Following a similar theme, a number of projects have been announced in the last few years to take public transport to the next level. Singapore is also embracing autonomous vehicles, with a number of initiatives launched over the last few years. Singapore’s Nanyang Technological University (NTU), and Volvo Buses in partnership with Singapore’s Land Transport Authority (LTA) have launched the world’s first full-size autonomous electric bus stretching 12 metres long with a capacity of around 80 passengers. As a part of public trials, the bus is being tested on fixed routes and services will subsequently extend to the public roads.
The buses are equipped with autonomous driving functionality and provide a quiet, emission-free operation and save up to 80% energy compared to an equivalent sized diesel bus. The bus has advanced features such as light detection and ranging sensors (LIDARS), 3D stereo-vision cameras, and an advanced GPS system that uses real-time kinematics which are connected to an inertial management unit (IMU) to measure the lateral and angular and help in navigation over varied terrains.
Real-world concerns for autonomous buses
The bus has undergone preliminary rounds of rigorous testing at the Centre of Excellence for Testing and Research of Autonomous vehicles at NTU (CETRAN). Confirming maximum safety and reliability, the AI system in the bus is protected with industry-leading cybersecurity measures. Speaking on the subject, Ecosystm’s Executive Analyst, Vernon Turnersays that “While safety will always be the leading concern, software and hardware security and reliability will be the underpinning forces that make passengers comfortable with autonomous vehicles. The autonomous vehicle’s ecosystem is complex because the reliability of the vehicle is as much an IT and telecom function as it is an industrial manufacturing process.”What
What do Autonomous buses mean for the industry and how will it benefit the industry?
In most cities, public transportation is conducted in ‘restricted’ lanes (especially for buses), and therefore the routes are often consistent, and the operating environments can be continually monitored and matched for exceptions. The legislation for autonomous vehicles has to be carefully crafted to ensure the highest level of public safety while not stifling innovation.
“The digital impact of autonomous buses opens up a host of new services both for the transportation companies as well as the passengers. I wouldn’t be surprised to see transportation companies being sold public transportation vehicles such as buses as ‘buses as a service’ whereby the vehicles are managed in a 100% OPEX manner and have no CAPEX value! There will be a rich source of operational data from IoT-based sensors that the suppliers and the transportation companies will agree to pay for multiple usage metrics,” Says Turner. “Innovation will also appear in the transportation workflow– thus creating investment in real-time mapping, high-speed telecom networks, and in the case of an ‘EV’ or electric bus, the charging/recharging energy network. As the IT infrastructure is implemented, I would anticipate efficiencies in bus usage would increase with better route management. Passengers, buses and the routes become integrated into a better passenger and city life experience.”
To that end, the industry is excited to use public transportation for their autonomous vehicle programs.
Environmental Impact of autonomous buses
The government of various nations is spending enormous amounts on reducing emission and buses are inherently inefficient when it comes to diesel consumption, only getting between 1 to 4 kilometres/litre. “Switching them to electric vehicles while at the same time running them as autonomous vehicles in a very efficient manner could have a marked impact on the environment,” says Turner. “While the heavy workload for buses might quickly drain any EV batteries, having them work in a fully autonomous, dedicated bus lane should mitigate that energy cost. This could make it a feasible alternative to combustion engine vehicles while at the same time being highly friendly to the environment.”
Awareness, ownership, and knowledge. RPA implementation demands ownership at all levels. At the top level, the Project Sponsor needs to understand how to prioritize the processes for deployment by identifying the benefits that the technology offers. It is thus important to understand the strengths and limitations of RPA in order to align the initiative to the organization’s strategy with it and monitor the key performance indicators (KPIs) for success.
Not prioritising the right processes to automate. This refers to picking the process that is most appropriate for an effective start of using automation in the business. Tasks to be automated should be thoroughly evaluated based on features, process complexity and its business impact. Hoteliers may be tempted to optimize existing manual processes first before RPA. While this may seem logical, doing so will result in missed opportunities to uncover true process inefficiencies that will be flagged through the RPA process.
