The unintended “open book” company … opens a can of worms.

Transparency is usually considered a good thing. But when it means your company is an open book, it’s gone too far.

Unfortunately, some companies are making far too much of their information visible to the world without realizing it. Clean laundry, dirty laundry – the works.

One of these instances came to light recently when vpnMentor, a firm that bills itself as an “ethical hacking group,” discovered an alarming lack of e-mail protection and encryption during a web-mapping project regarding an international piping, valve and fitting manufacturing organization.

I’m going to shield the name of the company in the interest of “discretion being the better part of valor,” but the company’s data that was found to be visible is amazingly broad and deep. Reportedly it included:

  • Project bids
  • Product prices and price quotations
  • Discussions concerning suppliers, clients, projects and internal matters
  • Names of employees and clients
  • Internal e-mail addresses from various branch offices
  • Employee IDs
  • External/client e-mail addresses, full names and phone numbers
  • Information on company operations
  • Travel arrangements
  • Private conversations
  • Personal e-mails received via company e-mail addresses

Basically, this company’s entire business activities are laid out for the world to see.

The vpnMentor research team was able to view the firm’s “confidential” e-mail communications. Amusingly, the team saw its own e-mails it had sent to the firm warning about the security breach (that the company never answered).

“The most absurd part is that we not only know that they received an e-mail from one of the journalists we work with, alerting them to the leak in this report, but we [also] know they trashed it,” as one of the team members noted.

The company in question isn’t some small, inconsequential entity. It operates in 18 countries including the biggies like Germany, France, Germany, the United States, Canada and Brazil.  So the implications are wide-ranging, not just for the company in question but also for everyone with which they do business.

The inevitable advice from vpnMentor to other companies out there:

“Review your security protocols internally and those of any third-party apps and contractors you use. Make sure that any online platform you integrate into your operations follows the strictest data security guidelines.”

Are you aware of any security breaches that have happened with other companies that are as potentially far-reaching as this one? It may be hard to top this particular example, but if you have examples that are worth sharing, I’m sure we’d all find them interesting to to hear.

The promise — and peril? — of microchip implants for people.

In 2017, when employee volunteers at Three Square Market, a Wisconsin-based technology company, agreed to have microchips implanted in their wrists so that they could access the company’s lunchroom vending machines without exchanging money, some people tittered.

At best, it was viewed as a publicity effort to draw attention to the firm and its work in the microchip industry.

So where are we with human microchip implants two years later? Well … not so far along in some ways, and yet things may be poised for a sea change in the not-too-distant future.

And actually, it has less to do with human microchip implants as a convenience as it does with their potential to revolutionize health monitoring and medical diagnoses.

Biohax International, a Swedish-based company founded more than five years ago, is further along on the development curve than most other developers in the field. According to a report from Thomas Industry Insights, thousands of Swedes now have microchip implants, and the number is expected to continue growing at a robust pace.

At present, Biohax chip implants can house anything from emergency contact information to FOB and other access capabilities for cars, homes and even public transportation.

But the next frontier looks to be in healthcare. At present, prototype microchips are being developed that will enable continual monitoring of a person’s vital signs – things like glucose monitoring and blood pressure monitoring.

It isn’t difficult to imagine a day when certain patients are prescribed potentially lifesaving microchip implants that will serve as “early warnings” to nascent health emergencies.

Is this the future?

There could be a downside, of course – there nearly always is with these sorts of things, it seems. What does a world look like where physicians, insurance companies, employers or credit card companies make implants a mandatory condition for service or employment?

How far of a line is it to go from that to being part of a “surveillance state”?

And even if the situation never came to that, would people who demur from participating voluntarily in the “microchip revolution” be somehow walled off from the benefits microchips could deliver – thereby becoming “second-class citizens”?

The ethical questions about human microchip implants are likely to be with us for some time to come — and it’s certainly going to be interesting to see how it all plays out.

Do you have particular opinions about the “promise and peril” of microchip implants? Please share your thoughts with other readers here.

