Posted on

Alin Kalam: Nurturing Growth and Innovation Through Data, AI, and Sustainability

The IT industry continues to grow and shift rapidly due to the pandemic and CIOs are constantly on the lookout for ways to foster and adopt new technologies into their organization. Whether it is sustainable transformations or implementing AI, change is necessary.

As the Head of International Market Intelligence & Data Strategy for UNIQA international, Alin Kalam shares with us his insights on the need for agility through AI, achieving business competence, and nurturing innovation.

 
Be part of Aurora Live, an exclusive members-only platform that’s tailored for CxOs seekng the latest industry insights, high-level networking opportunties, and more.
 

Finding Agility in Artificial Intelligence and Overcoming Disruptions

Businesses and IT leaders today need to be quicker to respond to the ever-changing landscape of their industry and overcome disruptions. Whether it’s to implement hybrid workplace models or to incorporate new technologies such as artificial intelligence and data analytics, there is a definite need for CIOs to strategize.

Kalam shares his insights on the key challenges that CIOs need to be aware of when incorporating new technology and how to effectively transition towards data-driven business models.

 

What are the key challenges for CIOs who are trying to adopt new technologies especially in the AI field?

 

Surely one of the major challenges of establishing AI technologies in companies is lack of trust and also limited knowledge existing. On the technical side, I see the IT productionizing & operational issues arising since 2019. 

Often it is not the number of best practices, that lack but the ability to align market circumstances with existing technologies with own true business needs. Therefore, I see the cultivation of AI-driven innovation much more as a strategic challenge nowadays than only a technological one.

 

What should CIOs be aware of in the transition towards data-driven business models that serve dehumanization of critical business fields?

 

On the one hand, dehumanization must be done quickly to address short-term issues e.g. through the implementation of RPA or AI products to combat challenges caused by Covid, and on the other hand, CIOs must balance strategically what and where they are automatizing/dehumanizing. I already have seen examples of cost reduction projects through dehumanization that are creating huge strategic risks for companies in the long run. 

For sure there will be someday an “after Covid” and using the current crisis as scapegoat for cost-cutting only without putting the focus on the product portfolio, customer needs, and above all operational risks of IT systems, can become a huge source of risk. 

Here I rather appeal to strategic long-term aspects than short-termed gains only and to address this concern CIOs must become business-driven more than ever!

 

The Need For Sustainability and Competent Business Intelligence

Companies were forced to change their policies, behaviors, and business strategy due to the prolonged coronavirus pandemic. The recent COP26 climate conference showed that companies are committed to making sustainable-focused organizational changes.

For Kalam, the need for sustainability in IT is clear highlights the challenges that many are still facing, in addition to incorporating competent business intelligence to ensure sustainable growth. 

 

Sustainable transformation in the IT & innovation field has become a key topic for upcoming years. What are the specific areas of action for CIOs in this field?

 

For sure sustainability as a topic is here to stay! Not only do we have the macro aspects of it addressing the major concerns of our time, but it has become also a business driver in so many sectors. 

With my initiated project Sustainista I, therefore, have tried to interconnect companies with the scientific community ensuring exchanging of data, know-how, best practices, and transparency. The biggest challenge in this field is the lack of market and scientific standards at the same time. ESGs might be known to many of us but breaking down its info business actions according to standard approaches/processes is the biggest challenge!

In an ideal world, CIOs and related roles are taking ownership of this topic and driving it to doable tasks, otherwise, I am afraid to see sustainability just as a cosmetic and marketing label without a true impact on business and how we do things.

A particular starting point is to understand macro goals as an organization and break them down to a very data level in organizations delivering measures and related actions with the help of existing data. Many companies I know from various sectors have started with external data sets 1st to deliver quick success that can feed this long-term topic.

 

How would you advise companies who are still struggling to incorporate Business Intelligence?

 

Here I clearly follow the storyline of failing fast succeed sooner. Instead of propagating a piece of technology IT must build a bridge with business and deliver quick wins. Even now I am often devastated whenever I see only PDFs and Excel Sheets with numbers/KPIs that do not reflect the fast reality of our businesses and data-driven decision-making across borders! 

Major issues companies face are data quality, integrity, and security issues. CIOs are hereby in the role of process enablers. Instead of being only technology-driven often the implementation of BI must be done in a joint-venture manner.

