FireSale HackBoy

Knowledge Shared By FireSale HackBoy...

Hacking

The Art Of Exploitation...

Ethical Hacking

Security Experts...Same Techniques To Make Hacker's Stuff Useless.

Black Hat Hacking

Dark Side Of Hacking... In Short Destruction Of Cyber Stuff.

Digital Stuff

All The Digital Stuff Is Under The Influence Of Cyber Attacks... Be Safe

Monday, October 31, 2022

IronNet Announces Receipt of Continued Listing Standard Notice from NYSE

MCLEAN, Va.–(BUSINESS WIRE)–IronNet, Inc. (NYSE: IRNT) (“IronNet”) announced today that on October 25, 2022 it received written notice from the New York Stock Exchange (“NYSE”) that the Company is not in compliance with the continued listing standards set forth in Rule 802.01C of the NYSE Listed Company Manual that requires listed companies to maintain an average closing share price of at least $1.00 over a consecutive 30 trading-day period (the “Notice”). The NYSE rules require the Company to notify the NYSE, within 10 business days of receipt of the Notice, of its intent to cure this deficiency. The Company has six months following the receipt of the Notice to cure the deficiency and regain compliance. The Company’s common stock will continue to be listed and trade on the NYSE during this period, subject to the Company’s compliance with other NYSE continued listing standards.

IronNet can regain compliance at any time during the six-month cure period if, on the last trading day of any calendar month during the cure period, its common stock has a closing price of at least $1.00 and an average closing price of at least $1.00 over the 30 consecutive trading-day period ending on the last trading day of that month. The Company will closely monitor the closing share price of its common stock and is considering all available options and intends to regain compliance with the NYSE listing standards by pursuing measures that are in the best interests of the Company and its shareholders.

During this period, the Company’s common stock will continue to be listed and traded on the NYSE under its existing ticker symbol, with the addition of a suffix indicating the “below compliance” status of its common stock, as “IRNT.BC.” The Notice does not affect the Company’s business operations, or its Securities and Exchange Commission reporting requirements, and does not conflict with or trigger any violation under the Company’s material equity and debt financing agreements.

About IronNet

Founded in 2014 by GEN (Ret.) Keith Alexander, IronNet, Inc. (NYSE: “IRNT”) is a global cybersecurity leader that is transforming how organizations secure their networks by delivering the first-ever Collective Defense platform operating at scale. Employing a number of former NSA cybersecurity operators with offensive and defensive cyber experience, IronNet integrates deep tradecraft knowledge into its industry-leading products to solve the most challenging cyber problems facing the world today. For more information, visit www.ironnet.com.

Forward-Looking Statements

This press release includes “forward-looking statements” within the meaning of the “safe harbor” provisions of the United States Private Securities Litigation Reform Act of 1995, including, without limitation, statements regarding IronNet’s ability to provide visibility and detection of malicious behaviors and to help defend against increased cyber threats facing the globe. When used in this press release, the words “estimates,” “projected,” “expects,” “anticipates,” “forecasts,” “plans,” “intends,” “believes,” “seeks,” “may,” “will,” “should,” “future,” “propose” and variations of these words or similar expressions (or the negative versions of such words or expressions) are intended to identify forward-looking statements. These forward-looking statements are not guarantees of future performance, conditions, or results, and involve a number of known and unknown risks, uncertainties, assumptions and other important factors, many of which are outside IronNet’s management’s control, that could cause actual results or outcomes to differ materially from those discussed in the forward-looking statements. Important factors, among others, that may affect actual results or outcomes include: IronNet’s inability to recognize the anticipated benefits of collaborations with IronNet’s partners and customers; IronNet’s ability to execute on its plans to develop and market new products and the timing of these development programs; the rate and degree of market acceptance of IronNet’s products; the success of other competing technologies that may become available; IronNet’s ability to identify and integrate acquisitions; the performance of IronNet’s products; potential litigation involving IronNet; and general economic and market conditions impacting demand for IronNet’s products. The foregoing list of factors is not exhaustive. You should carefully consider the foregoing factors and the other risks and uncertainties described under the heading “Risk Factors” in IronNet’s Annual Report on Form 10-K for the year ended January 31, 2022, filed with the Securities and Exchange Commission (the “SEC”) on May 2, 2022, IronNet’s most recent Quarterly Report on Form 10-Q for the quarter ended July 31, 2022, filed with the SEC on September 14, 2022, and other documents that IronNet files with the SEC from time to time. These filings identify and address other important risks and uncertainties that could cause actual events and results to differ materially from those contained in the forward-looking statements. Forward-looking statements speak only as of the date they are made. Readers are cautioned not to put undue reliance on forward-looking statements, and IronNet does not undertake any obligation to update or revise any forward-looking statements, whether as a result of new information, future events or otherwise, except as required by law.

The post IronNet Announces Receipt of Continued Listing Standard Notice from NYSE appeared first on Cybersecurity Insiders.


November 01, 2022 at 09:08AM

Cybersecurity news headlines trending on Google

First news that is trending on the Google search engine is related to a ransomware attack that took place on Germany’s Copper producer ‘Aurubis’. News is out that the world’s second largest producer’s IT systems were hit by a ransomware attack disrupting the digital infrastructure to the core.

Perhaps this is supposed to be the first company related to metals and mining that was hit a by a file encrypting malware in the European nation and believably first from the west.

Aurubis that claims to produce over 1 million tons of copper cathodes every year is yet to confirm the malware attack. However, its spokesperson assured it will release a media update as soon as its preliminary investigations are concluded.

Second is the news related to a malware attack on an external defense contractor service named ForceNet Service. Estimates gathered by forensic experts and available to the media confirm the attack on the service that is used to run the military websites.

Matt Keogh, Minister for external affairs and defense, confirmed the news and added the stolen data was of 2018 and belonged to about 40,000 veterans.

ForceNet that acts as an internal communication platform or, we can say, a social networking website for defense personnel has taken up the matter seriously, as the government of Australia has asked a detailed report from it on this matter by early next week.

Third is the news related to an emergency meeting that the White House will host by the end of this week. It is expected that cyber officials from over 37 countries and 13 multinational firms will take part in the meet to take stringent actions against those spreading ransomware spread and involved in illegal use of cryptocurrencies.

Sources state the meet will be virtual and will see participation from nations such as Australia, Austria, Belgium, Brazil, Bulgaria, India, Czech Republic, France, Germany, Ireland, Italy, Japan and Kenya. Representatives from Canada and Croatia are also being expected for the conference.

Mandiant, CrowdStrike, Microsoft, Google, Siemens, SAP, Cyber Threat Alliance are the technology firms that will see participation in the White House Conference on Cybersecurity, likely to be held in Washington on November 3rd,2022.

 

The post Cybersecurity news headlines trending on Google appeared first on Cybersecurity Insiders.


October 31, 2022 at 08:42PM

Sunday, October 30, 2022

Ex UK PM Liz Truss phone hacked by Russia

Liz Truss, who served as a British prime minister of the UK for almost a little more than a fortnight, i.e., between Sept 6th to October 25th, 2022, is back in news for becoming a victim of an espionage campaign.

According to a report released by The Mail, the former Prime Minister of the United Kingdom was targeted by a cyber-attack leaking her personal email conversation and details of UK’s stand on Ukraine’s war with Kremlin, when she was serving as foreign secretary.

Cybersecurity Insiders learnt she suffered a digital attack that might apparently be led by a hacking group from Moscow. And the attack took place as she was using smart phone handset that lacked essential security updates.

But when she was emerging as a probable candidate to take on reigns of ex-Prime Minister Boris Johnson, the government issued her a new handset, thus saving her from further embarrassment.

In the year 2020-21, a Political Leader and a high-profile oil entrepreneur from the UAE was accused of hacking phones of many political dignitaries from the UK through a spying software Pegasus. Those hailing from Downing Street and the Foreign Office were also among the victims’ list of the spying incident.

Now, news is out that Ms. Truss also became a victim of cyber-attack, leading to the leak of classified information from her mobile device.

Often, usage of old smart phones and computing gadgets leads to a spill of critical info from the devices. And this is what is suspected to have happened in this case as well.

Publicly making their contact numbers available and usage of obsolete hardware and software is prohibited as per the protocol of British Parliamentarian Security. However, some leaders cannot understand the underlying essence of creating such protocols and that is doing substantial damage to the careers of some beloved politicians.

Boris Johnson posted his contact number online a few years ago, and it was still there even after he took charge as the head of the United Kingdom. Joe Biden, the US President, is also seen carrying an old Samsung phone that the security staff deem to lack basic security updates.

While the Ex-President Donald Trump and the now Vice President Kamala Harris have a penchant to do what is being advised by the IT staff and are using highly secure devices for personal and office communications.

 

The post Ex UK PM Liz Truss phone hacked by Russia appeared first on Cybersecurity Insiders.


October 31, 2022 at 10:14AM

DIGISTOR® EXTENDS COMMERCIALLY PRICED SELF-ENCRYPTING DRIVE PRODUCTS WITH KEY PRE-BOOT AUTHENTICATION FEATURE TO SECURE DATA AT REST (DAR)

DIGISTOR®, a CRU Data Security Group (CDSG) brand, has added to its innovative line of secure DIGISTOR Citadel™ self-encrypting drives with pre-boot authentication by introducing PBA to its Citadel C Series lineup. The new drives, powered by Cigent®, add the critical PBA function to their existing DIGISTOR C Series of self-encrypting drives.

In addition, DIGISTOR is announcing that the Citadel C Series Advanced version has been listed by NIST as a FIPS 140-2 L2 certified storage device with NIST certificate #4294. This certification is an additional assurance that DIGISTOR C Series Advanced SEDs have been tested and validated by the US Government to meet its strict security requirements in the devices’ cryptographic module.

The renamed DIGISTOR Citadel C Series drives with PBA are ideal for developing secure Data at Rest (DAR) storage solutions in commercial and other government applications where protecting critical information against ransomware and other cyber threats is vital. Pre-boot authentication requires that a computer user provide trusted credentials to the drive before the laptop or desktop computer can detect and boot. This prevents unauthorized users from gaining access to the encrypted drive and its sensitive data.

“To safeguard data, robust cybersecurity features, like PBA, are needed in security-conscious industries like financial services, healthcare, and critical infrastructure such as power grids and water supplies, the defense sector, and government agencies,” said Randal Barber, CDSG President and CEO. “The Citadel C Series makes PBA affordable for the wide range of applications that do not demand the stringent certification requirements seen with some military and government customers.”

