Zoom selects Oracle as Cloud Infrastructure Provider

5/5 (6)

5/5 (6)

The COVID-19 crisis has forced countries to implement work from home policies and lockdowns. Since the crisis hit, uptake of cloud communication and collaboration solutions have seen a dramatic increase. Video conferencing provider, Zoom has emerged as a key player in the market, with a rapid increase in user base from 10 million daily active participants in December 2019 to 200 million in March 2020 – a growth in the number of users of nearly 200%!

Security Concerns around Zoom

The rapid increase in user base and the surge in traffic has required Zoom to re-evaluate its offerings and capacity. The platform was primarily built for enterprises and now is seeing unprecedented usage in conducting team meetings, webinars, virtual conferences, e-learning, and social events.

The one area where they were impacted most is security. In his report, Cybersecurity Considerations in the COVID-19 Era, Ecosystm Principal Advisor Andrew Milroy says, “The extraordinary growth of Zoom has made it a target for attackers. It has had to work remarkably hard to plug the security gaps, identified by numerous breaches. Many security vulnerabilities have been discovered with Zoom such as, a vulnerability to UNC path injection in the client chat feature, which allows hackers to steal Windows credentials, keeping decryption keys in the cloud which can potentially be accessed by hackers and the ability for trolls to ‘Zoombomb’ open and unprotected meetings.”

“Zoom largely responded to these disclosures quickly and transparently, and it has already patched many of the weaknesses highlighted by the security community. But it continues to receive rigorous stress testing by hackers, exposing more vulnerabilities.”

However, Milroy does not think that this issue is unique to Zoom. “Collaboration platforms tend to tread a fine line between performance and security. Too much security can cause performance and usability to be impacted negatively. Too little security, as we have seen, allows hackers to find vulnerabilities. If data privacy is critical for a meeting, then perhaps collaboration platforms should not be used, or organisations should not share critical information on them.”

Zoom to increase Capacity and Scalability

Zoom is aware that it has to increase its service capacity and scalability of its offerings, if it has to successfully leverage its current market presence, beyond the COVID-19 crisis. Last week Zoom announced that that it had selected Oracle as its cloud Infrastructure provider. One of the reasons cited for the choice is Oracle’s “industry-leading security”. It has been reported that Zoom is transferring more than 7 PB of data through Oracle Cloud Infrastructure servers daily.

In addition to growing their data centres, Zoom has been using AWS and Microsoft Azure as its hosting providers. Milroy says, “It makes sense for Zoom to use another supplier rather than putting ‘all its eggs in one or two baskets’. Zoom has not shared the commercial details, but it is likely that Oracle has offered more predictable pricing. Also, the security offered by the Oracle Cloud Infrastructure deal is likely to have impacted the choice and it is likely that Oracle has also priced its security features very competitively.”

“It must also be borne in mind that Google, Microsoft and Amazon are all competing directly with Zoom. They all offer video collaboration platforms and like Zoom, are seeing huge growth in demand. Zoom may not wish to contribute to the growth of its competitors any more than it needs to.”

Milroy sees another benefit to using Oracle. “Oracle is known to have a presence in the government sector – especially in the US. Working with Oracle might make it easier for Zoom to win large government contracts, to consolidate its market presence.”

0
Mobile for the Contactless Economy: Transcending Process Disruption

5/5 (2)

5/5 (2)

The next phase of a post-COVID world will be one of reduced physical contact, tighter regulations, and new habits and hygiene practices. This will translate into significant process changes which will be deeply enabled by mobile technology. All mobile form factors will be more integrated into how we interact.  Interactional changes will be found in our homes, offices, public spaces and services.

In this blog post I address two fundamental questions as a technologist on the underpinnings of this shift:

  • How can enterprises find ways of rebuilding and cementing trusted relationships using mobile technology?
  • How does our infrastructural foundations support mobile technology for contactless transactions? (privacy, two-factor authentication, data quality and so on)

Situational shift to mobile

Given the rapid shifts in the last six months in how we can interact with each other, enterprises will have to be agile and flexible in process design going forward to optimize opportunities for customer engagements.