 

Ensuring Growth Through Data and Overcoming Legacy Challenges

One of the biggest hurdles for digital transformation efforts still stems from legacy systems that are often outdated and not integrated with modern solutions for business uses. Despite the fact that modernizing legacy IT systems is required for businesses to ensure growth, IT leaders are still faced with roadblocks and challenges.

For Kalam, however, legacy systems are not necessarily the main roadblock as it once was. Instead, the focus now for CIOs should be to apply best practices during data-driven business transformation and simplify their approach to nurturing experimentation.

 

With regards to data-driven business models, what are the best practices that CIOs and IT leaders need to keep in mind? 

 

In a matter of fact, the approach of data-driven business transformation is everything but only data-centric! It covers the end-to-end processes of entire product lines and the strategic setup of a company. After many years of data harmonization/migration projects, companies often find out their undone homework regarding “creating true business values to the company itself and its customers”. 

I myself often propagate the term “no business value without data, no data without a business case”. Between this symbiotic relationship lies the true success of transformation efforts. 

Aside from this core topic I often miss the foresight of wisdom! It means seeing the potential of data not only in core businesses but its extensions and added capacities. In my objective point of view, this foresight of wisdom and true added potential is often the key success factor to many.

 

One of the main challenges for organizations is to overcome legacy infrastructure. How can CIOs overcome the legacy obstacle? What are the skills and mindset needed to promote modernization for an organization?

 

To be honest I really do not see legacy infrastructure as the biggest road-blocker anymore. Especially throughout the last decade, there have been so many progressions in simplifications of legacy systems, that I have become more optimistic on that end out of my own experiences! 

I can´t remember when I have seen companies e.g. migrating legacy data systems into new all-in-one and all-ruling superior DWH, Data Lake, etc. Instead of searching for the holy grail, we have become more realistic about using data where they are at their best and being created. 

This Data Mesh approach has become a blueprint for software solutions as well just as agility was cultivated from the IT/Software world into day-to-day business & project management. But this process has just begun a couple of years ago, the community yet does not have a buzzword, but hey, never say never…!

 

Innovation and experimentation are at the heart of data-driven business models. How does one nurture an environment that promotes experimentation within their organization?

 

I rigorously follow the principle of K.I.S.S (Keep it simple, stupid) in the incubation phase of innovation projects. Instead of talking only and selling in this phase, organizations should apply these principles, aside from a minimum set-up of governance, risk mitigation process regarding GDPR, privacy, organizational risks, etc., and allow experimentation. 

Here the old wisdom of “too many rules & regulations kill true innovation & creativity” should be applied. 

If the internal challenges are too big, often I have guided companies and leading bodies into the world of entrepreneurship. 

The most successful CIOs & IT managers are those who run new innovation ideas or projects as a starting business operating from day 1. This can be a guarantee of nursing the true nature of innovation when nothing else is working.

Posted on

Lokke Moerel: Digital Sovereignty and the Changing Landscape of AI & Privacy Laws

As we enter the second half of 2021, it’s becoming evident that societies worldwide embrace digital transformation as part of their everyday lives. This is backed by the fact that half of the world now uses social media and at least 4.66 billion people around the world now use the internet.

However, as societies become more digitized, the vulnerabilities that come with it also increase. From malware attacks that rose by 358% to a significant increase in risk of successful ransomware attacks due to remote working during Covid-19, to difficult-to-combat online conspiracy theories of the anti-vax and anti-5G movements, stimulated by Russian infiltration.

Lokke Moerel, professor of Global ICT Law at Tilburg University and member of the Dutch Cyber Security Council, shares her insights into the need for digital sovereignty within the EU and how AI and privacy laws are changing rapidly due to digitization.

 

Accelerating Digital Sovereignty across Europe

 

In today’s increasingly digitalized landscape, more and more users feel the need to keep their data safe and are willing to leave popular platforms, such as Whatsapp, based on a change of privacy terms.

With 92% of Western data being kept in the US, EU nations have realized the need to adopt a joint strategy on how data is controlled and shared. While fostering the Digital Single Market is needed for innovation to thrive, effective safeguards must be placed to protect users in a data-driven world.

Lokke goes into detail about how the current situation has exacerbated the need for digital sovereignty in the EU, particularly for the Netherlands as advised by the Dutch Cyber Security Council.

 

Europe has been focusing on digital sovereignty and recently, the Dutch Cyber Security Council issued public advice that the digital sovereignty of the Netherlands is under pressure. What does digital sovereignty mean?