Citadel C Series drives offer additional cybersecurity functions such as multi-factor authentication (MFA), zero-trust file access, unreadable storage partitions protected by non-recoverable keys, automated threat response that renders data invisible if Cigent Data Defense is disabled, and secure access logs that capture all insider threat activity.

Citadel C Series SSDs are built on DIGISTOR TCG Opal or FIPS 140-2 L2/Common Criteria self-encrypting drives. The new drives will be available in Q4 2022 in standard M.2 NVMe and SATA form factors and 2.5-inch SATA form factors, for commonly used laptops, desktops, and tactical servers.

“DIGISTOR is an important partner who aligns closely with our vision and product offerings,” said Tom Ricoy, Chief Revenue Officer, of Cigent. “We are delighted to extend our collaboration and help the company broaden its important Citadel family of PBA self-encrypting storage solutions.”

These new drives with PBA are part of the extended Citadel family including the Citadel K Series SSDs, powered by CipherDrive™ and its CSfC-listed PBA (EE), which have been adopted widely with military and government agencies. The Citadel family rounds out the DIGISTOR secure SSD product line that includes FIPS-certified and TCG Opal-compliant SSDs, all of which are TAA-compliant, and are suitable for a wide range of security solutions.

For more information visit digistor.com/citadel.

ABOUT THE COMPANY

DIGISTOR, a CRU Data Security Group (CDSG) brand, provides secure storage solutions for Data at Rest. CDSG is a leading provider of data security solutions and data transport and storage devices for government and military agencies, small and medium-sized businesses, the entertainment industry, corporate IT departments, data centers and digital forensic investigators. Its other brands include CRU removable storage devices, ioSafe fireproof and waterproof data storage devices and WiebeTech digital investigation devices.

The post DIGISTOR® EXTENDS COMMERCIALLY PRICED SELF-ENCRYPTING DRIVE PRODUCTS WITH KEY PRE-BOOT AUTHENTICATION FEATURE TO SECURE DATA AT REST (DAR) appeared first on Cybersecurity Insiders.


October 30, 2022 at 09:03PM

Saturday, October 29, 2022

ioSafe® Introduces Air-gapped Cybersecurity to Isolate Encrypted Data in Its Solo G3 Secure External Hard Drive

Already the recognized leader in onsite data protection, ioSafe® today introduced air-gapped cybersecurity capability in its ioSafe Solo G3 Secure external hard drive. The Solo G3 Secure drive contains an impenetrable barrier between a computer and the ioSafe Solo G3 Secure storage device. This feature delivers the most sophisticated protection available in a fireproof and waterproof drive.

“ioSafe continues to innovate to extend its industry-leading fireproof and waterproof data protection solutions,” said Randal Barber, CEO of ioSafe parent company CDSG. “Combined with its renowned and unprecedented time-to-recovery, businesses and government agencies, media companies and creative professionals, can restore massive amounts of data without loss even if a disaster should occur.”

With the Solo G3 Secure, a user authorizes computer access to the self-encrypting drive using a smartphone app via Bluetooth. Without access authorization, the drive is invisible to the computer, and data is protected from cyberattack as well as fire and water. The authorized user must stay within 10 feet of the Solo G3 Secure or the connection to the computer is lost. In addition, after ten incorrect or unauthorized entry attempts, the drive is wiped.

The ioSafe Solo G3 Secure contains a FIPS 140-2 Level-3 validated self-encrypting drive, which uses XTS-AES 256-bit full-disk hardware encryption.

The new ioSafe Solo G3 Secure is available immediately in 2TB (MSRP $499) and 4TB (MSRP $649) options with USB 3.2 gen 1 connectivity (5 Gbps). The devices include a two-year hardware warranty and two years of Data Recovery Service. Customers may order products through iosafe.com or standard distribution channels.

For more information, visit https://iosafe.com/products/solo-g3-secure/ and iosafe.com. 

About ioSafe

ioSafe is a brand of the CDSG family, renowned for its role in secure data storage and data transport for governments, military organizations, creative professionals, and businesses worldwide. ioSafe’s patented fireproof and waterproof data storage technology, and its comprehensive Data Recovery Service, provide peace of mind. ioSafe customers know their data is always protected—and should the unthinkable happen, they are back up and running faster than any other available solution.

ioSafe products are designed and developed in the United States. Businesses, individuals, and government agencies globally rely on ioSafe to protect their data from disasters caused by fire and flood—and broken plumbing.

The post ioSafe® Introduces Air-gapped Cybersecurity to Isolate Encrypted Data in Its Solo G3 Secure External Hard Drive appeared first on Cybersecurity Insiders.


October 30, 2022 at 05:54AM

Friday, October 28, 2022

ERI Announces Job Fair in Plainfield, Indiana as Employee Roster Continues to Grow

PLAINFIELD, Ind.–(BUSINESS WIRE)–ERI, the nation’s largest fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company, announced today that due to continued growth, it is looking to add more than 50 long-term employees to its staff and will stage a regional job fair event on November 3rd from 1:00pm to 5:00pm at its state-of-the-art facility at 3100 Reeves Road in Plainfield, Indiana.

Available jobs include demolition (power/hand tools), forklift drivers, sorting, sanitation, recycling specialists and asset management (tech). First and second shift positions are available. Starting pay rates range from $15.50 to $18 per hour and full time and overtime opportunities are available. Applications can be completed and submitted on site at the job fair. Gift cards will be raffled off hourly for job fair attendees. ERI will also be providing guided tours.

“We continue to grow exponentially and need new people to join the ERI family all over the country, including at our beautiful Plainfield facility,” said John Shegerian, ERI’s Chairman and CEO. “We’re very proud to continue offering great jobs in Indiana and across the nation that are good for the planet and provide opportunities for growth.”

Shegerian added that this will be the first of several forthcoming hiring fairs for ERI around the country.

Interested applicants who are not able to attend the fair are encouraged to visit ERIdirect.com/about-us/careers to get more information or access an online application form.

ERI is the largest fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company in the United States. ERI is certified at the highest level by all leading environmental and data security oversight organizations to de-manufacture, recycle, and refurbish every type of electronic device in an environmentally responsible manner. It is the first and only company in its industry to achieve SOC 2 certification for security and data protection. ERI has the capacity to process more than a billion pounds of electronic waste annually at its eight certified locations, serving every zip code in the United States. ERI’s mission is to protect people, the planet and privacy. For more information about e-waste recycling and ERI, call 1-800-ERI-DIRECT or visit https://eridirect.com.

The post ERI Announces Job Fair in Plainfield, Indiana as Employee Roster Continues to Grow appeared first on Cybersecurity Insiders.


October 29, 2022 at 09:08AM

Adoption of Secure Cloud Services in Critical Infrastructure

Adoption of cloud services, whether consumed as 3rd party services provided by various vendors or in the form in-house developed software and/or services leveraging Platform-as-a-Service (PaaS) from major Cloud Service Providers (CSPs) has been steadily on the rise in critical infrastructure (CI) related industries[i]. This represents a significant shift for such industries which have traditionally relied on isolation via air-gapped networks. The “move to cloud” presents significant cybersecurity challenges for critical infrastructure related industries, that still put a premium on one element of the C-I-A triad (confidentiality, integrity and availability) over others, namely availability[ii].

What further compounds an already complex architectural and security landscape is the fact that critical infrastructure industries in various countries tend to be either partially or fully government controlled; with many providing “essential services” such as Healthcare, Water, Power, Emergency Services and Food production.

Impact to “essential services”

The US Government’s Cybersecurity and Infrastructure Security Agency or CISA lists about 16 industries that it considers as falling within the ‘critical infrastructure’ umbrella, including several which can be considered as “essential services” including transportation sector, water sector, food and agriculture sector, healthcare and public health sector, chemical sector, dams sector, energy and utilities sector (E&U), emergency services sector[iii]. UK’s CPNI agency also lists about 13 sectors or industries which have a significant overlap with the US list, with several industries offering essential public services directly (such as Water, Food, Health)[iv].

Cyber threats from rival nation states and rogue actors are very plausible and are also becoming increasingly common owing to the geopolitics of the current era. This has in several cases, resulted in loss of continuum of public services that are offered to common citizens.

  • In an example from last year, lack of risk-based adoption of cloud software and lack of controls to prevent access to ICS networks caused service disruption at a US drinking water treatment facility, where cyber-attack via poorly controlled cloud software (desktop sharing) had increased sodium hydroxide levels in drinking water[v].
  • In another example from this year, a version of the Industroyer malware that spreads via spear phishing emails which are part of cloud-based email systems, got access to power grids and almost shut down power supply to a portion of Ukraine’s capital (lack of or poor implementation of cloud native controls to detect and avoid phishing). This attempt had actually succeeded back in 2016, and remains a potent threat[vi].

In short, essential services affects us all and any disruption will tend to impact the way we carry out our daily tasks, not to mention the significant economic costs associated with them.

Current Security Landscape of Critical Infrastructure Industries

Cybersecurity is relatively still very new within CI sectors, which is traditionally lower down the priority list for many these organizations. Critical infrastructure related industries have certain things in common, which in spite of the extreme diversity of their product or service offerings, ties them together:

  • Industrial Control Systems (ICS) or OT Systems

These industries variously and extensively use ICS systems such as Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), Programmable Logic Controllers (PLCs), smart transformers, smart grids, Remote Terminal Units (RTUs) and other such systems.

ICS systems are integral to CI industries, and form the backbone of all their facilities (except corporate offices) such as plants, refineries, workshops, substations etc. These systems are traditionally air-gapped from the corporate and external networks based on the Purdue Reference Model.

  • Purdue Reference Model

Most industries in CI, at least on theory try to align their networks and operations to the Purdue reference model. The Purdue reference model separates various operations and functions into loose logical swim lanes across the enterprise[vii]. There are hierarchical divisions on the basis of which a network is built.

  • IoT sensors and devices

Most plants and facilities have a high degree of IoT sensors and devices communicating wirelessly using very specific protocols, and very often interacting with cloud-based services for receiving and providing different telemetry data.

These unique characteristics of these industries present unique challenges from a security standpoint:

  • Lack of Risk Based decision making when adopting cloud services

Cloud services are adopted to meet specific requirements such as a third-party assessment tool, GRC tool, tools for corporate segmentation etc. Risk assessments including understanding of threat vectors due to introduction of new technologies is not typically or adequately addressed.