We will continue to have further disruptions on how we live and work in the next 12 to 18 months and potentially beyond. Some of the shifts towards mobile have been expected for a while, yet this crisis has pushed the timeline ahead as to how we engage.

Use cases in the “new normal”

Here are some use case examples in this next phase of business where mobile enables the transaction between consumer and environment:

Education. The reskilling and training certification that will be necessary to address unemployment, will be on Mobile First. Because of bandwidth, learner attention span, and form factor, there will be retooling of educational programs to be bite-sized and more media oriented.

Retail. Retail and delivery businesses shifting to remote first, with drop-off points that use mobile for contactless signatory and payment.

Healthcare. Telemedicine primarily by mobile devices (phone, laptop, phablet). Personal medical data sharing over mobile will require enhanced data encryption and two-factor authentication, which needs addressing via encryption and authentication.

Entrepreneurship. More side hustles that are mobile-based and mobile administered. Any authorization and transaction-oriented activities will be driven by mobile.

Government. Requests for document renewal or identity authentication for approval or submission of materials, with one-touch request.

Supply chain. Visibility and tracking of inbound and outbound materials.  One-click reordering, and contactless payment verification.

Workplace. Contactless engagement with mobile as authentication of actions (coffee machine payment, copier usage, keyless office, meeting room allocation).

Facilities management. Hygiene controls with personnel health detail tracking (who cleans what room when).  Deep cleaning management tools for audit trails, liability.

Role of mobile in creating engagement

Building trust

As we filter through the level of rubbish coming at us via social media, websites and our email, most of us are looking for a trusted information source. Our mobile is our window to the world, and many are applying appropriate filtration to make that world a bit more manageable.

The reason that people did previously download an app was partly based on what information had to be handed over in terms of permissions. The app builder needs to build a trusted relationship on benefit, not on what can be leveraged from the consumer.

To build that trust and create a closer engagement – albeit driven by situational need vs. consumer want – app developers need to consider these consumer needs:

  • Level of trust in quality of information provided (e.g. weather info vs something more critical)
  • Trust in app data usage and functionality (does it work?)
  • Privacy of data being used and being held (statements and auditability)
  • Location of data (on whose device: client or server)
  • Speed and reaction time (Is there edge computing or the use of IoT to help push mobile information quickly?)
  • Loss of data or loss of device and the impact on app access (More than lost passwords, lost processes and lost data)

Technological foundations for mobile usage

Network and bandwidth

We have all experienced bandwidth issues in the last few months, either sharing bandwidth with loved ones in lockdown to peak periods of video conferencing activity across geographic regions. Entertainment content providers such as Netflix and Disney+ were asked to lower the quality of the data streaming.

But then what online activity will take priority? Will we start to see pricing differentials for guarantees of availability? What about subscription models with platinum, gold and silver memberships (as in frequent flyer programmes) as to the network bandwidth you or your activity is allocated? Will things be done over VPN not only for privacy but for priority? I also see VPN as a possible solution towards issues like Zoom bombing and other intrusions to daily business operations.

We come to the role of a pandemic in 5G investment, which is similar to the role of investment in R&D during an economic downturn. Clearly, the world needs better bandwidth with more agility and future-proofed for functionality. You cannot drive a fast car on a bumpy road with potholes.

But for countries losing thousands of citizens to a virus with critical infrastructure at risk, where is the priority of a better telecom infrastructure? My colleague Shamir Amanullah wrote a report prior to the pandemic about the Race for 5G in Southeast Asia which is a good barometer for other regions. There is a good CNBC article from Todd Wassermann on the US situation, and a rather excellent survey on consumer sentiment on 5G from February 2020 by Politico.

Role of data quality and its security

Going back to my previous statement about rubbish and social media, the validation and quality of data exchange is part of the value proposition of using mobile technology.