Implementing RPA In-house. With a high level of technicality expected from an RPA implementation, it is not advisable to attempt such an implementation using in-house resources. While the cost savings might look attractive in the beginning, a less-than-successful RPA implementation will cost more to rectify post-live than a well-thought-out plan which includes external expert resources to advise and lead the implementation. In-house specialists can also be trained during the process so critical domain knowledge can be transferred for post-implementation support.
Well-planned RPA maintenance & support regime. RPA software requires ongoing maintenance so that it continues to run smoothly. While RPA processes do not deviate from their configured algorithms, interfaces, data formats and most important company processes do change. A proper maintenance and support regime is needed to ensure RPA software continues to function optimally.
Ensure a close relationship to IT. A strong relationship to IT is key in RPA. Any change to the application carries a risk of impacting RPA behaviour. To avoid such an incident, it is important to have open communication with the application administrators.
RPA stands to overwhelm the IT world. As its adoption becomes more widespread, it is imperative for operators and technologists who are accountable for its execution to understand the potential pitfalls prior to deployment. This will ensure successful adoption and make for a smoother transition to operationalization across the business organization.
AT&T joined as an equal member with other founding members of the group. Over the past few years, AT&T has been building its cybersecurity capabilities and has recently acquired AlienVault– a commercial and open source developer – to offer a platform that integrates and automates point security products to manage cyber attacks. AlienVault has been rebranded as AT&T Cybersecurity, and includes consulting and managed security services. Similarly, at the end of 2018, Singtel revealed the brand ‘Trustwave’ that combines the capabilities of partners such as Optus and NCS, to provide a comprehensive security suite and services to help organisations fight cybercrime.
With the rising risks of cyber-attacks, these initiatives are providing a synergistic front and helping organisations to analyse and act faster against cyber threats. The alliance plans to expand its global footprint and span across APAC, Europe, MEA and America.
Speaking about the alliance, Alex Woerndle, Principal Analyst Cybersecurity, Ecosystm says that, “Similar collaborations exists within other industries already – most commonly they use regular information-sharing sessions with the collective security teams to discuss what each is experiencing, what strategies and tactics have worked or failed, and provide details on the type and nature of attacks. The telcos – at a minimum – should be collaborating at that level. But given the global nature of this alliance, they will need to consider how they can aggregate threat information and share it in a more agile way on a day to day, hour to hour and minute to minute basis.”
The alliance accounts for a significant percentage of the overall traffic and is a tangible example of companies taking steps to fight cyber attacks. “As the threat landscape continues to expand there is an opportunity to broaden the intelligence – sharing what they collectively gather and analyse, to strengthen the defences of the broader market not just in their local geographies, and to impact globally”, says Woerndle. “Think of the immense opportunities to share intelligence gathered collectively by all the major telcos, to proactively prevent attacks on their clients – from other enterprises down to small/medium businesses and consumers. Law enforcement could benefit from the global telco collaboration, also”
An example of AR is Ikea’s mobile appdeveloped specifically to showcase its furniture catalogue – A piece of furniture such as a dining table or a television cabinet can be virtually displayed as a digital image overlaid on top of the real image of your home space. This lets you easily judge the appearance or gauge how it will fit in your home space.
Some of the more well-know AR devices include Google Glass, Microsoft HoloLens, and Sony Leap. AR is also used in mobile gaming applications such as Pokemon GO, where virtual creatures are placed into the real world.
Where does Mixed Reality fit?
As an independent notion, Mixed Reality combines the best of both worlds and covers all the possible disparities of the physical and the simulated worlds.
Also known as hybrid reality, Mixed Reality covers the spectrum where physical and digital objects co-exist and interact in real time. Somewhere, between AR and VR, there is an overlap between the physical and the virtual worlds – that is where Mixed Reality comes in.
Both AR and VR require users to step out of their own reality – or to use another device (typically a smartphone) to access digital or “virtual” content. The experience is either all-encompassing (with VR – where the content overrides your current reality), or underwhelming (with AR – where the content is limited, does not understand your current reality and/or is at arm’s length on a relatively small screen).
Mixed Reality is designed to add digital assets to your current environment. It adds to the current environment in a natural way that gives the user benefits that non-users would not have.