  • Using Purdue model for segmentation as a gold standard

Purdue model served the need for logical enterprise architecture for decades until the proliferation of IoT devices, cloud services and myriad of other enterprise-wide software and tools. Specifically in E&U industry, smart grids and smart transformers present a challenge that is not neatly addressed by Purdue model (by definition smart devices are IoT enabled devices that have cloud connectivity beyond the control networks)

  • Lack of robust segmentation and micro-segmentation practices

Most networks have devices that are traditionally sold by automation vendors such as Rockwell, Honeywell, Mitsubishi, Yokogawa etc., which come with defined enterprise network architectures focused on optimum deployments and performance of their equipment. This makes implementing best practices around segmentation within ICS networks very challenging owing to interoperability of solutions, especially with the penetration of cloud services

  • Ubiquitousness of Legacy Devices

Legacy devices exist in ICS networks, and depending on the organization and industry they operate within, their percentage varies. Upgrading these legacy devices are often complex projects that are not necessarily undertaken, given the extreme importance placed on ‘zero downtime’.

  • Overreliance on perimeter firewalls and industrial IDS tools

Several industrial IDS tools that perform deep packet inspection of traffic have proliferated the market. Organizations have been confusing deployment of IDS tools that only indicate anomalous activity as equivalent of securing networks. Additionally, perimeter firewalls are heavily relied upon with little importance to lateral firewalls

A holistic cyber security program focused on cloud and third parties to improve security preparedness

There is no silver bullet when it comes to addressing security concerns within CI industries that provide essential public services. It is impossible and counter-productive to stop the proliferation of cloud services within corporate and even ICS environments. But also, to ignore the security challenges they pose is akin to burying one’s head in the sand, since this is a clear and present threat. Some of the best practices to consider in designing robust networks and enterprise architecture for public services industries are the following (by no means an exhaustive list):

  • Comprehensive security program that addresses all domains of cloud security[viii]:

Establishing a comprehensive cloud security program that consists of all domains such as Access Control, Communications Security, Data Security, Threat Modeling and so on focused on adoption of newer cloud technologies is imperative. This should also be backed by a governance program that proactively addresses security as it pertains to cloud services/software being brought in.

  • Risk Assessments of all 3rd party cloud services and also PaaS services:

Performing a thorough risk assessment on a component-by-component basis to determine risk before any product is brought into the network is imperative. Threat modeling to ensure various threat vectors have been assessed and the risk has been quantified, will mitigate some of the risks

  • Security controls, not just at the perimeter, but spread across ICS networks

Securing ICS networks doesn’t just involve perimeter security, but a whole range of security controls that the security program must implement, including lateral segmentation, possibly micro-segmentation, device level security, and device access control. Special controls must be in place for IoT devices as well. Overreliance on IDS tools doesn’t help the case, as the mitigation strategies still need to put in place.

  • Purdue model by itself will not cut it any more, it needs to be revamped for a cloud world

Though Purdue model will continue to provide the foundation on the basis of which CI public service organizations will operate, a more hybrid model that takes into account the reality that IoT devices and cloud services don’t necessarily interact with devices based on logical or abstract boundaries in important. Knowing data flows including API calls within and outside of the networks is very critical to come up with the best segmentation strategy

It is not particularly difficult to list out ad-nauseum the best practice recommendations for cloud adoption to minimize disruption within CI industries that provide essential services. The fundamental point is that cloud is here to stay and grow in areas that make economic sense for organizations. Also, there is a gradual blurring of lines between corporate and ICS networks, which will only accelerate in future. How organizations prepare themselves to effectively react to security challenges that arise out of it, in an age of extremely volatile geopolitical happenings is what will determine whether essential services are sufficiently protected from remote (cyber) disruptions or not.

[i] https://icscsi.org/library/Documents/ICS_Vulnerabilities/DHS-OCIA%20-%20Risks%20to%20Critical%20Infrastructure%20that%20use%20Cloud%20Services.pdf

[ii] https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-82r2.pdf

[iii] https://www.cisa.gov/critical-infrastructure-sectors

[iv] https://www.cpni.gov.uk/critical-national-infrastructure-0

[v] https://www.cisa.gov/uscert/ncas/alerts/aa21-042a

[vi] https://www.cisa.gov/uscert/ncas/alerts/aa22-110a

[vii] https://www.sans.org/blog/introduction-to-ics-security-part-2/

[viii] https://www.cisa.gov/sites/default/files/publications/Cloud%20Security%20Technical%20Reference%20Architecture.pdf

The post Adoption of Secure Cloud Services in Critical Infrastructure appeared first on Cybersecurity Insiders.


October 29, 2022 at 01:41AM

Cloud Computing and Cybersecurity: Everything You Need To Know

In this article, we will explain possibly two of the most well-known terms today when it comes to web-based businesses and IT teams; cloud computing and cybersecurity. Cloud computing is becoming incredibly popular for several reasons, and cybersecurity has been the main focus since the boom in cyberattacks and their variations.

Although these two terms might feel distant, they are being emerged recently and lots of companies are utilizing cloud computing to make their cybersecurity structure more robust. At first thought, this might look odd since cybersecurity means that you are isolating a private network from other parties and cloud computing requires a third party. But now we have cloud security, let’s see what it’s all about.

What is cloud security?

Cloud security is a subdivision of cybersecurity that aims to ensure the security of the cloud systems of a private network. The operations included in a cloud security structure contains the necessary technologies, authentication methods, processes, procedures, and all activities of an IT security team that deal with keeping the cloud data confidential, integral, and available.

On that note, cloud security is much more than ensuring data security on cloud computing systems. Cloud security needs to include the operations and the maintenance of the accessibility of the cloud, compliance issues, training of the employees on cyberattacks, and how they need to protect themselves on the cloud.

But in most cases, since cloud computing will be obtained from a third party, they will themselves offer the latest security technologies and services along with the cloud to make sure their clients’ information is always safe, and they can always access what they need to.

Cloud Security Best Practices

1) Multi-factor Authentication (MFA)

Passwords are not a good way to handle authorized access anymore as they are vulnerable to being stolen or hacked. Using multi-factor authentication adds another layer of security in which you are verifying users more than a single identifier.

2) Controlling User Access

Endpoints need to be frequently monitored by the IT staff and any suspicious access attempts should be detected in time to ensure the integrity of data. Identity and Access Management (IAM) is a great tool for this with improved access control features. Make sure you have control over access with the help of IAM best practices.

3) Data Encryption

This should go without saying. Encrypting data either moving through or on your database is a crucial practice to increase data security on your cloud computing systems. This technology ensures that cybercriminals are unable to intervene in communication, and even if they get a hold of them, it is nothing more than an unsolvable puzzle.

Why Cybersecurity in Cloud Computing is Important?

We all know how cybersecurity is a big deal today, but there should be an emphasis on cloud security as well since it usually requires a different set of practices to ensure safety. Let’s see some of the most crucial points that make cybersecurity in cloud computing vital.

1) Improving overall cybersecurity

This is especially useful for smaller businesses. The biggest organizations have all the resources they need to ensure cybersecurity on their networks, and they can do it themselves. However, smaller businesses usually don’t have this kind of budget and are unable to set up their cybersecurity systems.

Going with cloud computing will instantly improve the overall security of these businesses since as we said above, most of the work will be done by the cloud provider. They already have the resources and the expertise, so why not just benefit from them?

2) Cloud security is crucial for compliance

Compliance is a must, and there are several sets of regulations such as GDPR, HIPAA, or FISMA. Depending on your industry and your service area, you need to know which one applies to you and ensure that your cloud computing systems are aligned with these standards. You might face serious legal penalties if you and your vendors do not comply.

3) Securing remote work environments

One of the reasons that companies migrate to the cloud is the overwhelming popularity of remote work. They need to make their resources available to users outside of their offices and data centers, and the best way is to move over to the cloud.

But storing valuable data on the cloud can be tricky, and that’s where cloud security comes into play. If you don’t do it properly, there is a great risk that your private network will be a victim to malicious users.

Challenges of Cloud Security

Cloud computing offers great benefits to every size of business, but it does have some challenges and concerns. The first thing to consider is that when utilizing cloud computing, you are giving more control to a third party over your data and network.

As a business owner, you need to make sure to evaluate your vendor candidates in terms of compliance, data security, data recovery plans, and the cybersecurity technologies they can implement. It’s important to note that even if you are relying on a third party, it is still your responsibility to protect the personal and valuable information you have as a company.

Conclusion

Cloud computing and cybersecurity do have a relationship in which one makes another more robust. Although they may sound opposites, ensuring cybersecurity in cloud computing environments is possible. Sometimes, the cloud makes your overall network, even more, stronger, that is, if you choose your cloud vendor carefully. Take advantage of this emerging technology and improve cybersecurity in your company.

The post Cloud Computing and Cybersecurity: Everything You Need To Know appeared first on Cybersecurity Insiders.


October 28, 2022 at 08:53PM

Will new CISA guidelines help bolster cyber defenses?

Roel Decneut, Chief Strategy Officer at Lansweeper

Do you know what IT devices are in your business or on your network right now? If not, it’s not just cybercriminals that might be knocking on your door very soon, but the White House.

Binding Operational Directive 23-01, or BOD 23-01, is a new directive from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a Binding Operational Directive (BOD) that orders federal agencies in the country to keep track of their IT assets and any vulnerabilities on their networks.

The guidance aims to shake up the way devices are tracked, managed, and protected against unauthorized access and attacks like Ransomware. Because if IT teams and organizations don’t know what devices are under their roof, then what chance do they stand in protecting them?

What is the new directive?

The wide-ranging cybersecurity directive orders all U.S. Federal Civilian Executive Branch (FCEB) agencies to create a complete and accurate inventory of all of their software assets.

The new directive is trying to prevent situations such as the 2020 SolarWinds scandal, where several government agencies and organizations were compromised by malicious code injected into the software system.

But it also wants to put more accountability on federal civilian agencies for their own devices and what resides on their networks, as well as hold more responsibility in the case that a cyber breach or attack takes place.

And although the directive only covers federal civilian agencies in the U.S., the CISA also urged the private sector and state governments to review and implement similar asset and vulnerability practices. It’s hard to think of a reason why it shouldn’t also be rolled out to all businesses, not just those in the U.S.

For several years, the CISA has been working to gain greater visibility into risks facing federal civilian networks. It may now finally have made some progress.

