to do so. The commercial importance of appearing prominently in Google’s general search results is obvious.
I am concerned that Google has artificially boosted its presence in the comparison shopping market, with the result that consumers may not necessarily see the most relevant results in response to their queries, and Google's competitors may not get the commercial opportunities that their innovations deserve. Vestager has stopped short, so far, of wanting to meddle with Google's algorithms.
Instead, she wants remedies that would restore competition in the price comparison and vertical search markets. "Consumers should not just be shown Google's own shopping results, if they are not the most relevant response to a particular query," she said. And it's that monopolistic behaviour that sits at the very heart of Google's status as the gatekeeper of the Internet, even as it continues to insist that "competition is just a click away." Defending the Googleplex Google has a rinse-and-repeat tactic for what it is willing to say on the record about Brussels' long-running competition case. Its statements are mealy-mouthed, with comments such as "Google continues to work closely with the commission." Google makes an exception, however, when it's hit with charges from antitrust officials.

Though it's worth noting that the "competition is thriving" trope remains a star of the show for Google in its "we did nothing wrong" blog posts. Enlarge / An ad for a Google product seen through the windows of a London Underground tube train.Kelly FiveashOn the day that Google was hit with its first Statement of Objections from Vestager in April 2015, a post appeared on its policy blog which was heavily laden with statistics that seemingly demonstrated that the commission's "Search for Harm"—as Google liked to characterise it—was unfounded. "While Google may be the most used search engine, people can now find and access information in numerous different ways—and allegations of harm, for consumers and competitors, have proved to be wide of the mark," wrote then-Google search veep Amit Singhal. Wall Street once again appeared to agree with Google—its share price wasn't spooked by Europe's actions. But Google continues to be dogged by complaints from companies of all shapes, sizes, and stripes that have an online presence within the EU. The "competition is thriving" trope remains a star of the show for Google in its "we did nothing wrong" blog posts. One such challenger has been the outspoken Mathias Döpfner, chief of the German publishing giant Axel Springer. He has claimed that Google was hurting competition by failing to "play fair" with its search engine. "A company of that market domination—which you have to call it a quasi-monopoly or a monopoly—has to accept certain rules of fairness, and transparency," he told the BBC during a radio interview in 2014. "Google is, in a very subjective manner, downgrading products of their competitors and upgrading their own products and services without disclosing that.

This is not fair search, and this is not in the interest of the consumer, and this is reducing competition," he argued.

Conversely, he has described Mark Zuckerberg's Facebook "distribution platform" as "a fair partner to publishers." Nonetheless, data-hoarding giants such as Facebook have also caught the eye of Vestager. Enlarge / Alphabet Inc chairman Eric Schmidt.SeongJoon Cho/Bloomberg via Getty ImagesGoogle was quick to snap back at Axel Springer on the day that Vestager's first charge sheet landed, however: "Axel Springer continues to invest in search, including the French search engine Qwant, because as the company told investors, 'there is a lot of innovation on the search market'." Foundem, meanwhile, described Google's initial response to the commission's charges as "extraordinarily misleading," and later published an online presentation that dissected many of Mountain View's assertions that competition in the search market within the EU was booming. But Google's blog posts—while alarming to complainants in the case—are lesser-spotted. On the whole, Google remains tight-lipped about its efforts to overthrow competition concerns in Europe. As you would expect, Ars sought comment from Google for this story. Here's the company's response to us in full: We don't have anything new on the antitrust case, but two useful blog posts that give some context to what has happened thus far are below: http://googlepolicyeurope.blogspot.co.uk/2015/08/improving-quality-isnt-anti-competitive.htmlhttps://googleblog.blogspot.co.uk/2015/04/the-search-for-harm.html And there you have it: Google's defence of its search biz strategy in Europe is just a click away. Microsoft and Google: From arch-rivals to best buds Microsoft co-founder Bill Gates who—back in 1977—had hoped to eventually see "a computer on every desk and in every home, running Microsoft software."OnInnovation Gripes around interoperability, and the bundling of Microsoft's software with its Windows operating system clung firmly to its back like a sticky shirt in a heatwave. On paper at least, a battle between Microsoft and Google ought to be the proxy war to end all proxy wars. One need only consider Microsoft's own protracted fight with the European Commission, which slowly drew to a close in 2009.
It had challenged, but eventually failed to overturn, various competition complaints about its own business tactics.