What aspects of our current IT infrastructure create that ‘data value add’?

IoT and Edge Computing. Most of us are not going to be comfortable in crowds going forward. If I can reserve a space, or I can use a sensor to see how full an environment currently is, it will impact my decision to go somewhere. The faster that real-time information is processed and available, the better the outcome.

Blockchain technology is functioning enough to address the challenge of how to secure the data and prevent malicious cyber-attacks. This includes medical data hacking, supply chain theft, and other data-oriented safety issues on hygiene and product providence that we are experiencing now.

Final thoughts

At Ecosystm, we highlight how and where enterprises plan to invest and adopt technology while adding insights and expertise on to the use cases and trends. We are also able to reflect upon the agility of the same enterprises to make that technology investment count towards the next phase of their business model. In a post-COVID situation we see inventive ways enterprises are using technology. This is not only for societal benefit, but to make a difference in the marketplace. And mobile plays a key role in this next phase of engagements.

2
Enabling Digital Transformation: Cybersecurity

No ratings yet.

No ratings yet.

What used to be commonly known by names such as computer security or IT security is now most commonly referred to as cybersecurity. The techniques of securing computers, applications, networks, programs and data have evolved and so has the terminology. The change in the jargon reflects the progression from discrete to interconnected devices and networks. It is only when the computers and devices became connected with each other – and with the Internet – that the issues and attempts of unauthorised access became prominent.
Simply put, cybersecurity is the protection of computer systems from cyber-attacks. This is made possible with multiple layers of security across the system,  individual devices, enterprises and even nations against unauthorised access and exploitation.

 

Cybersecurity is a constant battle

Preventing cyberattacks is a challenging task for security professionals and to accomplish that, cybersecurity experts should stay ahead of cyber attackers and cybercriminals. A range of effective methods and technologies have been devised to strengthen cybersecurity. One important aspect of cybersecurity is identity and access management (IDAM). IDAM allows various defined levels of access on the basis of individual roles, administrator levels and even at a system level. The common IDAM methods include single sign-on systems, multi-factor authentication, privileged access management (PAM), biometrics, voice or facial recognition, and other distinctive physical attributes to verify and identify individuals. IDAM procedures are being implemented at all levels of businesses, enterprises and even for national-level security with the growth of eGovernment systems.

Another common security measure is Security Information and Event Management (SIEM) software and services. The term combines security information management (SIM) and security event management (SEM) and is provided by vendors as software or appliance. SIEM works by collecting log data and delivering real-time insights and generates security alerts using a range of techniques. SIEM is used by enterprises where compliance to a set, or sets, of rules is a strong factor. In addition, it also prevents interferences from individual attackers, organised crime groups, or other actors.

SIEM systems comprise three major components:

  • Data collection. SIEM system collects logs and data from system activity, access, firewalls, application monitors, operating system layers and network traffic and generates an event every time activity happens.
  • Data analysis. The SIEM system is tasked with correlating and analysing data in a format. The analysis is performed in various ways: log management and retention, event correlation, user activity monitoring, and predictive and forensic analysis.
  • Another major step is reporting in the form of real-time alerts, dashboards, email and SMS notifications of events, analytical reporting, auditing and governance, and compliance.

The global Ecosystm Cybersecurity Study covers various cybersecurity solutions such as Crisis Communication solutions; Security Operations & Incident Response, IDAM and more. The study shows that organisations are primarily focusing more on Application, Data and Network level security, whereas, the other cybersecurity fields such as Crisis communication, Fraud transaction, IDAM, Threat Analysis and Reporting are looked down.

Adoption-of-Cybersecurity-Solutions

National Cybersecurity and Safety

Countries across the globe are accelerating their cybersecurity efforts to address risks, enhance public safety, protect communications, safeguard mission-critical applications and prevent threats. Cybersecurity is important to governments, where it is increasingly seen as an area of international conflict. Most countries have now setup their dedicated national cybersecurity centres, drawing on the capabilities of private industry, government and academic specialists in the area.