What issues is it trying to address?

Threat actors continue to target critical infrastructure, networks, and devices to exploit weaknesses within unknown, unprotected, or under-protected assets. Previous and even current methods to prevent this from happening have provided varying levels of success, hence the need for another layer of protection.

At a basic level, businesses still aren’t tracking the devices and software underneath their own roof, with around one in three IT teams saying they don’t actively track the software used by employees within the business.

The hope with the new directive is that, at a minimum, agencies and government departments have access to an up-to-date inventory of assets. You can’t protect what you can’t see, so by providing this visibility we’re already one step ahead of the game.

But that alone won’t solve the issue altogether, as there’s no point seeing what’s under threat if you can’t prevent an attack from happening in the first place or at least stop it from becoming mission-critical.

93% of companies are vulnerable to external attackers breaching their network perimeters and gaining access to sensitive data. By improving on current IT asset management strategies to be able to identify vulnerabilities, track vulnerability signatures, and share that information with the relevant parties, we can help protect information from getting into the wrong hands.

What does it mean for IT teams?

The attack surface – the points of entry and vulnerabilities that serve as attack vectors – is expanding rapidly. New technologies, recent changes to implement remote and hybrid workplaces, and bring your own device (BYOD) gaining momentum again is threatening to overpower IT teams.

The attack surface is becoming uncontrollable, which is why new methods of Cyber Asset Attack Surface Management (CAASM) are becoming vital in managing and protecting organizations.

For agencies looking to become compliant with the new directive, creating a software asset inventory will be seen as a significant administrative challenge. We’re talking about having to locate, identify, record, and report on potentially hundreds or thousands of pieces of hardware and software.

Agentless scanning technology should help here. If done manually, creating an up-to-date inventory of all of these assets would take hundreds of hours, cost a significant amount of money, and potentially impact operations with IT resources diverted from other business-critical tasks.

Asset visibility and vulnerability detection 101

There are two key areas IT teams need to focus on – asset inventory and vulnerability scans. Together, these are seen as vital in gaining the visibility needed to protect federal organizations against outside threats.

By April 3, 2023, asset discovery scans will need to be run every seven days, while vulnerability assessments across those assets every 14 days. Agencies will also have to prove that they have the capabilities to run such tests on-demand, with the CISA requesting proof within 72 hours of receiving a written request.

If IT teams don’t have one already, they will need to create and maintain an up-to-date inventory of IT assets on their network, as well as identify vulnerabilities, and share relevant information with the CISA at regular intervals.

IT teams are already under pressure, and the only realistic and cost-effective way organizations can become compliant is to automate IT inventory. With new devices added on an almost daily basis and current tech needing to be constantly updated, it’s virtually impossible to handle this manually.

Knowing what’s on your network is necessary for any organization to reduce risk. In today’s digital-first world, with more attack surfaces than ever before, taking stock of what you have is the first step in protecting and preventing the worst from taking place.

The post Will new CISA guidelines help bolster cyber defenses? appeared first on Cybersecurity Insiders.


October 28, 2022 at 08:42PM

LinkedIn added new security features to weed out fraud and fake profiles

LinkedIn is a professional social media platform where learnt people interact to take their businesses to next level. But there are N number of instances where the platform has/is serving as a medium for criminals to create fake profiles to lure C-level employees with malicious intentions, sell fake counterfeit products, and act as a medium to conduct monetary scams.

However, all this is going to change soon as the social networking platform has induced new security features that will help in curbing crime to a major extent.

The foremost will be the ‘ About Profile’ feature that will help users to check when a user profile was created and updated. If it was created fresh and is seen with a beautify women’s photo, you better stay out of it and never connect with them. This feature will also show whether the profile has a verified phone number and an associated email address with the account that shows its authenticity.

Second feature will be backed up with AI powered intelligence where fake accounts can be red-flagged with the help of profile photos. It is actually a developed form of LinkedIn’s 2019 automated anti-abuse defense that helps in tracking down and removing fake profiles before then start interacting with other members with malevolent intentions.

Third new security feature will be related to high-risk profiles that can put the entire platform in jeopardy. It will ban all those profiles that invite users to join on other platforms and that too without the knowledge of the sender.

NOTE- In the first week of October this year, Check Point released a report stating DHL replacing LinkedIn in the top spot as the leading brand that is being emulated in phishing attempts between July and September.

 

The post LinkedIn added new security features to weed out fraud and fake profiles appeared first on Cybersecurity Insiders.


October 28, 2022 at 08:35PM

How are offshore web development services helping businesses?

There are multiple types of services are available for businesses that help them to get quality results. With the help of web development and app development services, it will help them to improve the performance of their work. All the requirements will be added to the application to make the work more efficient. There is nothing to worry about because the available services will be very helpful. So, it is really useful for companies who are eagerly finding an expert for web development services. It is helpful with the quality results that are offered by professionals. So, if you are running a business then it is very important to hire the right professionals for the work. For businesses, it is the right decision that is made by the companies.

Get a web development team:

With the help of offshore development services, companies are getting lots of benefits without making much effort. One can use the services from https://diceus.com/services/offshore-web-development-company/ and will have quality results from it. You can also try it and have top-quality services with it. So, just visit here and get the beneficial services to find the right services for business. It makes the work quick and easy and no one has to face lots of issues in getting the right services. Companies that don’t use such services have to try them and will have beneficial results. You have to check the types of services that are available and with it, companies don’t have to conduct an interview and pass through the hiring process. It helps to make the work easy and beneficial for the companies. So, get the services today and make it simple and quick.

Why offshore development services?

It is really hard for companies to find the right candidate and for them, DIECUS is working. Some professionals are selected among the thousands of candidates. They know how to work and now with years of experience, they are eligible to complete the tasks without any issues. You must have to check about the services that will help you to run your business efficiently. With the services, you will have the right team and can complete the work within time. Many companies are already using it and are happy with such type of services. Many candidates also keep adding to the team according to their experience and knowledge. It is will help the companies to have the right team for their business. So, one must have to get the services and have to choose the best results with them.

Secure:

All the services offered by the professional are secured to them. No one will be going to get the information about the development service they offered. But it helps them to add it to their experience. Experts use their knowledge to provide you top quality service and with the help of their experience, companies are also getting lots of benefits. So, there is nothing to worry about your company`s data and information because it is safe and will never be leaked by any of the employees. You can freely use the services and will have the best results with them. Many professionals are here who are doing their job with proper responsibility and are helping others to get their desired service. So, without worrying about anything and get the services.

Conclusion:

Every IT company should know about the best alternative to their work. If you have any special requirements for employees due to workload then don’t have to hire permanent employees for short-term work. One can simply hire professionals and will have quality results. So, without wasting more time get services. All the professionals have expertise in their work and will provide quality benefits. You need to check about the benefits that are offered and make the work easy and quick. There is no need to conduct interviews to hire employees and get quality results with the services that are needed. So, without worrying about anything get your services and have the best services. You will love the quality of the work and will always choose such type of services in future. You need to hire a professional today to let the work starts.

The post How are offshore web development services helping businesses? appeared first on Cybersecurity Insiders.


October 28, 2022 at 07:53PM

White House concerned about Cyber Attacks on Chemical Sector

Biden administration seems to be extremely worried about the ongoing cyber attacks on the chemical sector and so has taken an initiative to improve the security posture of businesses operating in the said field for a period of next 100 days.

Therefore, the government of the United States has issued an emergency funding to bolster security systems of all the Industrial Control Systems (ICS) operating in electricity generation and supply, water utility distribution and railway industries.

The 100-day sprint initiative will involve info sharing and coordination among federal government and private sector, identify high-risk chemical firms and see that their control systems handling hazardous material are on power regarding technologies and tools that help mitigate sophisticated attacks in the current cyber landscape.

With the tension gripping with Russia, the White House seems to be in no mood to take any chances if at all the former starts indulging in cyberwarfare. For this reason, it wants to strengthen the IT infrastructure of firms dealing with fertilizers, disinfectants, personal care products, and power sources.

NOTE 1- In September 2022, United States law enforcement agencies gained a tip-off from international intelligence that Putin is interested in winning his war with Ukraine at any cost and is also involved in punishing nations that are working to support Volodymyr Zelensky led nation. There is a high probability that Kremlin will use Nuclear Power on supporting nations, if the war consequences don’t turn in favor in coming 3-weeks. There is also a high possibility that he might take charge of industrial systems operating in companies serving chemical sector, just to trigger a chemical war, if/when necessary.

NOTE 2- For this reason, the Biden-Harris administration is taking proactive measures against the existing cyber threats to keep the American populace 100% safe.

 

The post White House concerned about Cyber Attacks on Chemical Sector appeared first on Cybersecurity Insiders.


October 28, 2022 at 11:12AM

Thursday, October 27, 2022

8×8, Inc. Reports Second Quarter Fiscal 2023 Financial Results

CAMPBELL, Calif.–(BUSINESS WIRE)–8×8, Inc. (NYSE: EGHT), a leading integrated cloud communications platform provider, today reported financial results for the second quarter of fiscal 2023 ended September 30, 2022.

Second Quarter Fiscal 2023 Financial Results:

  • Total revenue increased 24% year-over-year to $187.4 million, including Fuze revenue of $28.4 million.
  • Service revenue increased 25% year-over-year to $178.6 million, including Fuze revenue of $27.9 million.
  • GAAP operating loss was $25.0 million, compared to operating loss of $37.2 million in the second quarter of fiscal 2022.
  • Non-GAAP operating profit was $9.1 million, an increase of 368% compared to non-GAAP operating profit of $1.9 million in the second quarter of fiscal 2022.

“Our second quarter results reflected our increased emphasis on profitability and cash flow generation. Non-GAAP gross margin was above 70% and non-GAAP operating profit and operating cash flow exceeded our expectations,” said Dave Sipes, 8×8 Chief Executive Officer. “As a result, we are once again raising our non-GAAP operating margin targets for the year and believe we have line of sight to double-digit operating margins on a non-GAAP basis in fiscal 2024.”

“We believe we can achieve these results while continuing to invest in innovation on our XCaaS platform and providing an outstanding customer experience that enables our customers to make every interaction an opportunity to delight. Our unified XCaaS platform delivers this advantage to customers at a lower total cost of ownership,” added Sipes.

