Category Archives: Tech Thought Leadership

News, RPA, Tech Thought Leadership

Tom Allen: Corporate culture and the case for Robotic Process Automation

Written by Tom Allen, Founder, The AI Journal

Robotic Process Automation (RPA) has many virtues: from improving business processes and freeing up staff for more useful tasks, to cutting costs; improving customer relationships; boosting output and managing marketing campaigns.

But, as we revealed in a recent report published by The AI Journal, it has its fair share of challenges to overcome. Many of these are not just technical, but are rooted in company culture.

This article will provide an overview of the obstacles that need to be overcome within organisations to successfully implement an RPA strategy – the logistics and potential expense of putting it in place, or convincing management that it is a viable business solution.

 

The road to RPA

So, you’ve heard about RPA technology, you’ve listened as people have waxed lyrical about the benefits it can bring to a business, you’ve perhaps even half-persuaded your CEO of its virtues, and he or she has given you a tentative nod to make enquiries.

But before you even think about which RPA provider you’re going to use, whether commercial or open-source, the first question a company needs to answer is this: which processes within your business would most benefit from transformation?

Drawing up a formal roadmap for how your company will proceed with RPA is therefore a must – laying out cost-benefit analyses, detailing how staff will be educated and trained, drawing up a priority list of new processes to which RPA can be applied, identifying stakeholders and project teams and raising potential hurdles.

The starting point then is an internal audit of systems and an assessment of which will fit with an RPA, and – crucially – which areas of the business will benefit the most, offsetting implementation and running costs against savings.

 

Getting the board onboard

This is the juncture at which more in-depth conversations can start happening with internal stakeholders, and probably the leadership team, around why the company should invest. Nothing piques the interest of an FD, MD, COO or CEO more than mention of sizeable cost-savings and a pleasing ROI ratio, so this is probably a good thing to bring up early on.

To strengthen the case for RPA, it also makes sense to sound out a few RPA players most suited to your needs, inviting one or two to demonstrate the technology to your colleagues and bosses. You’ll need to agree with them which of your organisation’s specific processes they will present on, as proof of concept.

Once the board is convinced in principle, you need to set out specific goals, start-up costs, determine who within the firm will handle the various roles and comprise project teams, who will oversee the implementation and day-to-day running.

 

Things to avoid

One thing that practitioners are quick to point out is that newcomers to RPA should avoid soft-testing the technology by applying it to a largely inexpensive and already-efficient process. Nothing is more likely to be met with a shrug from stakeholders than minimal savings on an already efficient and effective system.

RPA needs to be brought in for systems on which they will have a sizeable impact, often around where customers are part of the equation. For instance, building RPA into managing sales processes, from an initial quote through to transaction, can be hugely beneficial, not least because it can take human error and delay out of the customer experience. Alternatively, you may choose to introduce it to handle high-volume processes that are more prone to human error.

And of course, you should avoid bringing in RPA technology to handle processes that are prone to development or change – it is best implemented in established, unchanging systems so as to avoid a constant cycle of maintenance and adjustment.

 

Change management

But from a cultural standpoint, arguably the most vital thing to consider is the makeup of the company itself. People, rather than bots, are what generally drive a business’s success, or otherwise. It is therefore critical to consider this at all stages of your RPA journey. People are also essential to bringing in and successfully running the technology. Every stage of the development journey must therefore be communicated to staff and transparency must be paramount – margins of error, for example, must be understood and prepared for.

Speaking of staff, the HR department obviously needs to be kept abreast of an RPA strategy, especially so if bots are going to become instrumental to sizeable aspects of a business. Personnel professionals will be responsible for reassuring staff that their jobs are not under threat, and potentially where they are, in up-skilling workers so they can take on new roles.

Finally – and most importantly – the company IT department clearly has to be involved from the outset, made aware of the benefits, deficiencies and potential pitfalls of RPA. IT will be central to maintaining and updating the RPA systems, as well as training up staff for roles such as maintenance and quality assurance.

As RPA is bedded into your organisation, both systematically and culturally, and as it becomes more instrumental in driving margins, then it is perhaps worth elevating its stance within the corporate structure. For instance, many large organisations today have established internal teams dubbed Centers of Excellence (CoE), to manage their RPA systems.

Digital Transformation, News, Tech Thought Leadership

Eric Newcomer: APIs are powering the acceleration in digital transformation

Written by Eric Newcomer, CTO, WSO2

While organisations have publicly talked of the benefits of digital transformation for some time, the COVID-19 pandemic forced many to pull the trigger on those plans. The crisis accelerated the adoption of digital technologies as organisations across almost every industry underwent huge changes to their operating models.

Indeed, a McKinsey executive survey notes that companies have accelerated the digitisation of their customer and supply-chain interactions and of their internal operations by three to four years. Moreover, the share of digital or digitally enabled products in their portfolios has accelerated by seven years.

There are several reasons for this. Initially, there was the need to establish and equip a new remote workforce, with 55 percent of organisations increasing their cloud adoption as a direct result of COVID-19. Further, 88 percent expect their adoption of cloud services to increase in the next 12 months, with more firms planning to allow employees to work from home post-pandemic. With stores and bank branches shut, or with many people reluctant to venture out, all of a sudden, much more had to be accomplished online.

Even beyond the current crisis, organisations recognise that moving to the cloud as a foundation for digital transformation can deliver a huge competitive advantage – whether that’s through its cost effectiveness, the ability to scale IT as per the customer’s requirements, the processing power to handle increasingly large amounts of data, or the ability to more rapidly push and measure the impact of application changes.

The pandemic also highlighted the need for agility. With physical transactions off the table, consumers have turned to digital experiences. This means organisations are now under greater pressure to digitise services quickly – and at scale – to meet rising customer expectations of seamless customer service  and to preserve or create new revenue streams.