For businesses, Mixed Reality can offer the most benefit and potentially offer limitless opportunities. Defining the polar ends of AR and VR spectrum Microsoft introduced Hololens in late 2016 as a groundbreaking device and showcased capabilities blending the real and virtual world. Despite being a promising product, there have been hiccups such as a limited field of view (FOV) restricted to only 30°, scaling and sizing holograms and others.
Learning from the failures, Microsoft recently released a new version of its Mixed Reality device – the Hololens2. Microsoft’s Hololens2 takes Mixed Reality beyond niche use cases using more natural gestures, a larger FOV and a multi-user environment – powered by Azure Mixed Reality services.
Mixed Reality in the Enterprise
The use cases of Mixed Reality are many and as the continuum builds, the testing, adoption and deployment cases will become wider. Microsoft’s device is not aimed for the consumer market and is primarily targeted towards business use cases.
Tim Sheedy, Principal Advisor, Ecosystm, believes, “Most of the short and medium-term use cases are really suited to businesses. There are definitely some longer-term opportunities for consumers, but that will require substantial miniaturisation of the hardware and change of form factor. Current MR systems won’t become mainstream devices in the consumer market.”
With Mixed Reality in the play, organisations will be able to explore newer ways of doing things:
Training. Training is a perfect use case. If you can imagine taking a typical guided software where tips pop up on a screen (such as “click this button to personalise your experience, click here to see current leads, click here to add an opportunity) and move this training to the real world (this lever shuts down the machine, this valve reduces pressure etc) then you can get an idea of what is possible.
Engineering. This applies to any job that requires engineers or repairers to work on equipment, where they can be guided through a fix. Any sensor that sends information back to a computer can now be visualised – a mechanic may look at a car and see green for all the components operating within standard range and red for those that need attention or repair.
Construction. A construction worker or site manager can see the entire building or components of the building in advance and make plans for the location of materials, staff, safety etc.
Graphics Designing. A designer can picture how a new product might look in an environment and can design the product with respect to the actual surroundings.
Healthcare. A surgeon could have a CT or MRI scan overlaid onto the patient as they operate to ensure they are targeting the right area.
Anywhere that digital assets or information can assist a worker or drive a more effective, faster or safer outcome are all potential use cases for Mixed Reality services.
A Look at the Field
The theory behind Mixed Reality is that it adds to the user experience in a natural way. Organisations are exploring opportunities to leverage these technologies in the real world. Despite numerous use cases and de facto descriptors, the technology cannot be manifested until it comes to real use.
“Mixed Reality will be a success when it is seamless to use for the first line workers – when it doesn’t feel like a computer you wear on your head!” says Sheedy. “You should be able to interact with these assets in a standard way – and this is where Hololens2 is a big step above the first iteration – as it will allow more natural interactions with the digital objects – you push something or turn something and it moves, versus the “finger click” approach of the first version.”
Imagine your first day at work at a new employer, and instead of a person showing up to give you the tour, you put on a Mixed Reality device (standard or industrialised for those in mining, construction etc) and you are given a tour with virtual overlay and audio guidance.
Sheedy believes that “Mixed Reality may never be a mainstream technology – well not in our generation at least. But that doesn’t mean it won’t be a commercial success. If it is easy to deploy, manage, use, and code for and makes financial sense for businesses to deploy them then these devices will be used. The previous Hololens had commercial users – but Hololens2 should see more success as it is a better solution that can help businesses overcome even more challenges.”
The longer-term success of Mixed Reality will be how well it works with existing software platforms out-of-the-box. Support by SAP, Oracle, Salesforce, IBM and others will help to drive adoption.
How is it going to evolve in the future?
At present, the mobile device is the interface of choice for consumers and workers. But voice is quickly taking off (e.g. Google Home ). Mixed Reality adds an extra impetus to devices that are looking to supplant the smartphone as the interface to information, entertainment and data.
The longer-term future will likely see the emergence of standards that deliver the right information at the right time on the device of choice – whether that device be one with a screen, a microphone and a speaker (smart speaker like the Amazon Alexa), a screen and a speaker (such as a Hololens device), a smartwatch or another form factor.