As cybersecurity threats have proliferated and computer technology has advanced, government data security compliance has become increasingly complex. The governments of various nations have set up compliances with a wave of new privacy regulations.

 

Security is an ongoing and constant effort which should be adopted at an individual, business, organisation, enterprise and national level. To strengthen cybersecurity there are many excellent solutions, a range of comprehensive suites and products. However, malicious parties and criminals are constantly employing new techniques and technologies. It is a new arms race, and there is no one size fits all solution.

1
The top 5 Cybersecurity trends for 2020

5/5 (1)

5/5 (1)

Cybersecurity will remain an important topic of discussion on the world forum. 2020 is predicted to see an increasing number of state-sponsored cyber-attacks especially on utilities and public infrastructure. In addition, the number of AI based devices will increase which will receive specific attention from regulators for data and cybersecurity. Finally, there will be opportunities for mergers and acquisitions and investments in established cybersecurity providers to remain innovative and growing.

Here are the Top 5 Cybersecurity Trends for 2020, that we believe, will impact both businesses and consumers in 2020.

 

The Top 5 Cybersecurity Trends for 2020

The Top 5 Cybersecurity Trends for 2020 are drawn from the findings of the global Ecosystm Cybersecurity Study and is also based on qualitative research by Ecosystm Principal Advisors Alex WoerndleCarl Woerndle and Claus Mortensen.

 

  1. API Vulnerabilities will Become a Main Hacker Target

APIs grant access and provide transparency for developers – providing access and insights from both internal and external data. But they are inherently insecure. We have already seen several high-profile API breaches and announced API bugs. For example, in October 2018, Google had to shut down Google+ after an API bug exposed details for over 500,000 users.

We believe the problem will get significantly worse in 2020, with API attacks quickly becoming one of – if not the most – frequent target for hackers.

 

  1. Operational Technology Security will Continue to Lag in 2020

Operational Technology (OT) refers to the hardware and software used to monitor and manage how devices that run on an organisation’s infrastructure perform. These devices have become smarter, remotely accessible and increasingly connected to networks. However, they were never designed with this in mind.

With organisations continuing to focus on data breaches – the investment in OT security will continue to lag. This will create a ‘security debt’ over coming years for those that do not invest in preventative controls now.

 

  1. AI Training will Receive Attention from Regulators and the Public as a Possible Infringement of Privacy

News that Amazon’s Alexa was eavesdropping on its users, and that Apple’s Siri and Google’s Assistant, also kept recordings to help train their AI raised many concerns about how data to train AI is collected and stored. Apart from the initial consternation in the press and on social media, nothing much seems to have happened from a regulatory perspective.

2020 will be the year when AI training relying on consumer data will start to become regulated.

 

  1. Major GDPR Fines in 2020 will Force MNCs to Invest in Security Compliance

GDPR came into effect in May 2018, but we still have not seen huge amounts of fines being issued in the EU. Only two fines were issued in 2018, while at least 17 were known to be issued in the first half of 2019, totalling about EUR 52 million. In the third quarter of 2019, at least 12 fines were issued totalling about EUR 328 million.

The trend is clear: Expect to see a magnitude of companies across EU be penalised in 2020. We also expect several fines above EUR 100 million and GDPR impacting countries outside the EU.

 

  1. Mergers & Acquisitions will Ratchet up Significantly in 2020

The fragmented global security market consists of thousands of vendors and consultancies. Every day a swathe of new start-ups announces their ground-breaking new technology. Coupled with significant investments in tertiary education and industry certifications for a growing workforce, the next generation of cybersecurity entrepreneurs are entering with force.

We believe that this creates both threats and opportunities for established cybersecurity providers that need to remain innovative and growing. Similarly, this presents smaller or more niche cybersecurity start-ups with an avenue for funding or acquisition.