Developing digital experiences

It has traditionally fallen on IT departments to deliver these outcomes. However, overstretched IT teams have struggled to keep up with the demands placed on them, even before COVID-19. They were faced with budgetary pressure, poorly connected systems, and a potential lack of skills within their teams. The pressure has intensified during the pandemic, with many IT pros reassigned to help support the new distributed workforce.

Elsewhere, organisations realise that the ability to harness the power of data will be key to growth. As such, they are looking to unlock the data that exists within their organisations to gain valuable insights to give them a competitive advantage.

However, many organisations struggle to standardize and unify data that is fragmented across the business, hidden in different applications, or siloed in legacy systems. As a result, there has been a surge in demand for employees with specialist data skills – the call for data scientists and data engineers has more than tripled in recent years, according to a 2019 Royal Society report, creating “chronic supply issues”.

This, combined with over-burdened IT teams, has seen organisations seek to empower employees and individual departments to develop digital experiences to match increasingly sophisticated customer expectations. The goal is for employees to have the capabilities to integrate systems, unify data and deliver personalised customer experiences – without needing to write any lines of code or possessing specialist skills.

Aside from the skills shortage, a growing number of business leaders also recognise that the power of data analytics is, in many cases, best placed in the hands of those that are closest to the data. Gartner describes these as “power users” who can perform both simple and moderately sophisticated analytical tasks that would previously have required more expertise.

It is estimated that more than 65 percent of application development activity will be as a result of low-code application development by 2024. Therefore, enabling innovation across the different lines-of-business will be a key priority for organisations in 2021.

The power of APIs

This is where APIs come in. API-led connectivity helps organisations unlock these data silos, providing a coherent view of all that is going on across the organisation, and connecting different systems to each other seamlessly and quickly.

APIs also let customers, partners, and internal stakeholders build products that leverage the organisation’s functionality and data. APIs make various data sources discoverable and accessible to third parties, enabling their own information to be combined with that of others. APIs help create a seamless engagement for the customer – essential at a time when consumers are demanding an exceptional customer experience.

This in turn means organisations can accelerate business opportunities, create engaging customer experiences, and open new revenue streams. This will be even more important with the proliferation of Internet of Things (IoT) devices and data processing moving the edge of the network.

2021 will also see more organisations look to standardise their APIs and the interfaces across their application landscape, creating libraries and focusing on API governance. This will help to put the building blocks in place to make it easier and faster for developers to create any new application or solution in the future.

To this point, according to Gartner the need to get APIs right is paramount because for an organisation to rescale and reinvent an enterprise requires decomposition and re-composition of operating practices, and post pandemic enterprises now have to compose their future.  Gartner states: “This is a task in which the role of an API platform is paramount, because it is hard to imagine any technological environment within a midsize or larger business that does not utilize APIs. Furthermore, their use is growing. Getting APIs right — and doing so quickly — therefore matters more than ever. The more effective an API program is, the more extensive the API platform will be — and the quicker and easier rescaling and reinventing can be accomplished.”

Therefore, APIs will continue to form a key part of any digital transformation in 2021, with their ability to unlock data, connect systems and empower employees to create better experiences for customers.

Counter to this, those who seek to cut corners and implement only tactical solutions, will quickly find themselves at a competitive disadvantage compared to those able to put the right foundation of API led integration in place.

Data, News, Tech Thought Leadership

Julie James: How businesses can level up their data security game.

Written by Julie James, Sales Director, Certificate Solutions,  Europe, Entrust

IT teams are responsible for a growing attack surface, as more digital platforms and tools are used across their organisation both inside and outside of their network. A recent study conducted by Entrust identified concerning trends in attitudes toward data privacy and highlighted why maintaining cybersecurity standards is more of a priority now than ever before.

All businesses can work toward adopting an “always on” approach to preventing data breaches and maintaining digital vigilance. Enterprises have a responsibility to customers and partners to implement comprehensive cybersecurity measures, but there are a few simple steps organisations can take toward better data privacy practices.

 

  • Outline your data protection strategy to customers: Be upfront and clear about your data privacy practices with your customers. Our data showed that consumers are looking to companies to show them how their information is secure and how they can protect personal data themselves. Embrace that role.

 

  • If a breach occurs, be transparent: This tip seems obvious, but not all companies practice it. Customers expect this sort of direct communication, forty-six percent of respondents said it’s on organisations to inform them when a breach happens. In addition, General Data Protection Regulation (GDPR), dictates that businesses must notify those impacted by personal data breaches within 72 hours of becoming aware of the security event. Therefore, businesses must work quickly to contain the breach and alert those impacted by it as soon as possible. It is necessary to have a crisis communications plan to be one step ahead of the breach situation and have less details to think of in the moment. Be brief, direct and factual in sharing the details with impacted parties.

 

  • Deploy multi-factor authentication (MFA): Apply two or more authenticators to keep workforce identities secure and help prevent potential breaches. For consumers, consider low friction MFA like mobile push notifications or smartphone biometric reading.

 

  • Adopt adaptive risk-based authentication: Leverage an added authentication challenge when warranted. Instances when a user logs in from a new device for the first time, signs on at an abnormal time of the day or logs in from a different geolocation are all suitable examples.

 

  • Go passwordless: We’re telling consumers to practice good password hygiene, use encryption and be vigilant. However, people still make mistakes, which is why eliminating passwords entirely is an even better option altogether. Removing the password effectively stops all password-based attacks. Credential-based password authentication provides substantial protection to keep workforce identities secure. Consumer friendly options for going passwordless include mobile push notifications and FIDO tokens.

 

One of the main data security challenges businesses face in 2021 is to maintain data security practices when employees are away from a central office space and become more vulnerable to digital threats. Recent data collected by Entrust identified that although 64% of consumers surveyed had grown increasingly concerned about data privacy in the past year, many have not changed their behaviour to protect themselves or their employers online. 43% of respondents admitted that they do not even read the terms and conditions when signing up to new services or downloading software, with 69% of respondents reporting that it simply took too much time. Respondents were also extremely willing to use and store sensitive information on connected devices. But with less than half of respondents knowing about security tools like anti-virus/anti-malware (44%), multi-factor authentication (43%) and encryption (33%), they may not be effectively protecting this sensitive information.

