Symantec culling 8% of workforce to soak up slow enterprise sales

Hundreds of jobs to go


Symantec has announced plans to slash 8 per cent of its global workforce in response to disappointing sales.

The security software maker revealed on Thursday that revenues for the quarter ended 29 June fell 1.6 per cent to $1.16bn from $1.18bn a year ago.

Losses were pegged at $63m, an improvement on $133m in the same period last year.

"Security segment, first quarter fiscal year 2019 enterprise implied billings were below expectations due to longer than expected sales cycles for large, multi-product platform sales," said Greg Clark, Symantec's chief exec. Clark added that the issue was largely restricted to its North American sales pipeline. Consumer security sales showed "strong revenue growth in the first quarter".

Reuters reported the firm expects revenues of between $4.67bn and $4.79bn for the year ending in March 2019, down from previously estimated of $4.76bn to $4.90bn.

Symantec hopes to boost its margins by pruning its workforce, a move that will save it $115m annually. Investors weren't immediately impressed and shares slid in after-hours trading.

danger

Symantec shares slump after revealing internal investigation

READ MORE

Symantec is in the middle of an internal investigation into its accounting practices. The audit has meant that Symantec has not filed its annual report on Form 10-K for fiscal year 2018, the firm said on Thursday.

Symantec employs 13,000 worldwide, according to the latest available figures, meaning the cuts will result in the exit of around 1,000 workers.

Other vendors in the antivirus market are also navigating choppy waters, forcing some course adjustments, even though it's full steam ahead in other segments of the infosec business.

Last week enterprise-focused security software firm Sophos admitted end-user security billings were down 1 per cent. Q1 FY19 group billings rose 6 per cent but this was lower than expected.

Even so, Sophos turned an operating profit of $6.2m in Q1 compared to a loss of $15.3m a year ago and reported increased sales of $175.5m up from $141.4m the previous year.

Last year was an exceptional period in infosec with the WannaCry and NotPetya ransomware outbreaks highlighting the need to bolster enterprise security defences and tighten up policies. Big malware outbreaks are normally accompanied by a surge in spending, a trend that goes back many years.

Sophos admitted its sales have been thrown around by WannaCry, among other factors. "In end-user security, we saw relatively lower levels of cross-selling activity than expected, in part due to accelerated demand in FY18 that resulted from the global WannaCry ransomware outbreak. In network security, the renewal rate was affected by a legacy product transition, as the migration from Cyberoam to Sophos XG Firewall nears its conclusion." ®


Other stories you might like

  • North Korea's Lazarus cyber-gang caught 'spying' on chemical sector companies
    Crypto-coin theft isn't enough to keep these miscreants busy

    North Korea's Lazarus cybercrime gang is now breaking into chemical sector companies' networks to spy on them, according to Symantec's threat intel team.

    While the Korean crew's recent, and highly profitable, thefts of cryptocurrency have been in the headlines, the group still keeps its spying hand in. Fresh evidence has been found linking a recent espionage campaign against South Korean targets to file hashes, file names, and tools previously used by Lazarus, according to Symantec.

    The security shop says the spy operation is likely a continuation of the state-sponsored snoops' Operation Dream Job, which started back in August 2020. This scheme involved using phony job offers to trick job seekers into clicking on links or opening malicious attachments, which then allowed the criminals to install spyware on the victims' computers.

    Continue reading
  • Russian-linked Shuckworm crew ramps up Ukraine attacks
    Cyber-espionage gang using multiple variants of its custom backdoor to ensure persistence, Symantec warns

    A Russian-linked threat group that has almost exclusively targeted Ukraine since it first appeared on the scene in 2014 is deploying multiple variants of its malware payload on systems within the country.

    The Shuckworm gang – also known as Armageddon and Gamaredon – is using at least four distinct variants of its Pterodo backdoor that are designed to perform similar tasks but communicate with different command-and-control (C2) servers, according to Symantec's Threat Hunter Team.

    "The most likely reason for using multiple variants is that it may provide a rudimentary way of maintaining persistence on an infected computer," the researchers wrote in a blog post Wednesday. "If one payload or [C2] server is detected and blocked, the attackers can fall back on one of the others and roll out more new variants to compensate."

    Continue reading
  • Kaspersky cracks Yanluowang ransomware, offers free decryptor
    Step one, get some scrambled files back. Steps two through 37...

    Kaspersky has found a vulnerability in the Yanluowang ransomware encryption algorithm and, as a result, released a free decryptor tool to help victims of this software nasty recover their files.

    Yanluowang, named after a Chinese deity and underworld judge, is a type of ransomware that has been used against financial institutions and other firms in America, Brazil, and Turkey as well as a smaller number of organizations in Sweden and China, Kaspersky said yesterday. The Russian security shop said it found a fatal flaw in the ransomware's encryption system and those afflicted can get a free fix to restore their scrambled data.

    Symantec's threat hunters uncovered this Windows ransomware strain in the fall and said unknown fiends have been using it to infect US corporations since at least August 2021.

    Continue reading
  • Mutating Verblecon malware in illicit cryptomining ... so far
    Symantec team warns ransomware and spying could be next

    Internet fiends are using a relatively new piece of a malicious code dubbed Verblecon to install cryptominers on infected computers. 

    The mutating malware attempts to evade detection by antivirus tools and similar defenses, meaning bad news all round if the software was used to deploy more destructive payloads — and that the crooks using Verblecon may not realize the power of the loader's full potential.

    "The activity we have seen carried out using this sophisticated loader indicates that it is being wielded by an individual who may not realize the capabilities of the malware they are using," Symantec's threat hunting team warned today.

    Continue reading

Biting the hand that feeds IT © 1998–2022