Author Archives: Steve Prentice

Cyber Security: An Ounce of Prevention

Cyber Security: An Ounce of Prevention

Cyber Security Awareness

A new breed of technologies now exists that takes snooping to a completely new level. Launched from ads broadcast on TV, or appearing inside or alongside a web page on your computer, they send out an inaudible signal – inaudible to humans, that is – but very clear and understandable by the devices that surround you. This technology, which goes by several names and is manufactured by more than one company, seeks to solve a marketer’s key conundrum: just how do consumers react to advertisements, and how can this be fine-tuned? The signal essentially gets all the smart devices owned by the average person – smartphone, PC, tablet and intelligent car key fob – to share information about what their human owners do: where they go, what they buy and what they research online. The software behind this technology consolidates information from all of these devices (vastly improving a sponsor’s knowledge of consumer behavior), which can then be used to design and deploy a more efficient type of advertising.

Most people are not aware of the existence of this technology, but those who hear about it generally react negatively, considering this to be a significant invasion of privacy. They did not know it existed. Why? Because they did not have the time to find out.

Individual Consumer Focus

Although this specific snooping technology takes aim at individual consumers rather than a specific company or enterprise, it carries with it a sobering reality for both worlds. There are people out there who will do anything to get at what you have, whether it is to learn about you, steal from you, sabotage you or all three. Their quest is relentless, and the people behind this are extremely creative.

consumer-focus

(Image Source: Shutterstock)

So this is the challenge for every person involved in cyber security (the professionals, but also the average people): keeping up with relentless innovation from those trying to get in. It’s easy to blame the bad guys, since they do what bad guys do. But there is much that people can do to mount a strong defense, and a great deal of this has to do with time.

People have allowed themselves to become too busy. They fill their calendars 100 percent with tasks, leaving no time for reflection, planning and learning. In the case of the snooping technology, more people could have learned about it sooner if they had more time in their day for ongoing learning and reflection.

Lack Of Time Is Detrimental To Security Health

Many security analysts will point to the fact that there needs to be a parallel system within the world of cyber security that focuses on time rather than technology, since it is time – or more precisely, the lack of it – that is responsible for a great deal of the damage. For example:

Most security professionals spend their time fighting fires, answering requests and checking existing system integrity. They spend their entire day dealing with the here-and-now.

Most working people who are not cyber security specialists also suffer from time deficit. They are overloaded with tasks, email, crises and meetings. They don’t have the time to devise sophisticated passwords; they prefer to use cloud-based technologies for calendaring, directions and file storage; and they’re trying to get through an overloaded day as best they can.

cloud-security-health

Both of these groups of people can take a great leap forward in the battle against cybercrime by being more aware of the strategic value of time.

Anticipating Future Events

Security specialists, for example, need to be able to carve out a block of undisturbed time every day to be used for planning, anticipation of future events, continuing the learning process and being able to find out more about the things they don’t know enough about. Permission for this time allocation must come from their own time-management skills, but it must be reinforced and endorsed by company management and co-workers. This is time invested, not wasted.

Similarly, end users and company employees also need to be allowed to allot a certain amount of their time toward proactive security-related habits. Far fewer people will be fooled by phishing scams if they are mentally calm enough to not panic when reading them. These same people will be better able to devise and regularly update their passwords, use two-factor authentication or seek out secure methods for communicating, instead of relying on insecure Wi-Fi, including their own systems at home.

When contemplating cyber security, most people immediately think of software as both the cause of, and the solution to, the problem. But human beings have a great role to play as well. Simple allotments of time in the busy workday will pay off through the delivery of skills, habits and mindsets that make it much harder for cyber criminals to penetrate.

For more on this topic, go to businessvalueexchange.com, sponsored by HP Enterprise Services.

By Steve Prentice

The Rise of The As-a-Service Industry

The Rise of The As-a-Service Industry

No Longer Doing It by the Book: The Rise of the As-a-Service Industry

In mid-2015, a world leader in online book sales announced a ground-breaking approach to royalty payments to authors whose books were listed on their e-book lending service. In essence, the company announced that they would be paid by each page that had been read, rather than simply a flat fee for the download of the book. This innovation was met with much despair by writers and the media, who immediately saw it as a new form of either censorship or exploitation, given that readers need no longer complete their emotional and financial investment in a book, but simply pay a pro-rated fee for whatever progress they made. One journalist suggested, tongue-in-cheek, that perhaps the same principle be offered in restaurants, in which patrons would have to pay only for the portion of a meal that they consumed.

writers-frusterated

(Image Source: Shutterstock)

It must be emphasized that this pay-per-page development applied only to the extensive subscription-based lending library, and not to books that were purchased and downloaded the traditional way. However, it is indicative of a trend in almost all industries, in which products are giving way to an “as-a-service” economy. The fact that this transformation is now happening to a centuries-old industry (book publishing) proves that no one is safe from change, and it delivers some significant strategic lessons for companies everywhere.