What’s the “long-game” in the U.S.-China trade conflict?

The efforts to craft a new trade agreement with the People’s Republic of China have run into some pretty major roadblocks in recent weeks and months.

Things came to another inflection point this week when President Trump announced that new tariffs would be imposed on more Chinese goods imported into the United States. As of September 1, pretty much all categories of Chinese imports will now be subject to tariffs.

If we look at the impact the protracted impasse has had on markets, the repercussions are plain to see. One result we’ve seen is that China has dipped from making up the largest portion of trade with the United States to being in third place now, behind Mexico and Canada:

But what’s the long-term prognosis for a trade deal with China? Recent world (and USA) statistics point to softening of the economy, which could have negative consequences across the board.

When it comes to perspectives on economic and business matters involving China and the Pacific Rim, I like to check in with my brother, Nelson Nones, who has lived and worked in the Far East for more than 20 years.  He has first-hand experience working in the Chinese market and is keenly aware of the issues of intellectual property protection, which is a major bone of contention between the United States and China and is one of the factors in the trade negotiations.  (Nelson runs a software company which has chosen to forego the Chinese market because of regulations requiring software firms that set up a joint ventures with Chinese companies to disclose their source code — something his firm will never do.)

I asked Nelson to share his thoughts about what he sees happening in the coming months.  Here are his observations:

Chinese President Xi has a lot on his plate right now. It isn’t just the U.S. trade war but also the Hong Kong disturbances, U.S. arms sales to Taiwan, the U.S. sending warships through the Taiwan Strait and the South China Sea, and China’s domestic banking sector weakness, to name just some. Trump has also put President Xi in a tight spot by demanding (or getting) Xi’s assurances that China will buy more U.S. agricultural products and will enact legislation protecting foreign intellectual property.  

In spite of his very substantial power, I predict that Xi will have a very tough time ramming Trump’s conditions down the throats of his countrymen. 

I should mention that the biggest issue here is intellectual property protection. The draft agreement that China “almost” signed had assurances that IP protection laws will be enacted, but Xi apparently nixed that draft whereupon the Chinese government stated that no government can promise, when negotiating a treaty with a foreign country, to change its domestic laws.

Technically, they’re right. For example, President Trump can’t commit to changing U.S. laws because only the Congress can do that under the constitutional separation of powers. Similarly, on paper, only China’s National People’s Congress (the national legislature) can change Chinese laws, and President Xi is not a member of the National People’s Congress. (Of course, this explanation conveniently overlooks the fact that both the Presidency and the National People’s Congress are subservient to the Communist Party of China, and that Xi is the General Secretary of the Communist Party, but still it’s technically correct.)

In view of all this, the natural Chinese instinct is to wait … and in this case, wait until the 2020 U.S. election and see what happens. If Trump is defeated for re-election, then perhaps many of Xi’s problems will disappear magically. On the other hand, if Trump stays in office maybe the pain that Trump’s China trade policy is inflicting on U.S. businesses and consumers will force Trump to lighten up a bit.  

In other words, President Xi has much to gain and relatively little to lose by playing the waiting game for a while. 

As for U.S. tariffs, those are causing Chinese businesses to adapt their supply chains by routing them through other East and Southeast Asian countries which are not subject to the tariffs. For instance, instead of sending products straight to the U.S., Chinese manufacturers are sending products to Vietnam or Thailand where a tiny bit of additional work is done – just enough to qualify for a “Made in Vietnam” or “Made in Thailand” label. (This adaptation partially explains Thailand’s large trade surplus which has made the Thai Baht one of the world’s best-performing currencies this year.)  

These maneuvers actually provide a safety valve for both Xi and Trump. For Xi, it cushions the reduction in demand for Chinese exports. At the same time it puts some additional pressure on Trump because this type of safety valve does not really exist for U.S. exporters trying to evade reciprocal Chinese tariffs.  But on the plus side for Trump, it tends to dampen the impact of higher tariffs pushing up U.S. producer and consumer prices.

