Private Equity and the Hacking of the New York Subway System
Another day, another cyber security problem caused by a PE owned software firm.
Welcome to BIG, a newsletter on the politics of monopoly power. If you’d like to sign up to receive issues over email, you can do so here.
Oh look, a hack of the New York subway system.
A hacking group believed to have links to the Chinese government penetrated the Metropolitan Transportation Authority’s computer systems in April, exposing vulnerabilities in a vast transportation network that carries millions of people every day, according to an M.T.A. document that outlined the breach.
These hacks are becoming commonplace, but it’s not just because everything is connected to the internet. It turns out, hackers got in through commercial software.
To gain access to the M.T.A. and other systems, the hackers took advantage of vulnerabilities in Pulse Connect Secure, a widely used connectivity tool that offers workers remote access to their employers’ networks.
Pulse Connect Secure is owned by Ivanti, a software roll-up owned by private equity firms Clearlake Capital Group, L.P. and TA Associates. I’ve written about the dangers of private equity owning cybersecurity firms - Solar Winds was such a case. (In fact, Thoma Bravo partners - which owns Solar Winds - continues to snap up cybersecurity and compliance firms such as Proofpoint.)
I’ve gone through job reviews on Glassdoor and Indeed, and Ivanti seems to be a typical PE roll-up, ruining the product quality, offshoring jobs and firing people, and just generally destroying enterprise value. Here’s a typical review.
Pros
This company used to be the mature example of what a software company in the Silicon slopes should be. Former C-Suite cared about their employees, they were willing to adjust to changing conditions and they got to know who we are. The former leadership team was that...a team, and they included all of us in it. The previous CMO was amazing, he knew his team and their capabilities. He made us want to work harder not because we were in fear, but because we were loyal to him and we know he cared.
Cons
The current leadership group is there to squeeze anything they can out of that company. They are all there to make the most of the shares they own and care little about the future of the organization. All that they have done was divide the organization. They've hampered creativity and production. Literally, everyone on my team lived day to day in fear. It's no way to live. They think nothing (and this really happened) of laying off a sales leader, just to bring them back, just to lay them off again. That's a MESS! They won't promote current employees, in fact, they seem to revel in the idea that they are hiring outside of little Utah. I have known rockstar leaders who were up ready for a promotion that weren't even allowed to interview.
The story is likely similar to Solar Winds - a badly managed company that doesn’t deal with problems so its owner can suck out cash.
If you want more reviews…
I concur. As a business college professor in Shanghai, China, many of my students were doing extracurricular hacking studies with the Chinese Army another local university after my classes. I was told by one of them that they were hacking into the American government agencies on a daily basis.
I'm not sure how much of a raise the guy who can't spell "guillotine" has coming to him.