“Mixed Reality devices will get smaller, smarter, faster, have better resolution, be more integrated (with cloud services and software platforms) and more integrated with another non-screen interface” says Sheedy.
“Access to the right information at the right time on the best device that drives the right outcomes will be the ultimate goal – and Mixed Reality will be one of the form factors that help consumers and businesses achieve that goal.”
It’s still too early to tell the direction this technology will take but the promises surely appear to be overwhelming. What do you think will be the future of Mixed Reality – is it another gimmick or will it really live up to its promise?
A new high speed CPU-to-device interconnect standard, the Common Express Link (CXL) 1.0 was announced by Intel and a consortium of leading technology companies (Huawei and Cisco in the network infrastructure space, HPE and Dell EMC in the server hardware market, and Alibaba, Facebook, Google and Microsoft for the cloud services provider markets). CXL joins a crowded field of other standards already in the server link market including CAPI, NVLINK, GEN-Z and CCIX. CXL is being positioned to improve the performance of the links between FPGA and GPUs, the most common accelerators to be involved in ML-like workloads.
Of course there were some names that were absent from the launch – Arm, AMD, Nvidia, IBM, Amazon and Baidu. Each of them are members of the other standards bodies and probably are playing the waiting game.
Now let’s pause for a moment and look at the other announcement that happened at the same time. Nvidia and Mellanox announced that the two companies had reached a definitive agreement under which Nvidia will acquire Mellanox for $6.9 billion. Nvidia puts the acquisition reasons as “The data and compute intensity of modern workloads in AI, scientific computing and data analytics is growing exponentially and has put enormous performance demands on hyperscale and enterprise datacenters. While computing demand is surging, CPU performance advances are slowing as Moore’s law has ended. This has led to the adoption of accelerated computing with Nvidia GPUs and Mellanox’s intelligent networking solutions.”
So to me it seems that despite Intel working on CXL for four years, it looks like they might have been outbid by Nvidia for Mellanox. Mellanox has been around for 20 years and was the major supplier of Infiniband, a high speed interconnect that is common in high performance workloads and very well accepted by the HPC industry. (Note: Intel was also one of the founders of the Infiniband Trade Association, IBTA, before they opted to refocus on the PCI bus). With the growing need for fast links between the accelerators and the microprocessors, it would seem like Mellanox persistence had paid off and now has the market coming to it. One can’t help but think that as soon as Intel knew that Nvidia was getting Mellanox, it pushed forward with the CXL announcement – rumors that have had no response from any of the parties.
Advice for Tech Suppliers:
The two announcements are great for any vendor who is entering the AI, intense computing world using graphics and floating point arithmetic functions. We know that more digital-oriented solutions are asking for analytics based outcomes so there will be a growing demand for broader commoditized server platforms to support them. Tech suppliers should avoid backing or picking one of either the CXL or Infiniband at the moment until we see how the CXL standard evolves and how nVidia integrates Mellanox.
Advice for Tech Users:
These two announcements reflect innovation that is generally so far away from the end user, that it can go unnoticed. However, think about how USB (Universal Serial Bus) has changed the way we connect devices to our laptops, servers and other mobile devices. The same will true for this connection as more and more data is both read and outcomes generated by the ‘accelerators’ for the way we drive our cars, digitize our factories, run our hospitals, and search the Internet. Innovation in this space just got a shot in the arm from these two announcements.
The Vodafone-Arm agreement expands on the previous collaboration which was on integrated SIM (iSIM) technology, a system on chip(SOC) design which can be reprogrammed with respect to the requirements. The iSIM allows customers to remotely provision and manage IoT devices across the globe which proposes reduced complexities and offers significant cost reduction.
To carry on the existing relationships this agreement is expected to bring Vodafone’s IoT global platformand Arm’s IoT software services to offer organisations a world of connected systems. This characterises a major initiative enabling a wide ecosystem of manufacturers to tap into the potential of trillions of connected devices.
Speaking on the subject, Ecosystm’s Executive Analyst, Vernon Turner thinks that “this announcement will help customers who look to and need a cellular-based IoT solution. Traditionally, mobile devices require a physical process to change their SIM (Subscriber Identity Module) card when there is a change of ownership or carrier, but in a world of trillions of connected devices, this is just not practical.”
