Connect with us


On the increased cybersecurity threat and mitigating risks



On the increased cybersecurity threat and mitigating risks

Cloud Tech caught up with Andrew Egoroff, Senior Cybersecurity Specialist at ProcessUnity, to discuss the increased threat around the Russia-Ukraine crisis and how to mitigate risks from third parties.

A business can implement excellent internal cybersecurity measures, but a slip-up from a third-party vendor can have devastating consequences. ProcessUnity specialises in helping businesses determine what vendors carry the lowest risk.

“We try and evangelise the philosophy of assessing your third parties with the same controls you’re using for your internal network,” explains Egoroff. “If you consider third parties to be an entry point into your network, then it’s very key that you have those sort of controls.”

Most vendors will have done some previous assessment of their cybersecurity against an industry framework. If they haven’t, it might be time to consider a different vendor.

Egoroff has some additional tips to lower a specific vendor’s risk to your organisation.

“Understanding what data is in your internal network and what the external third party has access to defines the controls required,” says Egoroff.

“For example, if you’ve got credit card data and your third party is accessing that data for whatever reason—that starts defining the scope of not only your infrastructure but also the controls that need to be applied around that set of data for that third party.”

Zero-trust models are being increasingly evangelised. The idea behind zero-trust is that implicit trust is eliminated and only the bare minimum access to perform certain tasks is assigned.

Egoroff believes more organisations should adopt a zero-trust model and notes how the Russia-Ukraine war highlights the need to do so.

“There was a bug bounty released by organisations on the Russian or Ukraine side asking for people to find vulnerabilities against infrastructure, public services, that sort of stuff,” says Egoroff.

“The term that I heard was that now is the first time in history that everybody can participate in a war. It’s really enhancing or furthering that importance of making sure there’s zero trust.”

The heightened risk around the conflict drives home the need for robust cybersecurity measures.

“It’s not just a simple case of doing an assessment or running a vulnerability scan and achieving a baseline—it’s that constant checking to ensure that your infrastructure your assets have been patched, the appropriate controls are put in place, and any access to that data is constantly being checked,” explains Egoroff.

“You need a platform like ProcessUnity that allows you to interface with a lot of technologies out there and have everything in a single pane of glass to facilitate and make more efficient those processes to make sure you’re getting constant checks against all those various data points.”

Hackers on both sides of the conflict are getting involved—from independent to state-linked actors, individuals to larger collectives like Anonymous.

Western firms can be targets for voicing their opinion, offering assistance, suspending their operations, or simply due to their government’s support of one side. Egoroff believes the conflict has increased the global cybersecurity risk.

“It’s so easy now nowadays for anyone to either become a participant or a victim in this process,” says Egoroff.

Egoroff believes some comfort should be taken in the fact there’s now greater cybersecurity awareness from businesses and individuals.

“Everybody’s using MFA (Multi-Factor Authentication) for example, because a lot of these actors are out there using the existing traditional ways of getting into places like social engineering and phishing.”

However, Egoroff notes there’s been a huge increase in attacks against both the Russian and Ukraine side and that will inevitably bleed over into attacking Western companies and individuals.

NATO has been strategically ambiguous about what kind of cyberattack would trigger a collective response under Article 5, but the danger is certainly there. Much like all it could take to seriously escalate the conflict is one stray missile into NATO territory, all it could take is a cyberattack that spills over.

“If you take an example of the Russians accidentally, or on purpose, knocking out public services or power for a NATO-aligned country … if you consider the fact that cyber warfare can have detrimental effects – quite real tangible effects – then there’s no reason why it couldn’t escalate into a military response,” comments Egoroff.

Many security analysts predicted that a conflict with a powerful cyber actor like Russia would see it launch a major cyber offensive within hours, let alone days or weeks. We’ve seen many quite rudimentary DDoS attacks taking government websites and things offline, but not really the kind of attacks on critical infrastructure that many expected.

One potential explanation for the lack of such a major cyber offensive is the risk of spillover prompting a NATO response. We asked Egoroff if he believes that’s the case or whether modern cyber defenses are proving to be robust when quite literally battle-tested.

“I think it’s a combination of both. I think people generally are becoming more aware when there’s a heightened risk of attacks,” says Egoroff.