To support employees in changing data privacy habits and adopting cybersecurity best practices, businesses can make these recommendations to make sure employees are safer and more secure.

 

  • Practice good password hygiene: Most people use the same password for all their online accounts — but you shouldn’t. Be proactive about password protection by changing your password regularly and making each of your passwords unique. Also consider enabling advanced authentication, such as multi-factor authentication (i.e., receiving a special code on your smartphone to use in addition to your password).

 

  • Encrypt your devices: Encryption was the technology survey respondents knew the least about — and that needs to change. Encryption makes data unreadable to anyone other than those holding the encryption key. The Information Commissioner’s Office, the leading independent body for information rights, has a great page describing how to protect your personal data with encryption and secure data storage.

 

  • Keep up to date on data security news: A lack of digital literacy could cause difficulties in understanding data privacy or threats to cyber security that could endanger the business. Keeping up to date on terminology, new threats and digital best practices can be done by regularly using trusted sources such as the National Cyber Security Centre (NCSC) in the UK.

 

Businesses also have a responsibility to educate employees on enterprise security and best practices. However, this sort of internal communication is based on the trust an employee has in the organisation. This is a major challenge around the world as the actions of certain businesses in covering up security failings remain in the collective memory and the fact 2020 brought another slew of major data breaches to light.

Security tool training programmes, clear and concise communication and the distribution of learning resources are the first steps in ensuring employee trust in a business’s capability to protect data. In turn that trust translates into an adoption of daily security best practices and an active, business wide vigilance.

Data security at home is now as important as in the workplace. Businesses and employees have a responsibility to uphold data privacy standards to protect enterprises from digital threats. Our recommendations stem from the need to consider data security in the day-to-day activities rather than only focusing on large security initiatives. Successfully implementing these habits and educating a workforce isolated from IT teams is the most effective method in levelling up an organisation’s data security.

 

AI, Marketing, PR and SEO, News, Tech Thought Leadership

Ricardas Montvila: Five measures for more power through AI and marketing intelligence

By Ricardas Montvila, Senior Director, Global Strategy, Mapp

2020 had a huge impact on the way people shop ­– from the items customers added to shopping baskets, to how they chose to buy them. It is an undisputed fact that online is the only channel to have grown in effectiveness during COVID-19, with eCommerce seeing almost 30% growth and an increasing reliance on social media to stay connected.

Indeed, in 2021 digital marketing is likely to be the first choice for marketers seeking to operate successfully. It’s therefore crucial for marketers to pay close attention to their digital campaigns – and ensure that they are effective. Link building should be part of your strategy and Niche Inbound can help you.

Marketing decision-makers can combine planning and efficiency by moving from reactive to proactive marketing. Such a move increases predictability, meaning that marketers can improve the certainty around their campaign performance. Reactive marketers need to pivot their approach, and learn to plan ahead effectively.

Proactive marketers will think about their channels in a holistic way and focus their marketing activities on continuous optimisation. Modern, high-performance technology needs to be used to enhance the effectiveness of resources. It should be ready for use at short notice without the need for major adjustments, and it should be easy to use and integrate, and provide significant time-to-value improvements.

In this way, predictable and planned actions can be consistently applied by using marketing intelligence. Decisive optimisations can be realised on an ongoing basis if appropriate functionalities are available in everyday marketing.

Artificial Intelligence provides further opportunities to address and activate end customers. By using a proactive, AI-based approach, marketers can forecast engagement probabilities, gain interest, and reach the right customer segments. They can automate the delivery of tailored offers and content and target them for maximum interaction. It’s all about reaching consumers at the right time, in the right marketing channel, with the right message.

There are five areas where AI-supported solutions can help to achieve this goal:

 

  1. From insights to actions: Customer data analysis can be linked to targeted end-user activation to enable a proactive marketing approach. AI allows users to gain reliable insights from data which can be used to drive marketing activities. These provide information on how strategic customer activation can be improved. Targeted user segmentation, for example, offers the opportunity to define optimal contact times and channels on the basis of specific performance indicators.

 

  1. Marketers who know how their customers tick can plan more reliably. AI functionalities are able to accurately predict future customer behaviour. In this way, conversion probabilities can be calculated in advance across the entire customer lifetime. This lays the foundation for a highly personalised approach and helps to optimise the use of budgets. In ecommerce, for example, it is advisable to use forecasts to determine which end consumers will be persuaded to make a purchase with the lure of discount vouchers. A selective approach in which coupons are not provided across the board, but only to users with a correspondingly high tendency to convert, can significantly increase online retailers’ margins.

 

  1. Continuous monitoring pays off, but it can tie up a lot of resources. Machine learning, on the other hand, enables constant monitoring of the database and the performance of campaigns without spending a great deal of time. Self-learning technologies can realise unimagined potential for optimisation. Automated alerts provide real time information on the performance of key metrics and areas of websites. When anomalies occur, instant notifications ensure immediate responsiveness and targeted remediation, keeping campaign performance high over time.

 

  1. Product recommendations provide clear uplifts. Their quality can be significantly increased by using AI. This makes it possible to refine product suggestions and additional information by continuously recording preferences and affinities. AI can target content-oriented suggestions according to the “next best action” principle.

 

  1. Last but not least, nothing works without data. The solid foundation of any tech-based optimisation is an up-to-date data strategy. We need to include alternative tracking options focused on first-party data, that can be anonymised, and which are designed to comply with data protection regulations. By bringing together all available and relevant data sources, plannability can be maximised.

 

Conclusion

The overarching use of AI and marketing intelligence pays off, especially as consumer trends continue to evolve. By investing in one’s own technology stack, marketers can contribute to medium-term revenue growth.