The book publishing industry represents one powerful middle layer between creator and consumer. As with the movie and music industries, publishers have essentially dictated how creative material is to be distributed—and how its creators are to be paid. Ironically, although this pay-per-page initiative seems, at first glance, to penalize authors, many of those who analyse their potential revenue based on the formula envision little to no loss, and perhaps even a financial gain—a step forward from the meagre royalty structure that most authors currently face.

Overnight Pop-up Trends

As such, traditional publishers stand as a symbol for distributors of all other types of goods. It is important to recognize that in this changing economy, new things are happening: long-term patterns and predictions are giving way to overnight pop-up trends; manufacturers are discovering they are free to sell direct to consumer (D2C), cutting out the middleman completely; consumers are becoming increasingly aware of their power through comparison-shopping, online research and reviews – they have greater sway over the marketplace than ever before. So, in the same way that books are now at the whim of a reader’s attention, so too are products of all types, and those who sell them—all along the chain—must pay attention. The term “disruptive” is often used to describe innovative products and technologies that have caught on to this new movement, because that is what they are doing: disrupting the status quo.

publishing-popup-trends

Secondly, the pay-per-page approach redefines book publishing as “reading-as-a-service,” and thus brings it in line with many other types of as-a-service offerings that manufacturers and distributors are either discovering or are being forced to embrace. Whereas once it was sufficient to sell a photocopier to an office or copy shop, the better model is proving to be one in which the device remains the property of the manufacturer, and a service is sold to the retailer in the form of number of pages printed, toner refills, maintenance, training and up-sell opportunities. In short, service is replacing products across the board.

Balancing Quality With Agility

Some authors have cynically suggested that their writing style might now actually have to adapt to readers’ tastes rather than the other way around. But this is the same situation that all companies face: the need to balance quality with agility, both inside and out. It applies to products for sale, and it applies equally to hiring and retaining quality talent.

Paying for “pages read” may seem like an odd and non-traditional idea. But so too is the idea of dominating the hotel industry without owning property as AirBnB did, or changing the taxi industry without buying cars, as Uber did. In fact, “odd and non-traditional” are quickly becoming bastions of the new normal. Writers and readers are welcome to push back against the pay-per-page initiative with outrage, but they should also see this new form of publishing as the writing on the wall.

For more on this topic, go to businessvalueexchange.com, sponsored by HP Enterprise Services.

By Steve Prentice

The Idiosyncrasies of Bitcoin and the BlockChain

The Idiosyncrasies of Bitcoin and the BlockChain

The ‘Centerless’ Economy

Have you ever wondered why certain coins have ridged edges? They are prevalent within the currencies of many nations. The mint actually calls it “reeding.” But what is it for? There was a time when the coins themselves were worth what they stood for; they were made from an amount of gold or silver equal to their face value. People discovered quickly that it was possible to shave a tiny sliver off the edge of each coin, slowly building up a tidy amount of stolen shaved silver or gold. Reeding took care of this problem by installing a ridged edge, which would give away any attempts to slice pieces away.

Fintech Economy Currency

(Image Source: Shutterstock)

Although reeding has eliminated this form of financial fraud, its continued presence on some of our coins serves as a reminder that the modern monetary system is beset with challenges. There is a dynamic tension between the value of goods and the honesty of those performing the transactions. It has never been perfect, primarily because it is based on faith. In many regards it is quite amazing what people will do, based on the mutual acceptance of a fiat currency, or on the supposed legitimacy of a signature on a contract. This faith extends to the person across from you, the banks that handle and lend out money, and the governments that oversee it all. This is about to change.

Most people have heard about BitCoin, the “virtual currency” that seems to defy explanation as to how it works, and which seems to be the favored exchange medium of international criminals, drug lords and arms dealers. It appears as a novelty, doomed to obscurity due to a lack of cultural connection and consumer comfort. But there is a lesson that comes from the slow advance of BitCoin that all companies and individuals should heed, even if they never make a BitCoin transaction, and it comes down to one word: decentralization.