“From a government perspective, you know there’s certain controls and measures they need to put in place to protect against that but I think the nature of war is that a lot of these things that may be happening aren’t being particularly advertised.

“I think a lot of these actors on either side are attacking more government facilities or military facilities so by its very nature you’re not going to hear about that stuff anyway.”

Quite early on in the conflict, the Ukrainian government put out a statement warning civilians and soldiers about potential ‘deepfake’ videos. In the past week, a Ukrainian news website was hacked to post a deepfake video of President Zelenskyy calling on Ukrainians to “lay down arms”.

Fortunately, it was a poor deepfake and combined with the awareness campaign it probably didn’t fool anyone. However, it’s an example of how cybersecurity threats have evolved in the past few years alone.

One cybersecurity threat that remains the same is social engineering, especially over email. A report from Trend Micro released this week found that 75 percent of cyberattacks now start from email. 

“I’ve always said to all the sort of clients I work with that social engineering is hugely underestimated. You can put all the high tech firewalls and data loss prevention controls in place, but all it takes is an email and someone to intermittently pick a link or click a link opened up and you’ve compromised everything,” explains Egoroff.

“You’ll find that there’s a lot more sophisticated phishing and social engineering as in person-to-person type threats that happen—someone ringing up and coming across as a fake person from a company.”

You can watch our full interview with Andrew Egoroff below:

Andrew Egoroff will be speaking at this year’s Cyber Security & Cloud Expo North America. You can find out more about his sessions and how to attend here.

(Photo by Philipp Katzenberger on Unsplash)

Want to learn more about cybersecurity from industry leaders? Check out Cyber Security & Cloud Expo. The next events in the series will be held in Santa Clara on 11-12 May 2022, Amsterdam on 20-21 September 2022, and London on 1-2 December 2022.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: andrew egoroff, cyber security, cyber security & cloud expo, cybersecurity, infosec, ProcessUnity, Security

Source link

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address


Why cyber resilience remains an underrated element of the security strategy



Cloud Computing News

A curious article from February 1’s issue of the Borneo Post shone a light on the gap between expectation and reality when it comes to cyber recovery.

Professional services provider KPMG surveyed Asia-Pacific organisations and found almost three quarters (73%) of CISOs did not have the influence to protect their companies fully. Moreover, while progress has been made on prevention and response programmes, businesses are still underestimating impacts on operations and recovery times.

“Too many organisations wrongly assume that recovery will require several weeks to return to business as usual, when the reality is that it may take several months or more,” commented Ubaid Mustafa Qadiri, head of technology risk and cyber security at KPMG Malaysia.

There are, per the definition from SANS, six phases of a cyber incident response plan: preparation, identification, containment, eradication, recovery, and lessons learned. For affected companies however, it can often be panic stations as laptops are locked and files encrypted.

Enter the KPMG cyber incident response and recovery services. Runita Virdee is director of KPMG’s technology advisory practice. Alongside helping clients with the technology and digital transformations, Virdee leads KPMG’s UK cyber recovery practice. With certain infrastructure projects, such as disaster recovery and business continuity, it makes sense that the two areas are linked.

If an attack occurs, the incident response team begins by looking at the forensic analysis of the event. This ranges from understanding where their threat originated from, to assessing and recovering the technology that has been infected.

“We are seeing increasingly complex cyber-attacks launched by malicious threat actors who are constantly evolving and looking to outpace our tools and techniques to deliver maximum damage. We’re fortunate enough to have the size and scale and a broad range of organisational capabilities to respond appropriately – from networking specialists, identity experts and crisis management personnel to support the arduous recovery process.”

Organisations today are, of course, critically reliant on complex interconnected and interdependent systems. Regulations are increasingly strict, and public expectation of transparency is high. Depending on circumstances, organisations may have to notify regulators within 72 hours of becoming aware. Co-operating, as appropriate, with the Information Commissioner as you recover is key.

“With that in mind, two questions that need very coherent answers are: what is the core infrastructure that needs to be brought back online, and in which order of priority?” explains Virdee. “Organisations will often have to balance the need to continue the most business-critical operations – despite the absence of IT – and recovering and rebuilding impacted networks. Regular contact with the client is imperative; several times a day at peak times.”