Arm’s announcement of its iSIM is the latest in a series of announcements to resolve the size, cost, and scalability of SIM cards. SIM cards are critical for secure identity so the challenge has been to create a cost-effective IoT System On Chip (SOC) that has the SIM function embedded on it. Through its Kigen product family, Arm’s tech buyers will be able to build solutions on the latest cellular standards and specification suitable to run on 5G and backward compatible networks.
Vodafone’s customers will now be able to create a cellular-based IoT solution that can be continuously connected and deployed globally, giving them better investment protection and reduced operational costs. In addition, customers will have the choice of managing these devices through a ‘single pane of glass’ on either Vodafone’s IoT platform or Arm’s Pelion IoT Platform.
“Any time complexity is removed from an IT or mobile solution, customers respond by deploying and using that solution more” says Vernon. “ SoC-based solutions tend to have more functionality that allows for innovation, so we should expect to see an uptick in cellular-based IoT deployments”
Healthcare leaders predict that the implementation of healthcare IoT and AI solutions on a scale will transform their industry. The next few years will see more interconnected IoT devices and reliable applications based on deep learning. To achieve adoption and impact of new technology, the innovators and healthcare stakeholder ecosystem leaders should address the need for trust and evidence. Real World Evidence and Randomised Clinical trials are effective ways to bridge the gap and to establish a common framework to address the user adoption issue.
Arun Sethuraman, Principal Advisor MedTech, Ecosystm is also the founder and CEO of Crely Healthcare, a MedTech startup based in Boston and Singapore. Infection of the surgical site, post-surgery, if not detected and treated early, leads to high incidence of mortality in patients, poor health outcomes, poor patient experience, higher healthcare costs, and loss of reputation and reduced profitability for healthcare providers. Crely’s mission is to provide an early warning and clinical decision support system for surgical site infections (SSI), post-surgery. Crely generates an early warning of SSI by algorithms based on biomarker data collected from patients using an IP-protected, secure, non-invasive, continuously wearable, clinical grade medical device.
Let’s not forget that technology takes longer to roll out that all of us want to think and 5G is no different. We have had no excuses since we only have to look at how long it took 3G and LTE to become mainstream and how long the transition from the prior technology took to move to the next generation.
However, the mobile and telecom industry is not the same as it was when earlier telecommunication tech was being upgraded. In the past hardware, benchmarks feeds and speeds dominated the marketing messages, but now it is about software, cloud and ecosystem collaboration. Gone are the days when the telecom equipment vendors ruled the conversation about their technology – that has clearly been replaced by IT companies leading the charge with topics such as virtualization, IoT, analytics and new services. Once there was a US automobile commercial that touted the latest edition of its cars was ‘This is not your father’s Oldsmobile’. Well, 5G is not your father’s telecom infrastructure!
This time around, operator and equipment vendors may have to take the collaborative partner role in any new digital solution. Instead of 5G projects being dominated by Ericsson or Huawei for example, there is a role for the likes of VMware, Microsoft, and Salesforce to be the lead company. In some cases, it could be Bosch, PTC, or Siemens while in others it could be Audi, BMW or Mercedes. The overall trend here is that all of these companies are being digitally driven to deliver new services to a customer that is firmly at the center of an ecosystem. The one industry sector who might lose out could be the telco operators who could be squeezed by the surge from IT vendor relevance, despite them investing heavily on 5G licenses. However, this time the operators are in a much stronger position to be the perfect channel for the massive amount of intelligence-laden data being created by smart connected devices that are not typical mobile devices.
So what was the outcome at MWC? I visited both the Huawei and Ericsson booths following pre-MWC briefing sessions to see if the customer buzz was there – and indeed it was.
Ericsson may have won the prize for the most crowded booth, while Huawei’s sprawling booth wins the most lavish and largest booth. The two company’s 5G messages could not have been more different.
