On the past two editions of theCUBE Podcast, industry analysts John Furrier and Dave Vellante have discussed the ransomware attack that crippled services at MGM Resorts International Inc., and it turns out the details reported were correct. What’s coming out now are the details of the damage done.

The Wall Street Journal reported Thursday that MGM Resorts refused to pay the hackers following the ransomware attack. The company said hackers stole some personal information data of customers, adding the breach will cost about $100 million.

“This is a modern phenomenon,” Furrier (pictured, left) said on the latest episode of theCUBE Podcast. “What do you pay the ransom hostages? Do you negotiate with terrorists? This is a classic kind of prisoner’s dilemma.”

To pay or not to pay?

Other companies have gone a different route than MGM Resorts, including Caesars Entertainment Inc., which reportedly paid a ransom to a cybercrime group just days before the MGM hack. In a situation such as this, the FBI will tell an organization not to pay, according to Vellante (right).

“When I asked this question of executives, whether it’s Palo Alto, CrowdStrike or Zscaler, they say, ‘Well, the best bet … is not to get into a position where you’ve got to pay the ransom.’ But that doesn’t help somebody who’s got to pay,” Vellante said.

Whether or not to pay a ransom depends on many factors, Vellante noted. The first thing to consider is if it is a nation-state attack and if that nation-state is North Korea or Iran.

“First of all, it’s illegal to pay those countries. You can’t send money to those rogue states. There’s legal exposure there that you have to evaluate,” Vellante said. “The second thing you have to evaluate is, what is it going to take to get us back online?”

MGM has said that the breach will cost it about $100 million. But one has to factor in the lost productivity and calculate the lost business and reputation in all of that, Vellante noted.

“I think in some cases, you should pay, but you still may not get your data back. I’ve talked to customers who have paid and didn’t get their data back, or they only got partial data back, and they had to go back and continue to negotiate,” Vellante said. “I actually do think the advice of the self-serving tech vendors is the right advice, is put yourself in a position so that you don’t get hacked and make those investments.”

That may sound good, but the whole game has changed, Vellante noted. The game is all about speed — how fast one can get in and out — which means organizations must accelerate the time it takes to identify and protect and recover or fence.

“It’s all about exfiltration,” Vellante said. “It’s not about dwell time anymore. It’s not about saying, ‘Hey, they were in there for 172 days, let’s get that down to 90 or 30 or 50 and make it harder for them.’ No. Forget that. That shouldn’t be the focus. The focus should be on, CrowdStrike says, ‘Stop the breach.’ That’s their tagline. I think that’s the right mindset. It’s hard to do.”

Liquidity concern at Dell’s financial meeting

Vellante drove down to New York to attend Dell Technologies Inc.’s financial meeting – the only industry analyst present among close to 100 people amongst the likes of Michael Dell and Jeff Clark.

“The message to the analysts was really simple. You buy our stock, we’re going to send 80% of our adjusted free cash flow back to investors,” Vellante said.

However, analysts’ concerns were around whether there’d be enough liquidity when aggressive buybacks and a reduced share count is taking place, Vellante recalled. This was specifically related to Dell’s large share ownership and its impact on the market.

“Yvonne McGill, the CFO and Michael said, ‘Yeah, we’re fine. There’s plenty of shares out there,” Vellante said. “Michael also said basically, ‘I’m going to do philanthropy with that money.’”

In terms of company growth, analyst guidance suggested a 3% growth for the client business and 6-8% for servers and storage, which is quite optimistic, according to Vellante. The question is, what is the baseline of that growth from?

“They won’t actually tell you. It’s a game that they’re playing,” Vellante noted. “If they only grow 2% instead of 3% they can say, ‘Oh, well we’re going from this baseline.’ So they can set the baseline wherever they want. They can move the bar.”  

Thoughts on the Flexport drama

This week, freight logistics software startup Flexport Inc. revealed it plans to cut up to 30% of its workforce. The move came amid continuing controversy surrounding former Chief Executive Officer Dave Clark.

“What happened here was, the guy basically tried to run this company the way he wanted to run it, to make it better. The founder didn’t like it,” Furrier said. “There was probably some backroom politics from what I heard. He didn’t like some people in the Amazon team. Then there was a back and forth and then they had a secret board meeting, and they came in and fired him.”

It serves as a cautionary tale, in Furrier’s view. The rules of engagement have to be clearly defined in these companies to be successful, and if the founder-operator relationship isn’t right, it doesn’t go well.

“Founders, if you have founderitis, you’ve got to admit it,” he said. “You’ve got to know it. That could be good and bad. If you bring someone in to run the company, you’ve got to let them run it.”

Don’t miss out on the latest episodes of “theCUBE Pod.” Join us by subscribing to our RSS feed. You can also listen to us on Apple Podcasts or on Spotify. And for those who prefer to watch, check out our YouTube playlist.

Photo: SiliconANGLE