Second Quarter Fiscal 2023 Financial Metrics and Recent Business Highlights:

Financial Metrics

  • Annual Recurring Subscriptions and Usage Revenue (ARR):
    • Total ARR grew to $692 million, an increase of 25% from the end of the same period last year.
    • Enterprise ARR of $401 million increased 42% year-over-year and represented 58% of total ARR.
    • 1,291 customers generated ARR greater than $100,000, compared to 871 at the end of the second quarter of fiscal 2022.
  • GAAP gross margin was 67%, compared to 61% in the same period last year. Non-GAAP gross margin was 70%, compared to 64% in the same period last year.
  • GAAP service revenue gross margin was 71%, compared to 67% in the same period last year. Non-GAAP service gross margin was 74%, compared to 69% in the same period last year.
  • Cash provided by operating activities was $13.8 million for the second quarter, compared to $5.1 million in the second quarter of fiscal 2022.
  • Cash, cash equivalents, restricted cash and investments were $132.3 million on September 30, 2022, compared to $145.6 million on March 31, 2022.

A reconciliation of the non-GAAP measures to the most directly comparable GAAP measures and other information relating to non-GAAP measures is included in the supplemental reconciliation at the end of this release.

Recent Business Highlights:

Product Innovation Highlights

  • Released an update to the 8×8 XCaaS™ (eXperience Communications as a Service™) platform. Highlights included:
    • A new 8×8 phone app for Microsoft Teams, providing customers with additional options for enabling cost-effective PSTN calling in the Teams apps.
    • Full cloud PSTN support extended to 56 countries and territories, now including Estonia and Lithuania.
    • Expanded customer experience analytics with new visual interaction flow diagrams, enhanced reporting into digital interactions and new advanced search and filter capabilities.
  • 8×8 Work is now Chrome Enterprise recommended for the Communications solution track, ensuring that 8×8 Work is optimized for ChromeOS environments. With this, organizations that standardize on ChromeOS have the peace of mind to deploy the 8×8 XCaaS platform across all users, from the contact center to the front desk.

Industry Recognition

  • Singapore’s Cyber Security Agency (CSA) recognized 8×8 CPaaS for its strong cybersecurity practices with the Cyber Trust mark certification, one of the first companies to be awarded the certification.
  • Recognized in the 2022 Gartner® Magic Quadrant™ for Contact Center as a Service for the eighth year in a row.
  • Awarded a Gold Stevie® Award in the Customer Service Executive of the Year category and a Silver Stevie® Award in the Customer Service Department of the Year category in The 19th Annual International Business Awards®.
  • Received the Comms Council UK Awards 2022 for Best ITSP Large Enterprise and Best Innovation for 8×8 Agent Workspace.
  • Awarded the 2022 Best Overall Supplier for Canada by Telarus.
  • Recognized as the Top International Vendor and Fifth Top Overall Vendor by Avant Special Forces.

Corporate Highlights

  • The Company retired approximately $404 million in aggregate principal amount of its convertible notes due in 2024 in exchange for the issuance of $202 million new senior convertible notes due in 2028 and $182 million in cash out of the proceeds from a $250 million term loan due in 2027.
  • Concurrent with the convertible notes exchange, the company repurchased 10.7 million shares of its common stock for approximately $60 million.
  • Subsequent to the debt exchange, the Company repurchased $6 million aggregate principal amount of its convertible senior notes due 2024 in an open market transaction. Following the convertible debt exchange and repurchase, approximately $90 million in aggregate principal amount of the convertible senior notes due 2024 remains outstanding.

“By simultaneously executing a term loan, convertible debt exchange, and share repurchase, we extended the maturity of more than 80 percent of our 2024 convertible debt while limiting the potential dilutive impact to existing shareholders,” said Sam Wilson, 8×8 Chief Financial Officer. “These transactions further strengthen our already solid financial foundation, which includes more than $130 million in cash and investments. Our emphasis on profitability is generating increased cash flow, and we believe we will have more than sufficient resources to fund our operations and repurchase the remaining $90 million in aggregate principal amount of the 2024 Notes on or before maturity.”

Leadership Update

The company announced the appointment of Jeanette Winters as Chief Human Resources Officer of 8×8. Dr. Winters holds a doctorate in Public Administration from University of Southern California and has more than 25 years experience leading corporate talent management, diversity and inclusion, organizational development, and enterprise learning functions at global Fortune 500 organizations, including Intel, American Express, Pitney Bowes and Amgen. Immediately prior to her appointment at 8×8, Dr. Winters was chief talent officer and managing partner at Winters Advisory Group, an HR consultancy, and served as 8×8’s Interim Chief Human Resources Officer.

Dr. Winters was granted restricted stock units (RSUs) for up to 100,000 of the company’s common stock and performance stock units (PSUs) for up to 200,000 shares of the company’s common stock. The RSUs and PSUs will vest over periods of three years, subject to Dr. Winters’ continuing employment or other association with 8×8 or any of its subsidiaries and, in the case of the PSUs, subject to the achievement of certain performance criteria. The awards were approved by a majority of 8×8’s independent directors as material inducements to Dr. Winters’ hiring, in accordance with New York Stock Exchange Rule 303A.08 and 8×8’s 2017 New Employee Inducement Incentive Plan.

Third Quarter and Updated Fiscal 2023 Financial Outlook:

Management provides expected ranges for total revenue, service revenue and non-GAAP operating margin based on its evaluation of the current business environment and foreign current exchange rates prevailing as of the announcement date of the prior quarters’ financial results. The Company emphasizes that these expectations are subject to various important cautionary factors referenced in the section entitled “Forward-Looking Statements” below.

Third Quarter Fiscal 2023 Ending December 31, 2022

  • Service revenue in the range of $178 million to $180 million, representing year-over-year growth of approximately 20% at the midpoint.
  • Total revenue in the range of $185 million to $188 million, representing year-over-year growth of approximately 19% at the midpoint.
  • Non-GAAP operating margin in the range of 5.0 to 5.8%.

Fiscal Year 2023 Ending March 31, 2023

  • Service revenue in the range of $712 million to $720 million, representing year-over-year growth of 19% at the midpoint.
  • Total revenue in the range of $745 million to $755 million, representing year-over-year growth of approximately 18% at the midpoint.
  • Non-GAAP operating margin of approximately 5.5%, with a goal of exiting fiscal 2023 with non-GAAP operating margin of at least 6.5%.

The Company does not reconcile its forward-looking estimates of non-GAAP operating margin to the corresponding GAAP measures of GAAP operating margin due to the significant variability of, and difficulty in making accurate forecasts and projections with regards to, the various expenses it excludes. For example, future hiring and employee turnover may not be reasonably predictable, stock-based compensation expense depends on variables that are largely not within the control of nor predictable by management, such as the market price of 8×8 common stock, and may also be significantly impacted by events like acquisitions, the timing and nature of which are difficult to predict with accuracy. Foreign currency exchange fluctuations may negatively impact our guidance. The actual amounts of these excluded items could have a significant impact on the Company’s GAAP operating margin. Accordingly, management believes that reconciliations of this forward-looking non-GAAP financial measure to the corresponding GAAP measure are not available without unreasonable effort. All projections are on a non-GAAP basis. See the Explanation of GAAP to Non-GAAP Reconciliation below for the definition of non-GAAP operating margin. Our increased emphasis on profitability and cash flow generation may not be successful. The reduction in our total costs as a percentage of revenue may negatively impact our revenue and our business in ways we don’t anticipate and may not achieve the desired outcome.

Conference Call Information:

Management will host a conference call to discuss earnings results on October 27, 2022, at 1:30 p.m. Pacific Time (4:30 p.m. Eastern Time). The conference call will last approximately 60 minutes and is accessible via the following numbers and webcast link:

Dial In: 1-844-200-6205 (U.S.) or 1-929-526-1599 (International)

Passcode: 602771

Webcast: https://investors.8×8.com/events-and-presentations

Participants should plan to dial in or log on 10 minutes prior to the start time. The webcast will be archived on 8×8’s website for a period of at least 30 days. For additional information, visit http://investors.8×8.com.

About 8×8, Inc.

8×8, Inc. (NYSE: EGHT) is transforming the future of business communications as a leading software as a service provider of 8×8 XCaaS™ (eXperience Communications as a Service™), an integrated contact center, voice communications, video, chat, and SMS solution built on one global cloud communications platform. 8×8 uniquely eliminates the silos between unified communications as a service (UCaaS) and contact center as a service (CCaaS) to power the communications requirements of all employees globally as they work together to deliver differentiated customer experiences. For additional information, visit www.8×8.com, or follow 8×8 on LinkedIn, Twitter and Facebook.

Forward Looking Statements:

This news release contains “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995 and Section 21E of the Securities Exchange Act of 1934. Any statements that are not statements of historical fact may be deemed to be forward-looking statements. For example, words such as “may,” “will,” “should,” “estimates,” “predicts,” “potential,” “continue,” “strategy,” “believes,” “anticipates,” “plans,” “expects,” “intends,” and similar expressions are intended to identify forward-looking statements. These forward-looking statements, include but are not limited to: changing industry trends, operational and economic impacts of the COVID-19 pandemic, the impact of foreign currency exchange rate and interest rate fluctuations, new debt, interest expense, and our ability to repay our remaining outstanding convertible senior notes due 2024, new product innovations and integrations, the future impact of the Fuze, Inc. acquisition on our operations and financial results, market demand for our products, channel and e-commerce growth, sales and marketing activities, strategic partnerships, business strategies, customer acquisition and support costs, customer churn, future operating performance and efficiencies, financial outlook, revenue growth, and profitability, including whether we will achieve sustainable growth and profitability.

You should not place undue reliance on such forward-looking statements. Actual results could differ materially from those projected in forward-looking statements depending on a variety of factors, including, but not limited to: a reduction in our total costs as a percentage of revenue may negatively impact our revenues and our business; customer adoption and demand for our products may be lower than we anticipate; the impact of economic downturns on us and our customers, including from the COVID-19 pandemic; ongoing volatility and conflict in the political environment, including Russia’s invasion of Ukraine; risks related to our new secured term loan and outstanding convertible senior notes due in 2024 and 2028; inflationary pressures and rising interest rates; competitive dynamics of the cloud communication and collaboration markets, including voice, contact center, video, messaging, and communication application programming interfaces (“APIs”), in which we compete may change in ways we are not anticipating; impact of supply chain disruptions; third parties may assert ownership rights in our IP, which may limit or prevent our continued use of the core technologies behind our solutions; our customer churn rate may be higher than we anticipate; our investments in marketing, channel and value-added resellers (VARs), e-commerce, new products, and our acquisition of Fuze, Inc. may not result in revenue growth; and we may not achieve our target service revenue growth, or the revenue, earnings, operating margin or other amounts we forecast in our guidance, for a particular quarter or for the full fiscal year.