A higher level of proactivity and agility in digital marketing guarantees an effective and long-term customer approach, supporting the overall profitability of advertising agencies. As the way we shop for products and services transforms, it’s clear that combining holistic campaign management with intelligent, predictive data analytics will be key to any marketer’s strategy.

 

 

Logistics, News, Tech Thought Leadership

Mark Perera: 2021 will see archaic supply chains switch to holistic, sustainable supplier ecosystems where tech and data are key

Written by Mark Perera, CEO, Vizibl

ast year, the COVID-19 pandemic changed the future of supply chains indefinitely. When compared to overall business impact, most senior leaders said their supply chain was more susceptible to disruption from COVID-19 than their workforce, systems, or operations. According to Accenture, 94% of Fortune 1000 companies experienced supply chain disruption owing to the pandemic. Amidst the ongoing impact of COVID-19, as countries move in and out of lockdowns and vaccines are rolled out, this will continue to be felt worldwide throughout 2021 and beyond as organisations look to recover from the disruption to their supply chains.

 

Transforming supply chain models – for good

However, the unprecedented nature of COVID-19 has forced companies, and industries, to rethink and transform their supply chain models – for good. Many are now looking at how they can move away from linear supply chains to a more holistic, robust and sustainable supplier ecosystem.

It is interesting because since humans began making and distributing products to one another, the structure of the supply chain has remained predominantly untouched. Raw materials flow in, they are changed into a product and distributed and used until finally they are thrown away. This linear – take, make, throw away – supply chain has been sufficient to keep economies churning for decades, but now organisations are seeking out more robust, more profitable, more sustainable, circular supply chain ecosystems.

 

Adopting a circular approach 

The circular supply chain is a model that encourages manufacturers and sellers of products to take discarded materials and remake them for resale. To remain competitive and relevant linear supply chain entities must be willing to transition to a circular supply chain, which includes the entire reverse logistics process, in order to continue to grow and become sustainable in a future without an unlimited supply of resources.

The demand for some organisations to move to a circular supply chain is driven by government and limitations on what products can go to waste and what must be reclaimed. That said, consumers stand out as the key driving force towards greener and more ethical, sustainable approaches.

Additionally, COVID-19 has exposed the fragility of long-distance, international supply chains. Building-in a level of resilience will see organisations seeking to work with a much wider range of suppliers – building out that ecosystem – from global corporations to smaller, regional start-ups to ensure business continuity, diversity and circularity in the supply chain.

 

Building a purpose-led ecosystem

The step-change that organisations must undertake to deliver against these sustainable and circular demands is now all about building purpose-led ecosystems. This means that organisations need to move beyond looking at their supply chain in a linear way, to actively collaborating with suppliers on initiatives to improve environmental, social and economic performance. They need to move towards a purpose-led procurement approach that includes a circular supply chain, and we will see adoption accelerate in 2021.

But what do we mean by a circular supply chain?

This is based on the principles of the circular economy, which is about designing waste out, circulating materials and resources and regenerating natural systems. The underlying premise behind the circular economy is that businesses will be more sustainable, more profitable and as a result add trillions to the global economy by 2030. The idea is that they are no longer reliant on the limited natural resources they required for growth. For businesses adopting a circular economy approach to be successful, their supply chains must also support these principles. According to Deborah Dull, who leads digital product management at GE Digital for Operations Performance Management, Supply Chain, Digital Kaizen, and Circular Economy: “Ultimately the circular economy is about inventory and extending its life, reusing it, repurposing it or eliminating the need for it altogether. Supply chain is responsible for inventory, and a global, circular economy requires supply chain innovation beyond its current scope which is very linear.”

 

How being lean helps

Deborah advocates that organisations should move to a lean supply chain approach because this moves inventory and decisions closer to the customer. This is important because proximity reduces the time between inventory decisions and actual customer need and because more inventory is typically required to buffer against uncertainty. Decreasing the time decreases the uncertainty, which decreases the need for an oversupply of inventory. Additionally, technology and data are key. Therefore, having a supply chain collaboration and innovation technology platform in place is important to facilitate collaboration in the supply chain, build in resilience and to give that all-important visibility into demand, supply, capacity and data.

In particular, data about inventory helps organisations make the best use of their existing inventory and reuse items as many times as possible. If the organisation cannot see their inventory, or if they lack the ability to easily move it around, they often end up duplicating inventory in different locations and buying an oversupply to prevent shortages.

 

Resilience and responsibility – watchwords for 2021

Going forward, it is entirely feasible that similar worldwide events to COVID-19 will cause major problems for organisations getting goods and products through traditional supply chain models, that are deemed too linear and don’t take a flexible, collaborative, diverse and a circular approach. Likewise, as government regulation and legislation increase, organisations will be forced to think about circular supply chains and more ethical approaches to how they dispose of raw and waste materials.

Therefore, repurposed supply chains of the future must have resilience and responsibility at their heart. Likewise, organisations must not only accelerate their agility, but also value chain transformation to help outmanoeuvre the ongoing uncertainty we face in 2021 and beyond.

Cybersecurity, News, Tech Thought Leadership

Steve Rivers: Implementation of the MITRE ATT&CK Framework

Written by Steve Rivers, Technical Director International, ThreatQuotient 

Sun Tzu, the fifth-century B.C. Chinese general and philosopher, knew that knowledge is power and stated this in his oft-cited work, Art of War, as follows: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” This wisdom of the military strategist is not only applied on real battlefields, but also on the digital frontlines of cyberspace. At least since the emergence of the first real malware about 25 years ago (e.g. ‘Melissa’ and ‘ILOVEYOU’), it became clear that criminals lurk in the expanses of the World Wide Web. Nevertheless, it is no use giving up and surrendering to your fate. Instead, it is important to face up to the threats and become proactive when it comes to your own security. The new buzzword is anticipation, and the MITRE ATT&CK framework can help make this approach a reality.