The Block Chain 

BitCoin is a payment system, not a currency per se. It belongs to no nation, and no government can legislate its value. The most significant feature of BitCoin is the machinery that makes it work, called the BlockChain, and that’s what enterprises and individuals must pay strict attention to.

(Bitcoin Explained via Duncan Elms)

The BlockChain is a collection of computers stationed around the world, and maintained by anybody. You or I could have a computer that connects to the BlockChain if we wanted. They essentially act like a group of peers, who must all be notified of every BitCoin transaction and must unanimously and independently verify and approve each one. They become the witnesses, and the value of every transaction completed is based no longer on faith but on fact.

The most important thing to take away from this, however, is that the BlockChain approval process does not only happen for BitCoin-based transactions. It can happen in any area of business or activity in which independent, impartial oversight is required.

Playing With Numbers And Formulas

Take accounting, for example. Accounting places much of its stock in trade in the balancing of books. Every dollar that a company takes in, spends and retains must balance out. That’s what a ledger is for, and that’s what accountants do. They make sure it all balances. But this is what the BlockChain does, too. It acts like a giant global ledger and insists that every transaction also balances.

Forumlas

This has huge implications for all types of businesses, including banking, accounting, insurance and real estate. It does not necessarily threaten to put them all out of business, but it does point to a significant change in the way transactions and contracts are negotiated and acted upon. The global approval systems established by the BlockChain will influence every area in which humans need to prove something. This could include certifications, diplomas and affidavit-type documents. Where once a signature sufficed, now the proof of a transaction will need to pass the test of a million unrelated and impartial computers. BitCoins and similar virtual payment systems can even be programmed to be spent only on certain products and services and no others. For example, an insurance company’s payout could include a BitCoin that can only be applied to specific medications or car repairs at a selection of approved suppliers. This has the potential to vastly improve the security of payouts and the efficacy of systems that rely on money to be spent exactly where it should be.

The mechanics of how BlockChain does what it does take much more space to explain, in just the same way modern banking or insurance structures do. But for businesses, consumers and employees in today’s workforce, the notion of a secure, “centerless” place for the verified exchange of goods, services and promises is moving ever closer.

Bottom line (to use an accountant’s terminology), if you have considered BitCoin to be merely a quirky virtual coinage system available only to technology buffs, think again. Your next house purchase, employment agreement or company audit may run on this new, centerless track very soon.

For more on this topic, please visit businessvalueexchange.com, sponsored by Hewlett Packard Enterprise.

By Steve Prentice

Furthering Business By Seeing Beyond

Furthering Business By Seeing Beyond

Furthering Your Business

Here is a typical customer service story that illustrates the gap between the power of modern commerce and the struggling mindset of business.

John is a retail customer, who, like many people, enjoys shopping at specific stores. He re-visits these stores often, out of habit and convenience. He recently purchased a coffee maker from a homewares store in his neighborhood just one week prior to moving house. He brought it home, but did not open it. It remained in its original packaging. Two weeks later, after moving into his new house, he found the coffee maker, removed it from its box and plugged it in. It did not work. He called customer service and was told to take it to a local affiliate – a store that was not a direct part of the chain, but that sold some of the chain’s branded merchandise.

retail-b2b-coffee

(Image Source: Shutterstock)

When John arrived at the affiliate store, with his coffee maker in hand, the young sales clerk informed him that although the store was connected to the homewares chain, she was not able to accept the appliance, since her store did not directly deal with this particular brand. She politely suggested he return to the main store back in his old neighborhood. John left the store, with his coffee maker under his arm. He felt a little under-appreciated and consequently decided to switch his loyalty to their competition.

Question: what – if anything – could the young sales clerk have done differently to stop John from leaving the brand?

This type of customer service scenario happens very often. It is the end result of an absence of long-range thinking on the part of higher-ups in the retail chain, a subsequent lack of education of front-line retail staff and a lack of time. Store associates seldom have the time or the permission to think proactively.

Data is King

big data

The people who manage this affiliate store overlooked a key component of the new business economy. Even if the coffee maker was rightfully not a brand that they supported, the cost of returning it on behalf of the customer pales in comparison to what John would have left them in return: data. Customer relationships and customer data carry a far greater value than any individual transactions. Business, both in the B2C (retail) and B2B (industrial/commercial) spheres, relies increasingly on big data and analytics. This is the material that helps further individual customer relationships, spreading them out into additional channels.