For a discussion of such risks and uncertainties, which could cause actual results to differ from those contained in the forward-looking statements, see “Risk Factors” in the Company’s reports on Forms 10-K and 10-Q, as well as other reports that 8×8, Inc. files from time to time with the Securities and Exchange Commission. All forward-looking statements are qualified in their entirety by this cautionary statement, and 8×8, Inc. undertakes no obligation to update publicly any forward-looking statement for any reason, except as required by law, even as new information becomes available or other events occur in the future.

Explanation of GAAP to Non-GAAP Reconciliation

The Company has provided, in this release, financial information that has not been prepared in accordance with Generally Accepted Accounting Principles (GAAP). Management uses these Non-GAAP financial measures internally to understand, manage, and evaluate the business, and to make operating decisions. Management believes they are useful to investors, as a supplement to GAAP measures, in evaluating the Company’s ongoing operational performance. Management also believes that some of 8×8’s investors use these Non-GAAP financial measures as an additional tool in evaluating 8×8’s ongoing “core operating performance” in the ordinary, ongoing, and customary course of the Company’s operations. Core operating performance excludes items that are non-cash, not expected to recur, or not reflective of ongoing financial results. Management also believes that looking at the Company’s core operating performance provides consistency in period-to-period comparisons and trends.

These Non-GAAP financial measures may be calculated differently from, and therefore may not be comparable to, similarly titled measures used by other companies, which limits the usefulness of these measures for comparative purposes. Management recognizes that these Non-GAAP financial measures have limitations as analytical tools, including the fact that management must exercise judgment in determining which types of items to exclude from the Non-GAAP financial information. Non-GAAP financial measures should not be considered in isolation from, or as a substitute for, financial information prepared in accordance with GAAP. Investors are encouraged to review the reconciliation of these Non-GAAP financial measures to their most directly comparable GAAP financial measures in the table titled “Reconciliation of GAAP to Non-GAAP Financial Measures”. Detailed explanations of the adjustments from comparable GAAP to Non-GAAP financial measures are as follows:

Non-GAAP Costs of Revenue, Costs of Service Revenue and Costs of Other Revenue

Non-GAAP Costs of Revenue includes: (i) Non-GAAP Cost of Service Revenue, which is Cost of Service Revenue excluding amortization of acquired intangible assets, stock-based compensation expense and related employer payroll taxes, certain legal and regulatory costs, and certain severance, transition and contract termination costs; and (ii) Non-GAAP Cost of Other Revenue, which is Cost of Other Revenue excluding stock-based compensation expense and related employer payroll taxes, certain legal and regulatory costs, and certain severance, transition and contract termination costs.

Non-GAAP Service Revenue Gross Margin, Other Revenue Gross Margin, and Gross Margin

Non-GAAP Service Revenue Gross Margin (and as a percentage of Service Revenue) and Non-GAAP Other Revenue Gross Margin (and as a percentage of Other Revenue) are computed as Service Revenue less Non-GAAP Cost of Service Revenue divided by Service Revenue and Other Revenue less Non-GAAP Cost of Other Revenue divided by Other Revenue, respectively. Non-GAAP Gross Margin (and as a percentage of Revenue) is computed as Revenue less Non-GAAP Cost of Service Revenue and Non-GAAP Cost of Other Revenue divided by Revenue. Management believes the Company’s investors benefit from understanding these adjustments and from an alternative view of the Company’s Cost of Service Revenue and Cost of Other Revenue as well as the Company’s Service, Other and Gross Margins performance as compared to prior periods and trends.

Non-GAAP Operating Expenses

Non-GAAP Operating Expenses includes Non-GAAP Research and Development, Non-GAAP Sales and Marketing, and Non-GAAP General and Administrative, each of which excludes: amortization of acquired intangible assets, stock-based compensation expense and related employer payroll taxes, acquisition and integration expenses, and certain severance, transition and contract termination costs. Management believes that these exclusions provide investors with a supplemental view of the Company’s ongoing operational expenses.

Non-GAAP Operating Profit and Non-GAAP Operating Margin

Non-GAAP Operating Profit excludes: amortization of acquired intangible assets, stock-based compensation expense and related employer payroll taxes, acquisition and integration expenses, certain legal and regulatory costs, and certain severance, transition and contract termination costs from Operating Profit (Loss). Non-GAAP Operating Margin is Non-GAAP Operating Profit divided by Revenue. Management believes that these exclusions provide investors with a supplemental view of the Company’s ongoing operating performance.

Non-GAAP Other Income (Expense), net

Non-GAAP Other Income (Expense), net excludes: acquisition and integration expenses, certain severance, transition and contract termination costs, debt amortization expense, gain on debt extinguishment, gain or loss on remeasurement of warrants, and sub-lease income from Other Income (Expense), net. Management believes the Company’s investors benefit from this supplemental information to facilitate comparison of the Company’s other income (expense), performance to prior results and trends.

Non-GAAP Net Income

Non-GAAP Net Income excludes: amortization of acquired intangible assets, stock-based compensation expense and related employer payroll taxes, acquisition and integration expenses, certain legal and regulatory costs, certain severance, transition and contract termination costs, debt amortization expense, gain on debt extinguishment, gain or loss on remeasurement of warrants, and sub-lease income. Management believes the Company’s investors benefit from understanding these adjustments and an alternative view of our net income performance as compared to prior periods and trends.

Non-GAAP Net Income Per Share – Basic and Non-GAAP Net Income Per Share – Diluted

Non-GAAP Net Income Per Share – Basic is Non-GAAP Net Income divided by the weighted-average basic shares outstanding. Non-GAAP Net Income Per Share – Diluted is Non-GAAP Net Income divided by the weighted-average diluted shares outstanding. Diluted shares outstanding include the effect of potentially dilutive securities from stock-based benefit plans and convertible senior notes. These potentially dilutive securities are excluded from the computation of net loss per share attributable to common stockholders on a GAAP basis because the effect would have been anti-dilutive. They are added for the computation of diluted net income per share on a non-GAAP basis in periods when 8×8 has net profit on a non-GAAP basis as their inclusion provides a better indication of 8×8’s underlying business performance. Management believes the Company’s investors benefit by understanding our Non-GAAP net income performance as reflected in a per share calculation as ways of measuring performance by ownership in the company. Management believes these adjustments offer investors a useful view of the Company’s diluted net income per share as compared to prior periods and trends.

Management evaluates and makes decisions about its business operations based on Non-GAAP financial information by excluding items management does not consider to be “core costs” or “core proceeds.” Management believes some of its investors also evaluate our “core operating performance” as a means of evaluating our performance in the ordinary, ongoing, and customary course of our operations. Management excludes the amortization of acquired intangible assets, which primarily represents a non-cash expense of technology and/or customer relationships already developed, to provide a supplemental way for investors to compare the Company’s operations pre-acquisition to those post-acquisition and to those of our competitors that have pursued internal growth strategies. Stock-based compensation expense has been excluded because it is a non-cash expense and relies on valuations based on future conditions and events, such as the market price of 8×8 common stock, that are difficult to predict and/or largely not within the control of management. The related employer payroll taxes for stock-based compensation are excluded since they are incurred only due to the associated stock-based compensation expense. Acquisition and integration expenses consist of external and incremental costs resulting directly from merger and acquisition and strategic investment activities such as legal and other professional services, due diligence, integration, and other closing costs, which are costs that vary significantly in amount and timing. Legal and regulatory costs include litigation and other professional services, as well as certain tax and regulatory liabilities. Severance, transition and contract termination costs include employee termination benefits, executive severance agreements, cancellation of certain contracts, and lease impairments. Debt amortization expenses relate to the non-cash accretion of the debt discount.

8×8, Inc.

CONSOLIDATED STATEMENTS OF OPERATIONS

(Unaudited, in thousands, except per share amounts)

 

 

 

 

 

 

 

Three Months Ended

September 30,

 

Six Months Ended

September 30,

 

 

 

2022

 

 

 

2021

 

 

 

2022

 

 

 

2021

 

Service revenue

 

$

178,556

 

 

$

142,376

 

 

$

357,717

 

 

$

280,172

 

Other revenue

 

 

8,833

 

 

 

9,181

 

 

 

17,292

 

 

 

19,712

 

Total revenue

 

 

187,389

 

 

 

151,557

 

 

 

375,009

 

 

 

299,884

 

 

 

 

 

 

 

 

 

 

Cost of revenue and operating expenses:

 

 

 

 

 

 

 

 

Cost of service revenue

 

 

51,038

 

 

 

47,198

 

 

 

104,585

 

 

 

93,208

 

Cost of other revenue

 

 

11,000

 

 

 

12,269

 

 

 

24,126

 

 

 

26,015

 

Research and development

 

 

36,019

 

 

 

28,498

 

 

 

70,974

 

 

 

53,890

 

Sales and marketing

 

 

80,487

 

 

 

76,726

 

 

 

164,014

 

 

 

152,641

 

General and administrative

 

 

33,835

 

 

 

24,023

 

 

 

63,054

 

 

 

50,114

 

Total operating expenses

 

 

212,379

 

 

 

188,714

 

 

 

426,753

 

 

 

375,868

 

Loss from operations

 

 

(24,990

)

 

 

(37,157

)

 

 

(51,744

)

 

 

(75,984

)

Other income (expense), net

 

 

13,950

 

 

 

(4,934

)

 

 

15,066

 

 

 

(9,757

)

Loss from operations before provision for income taxes

 

 

(11,040

)

 

 

(42,091

)

 

 

(36,678

)

 

 

(85,741

)

Provision for income taxes

 

 

599

 

 

 

233

 

 

 

1,004

 

 

 

489

 

Net loss

 

$

(11,639

)

 

$

(42,324

)

 

$

(37,682

)

 

$

(86,230

)

 

 

 

 

 

 

 

 

 

Net loss per share:

 

 

 

 

 

 

 

 

Basic and diluted

 

$

(0.10

)

 

$

(0.38

)

 

$

(0.32

)

 

$

(0.78

)

 

 

 

 

 

 

 

 

 

Weighted average number of shares:

 

 

 

 

 

 

 

 

Basic and diluted

 

 

116,013

 

 

 

112,422

 

 

 

117,857

 

 

 

111,180

 

8×8, Inc.