“We mobilise teams of specialists at different sites, working alongside the client teams on the ground to start recovering,” notes Virdee. “Activities could range from rebuilding 1000s of laptops and physical devices, or as complex as re-architecting and rebuilding the core network and infrastructure from the ground up, embedding security and tight controls to minimise the risk of re-entry.”

Containment of ransomware across large corporate can be incredibly challenging, as is understanding how to restrict and control access to only authorised personnel.

“Recovery times naturally depend on the size of the organisation. For a small company with limited infrastructure and hardware, and a proactive approach to backups, some recoveries can happen within five days. At the other end of the scale however – think a global-sized firm with multi-million revenues and sites in remote parts of the world” notes Virdee. “The longest recovery at 18 months which included recovery and improving their technology estate.”

Education has always been an important part of the cybersecurity puzzle. Employees are frequently a primary access point. KPMG regularly sends out phishing test emails to keep folk on their toes. In some cases, it starts with the IT department. “A lot of organisations really don’t have IT teams that are scaled,” notes Virdee. “And that’s a challenge that we often see. The most successful recoveries have been a whole company effort, aided by invaluable support and input from a wide range of partners and vendors.”

Ultimately, the need for cyber response is one that will not go away. Prevention is important – but equally important is a robust cyber recovery plan with clear set of response activities and identified owners. The European Central Bank is one recent example of a high-profile organisation looking to test resilience after a sharp rise in cyberattacks.

“No organisation can ever be 100% secure but focusing on standards, a robust resilience strategy, accountability at the right levels and fostering a security-focused culture will, in the long term, prove to be a powerful net benefit for any organisation,” says Virdee.

Note: A previous draft of this article was published in error.

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and LondonExplore other upcoming enterprise technology events and webinars powered by TechForge here.

Source link

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address
Continue Reading


Reimagining the Role of the CIO in the Hybrid Era



Reimagining the Role of the CIO in the Hybrid Era

As businesses increasingly adopt hybrid working models, the role of the CIO is also evolving.

In the hybrid era, the CIO must not only manage technology infrastructure but also ensure seamless collaboration and communication between remote and on-site teams.

They must also lead efforts to integrate new technologies, such as cloud computing and AI, while ensuring data security and compliance. Additionally, the CIO should work closely with other C-suite executives to align technology initiatives with business goals and drive digital transformation across the organization. The CIO’s role in the hybrid era is critical to the success and resilience of modern businesses.

In part one of this two-part special available here we explored the vectors of change effecting the evolution of the CIO, and key issues and opportunities including addressing the data paradox, moving from data management to data centricity and value and democratizing the capacity to create and build. Concluding this series, we now move onto exploring the criticality of Human Centred Leadership and Power of the Ecosystem, Skills Based Organisation and share final thoughts and reflections for application across business and societal outcomes. 

Human Centred Leadership and Power of the Ecosystem

Humans are at the centre of catalysing data-centricity, empowering the insight engine which unlocks the value of operational, customer and market data, so how can we support them best? Employees want to work for organisations with shared value alignment, where they feel they belong, where employers care for them as well as those around them as corporate citizens, and where they are actively listened too and able to contribute. And as emphasised by research by the C Tanner Institute, it is the accumulation of all the small experiences employees encounter during every working day that makes the most impact, not one off initiatives or interventions.

A great example of addressing this comes from EY’s award-winning NextWave Elevator Challenge, developed in conjunction with Ogilvy to help connect the NextWave strategy to its global workforce – recognising this would only be actualised if the whole company understood and personally connected to delivering on it.

The result? A gamified, 90-minute team challenge and social experience built in an immersive 360-degree viewable game environment, centred around co-creation to optimise impact across different cultures and geographies, and all built around the strategic pillars of NextWave, namely Client, People, Social and Financial. This approach showcases that it is not just the capacity to deliver business transformation with the power of people, data and technology that delivers results, it’s the way this is done, and the way that the story is told that matters so much too, both internally and externally. A disruptive distinctive creative clearly delivers impact!