If you ask me to bottom-line this, the trade problems look more like a protracted siege than an episode of brinksmanship.

How the siege is resolved depends on how strong Trump’s position will be after the 2020 election. If the Democrats continue with their leftward lurch, then Xi will eventually have to cave because Trump’s position will be strong (I’d say a 65% probability of re-election). But if the Democrats come to their senses and Trump continues shooting himself in the foot, then he’s in real danger of losing the election and Xi will come up the big winner (I’d give this a 35% probability as of today). 

So there you have it: the prognosis from someone who is “on the ground” in East Asia.  What are your thoughts?  Are you in broad agreement or do you see things differently?  Please share your observations with other readers here.

Evidently, America isn’t in IKEA’s manufacturing future …

Going, going, gone …

Over the past several years, the political mantra has been that jobs are now coming back to the United States – particularly manufacturing ones.

That may well be. But this past week we’ve learned that IKEA plans to close its last remaining U.S. production facility.  The iconic home furnishings company has announced that it will be closing its manufacturing plant in Danville, Virginia by the end of the year.

The Danville plant makes wood-based furniture and furnishings for IKEA’s retail store outlets in the United States and Canada.

The reason for the plant closure, as it turns out, is a bit ironic. According to IKEA, high raw materials costs in North America are triggering the move, because those costs are actually significantly lower in Europe than they are here.  Even accounting for other input costs like labor that are higher in Europe, shifting production to Europe will keep product prices lower for U.S. retailers, IKEA claims.

So much for the notion that imports from Europe are overpriced compared to domestically produced ones!

The Danville plant isn’t even that old, either. Far from being some multi-story inefficient dinosaur left over from a half-century ago, the manufacturing facility opened only in 2008, making it only about a decade old.  At its peak the plant employed around 400 people.

IKEA made staff cuts or around 20% earlier in the year, before following up with this latest announcement that will wipe out 300 more jobs in a community that can scarcely withstand such large economic shocks.

With the closure of Danville, IKEA will still have more than 40 production plants operating around the world. It employs around 20,000 workers in those plants (out of a total workforce of ~160,000, most of which are employed in the company’s vast retail and distribution business activities).

So, it doesn’t appear that IKEA will be exiting the manufacturing sector anytime soon.  It’s just that … those manufacturing activities no longer include the United States.

As a certain well-known U.S. political leader might say, “Sad!”

DMARC’s job of demarcating: How well is it doing?

In the drive to keep the onslaught of fake e-mail communications under control, DMARC’s checks on incoming e-mail is an important weapon in the Internet police’s bag of tricks.  A core weapon of cyber felons is impersonation, which is what catches most unwitting recipients unawares.

So … how is DMARC doing?

Let’s give it a solid C or C+.

DMARC, which stands for Domain-based Message Authentication, Reporting and Conformance, is a procedure that checks on the veracity of the senders of e-mail. Nearly 80% of all inboxes – that’s almost 5.5 billion – conduct DMARC checks, and nearly 750,000 domains apply DMARC as well.

Ideally, DMARC is designed to satisfy the following requirements to ensure as few suspicious e-mails as possible make it to the inbox:

  • Minimize false positives
  • Provide robust authentication reporting
  • Assert sender policy at receivers
  • Reduce successful phishing delivery
  • Work at Internet scale
  • Minimize complexity

But the performance picture is actually rather muddy.

According to a new study by cyber-security firm Valimail, people are being served nearly 3.5 billion suspicious e-mails each day. That’s because DMARC’s success rate of ferreting out and quarantining the faux stuff runs only around 20%.  And while America has much better DMARC performance than other countries, the Unites States still accounts for nearly 40% of all suspicious e-mail that makes it through to inboxes due to the shear volume of e-mails involved.

In developing its findings, Valimail analyzed data from billions of authentication requests and nearly 20 million publicly accessible DMARC and SPF (Sender Policy Framework) records.  The Valimail findings also reveal that there’s a pretty big divergence in DMARC usage based on the type of entity. DMARC usage is highest within the U.S. federal government and large technology companies, where it exceeds 20% of penetration.  By contrast, it’s much lower in other commercial segments.

