by Rebeca | Feb 15, 2023 | News
A study by Forrester Consulting, commissioned by Bounteous, a technology innovator to some of the most prestigious brands in the world, evaluated the state of digital transformation maturity and the benefits that companies at varying maturity levels have realized.
The study took place in September of 2022, so the findings are as relevant as they are revealing. The study results in a clear conclusion. It’s no longer an issue of whether to transform your business digitally. It’s how far down the rabbit hole you want to go and how fast you can do it. Continuous innovation is the new goal.
In summary, the study showed that advanced companies operate with greater agility and speed, allowing them to focus on customer satisfaction and employee empowerment. Not surprisingly, the study showed that advanced companies have significantly happier customers and employees and are twice as likely to experience double-digit year-over-year growth compared to their less mature peers.
Here are the top five objectives that drive this continued commitment to greater innovation:
- 66% – Improve existing IT capabilities to promote agility and innovation
- 60% – Improve the customer experience
- 57% – Improve customer retention
- 54% – Improve employee experience
- 50% – Become more innovative
Digital transformation is about changing the customer experience. While we often recognize the accelerated pace of business, today’s most successful companies ensure that they can move at the velocity of their customers through a closer engagement process, allowing them to understand their customers’ anticipated needs.
Source:
(1) Spiceworks
(2) Managementexchange
Image: kiquebg in Pixabay
by Rebeca | Feb 8, 2023 | cybersecurity
Between 2020 and 2021, the average number of attempted cyberattacks per company rose by 31%. And these attacks have cost businesses dearly with the loss of data, revenue, and brand reputation. According to one study, 60% of small businesses have to close their doors within six months of a breach.
In 2023, attacks will continue to escalate, targeting a wider attack surface than ever before, so it would be wise to take these attacks as a given and focus for this year on how cybersecurity professionals might respond.
1. Cybersecurity Spending
Cybersecurity spending is likely to increase becouse it’s become an essential budget line and, in many cases, now represents an organization’s license to trade.
As attacks and risks increase, so will spending as security continues to climb up the risk registers of organizations in both the public and private sectors.
2. State-Sponsored Cyber Warfare
Back in February and March of the past year, it was widely predicted that Russian-backed cyberattacks and disruption would become a significant issue. There will be 70 elections due to take place around the world in 2023, which have increasingly become a magnet for state-sponsored attacks wanting to cause confusion and exert influence.
3. Artificial Intelligence And Machine Learning
These technologies will play a major role in the development of automated security solutions that help predict patterns and behavior of attack.
4. The Internet Of Things
Our cars and homes are packed with software that invites bad actors to launch attacks, and the year ahead will see more of these devices targeted.
5. Cloud Security
The key cloud-related risk is how we actually engage with the technology at the periphery, as the main providers generally offer an extremely secure core environment. Organizations must be more proactive in the way they secure files as they’re upload.
6. Cybersecurity As A Leadership Issue
Next year, leadership teams and boards coming to understand that cyber is primarily a risk conversation. Many leaders have learned this lesson and will be far more effective in dealing with their CISO and security teams as a result.
7. Legislation
In 2023, we should expect more legislation holding vendors accountable. This will happen across the world in both the public and private sectors, leading to more maturity in the industry and increasing consumer confidence.
8. The State Of The Cybersecurity Sector
Investors will prioritize a route to profitability that will likely lead to a smaller number of cybersecurity players. Only strong solutions with existing and growing revenue driven by tried and tested technologies will make it through the next two years.
What’s key is to ensure that cybersecurity is at the heart of any organization’s digital strategy. It’s an enabler of growth. Those for whom cybersecurity is a strategic priority will be far better equipped to deal with any new risks ahead.
Sources:
(1) Forbes
(2) Spiceworks
Image: Werner Moser in Pixabay
by Rebeca | Feb 1, 2023 | cybersecurity
The first step in fixing any IAM problem is to understand it.
IAM is the information technology security framework of policies that ensures the right users have the appropriate access to the resources they need to do their jobs well. It requires managing the lifecycle and roadmap of your users’ identities, governing their access, and properly monitoring the use of their identities and credentials through identity analytics.
Effective IAM ensures proper controls are in place to control the ability of users to interact with critical systems for which they require “privileged” access, the basis of privileged access management (PAM).
But this isn’t the only way threat actors find security gaps, which is why businesses must avoid the most common identity and access management (IAM) mistakes.
The most common IAM mistakes:
- Poor or partial IAM implementations
- No clear IAM governance results
- No executive leadership team “buy-in” or clear guidance for employees.
- A lack of skilled cybersecurity experts as IAM engineers, architects, and managers.
- Multiple systems of record with duplicate identity credentials.
- Political infighting over data and application ownership or responsibility.
- A lack of organizational change management processes to resolve issues and stay ahead of hackers’ latest tactics.
- A fear of automation, causing a reliance on risky, time-consuming manual processes.
- Uncleaned data lifted and shifted into new IAM systems.
- Unrealistic IAM roll-out approaches that aren’t effective.