The Big Two
For me, Huawei had invested heavily in making its hardware products very compelling for operators to install. Clearly, there had been a lot of research had gone into replacing existing infrastructure with massive performance upgrades and deployment friendly attributes e.g. size and weight of base stations that could be mounted by individuals rather than by cranes. The result of this strategy is that Huawei’s customers can quickly deploy 5G platforms with lower CapEx and OpEx thus creating significant incentives for operators to migrate to 5G networks.
Ericsson’s leading story was about migrating to 5G by highlighting its key enablers (i.e. carrier aggregation, LTE-NR spectrum sharing, and dual mode 5G cloud core). It appeared that Ericsson had moved its message off hardware (which, by the way, is still table stakes in any selection process and Ericsson had plenty of new 5G related offerings) and onto a strategy of smooth evolution and deployment at scale – a much more business leader discussion than a network, driven by software. Finally, both companies had strong messages around their AI capabilities to help their service providers make sense of the growing complexity of services that will be generated by the connected smart IoT devices.
The Importance of IT Software On 5G
IT and industrial companies played an increasingly important role at this year’s MWC as service providers and they became involved in deeper partnerships. 2019 was the year when the gaps for 5G between the network and IT services were being filled in. For example, I saw AR (augmented reality) solutions by PTC supported by Microsoft and being fed by data off a 5G network. This showed how industry, cloud and network service providers will accelerate new technologies.
In another example, Salesforce showed how Edge Computing events triggered Salesforce SaaS-based enterprise management services while being supported by AT&T’s 5G network and the modules being designed and tested at AT&T’s Foundry. Here, AT&T 5G network was being used as a high-value channel for Salesforce’s customers to run their business functions at the edge of the network.
Digital twins have shown up as a digital representation of a physical device or asset. However, this year, I saw a Wipro example of how 5G could drive digital twin concepts beyond physical assets and into the workflow, supply chain management, logistics and worker safety. Every ‘asset’ that was to be used in a factory floor was digitized into a digital twin and then a 5G network was used to monitor and manage every aspect of the factory. It seemed that Industry 4.0 had arrived in its full glory.
Finally, VMware continues to be the IT company that service providers will either love or dislike – I still don’t know which one it will be. VMware’s virtualization and cloud management capabilities have been extended right into 5G networks. For example, NFV (Network Function Virtualization) is critical to operators as they slice the 5G bandwidth into the appropriate services. VMware has its strategy correct when it says that it could virtualize the network just as it has with the cloud, but in doing so is making itself either a partner or a competitor of the operators for their 5G services revenues. 2018 was the year when VMware made a big splash at MWC, 2019 was the year when they showed that they have something to offer – will 2020 be the year when they take over the network software virtualization profit pools just as they did with the enterprise server virtualization market?
Crawl, Walk, Run
In conclusion, MWC 2019 was the year that the 5G gaps to make end-to-end infrastructure solutions where clearly being filled in. Service providers had stepped up their willingness to be part of the customer-centric ecosystem that is almost certainly being led by IT software companies. Telecom equipment vendors were offering technology solutions to speed up 5G deployments while making forward compatible solutions much easier. Finally, 5G-supported applications remain the last piece of the puzzle that MWC hasn’t addressed fully. As a result of the massively varied 5G use cases, there is still a look of curiosity on which industry will be the lead for 5G – will it be the auto industry with autonomous cars, will it be Industry 4.0 and the smart factory, or will it be smart cities with video surveillance. In addition, it is certain that IoT is still very much a necessary part of any 5G strategy just as AI outcomes continue to fuel IoT-based sensors in technologies such as the self-driving cars, AR, and digital twins. 2019 may have been the year that decided that it won’t matter whether the connected IoT device used licensed (NB-IoT) or unlicensed (LoRa) spectrum protocols as both will be seamlessly connected to a 5G network. IoT was not dead, it had simply grown up and was now integrated with more valuable solutions.
Cyber attacks happen without notice. While there are many cyber experts present to help and provide consultation to the organisations, knowing beforehand about the attacks and strengthening your cybersecurity will safeguard you against serious ramifications.
Let’s Understand – What is a Cyber Attack?