Gripes around interoperability, and the bundling of Microsoft's Internet Explorer and Media Player with its Windows operating system clung firmly to its back like a sticky shirt in a heatwave. Something had to give, even as Microsoft—much like Google today—continued to insist that the market in Europe was healthy, with plenty of competition to boot. Google's founders often float the notion that they want to "organise the world's information, and make it universally accessible and useful" even though, to achieve that, Mountain View operates as the world's largest ad broker.
Similarly, Microsoft's cofounder and one-time chief Bill Gates said way back in 1977 that he hoped to see "a computer on every desk and in every home, running Microsoft software." Cut to the late 1990s, and Microsoft seemed unassailable precisely because, to achieve that goal, it was potentially obliterating competition—not only on its home turf in the US, but also in Europe. But while these mantras may appear to be benign, worthy, or ambitious to the casual observer, making such meditative assertions a reality will almost undoubtedly bring competition officials knocking.

Both mantras contain similar goals: be everywhere for everyone.

The question has to be asked: at what point does a powerful company's dominant position in a market slip into abuse? It turns out that the likes of Microsoft and, more recently, Google need to constantly come up with the correct answer to keep competition complaints at bay. In March 2004, Brussels' antitrust chief at the time, Mario Monti, had this to say on the day that Microsoft was found to have abused its market power, and thereby violated EU competition rules: Dominant companies have a special responsibility to ensure that the way they do business doesn't prevent competition on the merits and does not harm consumers and innovation.

Today's decision restores the conditions for fair competition in the markets concerned and establish clear principles for the future conduct of a company with such a strong dominant position. However, Microsoft's fight with the commission didn't end there.
It would go on to tussle with competition officials for years, as it appealed against the various remedies and fines meted out by the commission.

The battle was costly, and not purely in monetary terms, which—as of 2013—stood at €2.2 billion in various EU anti-competitive fines, following non-compliance with the commission over its so-called "browser choice" deal.

The legal fight damaged Microsoft's reputation and forced the company to change its business practices in Europe. Microsoft, then, had the perfect background for rising up against Google's perceived abuse of dominance in the search business, in which its own engine Bing commands a tiny slice of the market.

By March 2011, Microsoft (and not just its Ciao subsidiary) had formally complained to the commission about Google's search tactics in Europe. Only to do a 360-degree spin half a decade later: following years of noisy, and—at times—outright hostile lobbying in Brussels, Ars recently revealed that Microsoft had quietly walked away, having seemingly kissed and made up with Google, even as the commission's decisions loomed. It could be argued that the timing made sense: Microsoft had largely completed its task now that the commission was shifting to preliminary formal charges against Google. Others wondered if relationships between it and Google had simply thawed thanks to the arrival of two new chiefs at the companies. We're told that, in fact, Microsoft's decision to end its patent dispute with Google in late 2015 had been the main impetus behind the slackening of hostilities between the two sides.

A source close to the situation told Ars that "no money was paid, and no additional business strategy [was] changed," following Microsoft's agreement with Google. Microsoft, then, has apparently pulled its legal strategy into line with its business plans. So where does Microsoft's exit—complete with the muffling of the funfair trumpet—leave the remaining complainants in the EC antitrust case? Unfolding the antitrust map The commission has been at pains to say that nothing changes with its investigation now that Microsoft has moved on.

A spokesperson at Vestager's office told Ars in April: "We continue to investigate the conduct of Google as part of our ongoing formal probes, based on the facts, the evidence, and EU law.

The substantive analysis in an antitrust case is not affected by the number of complainants nor their identity.” Meanwhile, lobby groups ICOMP and Fairsearch—once heavily supported by Microsoft—remain intact, albeit with smaller voices and far less funding. To date, Ars understands that the commission has received formal complaints against Google's business practices from roughly 20 different parties.

They range in size from publishing giant News Corp to local reviews site Yelp, and travel site Expedia to UK outfit StreetMap. StreetMap recently exited the EC case for entirely different reasons to Microsoft, choosing to instead pursue Google in the UK's High Court. However, in February, StreetMap lost its case, was saddled with hefty legal bills, and is seeking to appeal against the judge's decision that the "introduction by Google in the UK in June 2007 of the new-style Maps OneBox was not reasonably likely appreciably to affect competition in the market for online maps." Mr Justice Roth concluded: "on the assumption that Google held a dominant position, it did not commit an abuse." Google was quick to claim that "the court made clear that we're focused on improving the quality of our search results.