CONSOLIDATED BALANCE SHEETS

(Unaudited, in thousands)

 

 

 

September 30, 2022

 

March 31, 2022

ASSETS

 

 

 

 

Current assets

 

 

 

 

Cash and cash equivalents

 

$

100,512

 

 

$

91,205

 

Restricted cash, current

 

 

511

 

 

 

8,691

 

Short-term investments

 

 

30,411

 

 

 

44,845

 

Accounts receivable, net

 

 

58,345

 

 

 

57,400

 

Deferred sales commission costs, current

 

 

36,350

 

 

 

35,482

 

Other current assets

 

 

37,537

 

 

 

37,999

 

Total current assets

 

 

263,666

 

 

 

275,622

 

Property and equipment, net

 

 

68,717

 

 

 

79,016

 

Operating lease, right-of-use assets

 

 

54,201

 

 

 

63,415

 

Intangible assets, net

 

 

117,490

 

 

 

128,213

 

Goodwill

 

 

262,393

 

 

 

266,867

 

Restricted cash, non-current

 

 

818

 

 

 

818

 

Long-term investments

 

 

 

 

 

2,671

 

Deferred sales commission costs, non-current

 

 

71,647

 

 

 

75,668

 

Other assets

 

 

17,009

 

 

 

17,978

 

Total assets

 

$

855,941

 

 

$

910,268

 

LIABILITIES AND STOCKHOLDERS’ EQUITY

Current liabilities

 

 

 

 

Accounts payable

 

$

43,844

 

 

$

49,721

 

Accrued compensation

 

 

32,923

 

 

 

36,319

 

Accrued taxes

 

 

31,579

 

 

 

32,573

 

Operating lease liabilities, current

 

 

12,648

 

 

 

15,485

 

Deferred revenue, current

 

 

30,860

 

 

 

34,262

 

Other accrued liabilities

 

 

17,131

 

 

 

23,167

 

Total current liabilities

 

 

168,985

 

 

 

191,527

 

Operating lease liabilities, non-current

 

 

68,437

 

 

 

74,518

 

Convertible senior notes

 

 

286,682

 

 

 

447,452

 

Term loan

 

 

230,049

 

 

 

 

Deferred revenue, non-current

 

 

10,465

 

 

 

11,430

 

Other liabilities, non-current

 

 

6,541

 

 

 

2,975

 

Total liabilities

 

 

771,159

 

 

 

727,902

 

Stockholders’ equity:

 

 

 

 

Common stock

 

 

111

 

 

 

118

 

Additional paid-in capital

 

 

867,063

 

 

 

956,599

 

Accumulated other comprehensive loss

 

 

(24,944

)

 

 

(7,913

)

Accumulated deficit

 

 

(757,448

)

 

 

(766,438

)

Total stockholders’ equity

 

 

84,782

 

 

 

182,366

 

Total liabilities and stockholders’ equity

 

$

855,941

 

 

$

910,268

 

8×8, Inc.

CONSOLIDATED STATEMENTS OF CASH FLOWS

(Unaudited, in thousands)

 

 

 

 

 

Six Months Ended September 30,

 

 

 

2022

 

 

 

2021

 

Cash flows from operating activities:

 

 

 

 

Net loss

 

$

(37,682

)

 

$

(86,230

)

Adjustments to reconcile net loss to net cash used in operating activities:

 

 

 

 

Depreciation

 

 

5,624

 

 

 

5,771

 

Amortization of intangible assets

 

 

10,723

 

 

 

2,551

 

Amortization of capitalized software

 

 

11,494

 

 

 

14,713

 

Amortization of debt discount and issuance costs

 

 

2,000

 

 

 

8,855

 

Amortization of deferred sales commission costs

 

 

18,839

 

 

 

16,857

 

Allowance for credit losses

 

 

1,781

 

 

 

645

 

Operating lease expense, net of accretion

 

 

5,925

 

 

 

6,795

 

Stock-based compensation expense

 

 

52,435

 

 

 

72,422

 

Gain on debt extinguishment

 

 

(16,106

)

 

 

 

Gain on remeasurement of warrants

 

 

(1,293

)

 

 

 

Impairment of right-of-use assets

 

 

2,424

 

 

 

 

Other

 

 

(192

)

 

 

853

 

Changes in assets and liabilities:

 

 

 

 

Accounts receivable, net

 

 

(4,579

)

 

 

(1,100

)

Deferred sales commission costs

 

 

(13,834

)

 

 

(23,489

)

Other current and non-current assets

 

 

1,223

 

 

 

(835

)

Accounts payable and accruals

 

 

(14,733

)

 

 

(9,860

)

Deferred revenue

 

 

(4,367

)

 

 

1,183

 

Net cash provided by operating activities

 

 

19,682

 

 

 

9,131

 

Cash flows from investing activities:

 

 

 

 

Purchases of property and equipment

 

 

(1,845

)

 

 

(2,358

)

Cost of capitalized software

 

 

(4,328

)

 

 

(11,613

)

Purchases of investments

 

 

(27,669

)

 

 

(56,049

)

Sales of investments

 

 

8,296

 

 

 

10,299

 

Proceeds from maturity of investments

 

 

36,641

 

 

 

30,967

 

Acquisition of businesses

 

 

(1,250

)

 

 

 

Net cash provided by (used in) investing activities

 

 

9,845

 

 

 

(28,754

)

Cash flows from financing activities:

 

 

 

 

Finance lease payments

 

 

 

 

 

(8

)

Tax-related withholding of common stock

 

 

 

 

 

(128

)

Proceeds from issuance of common stock under employee stock plans

 

 

1,713

 

 

 

10,328

 

Repayment and exchange of senior convertible notes

 

 

(190,553

)

 

 

 

Repurchase of common stock

 

 

(60,214

)

 

 

 

Net proceeds from term loan

 

 

232,861

 

 

 

 

Net cash (used in) provided by financing activities

 

 

(16,193

)

 

 

10,192

 

Effect of exchange rate changes on cash

 

 

(12,207

)

 

 

(111

)

Net increase (decrease) in cash, cash equivalents and restricted cash

 

 

1,127

 

 

 

(9,542

)

Cash, cash equivalents and restricted cash, beginning of period

 

 

100,714

 

 

 

121,172

 

Cash, cash equivalents and restricted cash, end of period

 

$

101,841

 

 

$

111,630

 

8×8, Inc.

RECONCILIATION OF GAAP TO NON-GAAP FINANCIAL MEASURES

(Unaudited, in thousands, except per share amounts)

 

 

 

 

 

 

 

 

Three Months Ended September 30,

 

Six Months Ended September 30,

 

 

2022

 

2021

 

2022

 

2021

Costs of Revenue:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

GAAP cost of service revenue

 

$

51,038

 

 

 

 

$

47,198

 

 

 

 

$

104,585

 

 

 

 

$

93,208

 

 

 

Amortization of acquired intangible assets

 

 

(2,140

)

 

 

 

 

(1,044

)

 

 

 

 

(4,509

)

 

 

 

 

(2,110

)

 

 

Stock-based compensation expense and related employer payroll taxes

 

 

(2,457

)

 

 

 

 

(2,526

)

 

 

 

 

(5,153

)

 

 

 

 

(4,566

)

 

 

Severance, transition and contract termination costs

 

 

(281

)

 

 

 

 

(57

)

 

 

 

 

(1,178

)

 

 

 

 

(52

)

 

 

Non-GAAP cost of service revenue

 

$

46,160

 

 

 

 

$

43,571

 

 

 

 

$

93,745

 

 

 

 

$

86,480

 

 

 

Non-GAAP service margin (as a percentage of service revenue)

 

$

132,396

 

 

74.1

%

 

$

98,805

 

 

69.4

%

 

$

263,972

 

 

73.8

%

 

$

193,692

 

 

69.1

%

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

GAAP cost of other revenue

 

$

11,000

 

 

 

 

$

12,269

 

 

 

 

$

24,126

 

 

 

 

$

26,015

 

 

 

Stock-based compensation expense and related employer payroll taxes

 

 

(937

)

 

 

 

 

(1,372

)

 

 

 

 

(2,084

)

 

 

 

 

(2,507

)

 

 

Severance, transition and contract termination costs

 

 

(244

)

 

 

 

 

(188

)

 

 

 

 

(777

)

 

 

 

 

(204

)

 

 

Non-GAAP cost of other revenue

 

$

9,819

 

 

 

 

$

10,709

 

 

 

 

$

21,265

 

 

 

 

$

23,304

 

 

 

Non-GAAP other margin (as a percentage of other revenue)

 

$

(986

)

 

(11.2

)%

 

$

(1,528

)

 

(16.6

)%

 

$

(3,973

)

 

(23.0

)%

 

$

(3,592

)

 

(18.2

)%

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Non-GAAP gross margin (as a percentage of revenue)

 

$

131,410

 

 

70.1

%

 

$

97,277

 

 

64.2

%

 

$

259,999

 

 

69.3

%

 

$

190,100

 

 

63.4

%

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Operating Expenses:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

GAAP research and development

 

$

36,019

 

 

 

 

$

28,498

 

 

 

 

$

70,974

 

 

 

 

$

53,890

 

 

 

Stock-based compensation expense and related employer payroll taxes

 

 

(7,773

)

 

 

 

 

(10,086

)

 

 

 

 

(15,966

)

 

 

 

 

(19,159

)

 

 

Severance, transition and contract termination costs

 

 

(107

)

 

 

 

 

(42

)

 

 

 

 

(144

)

 

 

 

 

(103

)

 

 

Non-GAAP research and development (as a percentage of revenue)

 

$

28,139

 

 

15.0

%

 

$

18,370

 

 

12.1

%

 

$

54,864

 

 

14.6

%

 

$

34,628

 

 

11.5

%

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

GAAP sales and marketing

 

$

80,487

 

 

 

 

$

76,726

 

 

 

 

$

164,014

 

 

 

 

$

152,641

 

 

 

Amortization of acquired intangible assets

 

 

(3,107

)

 

 

 

 

(221

)

 

 

 

 

(6,213

)

 

 

 

 

(440

)

 

 

Stock-based compensation expense and related employer payroll taxes

 

 

(6,883

)

 

 

 

 

(13,588

)

 

 

 

 