 

We are one of the most digitalized societies and this has been accelerated by the Corona crisis. Within no time, people worked from home, and children were schooled online. It was amazing to see how quickly we were up and running again. However, every upside has downsides and we saw new vulnerabilities and dependencies. 

  • A tremendous increase in the activities of cyber criminals abusing the vulnerabilities due to remote access to systems when people worked from home.
  • Foreign states stealing COVID-19 research
  • Flaws in privacy and security of video tooling.
  • More data on children are in the clouds of non-EU providers due to the increased use of digital teaching tools.
  • The dependency of the Netherlands on social media platforms for combating misinformation and the lack of control from the government to combat it.

The core message of the public advice of the Council is that our digital dependencies are now so great that the digital sovereignty of the Netherlands is under pressure. This goes further than guaranteeing the cybersecurity of our critical IT systems and the data generated with these systems. We also need to maintain control over our essential economic ecosystems and democratic processes in the digital world.

 

Can you give us examples of how digital sovereignty (or lack of it) can affect the economic ecosystems and democratic processes?

 

Examples of essential eco-systems:

Lack of control over critical technologies will result in new dependencies. For example, without proper encryption, we will not be able to protect the valuable and sensitive information of our governments, companies, and citizens. Current encryption will not hold against the computing power of future quantum computers.

We will therefore have to innovate now to protect our critical information also in the future. This is not only relevant for future information, but also current information. Do not forget that foreign states systematically intercept and preserve encrypted communications in anticipation that these may be decrypted at a later stage. 

To be able to make large-scale use of data analysis using AI, enormous computing power is required (which requires cloud computing) as well as access to large quantities of data, which will require combining data in specific industry sectors (such as health), which is currently difficult.

Efficient access to harmonized data and computing infrastructure will become the foundation for the Dutch and European innovation and knowledge infrastructure. Maintaining control over this is an essential part of our strategic autonomy.

Examples of democratic processes: When the state is not in control over the election process, due to targeted misinformation and systematic infiltration of social media by foreign states to influence citizens, our digital sovereignty is at stake.

We see that digital sovereignty is very high on the EU’s agenda. For our neighbor Germany, for example, it is Chefsache. In the Netherlands, however, we mainly respond to cyber threats in a technical and reactive manner. We respond in crisis mode. 

The council thinks it is high time for a more coordinated and proactive approach, starting with ensuring three basis facilities: sovereignty-respecting cloud for secure data storage and data analysis, secure digital communication networks, and post-quantum cryptography.

 
Want more insights on cybersecurity? Join industry leaders and C-suites from top 500 companies and gain exclusive insider knowledge at Management Events’ 600Minutes Cyber Security in Belgium.
 

CISO and Their Roles in Digital Sovereignty

 

At the core of digital sovereignty issues is the need to safeguard information assets for European countries.

As the Netherlands continues to build upon its Dutch Digitalisation Strategy 2.0 and integrate more cloud-based technologies within its economic ecosystems and democratic processes, it is up to chief information security officers (CISO) to be aware of what it all means for an organization and how it affects its cloud strategies.

 

What does digital sovereignty mean for the CISO?

 

Most governments and companies will have a corporate cloud policy. I see that these policies really try to address the direct requirements of a specific cloud project. 

When deciding whether to bring services to the cloud, the company will weigh up the benefits of public cloud (better security, better functionalities) on a project-by-project basis against the specific dependencies and security issues in the project in question.

However, considerations of loss of sovereignty are not taken into account. As a result, for each project, the decision can be justified, but ultimately these decisions together do threaten our sovereignty, where in the future you want to be able to process data across cloud solutions for example (an example of The Tragedy of the Commons).

I think it is important for CISOs to be aware of all the EU initiatives to increase our digital sovereignty.

 

What should they be aware of in terms of initiatives?

 

GAIA-X: many people think that the GAIA-X project, is about setting up a European cloud infrastructure. GAIA-X is, however, not about creating Europe’s own vertical cloud hyperscalers. It is also not about keeping the non-EU cloud services providers out or keeping all data within the EU. It is about achieving interoperability between cloud offerings by setting common technical standards and legal frameworks for cloud infrastructure and services. 

This form of interoperability goes beyond the portability of data and applications from one vendor to another to prevent vendor lock-in; it really concerns the creation of open APIs, interoperability of key management for encryption, unambiguous identity, and access management, full control over storage and access to data, etc.

Worth keeping track of I would say.