 

Ecosystm in partnership with SGInnovate, the government-backed organisation that promotes Deep Tech in Singapore, released a series of four reports covering areas of mutual interest: Cybersecurity, Artificial Intelligence, Cities of the Future and Healthtech. ‘Ecosystm Predicts: The Top 5 Cybersecurity Trends for 2020’ report is a part of this collaboration and is available for download from Ecosystm and SGInnovate websites.

 


Download Report: The top 5 Cybersecurity trends for 2020

The full findings and implications of the report ‘Ecosystm Predicts: The Top 5 Cybersecurity Trends for 2020’ are available for download from the Ecosystm platform. Signup for Free to download the report and gain insight into ‘the top 5 Cybersecurity trends for 2020’, implications for tech buyers, implications for tech vendors, insights, and more resources. Download Link Below ?


Get your Free Copy


2
Ecosystm Snapshot: AT&T Joins Global Telco Security Alliance

5/5 (3)

5/5 (3)

AT&T became the first North American operator to join the ranks of the Global Telco Security Alliance formed by Singtel, Etisalat, Softbank, and Telefónica. The alliance which was formed last year in April 2018 in a pact to amalgamate the capabilities of telecommunications operators on security aspects and fight collectively against cyber attacks.

AT&T joined as an equal member with other founding members of the group. Over the past few years, AT&T has been building its cybersecurity capabilities and  has recently acquired AlienVault– a commercial and open source developer – to offer a platform that integrates and automates point security products to manage cyber attacks. AlienVault has been rebranded as AT&T Cybersecurity, and includes consulting and managed security services. Similarly, at the end of 2018, Singtel revealed the brand ‘Trustwave’ that combines the capabilities of partners such as Optus and NCS, to provide a comprehensive security suite and services to help organisations fight cybercrime.

With the rising risks of cyber-attacks, these initiatives are providing a synergistic front and helping organisations to analyse and act faster against cyber threats. The alliance plans to expand its global footprint and span across APAC, Europe, MEA and America.

Speaking about the alliance, Alex Woerndle, Principal Analyst Cybersecurity, Ecosystm says that, “Similar collaborations exists within other industries already – most commonly they use regular information-sharing sessions with the collective security teams to discuss what each is experiencing, what strategies and tactics have worked or failed, and provide details on the type and nature of attacks. The telcos – at a minimum – should be collaborating at that level. But given the global nature of this alliance, they will need to consider how they can aggregate threat information and share it in a more agile way on a day to day, hour to hour and minute to minute basis.”

The alliance accounts for a significant percentage of the overall traffic and is a tangible example of companies taking steps to fight cyber attacks. “As the threat landscape continues to expand there is an opportunity to broaden the intelligence – sharing what they collectively gather and analyse, to strengthen the defences of the broader market not just in their local geographies,  and to impact globally”, says Woerndle. “Think of the immense opportunities to share intelligence gathered collectively by all the major telcos, to proactively prevent attacks on their clients – from other enterprises down to small/medium businesses and consumers.  Law enforcement could benefit from the global telco collaboration, also”

2
Things you need to know about Cyber Attacks, Threats & Risks

4.5/5 (2)

4.5/5 (2)

The cyber world is ever growing and in this vast world, no business is 100% safe & insured against cyber attacks. With so many threats out there incurred every minute, it is hard to detect each one and prevent them all. In this world of disruptive technology if organisations want to remain competitive, keeping their IT infrastructure security up-to-date is a must.

The Government, cybersecurity experts & other groups are taking various initiatives to spread awareness on cyber attacks but despite these attempts, organisations fail to take their cybersecurity seriously, we may say this is due to lack of awareness, increase in expense or companies simply not wanting to take the pains to prevent breaches.

“When things are going well, it is hard to sell the message of security to stakeholders and get support from across the business. When things are not going so well (e.g. you’ve had a breach), it means high pressure and a lot of focus on your performance” says Alex Woerndle, Principal Analyst Cybersecurity, Ecosystm.

Cyber attacks happen without notice. While there are many cyber experts present to help and provide consultation to the organisations, knowing beforehand about the attacks and strengthening your cybersecurity will safeguard you against serious ramifications.