The MITRE ATT&CK framework has now become an established tool for security teams to assess their organisation’s security posture with respect to specific attackers and attack methods. With MITRE ATT&CK, teams can access threat intelligence from the constantly updated knowledge base to better assess their own situation and thus ensure that no critical elements of an attack are overlooked.

 

Implementation with the help of a Threat Intelligence Platform

One of the initial difficulties many IT teams face when implementing the MITRE ATT&CK framework is the sheer overwhelming number of different techniques and use cases that are made available to you. In order not to get bogged down in wracking one’s brains over implementation given the multitude of options, one should first focus on a few use cases. In order to identify the relevant use cases, it is important to analyse one’s own situation and to set priorities with regard to concrete data that is relevant for one’s own company. What can be of enormous help here is a dedicated threat intelligence platform (TIP). Such a platform automatically aggregates threat intelligence and helps to identify and prioritise the data and information streams that are most important for the respective user.

In the following, we will present two use cases in which a TIP helps security teams get the most out of the MITRE ATT&CK framework. We are talking here about two pillars of modern IT security: the analysis of incidents and the hunting down and resolving of threats, so-called threat hunting.

 

Incident Analysis

When analysing incidents, it is critical to think outside the box in addition to examining the information gathered on the ground. In order to understand the bigger picture of an attack and assess how and why it occurred, the incident in question must be placed in relation to an organisation’s individual risk profile as well as the global situation in the cybersphere.

This is where MITRE ATT&CK comes in: the data collected during internal analysis can be compared and connected to current attack campaigns and threat actors using the framework, giving context to the incident and thus helping to better understand why one’s organisation in particular was attacked and whether further incidents might occur. Security analysts can use the framework’s data as a detailed reference source to enrich their analysis of events and alerts, support their investigations, and determine the best actions to take based on relevance and incidents in their environment.

However, since manual data enrichment is error-prone, time-consuming, and tedious, a TIP can remedy this and free up the security team. By automating the collection and aggregation of data from the MITRE ATT&CK framework, security professionals save time, which is then freed up for higher-level tasks and analysis. In addition, such a solution ensures that no important information is overlooked when aggregating threat intelligence.

 

Threat Hunting

A relatively new, but extremely important approach in the fight against cyber threats is threat hunting. In this area, specialised security experts work with threat intelligence to proactively hunt for cyber threats. They hypothesise based on the information they gather, which they use to search for and resolve threats, contributing to the security of the organisation’s IT and networks. Here, too, a TIP can do important work to speed up and simplify processes.

After the initial analysis of an incident, threat hunting teams can move from looking for so-called Indicators of Compromise (IoCs) to using the full range of ATT&CK data. Instead of focusing on individual suspicious data points, threat hunters can use the platform to work from a higher-level viewpoint with detailed information about potential and actual attackers and their methods. In this way, the security team can take a more proactive approach, first identifying the organisation’s risk profile. The individual risks can then be mapped to specific attackers and their tactics, which then allows threat hunters to more closely examine whether appropriate data has been identified in the environment being investigated.

The usefulness of the MITRE ATT&CK framework depends not least on whether it is implemented effectively and whether security managers have the ability to aggregate and analyse the data in a simple way. Organisations can only make good use of the framework if they can properly assess and understand the relevant use cases and their organisation’s individual security posture. To facilitate this, technologies such as threat intelligence platforms exist that are capable of supporting security operations teams at all levels of their work. These solutions enable deeper penetration into the MITRE ATT&CK framework, thereby optimising its effectiveness and deriving much greater benefit from the knowledge base.

 

Customer Experience, News, Tech Thought Leadership

Nicola Buckley: Taking Your Customer Experience to the Next Level

By Nicola Buckley, Executive Vice President, Global Service Delivery, Park Place Technologies

During the past year, businesses around the world have had to reimagine their business models and operations multiple times. Nearly overnight, the pandemic forced most companies to pivot to remote working, creating an instant demand for new technologies and services that had previously been thought about in conference rooms, but never fully implemented.

As businesses continue to look for ways to navigate this new world order, they are looking for partners who can help them along in that journey.

For service providers, the differentiation they can offer in a partnership comes not in any single product, but in the ability to understand a customer’s need and to react and help customers solve a problem at a moment’s notice.

Customers will always choose a vendor or solution based on how the vendor interacts with them on a personal level. That’s a fundamental fact of how business is done, regardless of the industry. A product can have lots of fancy bells and whistles, but if the customer doesn’t feel like they’re being embraced by the vendor, they won’t buy it.

The key for all companies to succeed is to fit their products into the services they offer, rather than the other way around, which is what most companies do. Indeed, recent research by Ipsos found that 91% of CEOs believe they deliver a superior experience, yet only 30% of their customers agree.

How can companies close that gap? Let’s explore a few ways to build a better experience – and relationship with your customer.

 

Listen to the Voice of Your Customer

A strong customer journey – and experience — always starts with the human element. Building a strong and effective experience platform is more than just a process — it’s an opportunity to build an emotional relationship with your customer across all touchpoints.

To truly connect with customers, and understand their experience, business leaders must spend time with them, face to face. And that means really getting to know them, not just dealing with events when they need services. It’s imperative to spend time with the customers during and after an event, to show them the plan and ask for their input.

While understanding their needs is key, it’s critical to always focus on allowing your customers space to make the right decisions and choices for themselves. As a service provider, you should, in some respects, offer staff augmentation. Focus on enabling choice while offering a very simple entry point into how clients gain access to services. Provide them with the simple tools they need to remove the stress and worry out of managing their complicated business environments.

 

Align Your Sales and Service Teams

Many companies overlook the need to engage the whole organization, including its support functions, in their quest to build a memorable customer journey.

To accomplish this, it’s critical to avoid “silos” in your organization. Silos never drive good results. Collaboration across functions is key. The service team should be a tool for the sales team and the sales team can serve as support for the service team.