European Data Spaces: data spaces intended to unlock the value of European data for innovation. 

The aim is to create common data spaces for certain sectors with common interests (e.g., for health data and governments) so that the scale of data required for innovation for this group can be achieved.

 

Looking Into AI and Its Purpose in Cyber Security

 

As remote working conditions and digital processes continue to become the norm for users and organizations, cyber attacks are becoming increasingly prevalent. 95% of cybersecurity breaches are a result of human error and as the information security market is expected to reach $170 billion in 2022, the cost of digital attacks can be enormous.

AI has always been seen as a silver bullet for organizations to combat cyber-attacks and increase resilience in areas where a majority of human error lies. However, Lokke describes the potential and possibilities of AI as both good and bad, depending on how it is utilized.

 

What scares you the most regarding the seemingly endless possibilities of AI?

 

Like all technology: AI is not good, it is not bad, but it is also not neutral. 

To start with, AI is as good as the purpose for which it is used. In the cyber context, this means that we really should keep ahead of the bad guys. 

New technologies play an increasingly crucial role in cyber resilience. If we are not on top of new technologies like AI and encryption, this will result in new vulnerabilities and dependencies. An example here is that with AI, bad actors can detect and exploit vulnerabilities automatically and on a large scale.

However, AI is also expected to make it possible to automatically detect and patch vulnerabilities. I am currently involved in a research project, to investigate what options there are to facilitate real-time security patching by suppliers.

 

Privacy Laws in The EU and Its Future

 

With digital sovereignty being top-of-mind for EU nations and the increased awareness of data privacy among the public, governments and regulators understand that there is a need for comprehensive privacy laws that protect both users and businesses.

From California Privacy Rights Act to the ever-evolving GDPR, more and more data protection acts are being introduced and implemented across the globe. Moerel shares her views on how privacy laws will continue to shift and change to adapt to the new digital landscape and what global privacy laws mean for an organization.

 

In what ways do you see privacy laws changing in the future?

 

Every week there is a new privacy law being adopted somewhere in the world. By now there are about 130 countries with omnibus ‘GDPR style’ privacy laws. Everybody heard about the Californian Privacy Rights Act, but less well known is that by now, 20 other U.S. states have introduced privacy bills. 

In the EU we now have the draft proposal of the European Commission for an AI regulation and it is not a risky prediction to say that – like what happened with GDPR – other countries will also look at this draft and start preparing their own legislative proposals.

The way to deal with a myriad of global rules is to implement a very robust company-wide security and privacy protection program. After all, compliance with the law is a baseline where you cannot go under. Do a proper job and you do not have to worry about compliance. 

In the end, it is about trust more than compliance. 

Posted on

Endpoint Security and the Future of the Cyber Security Landscape

Establishing the Zero-Trust Cybersecurity Framework

In recent years, Cybersecurity has repeatedly been one of the leading anxieties for enterprises worldwide, and in 2020, that trend intensifies. Traditionally, it is easy to shirk the organization’s IT responsibilities and point fingers towards CIOs, CISOs, and the CTO. However, it would be imprudent not to acknowledge that most cybersecurity incidents have arisen due to employee negligence. As such, the culture of taking proactive security measures should be borne by the entire organization.

 

“Today, the only way to be sure your system is good enough from a security point of view is for the whole IT team to design everything with security in mind,” says Grossi. “It’s no longer okay to be only mobile first or cloud first; it’s got to be security first.”

Piergiorgio Grossi (Former Chief Information (CIO) and Digital Transformation Officer at Italian motorcycle-maker Ducati)

 

A glance at today’s cybersecurity landscape

Cyber attacks alongside Deepfakes continue to increase year over year. According to the ISACA’s Global State of Cyber Security Survey—a survey of more than 2,000 information security professionals from more than 17 industries—looks at the threat landscape, the measures security professionals employ to keep their organizations safe, and key trends and themes in the practice of security.

The cybersecurity landscape presents a positive and negative outlook. On the positive side, at least 50% of fully or appropriately staffed teams are more confident in their abilities to respond to cyber threats. While on the negative side, 62% of survey participants agree that cybercrimes are severely under-reported, and 52% believe that it is very likely their enterprise will experience a cyber attack in the next 12 months. Nevertheless, Information security professionals still believe that real progress is being made against common threats.