 

Let’s Understand – What is a Cyber Attack?

A cyber attack is a deliberate attempt by an individual or a community working together to tap into an existing or a newly discovered vulnerability in the system, network, firmware or software resulting in complete control or gaining information from the victim’s system. While measuring the ill-effects of a cyber attack, we can say that with access to critical data one can exploit sensitive information, identity and may cause serious damage to an organisation or personal identity. Sometimes, a cyber attack is also referred to as computer network exploitation (CNE) or a computer network attack (CNA).

The other common terms used in association with a cyber attack are threat, vulnerability, and risk. Often these terms are mingled together in our day-to-day usage, but they all mean something different. Let’s try to uncover the basic difference between a threat, a vulnerability, and a risk.

A threat can be explained as an activity to exploit a weakness in a system, to cause harm or reveal the underlying assets. It always involves a person responsible for performing threat actions to impact the system’s security known as a threat actor.

A vulnerability is an unknown system flaw or a known weakness that could potentially be exploited by a person also known as a hacker. In other words, it can be known or unknown issues within a system or its software that can be exploited by hackers.

Together, when a threat acts and exploits a vulnerability, this may result in the development of a situation known as a risk. A risk could lead to potential loss or damage to a business.

Understanding threats, vulnerabilities, risks and other components will help you to act against cyber attacks but this may raise another question on why someone would try to harm your business.

 

So Why do Cyber Attacks Happen?

The people behind a cyber attack could be hackers, a team or a dark web organisation who work with an ulterior motive to commit a digital crime or to gain access to one’s system through a cyber attack. Collectively we may refer to them as cyber criminals. Cyber criminals try to identify vulnerability to crackdown a system.Below are some of the common reasons why a cyber attack happens.

Financial Gain 
This is one of the most well-known types of cyber crime. The motive of cyber criminals here is to get easy access to money and the ways they make this happen is through frauds, demands, data breaches or direct attacks. What attackers try to steal are the business’ financial details or sensitive data/intellectual property, customer financial data or databases, staff or client credentials. By gaining access to these, the attackers get in a position to easily access a secured system and exploit it for their financial gains.

Hacktivism – Political or Social 
Hacktivism is an activity involving anonymous organisations breaking into an organisation’s IT infrastructure for political or social reasons. Hacktivists mount cyber attacks to access information that can damage the intended target or perform activities to hurt or lower the reputation of certain bodies. Government and political bodies are often the targets of hacktivism.

Intellectual Challenge
Cyber world experts are sometimes challenged by the thrill of hacking or may develop a personality living in a virtual world pushing them to hack into a network with an intention of identifying system vulnerabilities. Generally, hackers are referred to as people with bad motives but hackers are not necessarily criminals as some of them help organisations to test systems, recognise backdoors, loopholes or vulnerabilities in a system which is termed as ‘white hat’ hacking. Knowing the vulnerabilities in the existing IT infrastructure and services may protect organisations from some serious future consequences.

Espionage
Stealing classified information, sensitive data or intellectual property from a government entity or a competitive organisation is a common form of espionage attack. The examples of an espionage attack could be stealing trade and military secrets or technologies or potential system flaws which may pose an influential threat to a nation.

Organised Cyber Crime
Digital technology has empowered individuals with some serious fire-power. IMs and chat technology have made it easy for individuals to form teams or an organisation to commit crimes on the web. Sometimes several groups form communities to commit a serious cyber crime – planned, coordinated and conducted together at a macro level.

Disruption
Aiming to disrupt business, or the operations of critical infrastructure, can be undertaken just to demonstrate security weaknesses, the hacker’s general disapproval for the business, or even to cause extensive operational, financial and physical damage to their target.

 

The Vulnerabilities that a Business can Experience

Data breaches occur every minute and unknown threats and vulnerabilities always pose a risk for a business. To stay protected, it is always better to know and understand the types of threats or vulnerabilities that a business can experience rather than later raising questions on how the attackers got in.