Data allows vendors to outperform – For example:

Up-selling:John, your 4-cup coffee machine is good, but have you considered an 8-cup model, so you can make enough for guests?

Cross-selling: “John, most people who buy this type of coffee maker also buy this amazing kettle, made by the same manufacturer, with six different water temperature settings.

Data-based selling: “John, last time you shopped at the main store, you bought a highway safety kit for your car. Do you know about our really great thermos cups? They’re perfect for enjoying that great coffee safely while you’re driving.”

Subscription services: “John, we’ve partnered with this premium coffee supplier who sends coffee by courier. Not only will you never run out, they always send an additional sampler with every shipment.

Freemium: “John, I know you might never have tried coffee shipments by courier before, so we are happy to send the first 1-week package at no charge. You can order online if you like it.

Loyalty: “John, if you choose to order your coffee online, maybe you want to try our loyalty app. It works on your smartphone and you get points and rewards with every purchase.”

Mobile Commerce: “John, since you’re thinking about the loyalty app, you might want to think about our full, downloadable native app that shows the specials throughout the entire store, but primarily the areas that we know you like the most, like coffee and cars. If you set the permissions, it will also know when you physically enter the store and you will get 15% off automatically.”

New Service Lines: “John, we are offering gourmet dessert preparation classes online in conjunction with a local catering school. Perhaps you or a family member might wish to sign up, to learn how to make great desserts to go with that wonderful coffee.

The sales clerk in this scenario was only doing what she had been instructed to do, which points to a deficiency of vision in the management hierarchy. John should not have been allowed to leave the store without the clerk entering his account code to find out who he was, how long he had been a customer of the main store, and to identify and deliver these types of up-sell opportunities right there and then. The clerk should have been educated to understand that rejecting a customer for any reason will result in a high possibility of losing that customer, whereas helping him would have opened up more channels of loyalty and business.

Data is king. Customer data gives company representatives at any level the opportunity to fully understand the needs of each client/customer and to address them in a high-touch, contextual manner. That is the currency of modern commerce.

For more on this topic, please visit businessvalueexchange.com, sponsored by HP Enterprise Services.

By Steve Prentice

The Future of Employee Engagement

The Future of Employee Engagement

Employee Engagement

Employees face a number of challenges in their day-to-day jobs, with emails, distractions and a never-ending workload topping the bill. A great deal of time is spent learning to use business technologies in the name of improved productivity, but, twenty-five years after the release of Microsoft Windows, there are still significant gaps between the ideal productive workspace and the status quo.

Seeing Is Believing

employee engagement

A new generation of technologies promises to change this, by placing focus on employee engagement, rather than simply on tasks. These fall into the collective concept called “collaborative workspaces,” and they take advantage of the cloud to allow people to break free of their social silos and actually see each other.

The key phrase here is “see each other.” One of the key engagement techniques that has faded from view over the past two decades is the capacity for face-to-face communication. This decline started with email, and has continued in the smartphone era. It is very rare to see a person sitting anywhere – or even walking or driving – without being involved with text messaging on their phones.

Texting and social media are useful for many things, but genuine engagement is not one of them. Regardless of the age and generation of an employee, to be engaged with people, especially managers to staff, staff to managers, and supplier to customer, there must exist a degree of interpersonal interaction that cannot be conveyed or reinforced through digital means. This is easily demonstrated in the numerous cases of misinterpretation that have occurred within text messages and email. A lack of context turns easily into misunderstanding. People need a human connection in order to learn, to communicate and to work together. They need the skills of conversation and active listening, an understanding of body language, and both the willingness and the capacity to handle difficult conversations. This demands face-to-face contact.

phone addiction

New collaborative technologies are permitting this, through their greater bandwidth, in terms of data rates as well as compatibility across different platforms (desktop, tablet, phone.)

Some examples:

  • A project kick-off meeting has a far better chance of connecting with and positively influencing a team when everyone else knows what each other looks like, and can talk live via video.
  • Professional development workshops achieve far greater levels of retention when participants are given the opportunity to learn, research, ask questions and provide feedback on their own terms, learning according to their own style.
  • When teams schedule conference calls using video conferencing, the degree of engagement increases not only thanks to the face-to-face connection, but through the elimination of those side tasks people do, such as checking email, while they sit in on a teleconference.
  • Preparing to meet or chat with a new client/colleague is made easier by visiting business sites such as LinkedIn and finding out what they look like and where they come from.