The most common threat actors being Cyber Criminals (22%), Hackers (19%), Malicious Insiders (11%), Non-Malicious Insiders (10%), Nation-State Attackers (9%), and Hacktivists (8%). The most frequent attack methods being Social Engineering (15%), Advanced Persistent Threat (10%), Ransomware (9%), and Unpatched systems (9%). Other noteworthy methods are Distributed Denial of Service (DDoS) and Mobile Malware, especially via android.

Fortunately, Google is making more headway with its latest privacy-focused features and increased efforts toward security updates. Android 10 (Pie) introduced granular controls over app permissions, while the upcoming Android 11 (currently available as a developer preview) further conveys their commitment to improvements in security with the implementation of temporary one-time access, allowing an app to use, for example, your phone’s location or camera. Android 11 continues this security-focused expansion and uses biometrics (Face, Iris, and Fingerprint data) to authenticate apps and services. Android 11 will also support digital driver licenses and other identification documents.

The ISACA survey also shows that organizations that take longer to fill in their cybersecurity and related positions report an increase in cyber attacks. Enterprises that took less than 2 weeks experienced 26% more cyber-attacks this year. Those who took around three months experienced 35% more attacks this year. Those who took six months or more experienced 38% more attacks. While those who were or still finding it hard to fill the positions experienced 42% more cyber-attacks this year.

 

Why Endpoint Attacks Occur

There used to be a distinct difference between the inside and outside of an organization, with infrastructures possessing clearly defined roles and boundaries. Organizations would have offices with computers and servers running on-site, creating a physical firewall, and ensuring that data often never leaves the company.

However, with the rise in telecommuting, more employees were asked or forced to work from home where there is no apparent, easily guarded line that can keep all the data in and attackers out of the system.

Worse is that some organizations still have a legacy viewpoint of the boundaries. Combine that with the BYOD trend, and all these lead to an increasingly expanding frontline. Causing security personnel to deal with relatively easy to hack employee-owned devices. This is further compounded by the fact that most employees expect convenience—many opting to use free and popular services to bring their data outside the company and with them. The majority of these services are infamously insecure, as have been pointed out by several hacks lately.

One such cyber attack is the recent discovery of an additional six malicious Android apps (11 similarly malicious apps were discovered in July) that slipped through the Google Play Store’s safety net to plant malware on Android devices. Another phishing attack targeted government and security organizations, using a legitimate Box page with Microsoft 365 branding to trick the victims.

The attackers were careful to appear quite convincing. Botnets facilitated spam and malicious emails with sender names and domains from a legitimate third-party vendor, asking readers to view a sensitive financial document. Viewers who clicked the link were led through a series of pages till they landed on a phishing page, built to resemble the Office 365 login portal, where they were asked to log in with their corporate credentials.

According to the cybersecurity awareness and data analysis firm, CybSafe and data from the UK Information Commissioner’s Office (ICO), 90% of the 2376 cyber breaches reported to the ICO in 2019 were attributed to end-users’ errors. This was a significant increase from the years prior, with 61% in 2017 and 87% in 2018. The cybersecurity company reported phishing accounted for 45% of all reported cases, making them the primary cause in 2019 in the UK.

There is a general lack of public understanding around basic secure behavior, such as spotting fraudulent links and phishing emails, sending the wrong document to the wrong person, leaving a computer unlocked, or plugging in unidentified USB sticks. However, there are two sides to this human error issue.

  1. Passive Attacking: End-users and endpoints have become the primary targets for cyber attacks. This is because their behaviors and powerful devices are relatively easier to exploit, making them attractive targets. Security to most end-users is an untaught concept, and one they typically leave to the “experts.” Yet said experts are rarely the most communicative or most persuasive of tutors and thus, fail to communicate the pitfalls of not being security first effectively. Additionally, BYODs rarely include superior security, such as multifactor authentication (MFA), a system that can prevent the vast majority of data breaches by stopping unauthorized clients from accessing a corporate device. This all leads to the end-user becoming the weakest link, triggering a Supply Chain Attack.
  2. Increased IT Infrastructure Complexity: This second aspect encompasses the increasing complexity and distinctiveness of security tools. From intrusion detection, network monitoring, and encryption to security information and event management tools (SIEMs). Typically, more robust options are welcome; the issue is that all of these disparate tools need to be integrated effectively and correctly aligned to provide adequate and effective security. This also means that security teams have to know each tool, their uses, thresholds, and experience to create appropriate baselines. Unfortunately, teams are not trained well enough in the real world and most likely implement the tools with their default configurations. Doing this allows for an easier rollout but a risky and unsecured move, nonetheless. Such settings were predetermined by the manufacturer and basically put usability before all else.
 