A cyber attack is a deliberate attempt by an individual or a community working together to tap into an existing or a newly discovered vulnerability in the system, network, firmware or software resulting in complete control or gaining information from the victim’s system. While measuring the ill-effects of a cyber attack, we can say that with access to critical data one can exploit sensitive information, identity and may cause serious damage to an organisation or personal identity. Sometimes, a cyber attack is also referred to as computer network exploitation (CNE) or a computer network attack (CNA).
The other common terms used in association with a cyber attack are threat, vulnerability, and risk. Often these terms are mingled together in our day-to-day usage, but they all mean something different. Let’s try to uncover the basic difference between a threat, a vulnerability, and a risk.
A threat can be explained as an activity to exploit a weakness in a system, to cause harm or reveal the underlying assets. It always involves a person responsible for performing threat actions to impact the system’s security known as a threat actor.
A vulnerability is an unknown system flaw or a known weakness that could potentially be exploited by a person also known as a hacker. In other words, it can be known or unknown issues within a system or its software that can be exploited by hackers.
Together, when a threat acts and exploits a vulnerability, this may result in the development of a situation known as a risk. A risk could lead to potential loss or damage to a business.
Understanding threats, vulnerabilities, risks and other components will help you to act against cyber attacks but this may raise another question on why someone would try to harm your business.
So Why do Cyber Attacks Happen?
The people behind a cyber attack could be hackers, a team or a dark web organisation who work with an ulterior motive to commit a digital crime or to gain access to one’s system through a cyber attack. Collectively we may refer to them as cyber criminals. Cyber criminals try to identify vulnerability to crackdown a system.Below are some of the common reasons why a cyber attack happens.
This is one of the most well-known types of cyber crime. The motive of cyber criminals here is to get easy access to money and the ways they make this happen is through frauds, demands, data breaches or direct attacks. What attackers try to steal are the business’ financial details or sensitive data/intellectual property, customer financial data or databases, staff or client credentials. By gaining access to these, the attackers get in a position to easily access a secured system and exploit it for their financial gains.
Hacktivism – Political or Social
Hacktivism is an activity involving anonymous organisations breaking into an organisation’s IT infrastructure for political or social reasons. Hacktivists mount cyber attacks to access information that can damage the intended target or perform activities to hurt or lower the reputation of certain bodies. Government and political bodies are often the targets of hacktivism.
Cyber world experts are sometimes challenged by the thrill of hacking or may develop a personality living in a virtual world pushing them to hack into a network with an intention of identifying system vulnerabilities. Generally, hackers are referred to as people with bad motives but hackers are not necessarily criminals as some of them help organisations to test systems, recognise backdoors, loopholes or vulnerabilities in a system which is termed as ‘white hat’ hacking. Knowing the vulnerabilities in the existing IT infrastructure and services may protect organisations from some serious future consequences.
Organised Cyber Crime
Digital technology has empowered individuals with some serious fire-power. IMs and chat technology have made it easy for individuals to form teams or an organisation to commit crimes on the web. Sometimes several groups form communities to commit a serious cyber crime – planned, coordinated and conducted together at a macro level.
Aiming to disrupt business, or the operations of critical infrastructure, can be undertaken just to demonstrate security weaknesses, the hacker’s general disapproval for the business, or even to cause extensive operational, financial and physical damage to their target.
The Vulnerabilities that a Business can Experience
Data breaches occur every minute and unknown threats and vulnerabilities always pose a risk for a business. To stay protected, it is always better to know and understand the types of threats or vulnerabilities that a business can experience rather than later raising questions on how the attackers got in.
Malware . A malware is a type of cyber attack where malicious software is installed on the victim’s systems through executable files usually without the user’s knowledge. Malware includes malicious software, including spyware, ransomware, viruses, and worms. After installation, a malware can keep track of the user’s activity or can trigger codes resulting into access to sensitive information, login details, credit cards or intellectual properties by the hacker.
Phishing. Phishing refers to spoofing or deceptive communications activities performed by the attackers that appear to originate from a credible source such as emails, messages, legitimate websites that are disguised. Through phishing, attackers try to fetch sensitive information, user details, credit card numbers or make fraudulent attempts.