Connecting With Permission

The process of employee engagement requires two essential components. The first is the means to connect, and the second is permission. When Toyota embraced the concept of kaizen (continuous improvement) into its factory workforce during the post-World War II re-build, a central component was the genba walk, in which managers were encouraged to walk around and learn from the workers through questions and conversation. This represents a physical embodiment of encouraging engagement – it allowed workers of all levels to communicate and know that they have been heard.

Collaborative environments further this approach by making human contact and engagement easier and less threatening. It heralds the potential beginning of an age in which people need no longer hide behind keyboards and can instead develop and reinforce their interpersonal skills.

For more on this topic, please visit businessvalueexchange.com, sponsored by HP Enterprise Services.

By Steve Prentice

Security Training Through Practical Experience

Security Training Through Practical Experience

The Importance of Practical Experience

One of the most interesting scenes to watch – if you are fortunate enough to time it right – is a full-scale emergency drill conducted by joint teams of firefighters, police and paramedics. These can involve hundreds of people, including volunteers who are given realistic wounds by skilled makeup artists, and who play the roles of the wounded in a mass-casualty situation. They usually take place at an actual office building or other public structure, and everything is made up to be as real as possible. So real, in fact, that neighboring businesses and residents are often warned repeatedly about the event in order to avoid panic.

Emergency Response

The question arises, with so much great virtual reality available, and with so much information retrievable from the Internet, why go to the expense of a full-scale mock-up in the physical world? What more could someone learn in such a setting that they could not obtain through research? Any fire chief or triage specialist will tell you: there is no online learning equivalent to real-world experience.

In emergencies, a number of physical experiences contribute to increasing the chances of a successful and safe conclusion. Touch, sight, smell, sounds, muscle memory and intuition – all of these represent proficiency that cannot be satisfactorily reproduced simply by reading or watching a video. This is why disaster exercises are held, from large-scale mock-ups through to the tedious office fire drill. Nothing beats practical experience.

Learning To Adapt

shutterstock_223603165

The same rule applies for information security professionals. This is an industry that gets more complex by the day, especially as more data and operations move to the cloud. Many traditional IT security practices no longer apply in cloud computing environments, and a broader range of IT experts are required to have the knowledge, skills and abilities to ensure data and systems are protected across the entire IT ecosystem. Learning and staying up-to-date with these changes is vital. But validating that knowledge is just as important, so that organizations can confirm IT staff have both the insight and problem-solving skills necessary to manage threats, proactively and reactively.

A significant benefit of experience is the capacity for cloud security professionals to communicate clearly and effectively to various operational levels within a department, from the most junior to the most senior. Very often, a simple problem-solving exercise can be delayed or even sabotaged due to inadequate understanding, talking to the wrong people or sheer resistance from stakeholders. The skills required to manage a conflict and defuse situations filled with tension or panic are as much part of the job as is technical know-how. When it comes to dealing with people, prior experience is an absolute must.

Deeper Knowledge

shutterstock_116342155

When describing hindsight as being 20/20, people often say if they knew “then” what they know now, they would have done things differently. This is why an extensive working background is so vital. Similarly, this is one of the reasons why (ISC)² and the Cloud Security Alliance (CSA), two of the leading non-profits focused on information and cloud security, developed the Certified Cloud Security Professional (CCSP℠) certification – to ensure that cloud specialists have the knowledge, skills and abilities to audit, assess and secure cloud infrastructures. Their requirement for candidates to demonstrate experience, specifically five years in IT, three years in IT security, and one year in cloud security, represents a well-rounded awareness of the situations that can happen on either side of a computer screen. CCSP certified professionals are able to demonstrate how they have gained a deeper knowledge of cloud security through hands-on experience and practical know-how. This gives information security and IT staff the skills and credibility to get the job done, and gives organizations greater comfort in granting the freedom and authority needed to confidently move IT infrastructure to the cloud.

For more on the CCSP certification from (ISC)², please visit www.isc2.org/ccsp. Sponsored by (ISC)².