“Though shocking, these statistics shouldn’t provoke a negative reaction. Employees of course pose a certain level of cyber risks to their employers, as seen in our findings thus far. Nevertheless, people also have an important role to play in helping to protect the companies they work for, and human cyber risk can almost always be significantly reduced by encouraging changes in staff cyber awareness, behavior, and culture.”

Oz Alashe – (CEO and Founder at CybSafe)

 

Undoubtedly, cybersecurity has dramatically changed, and cybersecurity teams’ capabilities are being stretched past their limits. Fundamentally brought on by a ballooning attack surface blended with ill-informed and inappropriate consequential end-user behavior floated by some organizations that refuse to take security seriously.

 

Endpoint cybersecurity threats

Endpoint security is a critical aspect of the cybersecurity landscape, and it’s becoming increasingly important as the nature of work evolves. With more devices connecting to networks than ever before, from laptops and smartphones to IoT devices, the number of potential entry points for endpoint cyber security threats has multiplied. This makes endpoint cyber security a vital component of any comprehensive security strategy.

Endpoint cyber security threats are diverse and constantly evolving. They include malware, ransomware, phishing attacks, and zero-day exploits, among others. These threats can compromise individual devices, and from there, gain access to the broader network, leading to data breaches or system disruptions.

Malware and Ransomware: Malware is a broad term that encompasses various types of malicious software, including viruses, worms, and Trojans. Ransomware, a type of malware, encrypts a victim’s files and demands a ransom to restore access. These threats can infiltrate endpoints through malicious email attachments, infected software downloads, or malicious websites.

Phishing Attacks: Phishing attacks often come in the form of deceptive emails that trick users into revealing sensitive information, such as passwords or credit card numbers. They can also involve convincing users to click on a link or download an attachment that installs malware on their device.

Zero-Day Exploits: These are attacks that take advantage of software vulnerabilities that are unknown to the software vendor. Because these vulnerabilities haven’t been patched, they provide an open door for hackers to infiltrate systems and networks.

Advanced Persistent Threats (APTs): APTs are complex, stealthy threats in which an unauthorized user gains access to a network and remains undetected for a prolonged period. These threats are often state-sponsored and aim to steal information or disrupt operations.

To combat these threats, organizations need to adopt a multi-layered approach to endpoint security. This includes the use of antivirus and anti-malware solutions, firewalls, intrusion prevention systems, and endpoint detection and response (EDR) technologies. Additionally, organizations should regularly patch and update software to fix known vulnerabilities, and educate employees about safe online practices to prevent phishing and other user-targeted attacks.

 

The Future of the Cyber Security Landscape

The evolution of large-scale breaches symbolizes a growing trend of security violations both in numbers and their gravity. Data breaches recurrently expose sensitive information that often leaves users at risk for identity theft, ruin businesses’ reputations, and leave businesses liable for compliance violations. Cyber Observer, holistic cybersecurity management, and awareness solutions predict that damages from cyber crimes are projected to reach $6 trillion annually by 2021.

In other words, as enterprises gradually emerge from the current pandemic, we expect to see a surge in new demands. Reacting to these will require CIOs to formulate strategies based on two structural principles; understanding what customers need in a transforming landscape and leveraging technology to respond to these challenges in ways that acknowledge scope, cost, and scale objectives.

It is virtually impossible to write about the cybersecurity landscape’s future without citing Artificial intelligence (AI) and its role in securing endpoints. AI has existed for quite some time, and its use in our daily lives has become so common that we hardly ever stop to really think about it. From “Weak” AI programs such as “AlphaGo” developed by Goggle DeepMind that combined advanced search tree with deep neural networks, to Strong AI and machine learning systems used in flying Drones, Google Nest, and Tesla’s Autopilot. CIOs will carry on utilizing AI in various fields within cybersecurity. If anything, but to combat the numbers of attackers misusing AI and machine learning.

Looking to the future, the potential for new threat classes remains; ubiquitous and non-discriminatory in nature and to which there are currently no known catch-all countermeasures. Intrinsically, meticulous observations on malware features, abnormal acts, attackers’ attributes, and machine learning-based AI algorithms empower the defenders to deal with cyber threats, and in some cases, actually, go on offense. Regrettably, such observations also provide the attackers’ chances to invent novel attack techniques. Particularly as the risk of inputting false data and many other unsolved errors are relatively high in AI, defenders must always stay alert.