The commercial sector’s situation is mirrored in a survey of ~1,000 e-mail security and white-collar professionals conducted by GreatHorn, a cloud-native communication security platform, which found that nearly one in four respondents receive phishing or other malicious e-mails daily, and an additional ~25% receive them weekly.  These include impersonations, payload attacks, business services spoofing, wire transfer requests, W2 requests and attempts at credential theft.

The GreatHorn study contains this eyebrow-raising finding as well:  ~22% of the businesses surveyed have suffered a breach caused by malicious e-mail in the last quarter alone.  The report concludes:

“There is an alarming sense of complacency at enterprises at the same time that cybercriminals have increased the volume and sophistication of their e-mail attacks.”

Interestingly, in its study Valimail finds that the government has the highest DMARC enforcement success rate, followed by U.S. technology and healthcare firms (but those two sectors lag significantly behind). It may be one of the few examples we have of government performance outstripping private practitioners.

Either way, much work remains to be done in order to reduce faux e-mail significantly more.  We’ll have to see how things improve in the coming months and years.

Have KPIs become a crutch for businesses?

Relying on Key Performance Indicators has become the norm in many business operations. And why not?  Properly defined and managed, KPIs help businesses focus on the right priorities and chart progress towards their goals.

But even well-designed KPIs have their limitations. By their nature, they’re not greatly insightful (they’re indicators, after all).  The problem is that very often, KPIs are used as if they are.

One of the attractions of focusing on KPIs is their simplicity. Managers love boiling things down to concise, action-oriented statements and phrases.  We hear it all the time from senior leadership.  “Give us the bottom-line finding,” they emphasize.

“Business by bullet-point,” if you will.

But here’s the thing: Because of their distilled simplicity, KPIs can lure many a businessperson into overestimating the insights that they’re able to provide.

KPIs do provide a jumping-off point, but the underlying “why” is often still conjecture or a hypothesis. It takes discipline to look for deeper insights and corroborating evidence to really understand what KPIs are saying to us.

Addressing this issue, Shiv Gupta, data analytics specialist par excellence and head of Quantum Sight, has noted:

“Anyone who has worked on developing KPIs knows that it is a game of balance and compromise based on business objectives. The need for actionable information battles with the desire for simple metrics.”

Database marketer Stephen Yu of Willow Data Strategy makes another great point when he writes:

“We all have seen many “death by KPI” [situations] when organizations look at things the wrong way. When someone is lost while driving, [to] keep looking at the dashboard of the car won’t get the driver out of trouble. In a time like that, one must turn on a navigator.  Different solutions call for different analytics, and popular KPIs – no matter how insightful they may have been – often do not lead to solutions.”

What have been your experiences in working with KPIs in your business? How have they helped … or not?  Please share your thoughts and perspectives with other readers here.

“By any means necessary”: China’s Huawei Technologies flies close to the sun in its quest commandeer proprietary technology.

Not all-smiles at the moment … Chinese leader Xi Jinping.

In China, it’s difficult to discern where private industry ends and the government begins. At some level, we’ve been aware of that conundrum for decades.

Still … opportunities for doing business in the world’s largest country have been a tempting siren call for American companies. And over the past 15+ years, conducting that business has seemed like the “right and proper” thing to do — what with China joining the G-8+5 economic powers along with incessant cheerleading by the U.S. Department of Commerce, abetted by proactive endeavors of other quasi-governmental groups promoting the interests of American commerce across the globe.

But it’s 2019 and circumstances have changed. It began with a change in political administrations in the United States several years ago, following which a great deal more credence has been given to the undercurrent of unease businesspeople have felt about the manner in which supposedly proprietary engineering and manufacturing technologies have suddenly popped up in China as if by magic, pulling the rug out from under American producers.