By Steve Prentice

Engagement Through Password Literacy

Engagement Through Password Literacy

Citizen Engagement Literacy

The term “engagement literacy” is not commonly-used at this moment, but it is a concept that bears greater attention in an age where personal data is king. Citizens and consumers now provide two currencies to the retailers and companies around them. The first is actual money, transferred either electronically or by hand, but the second, which has much greater value, is that of data. Data has far greater ability to shape the future of a vendor’s business, since it compounds quickly when added to, or compared with other data.

data education passwords

Consumers are generally not aware of the power of this data. Tracking technologies and data gathering techniques used by websites, many of which have been around for years, are largely ignored, as is password management. So let’s look at these two in the context of citizen engagement literacy.

Engagement through Password Literacy

Many of the hacks and cyber-attacks that happen daily can be traced to human nature, including inadequate password strength, phishing scams, or simply being too trusting. People also resist having to memorize or carry numerous passwords, especially when they are long strings of unintelligible characters. Entire papers are dedicated to this topic, but for the purposes of this article, the point is this: there are many sophisticated and often free password management applications available that can take care of the creation and maintenance of strong passwords. It is up to the citizens themselves to learn how to use these, with the same degree of comfort and habit as they would with their home alarm system. That comprises part of “literacy” in the digital age.

Engagement through Data Literacy

Data

In a related fashion, customers must become more aware of the data they share and the power they have over this data. Very soon, more and more retail stores will start to take advantage of smartphone-based apps to identify shoppers and enhance the in-store experience by making offers based on past browsing and purchasing activities. Sales associates may even greet shoppers by name. Some people feel this is too much, even invasive, but the point is, the individual consumer can and should exercise control over which data is made available and to whom. Apps and online profiles have privacy settings, but too often these appear complex and intimidating to the average user.

Engagement Literacy

Engagement literacy is a requirement for functioning in the wireless world. As a comparison, in the physical world, most people can read and drive a car. These abilities require training and practice to master, but most people find they are able to do both (and sadly, with texting, they feel they can do both simultaneously).

Engagement literacy is something that should be taught, and more importantly, is something that citizens must recognize as essential to maintaining personal control while enjoying the growing benefits of a highly tailored retail and service environment.PrescriptionMeds

When the day comes that the smartphone entirely replaces the wallet, for payment, ID, medical information, and loyalty programs, there should be no fear. Managing and protecting the data that this smart phone can hold, including mitigation in the case of loss or theft of the device itself, should be effortless, comfortable and well-practiced. That is what engagement literacy is: privacy, protection and control of data – all in the palm of your hand.

For more on this topic, please visit businessvalueexchange.com, sponsored by HP Enterprise Services.

By Steve Prentice

The Need For A Security Incident Response Team

The Need For A Security Incident Response Team

Security Incident Response Team

The incidences of modern cyber-attacks are growing, along with their sophistication. Every single weakness, whether technological or human, is being constantly exploited, and the interconnectedness of computers means that a break-in, theft or infection on one system has far-reaching consequences with customers, suppliers and the general public.

Network Security

Network security is an industry created out of necessity. Company decision-makers must recognize that the sheer variety of attack vectors is something that requires constant vigilance, and that not only preparedness, but post-attack response strategies, too, are a critical part of doing business.

security-breach

MetricStream is a global organization that focuses on Governance, Risk, and Compliance (GRC) for modern and digital enterprises. Their recent white paper, entitled The Important Role Of A Cyber Security Incident Response Program, and authored by Vibhav Agarwal and Dr. Michael Redmond, presents a comprehensive assessment of the damage that hackers can cause, the value of deploying a Security Incident Response Team, along with some fascinating case studies and a wealth of highly actionable preventative steps.

Here is an excerpt:

We live and do business in a whole new world; one marked by increasing cyber attacks, and all new rules. Beyond the increase in frequency of attacks, we also face an increase in the types of organizations that have become targets. Today, it goes beyond banks and government-related institutions, to include healthcare providers, retailers, and essentially any entity that owns or has access to the assets and information of its consumers.

Organizations require more focused awareness to bolster their security policies and practices as the foundational structure of an overall risk-management strategy. Furthermore, organizations need to ensure compliance with new laws and regulations that govern how they protect information assets.

It’s also critical that organizations buy into the fact that network and systems administrators alone cannot protect corporate systems and information assets – it must be an organizational team effort. A Cyber Security Incident Response Team (CSIRT) is a must in today’s world.