And above all, identity security should never rely on the CISO or CIO to manage and communicate. All business leaders must share the same strategic vision around IAM and drive it within the organization to succeed, including the CEO, CFO, and COO.
Don’t wait until it’s too late to fix the problems in your IAM strategy, and get ahead of the curve by fixing the easy mistakes you’re making today.
Shall we talk?
Sources:
(1) Spiceworks
(2) Computerweekly
Image: Kris in Pixabay
by Rebeca | Jan 25, 2023 | cybersecurity, Retail
Automated Threats in the retail sector
According to the most recent studies, 62% of the threats that retail organizations faced were automated, and that suggests an increasing threat level that corporations need to be aware of.
Online retailers have seen a tenfold increase in the proportion of attacks that were conducted through frameworks designed to preserve anonymity. Last year the proportion was just 3.5%, but this year it jumped to just under 33% with all things having been considered and taken into account.
In the past 12 months, nearly 40% of traffic hitting the average ecommerce website was not generated by humans, but instead came from often-malicious bots running automated tasks. Nearly a quarter of traffic – 23.7% – was attributable to advanced bots using cutting-edge evasion techniques to mimic human behaviour and avoid detection.
Last year, bot-related attacks grew by 10% during October and another 34% in November, providing clear evidence that the actors behind such automated bot networks are keenly aware of the value of the holiday period to retailers. Indeed, one variety of automated bot has become known as a Grinch Bot – scooping up inventory that is in high-demand and hoarding it, making it harder for legitimate consumers to purchase gifts online.
Other malicious bots are engaged in account takeover (ATO) activities, with over 64% of ATO attacks using some kind of bot in 2021. The attackers behind these bots are generally using leaked customer details in credential stuffing attacks, and in an indication of the volume of their activity, Imperva found 22.6% of all login attempts on retail websites are malicious.
With limited staffing and conflicting priorities, retailers are challenged in combating security threats. In principle, responsibility for IT security cannot be delegated, but many retailers still delegate key security activities to auditors, contractors and stores. Finally, many retailers lack a governance process and focus instead on regulatory compliance at the expense of a framework that governs information.
Shall we talk?
Sources:
- Digitalinformationworld.com
- Computerweekly.com
- Businesswire.com
by Rebeca | Jan 18, 2023 | cybersecurity, soffid
Cyber-Attacks Set To Become “Uninsurable”
This is the stark assessment from Mario Greco, chief executive at insurer Zurich, one of Europe’s biggest insurance companies, speaking to the Financial Times.
Amid growing concern among industry executives about large-scale cyber-attacks, Greco warned that cyber-attacks, rather than natural catastrophes, will become “uninsurable”. For the second year in a row, natural catastrophe-related claims are expected to top $100bn, the FT reported.
Cyber-attacks have continued to plague multiple industries in recent years, some of whom are doing little to prevent future attacks, when they opt to pay hackers and criminal gangs (against all security professional advice) to unlock their ransomware crippled systems or call off DDoS attacks.
Zurich’s Mario Greco praised the US government’s steps to discourage ransom payments. “If you curb the payment of ransoms, there will be fewer attacks,” he told the Financial Times.
In September 2022, Lloyd’s of London defended a move to limit systemic risk from cyber attacks by requesting that insurance policies written in the market have an exemption for state-backed attacks. A senior Lloyd’s executive said the move was «responsible» and preferable to waiting until «after everything has gone wrong».
Identifying those responsible for an attack is challenging, making such exemptions legally fraught, and cyber experts have warned that rising prices and bigger exceptions could put off people buying any protection.
There was a limit to how much the private sector can absorb, in terms of underwriting all the losses coming from cyber attacks, Greco said. He called on governments to «set up private-public schemes to handle systemic cyber risks that can’t be quantified, similar to those that exist in some jurisdictions for earthquakes or terror attacks».
These are the data:
- According to Security Magazine, there are over 2200 attacks each day which breaks down to nearly 1 cyberattack every 39 seconds
- With around 2,220 cyberattacks each day, that equates to over 800,000 attacks each year.
- According to Cybint, nearly 95% of all digital breaches come from human error.
Cyber security experts share their prediction for the most impactful threat vectors and cyber risks of 2023, so when they were asked in mid-2022 by Cyber Security Hub which threat vectors posed the most dangerous threat to their organizations on 2023, 75% of cyber security professionals said social engineering and phishing.
Since the survey closed, multiple organizations such as Dropbox, Revolut, Twilio, Uber, LastPass and Marriott International have suffered from such attacks further highlighting the importance to cyber security practitioners of staying aware of phishing threat.
Privileged account management is the IT security process of using policy-based software and strategies to control who can access sensitive systems and information. Privileged accounts rely on credentials (passwords, keys, and secrets) to control access. By creating, storing, and managing these credentials in a secure vault, privileged account management controls authorized access of a user, process, or computer to protected resources across an IT environment.
Shall we talk?
Sources:
- Silicon.co.uk
- Insuranceinsider.com
Imagen Arthur Bowers in Pixabay