 

10 Simple Steps to Protect Your Business

Today, homeowners go beyond the typical door locks and automatic lights to a fully integrated security system that can prevent attacks and detect and respond to an intrusion and even accidents like a fire. Similarly, a business should deploy a multilayered cybersecurity strategy, one that includes.

Prevention: Firewalls, Anti-virus, Anti-malware, Password Management, Cybersecurity Awareness Training

Detection: SIEM, IDS, Threat Intelligence, and Log Monitoring

Response: 24/7 SOC Monitoring Response, Automated Threat Remediation, and Forensic Investigation.

These are all great tools, but in reality, not all businesses can afford top of the line and often proprietary security suites. Fortunately, you or businesses do not need to invest endlessly in new security tools to improve and elevate your current Cybersecurity posture and awareness for the reason that 80% of data breaches can be prevented with the following basic actions.

  1. Patching
  2. Regular vulnerability assessments
  3. Institute end-user security awareness
  4. Ensuring third-party vendor compliance
  5. Endpoint Detection and Response (EDR)
  6. Limiting access to your most valuable data
  7. Securing mobile devices and BYOD devices
  8. Proper device and or software configurations
  9. Conduct employee security awareness training
  10. Develop cyber breach prevention, detection, and response plan
 

Final Thoughts

Improving endpoint cyber security needs to be a top priority in 2020 and the foreseeable future. The border-less and seemingly non-discriminatory nature of cyber-attacks means it is of imperative importance that the cybersecurity industry shares their insights and work together to protect themselves and the wider population.

In today’s connected world, a breach of one organization can compromise an entire supply chain. Spelling disaster for businesses, eroding public trust and opinions, whilst leaving them in financial collapse, particularly with the General Data Protection Regulation (GDPR) in the EU. It is up to the legitimate security community to learn from each other, sharing what works and what does not. Most importantly, we all need to identify where to improve and ensure we leave no one behind.

Posted on

Business Continuity: How Industries Are Adapting To A Post-COVID-19 World

As countries ease restrictions and lockdowns, organizations are taking strategic steps to recover their business and revenue streams.

From the high adoption of virtual reality by the property industry to the increase of AR in retail, companies are accelerating change in many aspects of their business as part of their business continuity plan.

But first, what is a business continuity plan?

 

The Basics of Business Continuity

Every organization has a framework called business continuity management, or BCM, which identifies potential external and internal threats that can threaten the company.

Consisting of disaster recovery, crisis management, contingency planning and business continuity planning, BCM enables the company to effectively respond to an event and ensure the operation of critical business functions.

Business continuity planning (BCP) outlines protocols and procedures that ensure the continued functionality of the business during and after a crisis.

BCP often gets mixed up with disaster recovery, but the two are quite different. Disaster recovery involves the recovery or continuation of technology infrastructure, systems and applications” while BCP covers all aspects of the business, including human resources, infrastructure, technology, contracts, and communication.

Designing a business continuity plan requires extensive steps, from business impact analysis and recovery strategies to plan development and testing. For examples of building a BCP, view this template by Sitel or Lumiform’s business continuity plan template for IT.

 

Recovery Steps After The Outbreak

Many businesses are still reeling from the effects of the lockdowns. But most are tackling the challenges by implementing innovative changes, which may become permanent fixtures of their processes.

  • Digital Transformation In The Property Industry

The real estate and property industry faced a big blow due to the coronavirus. Not only were there bans on open houses and limited viewings, there were also less people buying properties due to the economic situation.

“Market activity will be lower in the next couple of months. I won’t be surprised if sales activity could be down 30% or even 40% in the next few months.”

– Lawrence Yun, Chief Economist of the National Association of Realtors (NARS)

in Yahoo Money

Still, the sector is taking things in stride, shifting to online real estate transactions and digital closings.

For instance, New York real estate companies set up remote closing processes, including electronic notarization, e-signing, live video conferences, and money transfers for their transactions.

In Hong Kong and Singapore, virtual tours and viewings have become “a megatrend” that is accepted among buyers and agents alike. In fact, Hong Kong’s largest property agency, Centaline Property Agency, stated that virtual reality property videos helped to generate HK$100 million in April.

Additionally, online marketing is seeing more emphasis in the industry with the rising utilization of digital marketing automation, chatbots social media, and email marketing.