To drive this collaboration, be hyper aware of your strengths and how you build a team that complements everyone’s strengths and opportunity areas across the organization. This will help the team feel empowered in their various roles.

A collaborative approach has been proven to work. The Ipsos study noted that empowering an insurer’s agents to resolve customer queries on that first call has increased customer advocacy by more than 50%.

 

Strategic focus on SLAs

Service level agreements (SLAs) are a transparent and accountable way to meet (and exceed) client expectations. Flexible service level agreements and co-terminous contracts should fit client needs to gain an operational advantage in maintaining servers/storage and networking devices. Clients should know they can — and know how to — consolidate multiple vendors, and add or delete equipment whenever it is needed, and without penalty. Parts depots strategically located around the globe help ensure that field service is able to meet a customer’s SLA, based on their specific equipment configurations.

One strategy is allowing multiple SLAs in the same location, so service levels are dictated by customer request, and not necessarily what a service provider offers in a specific location.

Experienced teams of field service and advanced engineers are key to meeting SLA agreements. Constant, ongoing training across all Tier One OEMs, coupled with keen understanding of each client’s expectations, put these “front line workers” at the forefront of SLA compliance and reporting.

Real-time monitoring is also key to meeting SLA and customer experience standards. Portals, mobile apps, and trackers should offer real-time information on assets, contracts, open tickets status, and event history.

 

Growing at Scale

All companies are at different stages of their customer experience journey but no matter what part of the journey you’re in, a well-aligned, embedded service team can provide an experience that will help drive revenue without ever moving a product. According to Ipsos, 86% of people will pay more for a better experience. That means a better customer experience can lead directly to increased revenue.

There are two ways to drive this growth: organically and through acquisition. Organic growth is driven by good service and performance by the team in the field. This leads to customer satisfaction and loyalty, which in turn can lead to greater revenue.

On the acquisitions front, expanding your business’ capabilities and offerings through acquisition is a fast way to accelerate your growth. However, taking this approach, which Park Place has done numerous times during the past few years, requires a fast integration. It’s vital to quickly bring the service team you’re acquiring into the culture of your organization so the same level of service can be maintained. The new team must be trained to understand the expectations at the outset of the relationship and given the necessary tools to succeed.

 

Looking Ahead

The new normal is unknown. Budgets are getting squeezed and new decisions are having to be made. It’s critical to make sure your customers don’t have to worry about risk or issues in their businesses.

As services providers assess their customer journey, it’s imperative to identify the moments that matter most and what customers need, expect, and what the ideal experiences are for them. As we move forward though the pandemic and beyond, the companies with the closest personal touch on this front will be the ones that succeed in delivering a top customer experience.

 

Tech, Tech Thought Leadership

Giles Knights:: Consultants vs. Contractors – Which is best for your organisation?

By Giles Knights, General Manager, ClearHub, part of Clearvision

For many organisations, knowing whether to choose a consultant or contractor, and understanding the difference, can be a puzzling task. There are many similarities between the two, however there are vast differences that enable organisations to achieve different end results. The key is to understand how the roles differ, advantages and limitations of each, in order to make an informed decision. This will help an organisation to better reach its business objectives. They need to ask themselves whether they would benefit from the high-impact expertise of a consultant or a long-term solution with a contractor?

 

So, what’s the difference?

Generally speaking, consultants and contractors are self-employed, independent business people, who have a special field of expertise or skill. However, the actual difference between the two largely depends on the supplier.

Consultants are usually more expensive, but this is because they are sought after for high impact short-term help that can be delivered in a matter of days or weeks. They provide clients with clearly defined deliverables in advance and tend to follow this through to completion, offering advice along the way.

Whereas contractors vary in skill and cost, but they are suited to more long-term needs and are ideal for larger projects with deadlines over several months, or even years. Contractors are quite flexible in how they work, with some working under the direction of the customer and others operating almost in a managed service model.

 

What are the similarities?

Both can be supplied on a remote or on-site basis — vital in these times. More often than not, a contractor and a consultant will have the same level of technical knowledge, meaning one can add just as much value to a client as the other, but it is also important to note that specialties vary from person to person.

 

The benefits and limitations

When looking to hire a contractor or consultant, there are many factors to take into consideration. This includes the considerable benefits and limitations, which have been outlined below:

 

Consultants 

Advantages: 

  • Expertise: Consultants will provide in-depth expertise for an organisation. They also help in bringing a different perspective to the table, as their skill set will be aligned with the current need of the organisation and business objectives.
  • Daily Operations: If an organisation uses existing staff during a project then it can leave the daily operations understaffed and neglected. By sourcing a consultant organisations are able to free up existing company resources and their day-to-day functions can continue to be well supported by staff.
  • Fixed Costing: When hiring a consultant, organisations will know upfront the exact costs that they are going to incur. There are no overheads involved and the organisations can also extend the contract based on their requirements and the results achieved during the initial term.

Limitations: 

  • Uncertainty: Consultants do not come with guarantees, so there is always a possibility that organisations might not achieve the results they had planned when they had hired them, irrespective of the cost.
  • High Cost: When a project is running on a low budget, a consultant should be hired only if an organisation is sure they will help towards achieving the final objectives, due to the high cost of hiring them.

 

Contractors 

 Advantages: 

  • Skillset: Organisations can build a level of flexibility and relevant skillsets into their teams. This is especially true for those organisations that have IT projects that they need to deliver upon, but do not necessarily have the in-house skills and resources to do so.
  • Affordability: By using contractors, organisations can expand and contract their workforce as needed, without taking on unnecessary expenses. Hiring can seem an expensive exercise, particularly if those skills are only required for an interim period or a one-off project; this is where using a contractor can prove extremely beneficial. Hence, it typically ends up costing employers less to hire a contractor than an employee.
  • Flexibility: Selecting contractors provides organisations with increased flexibility in staffing projects, which can be especially advantageous for companies with fluctuating workloads. An organisation can hire a contractor for a specific task or project, without any long-term commitments. This allows organisations to more effectively budget the costs for future projects of a similar nature.