Nearly three years into the new presidential administration, we’re seeing evidence of this “new skepticism” begin to play out in concrete ways. One of the most eye-catching developments – and a stunning fall from grace – is Huawei Technologies Co., Ltd. (world headquarters: Shenzhen, China), one of the world’s largest makers of cellphones and high-end telecom equipment.

As recounted by NPR’s Weekend Edition reporter Emily Feng a few days ago, Huawei stands accused of some of the most blatant forms of technology-stealing.  Recently, the Trump administration banned all American companies from using Huawei equipment in its 5G infrastructure and is planning to implement even more punitive measures that will effectively prevent U.S. companies from doing any business at all with Huawei.

Banning of Huawei equipment in U.S. 5G infrastructure isn’t directly related to the theft of intellectual property belonging to Huawei’s prospective U.S. suppliers.  Rather, it’s a response to the perceived threat that the Chinese government will use Huawei equipment installed in U.S. 5G mobile networks to surreptitiously conduct espionage for military, political or economic purposes far into the future.

In other words, as one of the world’s largest telecom players, Huawei is perceived as a direct threat to non-Chinese interests not just on one front, but two: the demand side and the supply side.  The demand-side threat is why the Trump administration has banned Huawei equipment in U.S. 5G infrastructure, and it has also publicly warned the U.K. government to implement a similar ban.

As for the supply side, the Weekend Edition report recounts the intellectual property theft experience of U.S.-based AKHAN Semiconductor when it started working with Huawei. AKHAN has developed and perfected an ingenious form of diamond-coated glass – a rugged engineered surface perfectly suited for smartphone screens.

Huawei expressed interest in purchasing the engineered glass for use in its own products. Nothing wrong with that … but Huawei used product samples provided by AKHAN under strict usage-and-return guidelines to reverse-engineer the technology, in direct contravention of those explicit conditions – and in violation of U.S. export control laws as well.

AKHAN discovered the deception because its product samples had been broken into pieces via laser cutting, and only a portion of them were returned to AKHAN upon demand.

When confronted about the matter, Huawei’s company officials in America admitted flat-out that the missing pieces had been sent to China.  AKHAN enlisted the help of the FBI, and in the ensuing months was able to build a sufficient case that resulted in a raid on Huawei’s U.S. offices in San Diego.

The supply side and demand side threats are two fronts — but are related.  One of the biggest reasons why Huawei kit has been selected, or is being considered, for deployment on 5G mobile networks worldwide is due to its low cost. The Chinese government, so the thinking goes, “seduces” telecom operators into buying the Huawei kit by undercutting all competitors, thereby gaining access to countless espionage opportunities. To maintain its financial footing Huawei must keep its costs as low as it can, and one way is to avoid R&D expenses by stealing intellectual property from would-be suppliers.

AKHAN is just the latest – if arguably the most dramatic – example of Huawei’s pattern of technology “dirty tricks” — others being a suit brought by Motorola against Huawei for stealing trade secrets (settled out of court), and T-Mobile’s suit for copying a phone-testing robot which resulted in Huawei paying millions of dollars in damages.

The particularly alarming – and noxious – part of the Huawei saga is that many of its employees in the United States (nearly all of them Chinese) weren’t so keen on participating in the capers, but found that their concerns and warnings went unheeded back home.

In other words – the directive was to get the technology and the trade secrets, come what may.

This kind of behavior is one borne from something that’s far bigger than a single company … it’s a directive that’s coming from “China, Inc.”  Translation: The Chinese government.

The actions of the Trump administration regarding trade policy and protecting intellectual property can seem boorish, awkward and even clumsy at times. But in another sense, it’s a breath of fresh air after decades of the well-groomed, oh-so-proper “experts” who thought they were the smartest people in the room — but were being taken to the cleaners again and again.

What are your thoughts about “yesterday, today and the future” of trade, industrial espionage and technology transfer vis a vis China? Are we in a new era of tougher controls and tougher standards, or is this going to be only a momentary setback in China’s insatiable desire to become the world’s most important economy?  Please share your thoughts and perspectives with other readers here.