Man-in-the-middle attack. These attacks happen with relaying or altering the communication channels. This can be communication between organisations and cloud server or over unsecured networks.
DoS/DDoS. A DoS/DDoS attack aims at flooding the target website with overwhelming traffic to exhaust resources and bandwidth of the system. These are not to bring down a website but to breach a security perimeter and smoke out the online systems. This can reduce a user base or may bring down the entire network.
SQL Injection. This is injecting a nefarious code or statements into SQL queries or a database server to extract information from the database or to take a data dump of the complete database.
Zero-day exploit. Zero-day is a software security flaw which is known to the software developers. Attackers try to exploit a vulnerability before a patch or solution is implemented to capture the system with known weaknesses.
Cross Site Scripting. XSS attacks occur when a web app sends malicious code in the form of a side script to another user thus bypassing access controls of the site to same as the origin.
Business Email compromise. This is an attack to spoof business emails and gain illegal access to company accounts and ids to defraud the company or its employees.
According to Woerndle, “Nowadays, most of the reported attacks appear to be email-focused either with the intention to encrypt the infected systems to demand payment of a ransom for the keys (i.e. ransomware), to steal credentials (subsequently used for further attacks on other systems and applications) or to steal information that can be sold for profit on the black markets. “
To minimise cyber attacks, businesses can put some counter-measures in place. It is a smart move to be prepared for serious circumstances and act reactively with security measures.
Secure assets. It is always considered a security best practice to keep your systems and infrastructure updated with latest security patches and updates which are released from vendors or manufacturers on a regular basis.
Conduct threat assessment. Vulnerabilities can arise within your own system or potentially from other sources which are not directly under your control, but they can be identified if you are aware. Perform regular due diligence of your system or network security.
Stay informed on threats. News articles, software companies, cyber security organisations often release information on threats and vulnerabilities that can help you stay informed and act against threats.
Formulate steps to avoid threats. Training and regular information to organisations and employees can prevent many attacks from happening. If your users or employees are aware and informed they can escape the threats. Keep strong passwords, encrypt sensitive information, safeguard accounts, use firewalls to prevent attacks.
Plan an incident response. Create plans and approaches to react against a cyber attack to manage and limit the damage. Always keep your systems backed up online/offline and prepare your IT team to deal with it. You may also take advice or may hire experts to strengthen your infrastructure security.
It is rightly believed that prevention is better than cure. Speaking on the subject, Alex Woerndle, conveys that “the fundamentals are always the most critical starting points – focus on your system and application hardening and patching processes, deploy and actively maintain endpoint protections (e.g. anti-virus), restrict the permissions users have on their devices and invest in regular training and awareness for all staff. Beyond that, ensure all systems are backed up regularly, and deploy (and encourage all users to apply in their everyday lives) multi-factor authentication wherever possible.”
Considering the recent information security breaches, governments around the world are actively forming committees and taking measures to fight against cyber attacks. The governments of various nations have published some guidelines and measures to prevent cyber attacks.
The NIST Cybersecurity Framework, US, provides a policy framework of computer security guidance for organisations to assess and improve their ability to prevent, detect, and respond to cyber-attacks. The framework has been translated into many languages and is used by various governments and organisations across the world.
The Australian Government (via Australian Signals Directorate – part of Defence) has published some very good guidelines – called the ‘Essential 8’ and ‘Strategies to Mitigate Cyber Security Incidents’. The Essential 8 are a very user-friendly guide for businesses and provide protection against 80% of the most common cyber attacks
The UK Government has also come out with very useful information to help organisations.
Recently, Singapore opened a new cybersecurity school and the Ministry of Defence (MINDEF), is planning to hire security experts for their cyber defense strategy.
Cybersecurity is a challenging area and is a very broad discipline that requires skills across technology, forensics, business management, risk and compliance, education, communication, technical support, and others.
Negligence can impair reputation and lead to commercial losses but by understanding the security aspects, one can become aware of the potential threat and be in a better position to counteract it, or even preempt it.
This is just a glimpse to give you some insights into areas of cybersecurity and what goes under the surface. For specific details, you may get in touch with us or speak with a cybersecurity expert.