Limitations: 

  • Inhouse skillset: Although beneficial for completing projects, by relying on contractors, organisations do not acquire or develop skills in-house which could be utilised for future projects.
  • Management: Unlike employees, whom organisations can closely supervise and manage, independent contractors enjoy a certain autonomy to decide how best to do the job for which they were hired.

 

Which is best suited for your organisation?

Largely, the contractor/consultant debate is a question of time, budget, and defining objectives. Knowing how long a project/initiative will take, the type and level of skill required, and how the person will fit in with the rest of the team will help determine whether an organisation needs a contractor or a consultant.

Here’s a list of some aspects that should be considered before making a decision:

 

  • How long will the work take to complete?
  • What does the budget look like?
  • Does your organisation know what it needs?
  • Will the organisation require expert guidance?
  • How much short and or long-term support will the organisation require?

 

Go to a specialist provider in the technology niche you need 

Organisations should seek out a specialist provider to help address their needs. Although business requirements and budgets can vary, specialist providers can help organisations to choose the option that is best for them. By providing the option for clients to choose from a consultant or a contractor, specialist providers are able to address the needs of more teams.

Networks, News, Tech Thought Leadership

Adrian Taylor: In the Midst of COVID-19, We’re Seeing a Pandemic of Cyber Attacks – So What’s on the Horizon for 2021?

Written by Adrian Taylor, EMEA VP, A10 Networks

With 2020 dominated by the start of the COVID-19 pandemic, there was also a sharp rise in cybercriminal activity. From simple phishing attacks to one of the largest DDoS attacks ever recorded, we saw the cyber threat landscape evolve and grow. At the same time, we also saw a rapid growth in the tech and cybersecurity industry. From the continued global 5G roll out to the exponential growth of the Software-as-a-Service (SaaS) industry, there were many positive developments amidst the gloom of a worldwide health emergency.

The challenges arising from these cybersecurity developments – including COVID-19 – will continue to have long-term implications in 2021 and beyond. To this end, here are some of the most pressing cybersecurity trends for the year ahead.

Cybercrimes will experience a surge

2020 was a busy year for both attackers and hackers, as well as cybersecurity personnel defending against the plethora of attacks to which they were subjected. There was a rise in anti-government cyber activities, a prominent example of which was the attack on FireEye, allegedly by a foreign nation state-sponsored entity, where multiple tools were stolen for use in subsequent attacks.

In 2021, such attacks will not just be more frequent, but they will also be very specific regarding who they target. International cyber espionage will be one of the main motivators for cyber attacks; we will see security vendors being attacked and compromised at an even greater pace. Even the attacks that happened in 2020, like the FireEye or Sunburst attack that targeted the SolarWinds supply chain, will have long-lasting effects. Investigators suspect, for example, that up to 250 organisations may have been compromised in the SolarWinds attack.

Such attacks will not only create opportunities for newer attacks, or variants/branches of the existing ones, but will also drive cybersecurity innovation in 2021.

The intelligent Edge will be weaponised

One of the major innovations driven by 5G is the implementation of multi-access edge computing (MEC). Building intelligence into the edge will boost the availability and efficiency of 5G networks. However, keeping global cybersecurity trends in mind, we can see that the intelligent edge might be hijacked by attackers for launching different kinds of attacks, both on the mobile core networks as well as on victims outside of the realm of the service provider that has been compromised. If nothing else, MEC can be used for propagating malware into different networks for drone recruitment in IoT botnets.

Low-volume DDoS attacks will be more frequent

In 2020, even though we saw one of the largest DDoS attacks ever recorded, targeting one of the biggest names in tech, a large number of DDoS attacks went unnoticed because, even though the frequency of these attacks were very high, their size was not. These high-frequency, low-volume attacks will keep the security industry busy in 2021 and may be instrumental to disabling security infrastructures or just acting as smokescreens for larger malware attacks such as the recent Sunburst attack.

Five million DDoS weapons will be added to the global DDoS arsenal

A10 Networks has observed that the number of DDoS weapons doubled from around six million at the end of 2019 to 12.5 million in 2020. This trend will remain the same in 2021 as more IoT devices come online with each passing day, with an expected addition of at least five million weapons.

The large number of DDoS weapons will also enable attackers to launch another record-breaking DDoS attack in 2021. We will have to wait and see whether it will be made public by the victims of such attacks. 2021 will be the year of Zero Trust implementation.

2020 was the year of understanding what the Zero Trust model is in a practical sense. Throughout the year, we saw security vendors align their solutions with the Zero Trust model. These were adjusted as more became clear on what it means to be a Zero Trust user, device, or network, and the policy changes necessary for a successful implementation of the Zero Trust model. As the COVID-19 pandemic fast-tracked the move to a SaaS model, as swathes of the global population worked from home, the importance of Zero Trust security has gained critical importance.

Organisations now understand that Zero Trust is not a specific device or vendor, but rather a series of strategic policy and practical changes that help enable better security. A successful implementation requires good understanding of what the Zero Trust model is, as well as the many diverse solutions that have to work in unison to enable its implementation.

We believe that the concept of Zero Trust has reached a level of maturity and clarity where it will be effectively adopted and implemented by many organisations in 2021, and that it will become the go-to security model for all types and sizes of organisations. Sophisticated attacks like Sunburst will also drive the need for effective Zero Trust implementation.

SASE adoption will accelerate

Since 2020 forced most of the workforce to work remotely, attackers have been experimenting with new ways of exploiting security loopholes or shortcomings exposed by these rapid changes. This accelerated and will continue to accelerate the development and adoption of Secure Access Service Edge (SASE) solutions.

However, since the move to the cloud is not an overnight transition, many organisations still have most of their resources hosted on-premises. They will continue to struggle with maintaining the remote work model and may revert back to business as it was, once a vaccine for COVID-19 becomes readily available and things go back to normal.