  • The New Manufacturing Normal

According to Statista, manufacturing shares the spot for the topmost coronavirus-impacted sector with the travel industry, seeing a severe impact on personnel, operations, supply chain and revenue.

On the upside, COVID-19 is the impetus that’s pushing traditional manufacturing ecosystems to be more agile, flexible and digitally enabled. As mentioned in a Forbes article, the sector is expected to experience five years of innovation in the next 18 months with high adoption of technologies.

Automation is set to be a top technology investment as manufacturers look to move their productions on-shore or near-shore. While off-shoring provides low labor and productivity costs, IndustryWeek believes that the advancement of robotics and automation “have drastically increased productivity across a number of manufacturing processes [which] can be easily reshored and deployed domestically].”

Aside from manufacturing processes, automation is also being utilized for task and order processing. For instance, IBM used an automated order management system to help a global manufacturer of contact lenses to maintain its supply chain continuity during the outbreak.

Internet of Things (IoT) is another manufacturing technology that is predicted to gain traction with a projected growth of up to USD 136.83 billion by 2026. The rise in IoT will in turn bring higher demand for a faster, more stable network, such as Vodafone’s Mobile Private Network (MPN) solution.

  • Digitized Retail Sector

The retail landscape, on the other hand, saw a boost in e-commerce and digital marketing as movement restrictions drove more retailers online.

Retail giant, Majid Al Futtaim, accelerated their online strategy by launching the e-commerce channel, carrefouruae.com. With more than 250,000 products, the online marketplace saw a ten-times increase in sales over a period of 10 weeks with average daily orders of 1,300.

China alone recorded online retail sales of $360 billion in the first four months of 2020, an 8.6% increase compared to the same period in the previous year. It’s evident that the upsurge of sales is not just limited to online grocery sellers, but expands to non-food e-tailers too.

“[T]here will be a further acceleration in the digital transformation of the retail sector, with the pandemic encouraging more people [to] experience online shopping.”

– Hou Yi, Freshippo CEO & Alibaba Group Vice President,

in FoodNavigator-Asia

Another expected post-COVID-19 retail trend is the use of augmented reality (AR) and artificial intelligence (AI), with the latter predicted to record $8 billion investment within the retail sector by 2024.

Shopify is a prime example of successful AR implementation, which saw a 250% increase in conversion rates after allowing its sellers to add 3D models. As for AI, My Beauty Matches uses algorithms to simplify consumers’ shopping experience by suggesting items from 400,000 products based on their past searches and purchases.

Other retailers, including ASOS, are also maximizing the benefits of these two technologies to thrive in the post-coronavirus world.

  • Online Security Concerns

As companies extend remote working to ensure business continuity, security risks have shifted from the fortified corporate landscape to the more vulnerable off-site areas. And cybercriminals are using that to their advantage.

According to a survey by Barracuda and Censuswide, among global businesses that are working remotely:

  • 46% have encountered at least one cyber security scare
  • 51% witnessed a rise in email phishing attacks
  • 49% expect a data breach or other threats in the coming month

However, contrary to expectations, cyber security spending is forecast to drop for the rest of 2020. Gartner, which predicted an 8.7% growth in cyber security for 2020, revised the value down to 2.4% while Barracuda revealed that 40% of surveyed businesses have cut their cyber security budgets to save costs.

Chief Technology Officer of Barracuda, Fleming Shi, calls the cost-cutting measure a bad move, seeing as more than half of the workforce is not properly trained to handle cyber attacks.

On another note, Gartner foresees an increase in cloud security, which is in agreement with Barracuda’s finding that 53% of businesses are moving their data to cloud-based models. Unfortunately, almost 85% of IT professionals expressed concerns about the vulnerabilities of remote cloud environments.

In an interview with Digital Journal, Chris DeRamus, the Vice President of Technology, Cloud Security Practice at DivvyCloud by Rapid7, mentioned that “Nearly 50 percent of developers and engineers bypass cloud security and compliance policies,” citing Zoom’s bypassing of common security features as an example.

To strengthen cloud security, he believes that engineers should “tackle cloud security flaws earlier in the build pipeline”, and further states that cloud identity and access management (IAM) will see a greater emphasis in the near future.

The above are just a few examples that show the beginnings of major shifts in various industries as organizations strive to recover from the outbreak effects and ensure business continuity.

As the year moves into the second half, there will undoubtedly be more innovation investments ahead, and more companies will be looking for better and more sustainable solutions.