Types-of-cyber-attacks

 

  • Malware . A malware is a type of cyber attack where malicious software is installed on the victim’s systems through executable files usually without the user’s knowledge. Malware includes malicious software, including spyware, ransomware, viruses, and worms. After installation, a malware can keep track of the user’s activity or can trigger codes resulting into access to sensitive information, login details, credit cards or intellectual properties by the hacker.
  • Phishing. Phishing refers to spoofing or deceptive communications activities performed by the attackers that appear to originate from a credible source such as emails, messages, legitimate websites that are disguised. Through phishing, attackers try to fetch sensitive information, user details, credit card numbers or make fraudulent attempts.
  • Man-in-the-middle attack. These attacks happen with relaying or altering the communication channels. This can be communication between organisations and cloud server or over unsecured networks.
  • DoS/DDoS. A DoS/DDoS attack aims at flooding the target website with overwhelming traffic to exhaust resources and bandwidth of the system. These are not to bring down a website but to breach a security perimeter and smoke out the online systems. This can reduce a user base or may bring down the entire network.
  • SQL Injection. This is injecting a nefarious code or statements into SQL queries or a database server to extract information from the database or to take a data dump of the complete database.
  • Zero-day exploit. Zero-day is a software security flaw which is known to the software developers. Attackers try to exploit a vulnerability before a patch or solution is implemented to capture the system with known weaknesses.
  • Cross Site Scripting. XSS attacks occur when a web app sends malicious code in the form of a side script to another user thus bypassing access controls of the site to same as the origin.
  • Business Email compromise. This is an attack to spoof business emails and gain illegal access to company accounts and ids to defraud the company or its employees.

According to Woerndle, “Nowadays, most of the reported attacks appear to be email-focused either with the intention to encrypt the infected systems to demand payment of a ransom for the keys (i.e. ransomware), to steal credentials (subsequently used for further attacks on other systems and applications) or to steal information that can be sold for profit on the black markets. “

 

Some of the World’s Largest Data Breaches

Cyber attacks have become a repeated theme every year and we hear quite often about the data breaches. Here’s a visualisation of some of the world’s largest data breaches that have occurred in the past few years.

 

World's Largest Data-Breaches

Source: Informationisbeautiful-worlds biggest data breaches hacks

 

How to Prevent Cyber Attacks?

To minimise cyber attacks, businesses can put some counter-measures in place. It is a smart move to be prepared for serious circumstances and act reactively with security measures.

Secure assets. It is always considered a security best practice to keep your systems and infrastructure updated with latest security patches and updates which are released from vendors or manufacturers on a regular basis.

Conduct threat assessment. Vulnerabilities can arise within your own system or potentially from other sources which are not directly under your control, but they can be identified if you are aware. Perform regular due diligence of your system or network security.

Stay informed on threats. News articles, software companies, cyber security organisations often release information on threats and vulnerabilities that can help you stay informed and act against threats.

Formulate steps to avoid threats. Training and regular information to organisations and employees can prevent many attacks from happening. If your users or employees are aware and informed they can escape the threats. Keep strong passwords, encrypt sensitive information, safeguard accounts, use firewalls to prevent attacks.

Plan an incident response. Create plans and approaches to react against a cyber attack to manage and limit the damage. Always keep your systems backed up online/offline and prepare your IT team to deal with it. You may also take advice or may hire experts to strengthen your infrastructure security.

It is rightly believed that prevention is better than cure. Speaking on the subject, Alex Woerndle, conveys that “the fundamentals are always the most critical starting points – focus on your system and application hardening and patching processes, deploy and actively maintain endpoint protections (e.g. anti-virus), restrict the permissions users have on their devices and invest in regular training and awareness for all staff. Beyond that, ensure all systems are backed up regularly, and deploy (and encourage all users to apply in their everyday lives) multi-factor authentication wherever possible.”