In April 2012, a server hack was responsible for a HIPAA violation by the Utah Department of Health, where over 780,000 people were compromised in the server attack at the authentication level, permitting hackers to hijack Social Security Numbers and personal health records. It was determined that a vulnerable server was not properly configured as per normal procedure, allowing hackers to gain access into the computer network. Added to that, in January and February 2012, nearly 1.5 million individuals were affected by hackers who successfully infiltrated and gained access to the payment processing system of Global Payments Inc. On December 14, 2014, it was reported that the Dutch government suffered a website outage due to a cyber attack. Allegedly, hackers crippled the Dutch government’s main websites for most of the day, rendering back-up plans and contingencies largely ineffective. All of this goes to show the serious loopholes in our current infrastructure and back-up plans.

While organizations cannot always prevent a breach, a quick response to a security event can go a long way when it comes to minimizing the financial damage and most importantly, protecting the business and its reputation. In order to reduce the costs associated with increased call center activity, customer education and awareness programs, brand repair campaigns, legal and compliance fines, and expenses associated with any customer settlements, organizations should adopt a proactive approach with timely stakeholder communication.”

Pandora’s Box

Of greatest significance in the paper is the recognition that attacks have incalculable costs. Data breaches and thefts unleash a Pandora’s box of additional problems. One compelling case study describes a data break-in to a state Revenue agency that resulted eventually in the filing of hundreds of fraudulent tax returns. It is precisely because no organization can know everything that must be known, that an alliance with governance, planning and response organizations is essential. To review the entire paper, visit Metricstream

By Steve Prentice

CloudTweaks Comics
Cloud Computing and Finland Green Technology

Cloud Computing and Finland Green Technology

Green Technology Finland Last week we touched upon how a project in Finland had blended two of the world’s most important industries, cloud computing and green technology, to produce a data centre that used nearby sea water to both cool their servers and heat local homes.  Despite such positive environmental projects, there is little doubt that…

Report: Enterprise Cloud Computing Moves Into Mature Growth Phase

Report: Enterprise Cloud Computing Moves Into Mature Growth Phase

Verizon Cloud Report Enterprises using the cloud, even for mission-critical projects, is no longer new or unusual. It’s now firmly established as a reliable workhorse for an organization and one that can deliver great value and drive transformation. That’s according to a new report from Verizon entitled “State of the Market: Enterprise Cloud 2016.” which…

Using Big Data To Analyze Venture Capitalists’ Ability To Recognize Potential

Using Big Data To Analyze Venture Capitalists’ Ability To Recognize Potential

Big Data To Analyze Using Big Data to Analyze Venture Capitalists’ Ability To Recognize Potential For those who are regularly involved with SMEs, venture capital, and company valuations, it is common knowledge that start-ups that exit for more than $1 billion dollars are extremely rare – often termed ‘unicorn’ companies. Despite their rarity, it should…

7 Common Cloud Security Missteps

7 Common Cloud Security Missteps

Cloud Security Missteps Cloud computing remains shrouded in mystery for the average American. The most common sentiment is, “It’s not secure.” Few realize how many cloud applications they access every day: Facebook, Gmail, Uber, Evernote, Venmo, and the list goes on and on… People flock to cloud services for convenient solutions to everyday tasks. They…

What Top SaaS Vendors Do To Ensure Successful Onboarding

What Top SaaS Vendors Do To Ensure Successful Onboarding

What Top SaaS Vendors Do I am not going to mention names in this article, but if you want to be the best, you must look at what the best do – and do it better. The importance of investing in SaaS onboarding can be easily overlooked in favor of designing efficient and powerful software…

5 Ways The Internet of Things Will Drive Cloud Growth

5 Ways The Internet of Things Will Drive Cloud Growth

5 Ways The Internet of Things Will Drive Cloud Growth The Internet of Things is the latest term to describe the interconnectivity of all our devices and home appliances. The goal of the internet of things is to create universal applications that are connected to all of the lights, TVs, door locks, air conditioning, and…

The Global Rise of Cloud Computing

The Global Rise of Cloud Computing

The Global Rise of Cloud Computing Despite the rapid growth of cloud computing, the cloud still commands a small portion of overall enterprise IT spending. Estimates I’ve seen put the percentage between 5% and 10% of the slightly more than $2 trillion (not including telco) spent worldwide in 2014 on enterprise IT. Yet growth projections…