(15,163

)

 

 

 

 

(28,288

)

 

 

Severance, transition and contract termination costs

 

 

(330

)

 

 

 

 

(531

)

 

 

 

 

(721

)

 

 

 

 

(1,153

)

 

 

Non-GAAP sales and marketing (as a percentage of revenue)

 

$

70,167

 

 

37.4

%

 

$

62,386

 

 

41.2

%

 

$

141,917

 

 

37.8

%

 

$

122,760

 

 

40.9

%

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

GAAP general and administrative

 

$

33,835

 

 

 

 

$

24,023

 

 

 

 

$

63,054

 

 

 

 

$

50,114

 

 

 

Stock-based compensation expense and related employer payroll taxes

 

 

(6,763

)

 

 

 

 

(10,423

)

 

 

 

 

(14,686

)

 

 

 

 

(21,327

)

 

 

Acquisition and integration costs

 

 

(1,554

)

 

 

 

 

(19

)

 

 

 

 

(2,178

)

 

 

 

 

(19

)

 

 

Legal and regulatory costs

 

 

207

 

 

 

 

 

1,317

 

 

 

 

 

269

 

 

 

 

 

1,849

 

 

 

Severance, transition and contract termination costs

 

 

(1,694

)

 

 

 

 

(314

)

 

 

 

 

(2,449

)

 

 

 

 

(1,185

)

 

 

Non-GAAP general and administrative (as a percentage of revenue)

 

$

24,031

 

 

12.8

%

 

$

14,584

 

 

9.6

%

 

$

44,010

 

 

11.7

%

 

$

29,432

 

 

9.8

%

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Non-GAAP Operating Expenses (as a percentage of revenue)

 

 

122,337

 

 

65.3

%

 

 

95,340

 

 

62.9

%

 

 

240,791

 

 

64.2

%

 

 

186,820

 

 

62.3

%

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Operating Profit (Loss):

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

GAAP loss from operations

 

$

(24,990

)

 

 

 

$

(37,157

)

 

 

 

$

(51,744

)

 

 

 

$

(75,984

)

 

 

Amortization of acquired intangible assets

 

 

5,247

 

 

 

 

 

1,265

 

 

 

 

 

10,722

 

 

 

 

 

2,550

 

 

 

Stock-based compensation expense and related employer payroll taxes

 

 

24,813

 

 

 

 

 

37,995

 

 

 

 

 

53,052

 

 

 

 

 

75,847

 

 

 

Acquisition and integration costs

 

 

1,554

 

 

 

 

 

19

 

 

 

 

 

2,178

 

 

 

 

 

19

 

 

 

Legal and regulatory costs

 

 

(207

)

 

 

 

 

(1,317

)

 

 

 

 

(269

)

 

 

 

 

(1,849

)

 

 

Severance, transition and contract termination costs

 

 

2,656

 

 

 

 

 

1,132

 

 

 

 

 

5,269

 

 

 

 

 

2,697

 

 

 

Non-GAAP operating profit (as a percentage of revenue)

 

$

9,073

 

 

4.8

%

 

$

1,937

 

 

1.3

%

 

$

19,208

 

 

5.1

%

 

$

3,280

 

 

1.1

%

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Other Income (Expenses):

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

GAAP other income (expense), net

 

$

13,950

 

 

 

 

$

(4,934

)

 

 

 

$

15,066

 

 

 

 

$

(9,757

)

 

 

Debt amortization expense

 

 

1,169

 

 

 

 

 

4,462

 

 

 

 

 

2,000

 

 

 

 

 

8,856

 

 

 

Gain on debt extinguishment

 

 

(16,106

)

 

 

 

 

 

 

 

 

 

(16,106

)

 

 

 

 

 

 

 

Gain on warrants remeasurement

 

 

(1,293

)

 

 

 

 

 

 

 

 

 

(1,293

)

 

 

 

 

 

 

 

Sublease Income

 

 

(116

)

 

 

 

 

(116

)

 

 

 

 

(232

)

 

 

 

 

(155

)

 

 

Non-GAAP other income (expense), net (as a

percentage of revenue)

 

 

(2,396

)

 

(1.3

)%

 

 

(588

)

 

(0.4

)%

 

 

(565

)

 

(0.2

)%

 

 

(1,056

)

 

(0.4

)%

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Net Income (Loss):

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

GAAP net loss

 

 

(11,639

)

 

 

 

 

(42,324

)

 

 

 

 

(37,682

)

 

 

 

 

(86,230

)

 

 

Amortization of acquired intangible assets

 

 

5,247

 

 

 

 

 

1,265

 

 

 

 

 

10,722

 

 

 

 

 

2,550

 

 

 

Stock-based compensation expense and related employer payroll taxes

 

 

24,813

 

 

 

 

 

37,995

 

 

 

 

 

53,052

 

 

 

 

 

75,847

 

 

 

Acquisition and integration costs

 

 

1,554

 

 

 

 

 

19

 

 

 

 

 

2,178

 

 

 

 

 

19

 

 

 

Legal and regulatory costs

 

 

(207

)

 

 

 

 

(1,317

)

 

 

 

 

(269

)

 

 

 

 

(1,849

)

 

 

Severance, transition and contract termination costs

 

 

2,656

 

 

 

 

 

1,132

 

 

 

 

 

5,269

 

 

 

 

 

2,697

 

 

 

Debt amortization expense

 

 

1,169

 

 

 

 

 

4,462

 

 

 

 

 

2,000

 

 

 

 

 

8,856

 

 

 

Gain on debt extinguishment

 

 

(16,106

)

 

 

 

 

 

 

 

 

 

(16,106

)

 

 

 

 

 

 

 

Gain on warrants remeasurement

 

 

(1,293

)

 

 

 

 

 

 

 

 

 

(1,293

)

 

 

 

 

 

 

 

Sublease income

 

 

(116

)

 

 

 

 

(116

)

 

 

 

 

(232

)

 

 

 

 

(155

)

 

 

Non-GAAP net income (as a percentage of revenue)

 

 

6,078

 

 

3.2

%

 

 

1,116

 

 

0.7

%

 

 

17,639

 

 

4.7

%

 

 

1,735

 

 

0.6

%

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Shares used in computing per share amounts:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Basic

 

 

116,013

 

 

 

 

 

112,422

 

 

 

 

 

117,857

 

 

 

 

 

111,180

 

 

 

Diluted

 

 

116,186

 

 

 

 

 

116,375

 

 

 

 

 

118,936

 

 

 

 

 

116,687

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

GAAP net loss per share – Basic and Diluted

 

 

(0.10

)

 

 

 

 

(0.38

)

 

 

 

 

(0.32

)

 

 

 

 

(0.78

)

 

 

Non-GAAP net income per share – Basic

 

$

0.05

 

 

 

 

$

0.01

 

 

 

 

$

0.15

 

 

 

 

$

0.02

 

 

 

Non-GAAP net income per share – Diluted

 

$

0.05

 

 

 

 

$

0.01

 

 

 

 

$

0.15

 

 

 

 

$

0.01

 

 

 

8×8, Inc.

SELECTED OPERATING METRICS

(Unaudited, in millions, except number of enterprise customers)

 

 

Fiscal 2022

 

Fiscal 2023

 

Q1

Q2

Q3

Q4 (5)

 

Q1

Q2

TOTAL ARR (1)

$

536

 

$

553

 

$

572

 

$

687

 

 

$

688

 

$

692

 

Growth % (YoY)

 

24

%

 

18

%

 

16

%

 

33

%

 

 

28

%

 

25

%

 

 

 

 

 

 

 

 

ARR BY CUSTOMER SIZE

 

 

 

 

 

 

 

ENTERPRISE (2)

$

262

 

$

282

 

$

307

 

$

393

 

 

$

403

 

$

401

 

% of Total ARR

 

49

%

 

51

%

 

54

%

 

57

%

 

 

59

%

 

58

%

Growth % (YoY)

 

40

%

 

33

%

 

30

%

 

56

%

 

 

54

%

 

42

%

Total number of Enterprise Customers

 

824

 

 

871

 

 

907

 

 

1,258

(6)

 

 

1,277

 

 

1,291

 

 

 

 

 

 

 

 

 

MID-MARKET (3)

$

103

 

$

103

 

$

102

 

$

128

 

 

$

125

 

$

127

 

% of Total ARR

 

19

%

 

19

%

 

18

%

 

19

%

 

 

18

%

 

18

%

Growth % (YoY)

 

22

%

 

14

%

 

9

%

 

31

%

 

 

22

%

 

23

%

 

 

 

 

 

 

 

 

SMALL BUSINESS(4)

$

172

 

$

167

 

$

162

 

$

166

 

 

$

159

 

$

164

 

% of Total ARR

 

32

%

 

30

%

 

28

%

 

24

%

 

 

23

%

 

24

%

Growth % (YoY)

 

7

%

 

2

%

 

(1

) %

 

(1

) %

 

 

(7

) %

 

(2

) %

(1)

Annualized Recurring Subscriptions and Usage (ARR) equals the sum of the most recent month of (i) recurring subscription amounts and (ii) platform usage charges for all CPaaS customers (subject to a minimum billings threshold for a period of at least six consecutive months), multiplied by 12.

(2)

Enterprise ARR is defined as ARR from customers that generate >$100,000 ARR.

(3)

Mid-market ARR is defined as ARR from customers that generate $25,000 to $100,000 ARR.

(4)

Small business ARR is defined as ARR from customers that generate <$25,000 ARR.

(5)

Includes Fuze.

(6)

Previously reported enterprise customer count of 1,320 for Q4’22 was adjusted to eliminate double counting of subsidiaries.

Selected operating metrics presented in this table have not been derived from financial measures that have been prepared in accordance with US Generally Accepted Accounting Principles. 8×8 provides these selected operating metrics to assist investors in evaluating the Company’s operations and assessing its prospects. 8×8’s management periodically reviews the selected operating metrics to evaluate 8×8’s operations, allocate resources, and drive financial performance in the business. Management monitors these metrics together, and not individually, as it does not make business decisions based upon any single metric. 8×8 is not aware of any uniform standards for defining these selected operating metrics and caution that its presentation may not be consistent with that of other companies. Prior period metrics and customer classifications have not been adjusted for current period changes unless noted.

The post 8×8, Inc. Reports Second Quarter Fiscal 2023 Financial Results appeared first on Cybersecurity Insiders.


October 28, 2022 at 09:11AM