Considering the recent information security breaches, governments around the world are actively forming committees and taking measures to fight against cyber attacks. The governments of various nations have published some guidelines and measures to prevent cyber attacks.

The NIST Cybersecurity Framework, US, provides a policy framework of computer security guidance for organisations to assess and improve their ability to prevent, detect, and respond to cyber-attacks. The framework has been translated into many languages and is used by various governments and organisations across the world.

The Australian Government (via Australian Signals Directorate – part of Defence) has published some very good guidelines – called the ‘Essential 8’ and ‘Strategies to Mitigate Cyber Security Incidents’. The Essential 8 are a very user-friendly guide for businesses and provide protection against 80% of the most common cyber attacks

The UK Government has also come out with very useful information to help organisations.

Recently, Singapore opened a new cybersecurity school and the Ministry of Defence (MINDEF), is planning to hire security experts for their cyber defense strategy.

Cybersecurity is a challenging area and is a very broad discipline that requires skills across technology, forensics, business management, risk and compliance, education, communication, technical support, and others.
Negligence can impair reputation and lead to commercial losses but by understanding the security aspects, one can become aware of the potential threat and be in a better position to counteract it, or even preempt it.

This is just a glimpse to give you some insights into areas of cybersecurity and what goes under the surface. For specific details, you may get in touch with us or speak with a cybersecurity expert.

2
It’s Time For End User Computing To Take Centre Stage

5/5 (1)

5/5 (1)

For most companies, End-User Computing (EUC) is considered an expense to the business. EUC strategies are typically exercises in cutting costs – with often not much more than lip service given to the needs of employees (or employee personas). I know – I help companies write these strategies, and the costing component is always the piece that gets the strategy over the line.

But the winds are changing. Employee Experience (EX) is taking off as a serious business initiative. For example:

  • Edmunds.com wrapped the traditional Facilities and Human Resources functions into a combined WEE Team which represents Workplace and Employment Experience. They engaged in a campaign to rid the company of the term “Human Resources”
  • Airbnb has a dedicated team to “drive the company’s health and happiness”
  • Nitro has “turned old-school HR on its head and instead created Employee Experience (EX)

In our upcoming CX research, the early data is showing that EX is the number two initiative for businesses across the globe in 2019. And for information workers, the technology that sits in front of them is a HUGE component of their experience – and their ability to get and stay productive.

Productivity Should Be The Focus Of Our EUC Strategies

Smart businesses understand that. They allow employees to choose (or bring) the devices that they need to remain productive. While desktop PCs might not be making a comeback, they are increasingly being adopted as an alternative to the “laptop as one device” strategy that many businesses embrace. Sometimes a powerful computer with a big screen (or multiple screens) is what people need to get the job done. Other times a small form factor desktop is perfect. Employees may need tablets or smartphones. And other times they need regular laptops, convertibles, or 4G connected laptops. Smart businesses also focus on seamless security – knowing that security is a key enabler of productivity. We are seeing that “The best, most secure device for the job” is taking off as a EUC hardware strategy in businesses that are striving to build a productive and enjoyable employee experience. This helps them to keep employees productive and will help them attract and retain the best talent.

And EUC goes beyond the device to the entire user experience

Collaboration initiatives often disappoint. Limited adoption, and limited interoperability between applications limits effectiveness. There is often a disconnection between the collaboration system and how it helps employees hit their goals. Microsoft is currently rebooting its collaboration strategy – and has created a more modern system that more closely mimics the processes of a typical information worker (Teams).  Slack is also taking the world by storm – as it is a collaboration tool that helps people the way they work today – it doesn’t require any training.

IT Operations

IT Operations professionals need to take a fresh look at EUC – but this time within the context of the other initiatives in your business. Do you already have a team focusing on EX? Are there initiatives you can help with – or piggyback on? There is real academic research proving the link between happiness and productivity – or the “state of flow”.  IT holds the key to productivity – and therefore happiness – for information workers in particular – it’s time to step up and put employee experience and productivity – not costs – at the centre of our IT end-user computing strategies.

2