This, however, might be temporary as the world has now experienced a pandemic and many organisations have already started moving their businesses from on-premises to the SaaS-based model, with the trend only being accelerated by COVID-19. In summary, SASE will be an essential part of the enterprise security infrastructure as we move into 2021 and beyond.

2020 has taught us that vigilance in cybersecurity cannot be taken for granted. We are facing new, persistent threats of all shapes and sizes, and we have to make sure that, going forward, we face these threats with the best of our collective abilities. 2021 will be the year of cybercriminal activities, but it will also drive innovations in cybersecurity like never before.

Cybersecurity, Fintech, Tech Thought Leadership

Adam Strange: Why insider threat presents a big risk to financial services organisations

Written by Adam Strange, HelpSystems

In today’s highly regulated environment, financial services organisations are trusted with far more than just money; they are also responsible for keeping customers’ highly sensitive personal and financial data secure. And privacy legislation, such as GDPR and CCPA, has come into force to ensure that they are doing this diligently. Likewise, with the all the publicity we’ve seen around data breaches, as individuals, we are far more aware of the growing value of our data and the need to protect it. So, unfortunately, are cybercriminals, which means financial organisations are prime targets for malicious cyberattack. However, this isn’t the only threat they face. In fact, not a day passes without these firms’ own employees putting data at risk.

 

Insider threat cited as having the potential to cause a lot of damage

When it comes to reducing overall breach risk, it is easy to assume that employees represent low-hanging fruit – based on the premise that it is easier to control the actions of a company’s own employees than it is to defend against external attackers. However, here at HelpSystems we have recently undertaken some research, interviewing 250 CISOs and CIOs in financial institutions about the cybersecurity challenges they face. And the reality is that insider threat – whether intentional or accidental – was cited by more than a third (35%) of survey respondents as one of the threats with the potential to cause the most damage in the next 12 months. Likewise, phishing emails were cited by 20% of survey respondents. Add these two together and you can start to get a picture of the challenge these internal employee-centric risks present for financial services firms – perhaps a far bigger one than the external threat. While external attackers are always motivated by malicious intent, the employee population is far more mixed, and motivations are a grey area where the reasons behind breaches, whether through simple human error or deliberate actions, are harder to determine. This makes understanding, and mitigating, insider risk a far more problematic exercise.

 

Misdirected emails are also a big risk

At the same time, the latest Information Commissioner Office (ICO) report has just been published and the data confirms that misdirected email remains one of the UK’s most prominent causes of security incidents. This report further demonstrates the need for all organisations to control the dissemination of their classified data as it states that misdirected email is, alarmingly, a 44% bigger risk to organisations than phishing attacks.

This is yet another area where organisations must ensure their data protection policies are robust enough to not only protect themselves but also their employees from the seemingly simplest of mistakes. Again our research showed that increased remote working practices was a cause for concern, with 36% stating that they saw it as a cybersecurity threat with the potential to cause significant damage. Therefore, what remains paramount is that organisations provide their employees with the technology tools necessary to prevent the simple human errors that have the potential to result in data loss, and as a consequence, severe financial and reputational damage.

 

Understanding what protection your data requires

Clearly, it is crucial that financial services organisations shift the dial on insider risk and reduce breach frequency, because the penalties for failing to do so are becoming increasingly draconian, and the repercussions from customers much more severe. But put simply, before you can defend, you need to know what protection your data requires and you need to know what you’ve got, where it’s stored, why you have it and who has access to it. Once you’ve got to grips with that, you can identify what is of true value to the organisation – what’s business-critical and what’s sensitive – and then how best to treat it. In order to do that you need to think about what the impact would be if a piece of information was leaked or lost. If it was made public, would it harm the business, your customers, partners or suppliers? Would it put an individual’s security or privacy at risk? Would you lose advantage if a competitor got hold of it? Is it subject to any privacy or data laws, or regulatory compliance?

While this all sounds relatively straightforward, data visibility was another problematic area and subsequent threat emphasized in our research. Data visibility and knowing what data is where and who has access to it was highlighted as having the potential to cause the most damage by 14% of our survey respondents. Combine this with internal cybersecurity fatigue, which more than a quarter (28%) cited as potentially damaging, and you can start to appreciate the importance of providing tools and awareness training to help prevent those easily avoided mistakes from happening in the first place.

 

Employees need tools, training, education and the right culture

 As I mentioned, it is a complex problem without a simple answer and this is where employee education is key.  Employees play a vital role in ensuring the organisation maintains a strong data privacy posture. For this to be effective, organisations need to ensure that they provide regular security awareness training to protect sensitive information. In terms of how they go about doing this, they must invest in user training and education programmes. Users are your most important security resource, so train them to be an asset rather than a liability. Users should be a critical part of an organisation’s security posture, not excluded due to the associated risks.

 Likewise, the security culture of the firm must be inclusive towards employees, making sure they are continually trained so that their approach to security becomes part of their everyday working practice and security is embedded into all their actions and the ethos of the business.

 

How data classification can help

One way to do this is through the implementation of data classification tools, which not only help organisations to protect their data by putting the appropriate security labels on it, but also help educate users to understand how to treat different types of data with different levels of classification and sensitivity. Here at HelpSystems our data classification solution enables users to classify both their emails and documents according to their sensitivity, using both visual and metadata labels. Once labelled, data can be controlled to ensure that emails, documents and files are only sent to those you want to receive them, protecting your sensitive information from accidental loss.

It is technology like this that leaders within financial services organisations should have in place to protect their employees, prevent misdirected emails, the inadvertent sharing of documents and files and ensure that the organisation is complying with data protection legislation. Remote working is likely to remain, regardless of any future regional or national lockdowns, therefore, making sure that employees have the tools to prevent mistakes and the accidental sharing of data is going to be more important now than it has ever been. The place to start is making sure that any data is appropriately labelled, so that the employee knows how it should be handled.