This decision promotes innovation." However, observers have argued that StreeMap's case was too limited in scope because it failed to address Google's alleged anti-competitive practices of demoting its rivals in the search market.
It's understood that Google has been pencilled in for a hearing in the High Court with Justice Roth later in May.

An anonymous source told Ars that the hearing isn't connected to StreetMap's planned appeal against the judgment—but that it may have a bearing on it. The end of the beginning? If there's one clear takeaway from Microsoft's fight with the European Commission, then it has to be that the tenacity of a monopolistic, or near-monopolistic multinational can't be underestimated. In the past few months, there have been breathless whispers about Vestager closing in on Google.
It's understood that the commission had requested additional data from the search giant in March—a move which seemed to suggest that the groundwork for a prohibition decision was being finalised, and that competition officials on the case were now moving at a faster pace.
Indeed, Ars understands that such a decision and subsequent fine—which could reportedly be as high as $3 billion (representing less than five percent of Alphabet Inc's annual global turnover)—against Google is now a matter of weeks away. The commission has declined to comment on the matter, and Google is similarly keeping quiet. Meanwhile, Foundem—the original complainant in the EC competition case—told Ars: It is difficult to imagine a competition case where the stakes for consumers, businesses and innovation could be any higher.

As the gateway to the Internet, Google plays a decisive role in determining what the vast majority of us discover, read, use, and purchase online. The importance of ending Google practices that quietly manipulate this unprecedented power to Google’s own financial and anti-competitive ends cannot be overstated. Google boss, Sundar Pichai. Foundem added: "It is important to understand that this is not just about shopping; it is about price comparison, travel search, local search, digital mapping, and all other existing and future specialised search services. Enlargema"A prohibition decision is likely to result in a substantial, headline-grabbing fine.

But, more importantly, it will also result in fundamental changes to Google's business practices that will restore the level playing field required for innovation to thrive.
Ironically, all that Google will need to do to achieve this is to once again make Google the comprehensive and unbiased search engine on which it forged its formidable reputation and monopoly." It's worth also noting, however, that Google is highly likely to appeal against any such decision from Vestager's office—which means the case could yet be held up in the courts, while the commissioner works her way through the other complaints that have stacked up against Google, including its alleged restrictions on Android device makers. In the US, meanwhile, it has been reported that the Federal Trade Commission is tentatively looking at similar accusations that Google has abused its dominance with its Android operating system.

At this stage, there's no suggestion that the FTC will conduct a formal investigation into Google's business practices.

But Google seems now to be routinely trying to put out one fire just as another one sparks up. It's time to settle in, folks.

This story isn't over yet. This post originated on Ars Technica UK

Amazon’s share price falls 6% on quarterly results

Amazon’s share price fell 6% in after-hours trade after the firm reported a second-quarter net loss of $126m and warned that sales could slow in the current quarter. In line with analysts’ predictions, net sales increased 23% to $19.34bn, compared with the second quarter of 2013, but Amazon expects third-quarter sales of $19.7bn to $21.5bn, which means sales growth of 11% at best in the current quarter. Operating loss was $15m in the second quarter, compared with operating income of $79m in the second quarter of 2013 and $146m in the first quarter of 2014. Analysts said operating income is regarded as a good measure of profitability and investors have traditionally disregarded narrow profit margins, looking instead at strong sales growth for reassurance. “We continue working hard on making the Amazon customer experience better and better,” said Jeff Bezos, founder and chief executive of Amazon. He highlighted several innovations, including European cross-border two-day delivery for Prime customers, new cloud-based services and price reductions, and the launch of the Fire Phone. Amazon’s first smartphone is among the big investments the firm has been making to grow its business, but which have contributed heavily to the net loss in the second quarter. In a results conference call, Amazon revealed that producing its own TV shows will cost $100m in the third quarter, reports the BBC. Amazon has also been spending money on improving its cloud-computing services and delivery systems, including expanding Sunday delivery to some cities in the UK and the US. But analysts said the size of the shares sell-off indicates some investors want more reassurance, particularly as Amazon does not break down its numbers to show how its different products are performing. At the end of the first quarter, analysts said Amazon’s share price was unlikely to make any significant gains until the company can prove that its recent innovations are turning a profit. Read more on Amazon Amazon's soaring first-quarter sales fail to impress investors Amazon shares fall despite strong Q4 results Amazon Web Services reaches its 8th birthday Amazon nets lion’s share of $10bn public cloud market CW Special Report: Amazon Web Services (AWS) Amazon Kinesis: When to use Amazon's new big-data processing service Amazon's WorkSpaces: Why is it needed? Amazon Web Services beefs up channel programme Amazon datacentre glitch hits top web services Amazon CTO urges businesses to open up to ideas Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK

Security Think Tank: What should be in an incident response plan

Imagine this scenario: Your website has been down for the past ten minutes and the techies, rightly I must add, are scurrying around trying to identify the root cause. Given the limited tools (due to the budget cuts announced last year), they have limited visibility into the origins, the method of attack. Eventually, one techie shouts: "This is a massive DDoS attack! A distributed denial of service attack and that your site is being attacked by hundreds of thousands of zombie machines! Panic!" “Get everyone on the bridge! Now!” barks the head of operations and you, the CISO and or the CIO and every man and woman worth a title jumps on the bridge along with the techies. Let’s not forget the outsourcers. Multiple accents, time zones, and people are all clashing trying to stop a zombie DDoS attack. “Oh, by the way, I can access the site now, its back up,” says one of the techies on the call. In the meantime, while the drama of the DDoS was playing out, the interim CFO tried to call the IT manager to report an incident on her machine. She had clicked on a link in an email and there was an explosion of several internet explorer windows. She could not close them fast enough. But the IT manager had told her he would call her back because he was busy with a major DDoS incident affecting the front-end website. The interim CFO did not push him, surely the DDoS was more important than her internet browser behaving badly. In the end, the CFO just restarted her machine. Problem solved. This is a common setup in many organisations and something that I have seen many times. Okay, it is not common to see a DDoS and the CFO’s laptop misbehaving but I am trying to make a very important point - hear me out. Most incident plans and the creators behind them are still living in the static and visual age. What do I mean by that? The impact of a DDoS can be seen by all, your customers, your employees, your shareholders! It is totally natural to ply all resources into its resolution. The interim CFO’s issue is a singular non-impact incident that is nothing but an irritant affecting a single individual. Here is what happened next: The interim CFO’s laptop had experienced a targeted attack by an ideological group of cyber activists. The irritating windows that kept cropping up was a purposeful design of the malware that this group had purchased from the dark underbelly of cyberspace. The malware was installed and had dialled back home informing the buyers that it was ready for the next set of commands. To cut the story short, the cyber hacktivists infected the chief marketing officer’s laptop, where they hit “gold” in the form of a list of the half a million customers personal information including name, address, date of birth etc.  They stole the data and published it on the internet for everybody to see The company was not only fined by the regulators, but also named and shamed by the media affecting its brand reputation and eventually its share price. So what should a CIRP or Cyber incident response plan contain? The organisation creating the plan, must start by acknowledging that: A cyber attack is imminent and it is not the size and visible impact of an attack that should drive the plan. The smallest of incidents can have the biggest of impacts. The attack may be too complex to fully understand or feel its immediate impact. The need for “Info Sharing” mitigation is the first and most effective line of defence. Most importantly: The CEO, senior executives and the board of large organisations must understand that they will fall victim to a cyber attack. In addition, the organisation’s  C-suite must be responsible for managing a cyber incident rather than sysadmin and helpdesk. Although the heading refers to what must be in an incident plan, I am going to take a different approach for now by arguing that there are some things that must never be considered in a CIRP or Cyber Incident Response Plan. These are: A DR approach: Do not include, copy or plagiarise a  DR plan. A cyber incident is not similar to a disaster in many cases.   A list of attack scenarios: Do not create an impossible list of all possible attack scenarios that are then compiled into a tome that no one ever reads. Save the planet: Do not write and print 500-page documents that detail the steps for remediation. Process a DOS:  Carrying on from point number three, untested processes end up creating a denial of service. Think about it, do not create and expect staff to follow untested useless processes, especially during or just after a cyber attack. Skill you NOT: Do not expect anyone to Google a skill at 03:00 in the morning. Enough said. Executives: Step up to the plate One reason most plans fail could be because of the lack of executive support and understanding. It is becoming evident that most executives and senior management are unable and unaware of how to respond to the growing threat of cyber incidents.  There is no-one advising or guiding senior executives on how to develop these capabilities to make cyber incident response work. There needs to be a cyber incident response programme (CIRP) for executives that enables them to understand and deal with the threat of cyber attacks. Amar Singh is chair of ISACA UK Security Advisory Group Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK This was first published in July 2014