Containerization: The Bold Face Of The Cloud In 2016

Containerization: The Bold Face Of The Cloud In 2016

Containerization And The Cloud “Right now, the biggest technology shift in the cloud is a rapid evolution from simple virtual machine (VM) hosting toward containerization’’ says the CTO of Microsoft Azure, Mark Russinovitch, a man who deals with the evolving cloud infrastructure every day. In his words, containerization is “an incredibly efficient, portable, and lightweight…

What You Need To Know About Choosing A Cloud Service Provider

What You Need To Know About Choosing A Cloud Service Provider

Selecting The Right Cloud Services Provider How to find the right partner for cloud adoption on an enterprise scale The cloud is capable of delivering many benefits, enabling greater collaboration, business agility, and speed to market. Cloud adoption in the enterprise has been growing fast. Worldwide spending on public cloud services will grow at a…

Explosive Growth Of Data-Driven Marketing

Explosive Growth Of Data-Driven Marketing

Data-Driven Marketing There is an absolute endless amount of data that is being accumulated, dissected, analyzed with the important bits extracted and used for a number of purposes. With the amount of data in the world has already reached into multiple zettabytes annually. A Zettabyte is one million petabytes or one thousand exabytes. With data…

Don’t Be Intimidated By Data Governance

Don’t Be Intimidated By Data Governance

Data Governance Data governance, the understanding of the raw data of an organization is an area IT departments have historically viewed as a lose-lose proposition. Not doing anything means organizations run the risk of data loss, data breaches and data anarchy – no control, no oversight – the Wild West with IT is just hoping…

Is Machine Learning Making Your Data Scientists Obsolete?

Is Machine Learning Making Your Data Scientists Obsolete?

Machine Learning and Data Scientists In a recent study, almost all the businesses surveyed stated that big data analytics were fundamental to their business strategies. Although the field of computer and information research scientists is growing faster than any other occupation, the increasing applicability of data science across business sectors is leading to an exponential…

Adopting A Cohesive GRC Mindset For Cloud Security

Adopting A Cohesive GRC Mindset For Cloud Security

Cloud Security Mindset Businesses are becoming wise to the compelling benefits of cloud computing. When adopting cloud, they need a high level of confidence in how it will be risk-managed and controlled, to preserve the security of their information and integrity of their operations. Cloud implementation is sometimes built up over time in a business,…

Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises The surface costs might give you pause, but the cost of diminishing your differentiators is far greater. Will a shift to the cloud save you money? Potential savings are historically the main business driver cited when companies move to the cloud, but it shouldn’t be viewed as a cost-saving exercise. There…

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data The modern enterprise is digital. It relies on accurate and timely data to support the information and process needs of its workforce and its customers. However, data suffers from a likability crisis. It’s as essential to us as oxygen, but because we don’t see it, we take it for granted.…

The Future Of Cloud Storage And Sharing…

The Future Of Cloud Storage And Sharing…

Box.net, Amazon Cloud Drive The online (or cloud) storage business has always been a really interesting industry. When we started Box in 2005, it was a somewhat untouchable category of technology, perceived to be a commodity service with low margins and little consumer willingness to pay. All three of these factors remain today, but with…

Data Breaches: Incident Response Planning – Part 1

Data Breaches: Incident Response Planning – Part 1

Incident Response Planning – Part 1 The topic of cybersecurity has become part of the boardroom agendas in the last couple of years, and not surprisingly — these days, it’s almost impossible to read news headlines without noticing yet another story about a data breach. As cybersecurity shifts from being a strictly IT issue to…

Despite Record Breaches, Secure Third Party Access Still Not An IT Priority

Despite Record Breaches, Secure Third Party Access Still Not An IT Priority

Secure Third Party Access Still Not An IT Priority Research has revealed that third parties cause 63 percent of all data breaches. From HVAC contractors, to IT consultants, to supply chain analysts and beyond, the threats posed by third parties are real and growing. Deloitte, in its Global Survey 2016 of third party risk, reported…

How The CFAA Ruling Affects Individuals And Password-Sharing

How The CFAA Ruling Affects Individuals And Password-Sharing

Individuals and Password-Sharing With the 1980s came the explosion of computing. In 1980, the Commodore ushered in the advent of home computing. Time magazine declared 1982 was “The Year of the Computer.” By 1983, there were an estimated 10 million personal computers in the United States alone. As soon as computers became popular, the federal government…