And taking this human-centred approach further still, is embedding the power of ecosystem collaboration and co-creation. For me, one of the biggest learning lessons of the pandemic is the increased resonance of ‘coming together’ for good as exemplified by projects like the HPC Consortium where organisations that traditionally competed, worked together to enable inspirational innovation advances in healthcare, notably vaccine development. This approach or mindset even, can be applied across multiple verticals, and to address many different challenges. It is perhaps then no wonder that it is now estimated that ecosystems enabled by digital platforms may unlock an eye-watering $100 trillion of value for businesses over the next decade. And with EY finding that some 88% of executives indicate they are leveraging ecosystems in their tech-enabled transformation plans, this is a trajectory set to gather increased momentum still.

Skills Based Organisation

The World Economic Forum anticipates that over half of all employees (54%) will require significant re-skilling to meet IT-related needs. This equates to a need to reskill more than a billion people by 2030. Reflecting on this and completing the catalysts for change covered in this piece, comes the shift towards becoming a skills-based organization and with this, a broadening focus on what skills requirements actually matter the most.

As data becomes increasingly democratized to a greater range of employees, especially business users to apply in self-service analytics, this is contributing to what I refer to as ‘the rise of the generalist’ – that is the amassing of increasingly holistic skill sets, complemented by one or two predominating skills as singular areas of expertise. The dynamic and holistic needs, challenges and opportunities facing organisations today necessitates employees with a breadth of knowledge, skills and experience, and also the skills confidence to apply them.

And when organisations combine this approach with adopting a data fabric strategy, this results in a significantly reduced need for human intervention to actually analyse and manage data – a range of 40-90% in the EY study – meaning burnout potential is negated and more time is afforded for higher value learning and development. And these employees need opportunity and recognition too, absolutely critical components to developing an inclusive culture of belonging, especially in areas like training. Indeed, the leading three barriers to digital transformation success were recently identified as related to ‘people factors’, most significantly around digital skills access, readiness and confidence (Dell Technologies 2022).

Further, developing a skills based organisation is vital when we consider expanding talent gaps in the technology sector. Putting this into context, in the UK alone, there were over 64,000 vacancies for technology roles in Q3 last year, according to a State of the Nation report from the BCS, The Chartered Institute for IT – this equates to an eyewatering 191% increase on the same period in 2020. Access to training matters, with a recent study by SAS that I was actively involved in, finding that 87% of employees report they are less likely to leave their employer if provided training opportunities. This includes aspects such as data literacy training for those in non-technology facing roles.


This is compounded by intention-action gaps when it comes to skills such as AI. As an example, the same research found investment in Artificial Intelligence technology increasing, yet investment in the talent to apply it, significantly lacking. As I discuss in related press coverage, ways to address include enabling on-the-job experiential training, increasing upskilling and cross-skilling opportunities, encouraging certifications and broadening talent outreach, for example with hackathon challenges, a timely example of this here. Additionally, visibility matters – it is critical for people to see ‘someone like me’ when exploring opportunities in technology. For inspiration, an example of showcasing the diversity of talent and skills needed to thrive in tech is the 365 Series, designed with the aim of breaking down barriers to access and changing the narrative on what a career in tech actually ‘looks like’. 

Investment and prioritization of human capability is then an absolute imperative. I believe this encapsulates a focus on STEAM skills, namely Science, Technology, Engineering, Arts and Mathematics to help foster holistic skill sets, including empathy, creativity, emotional intelligence and problem-solving skills. We need to evolve the predominant focus on what to think and what to learn, and now move beyond to the how – and with an increasingly personalised approach as one size does not fit all! One example is embedding a process called metacognition into training and development programs – think of it as going to the gym but for your brain! This approach can help employees and managers alike to understand their respective learning and leadership styles and how they learn best to become smarter thinkers – more agile, ambidextrous and confident to change.  

Final Thoughts

The CIO role is rightly becoming increasingly elevated and strategic. As organisations from SME to enterprise alike move beyond the rapid implementation of changes borne out of necessity, as exemplified by the pandemic catalyst, we have now entered an ‘embed by design’ phase, where digital transformation is more reflective, mature and critically – intentional. And it is empowered by focus, investment and prioritization around the 3 pillars of data centricity, human-centred leadership and skills-based organisation described in this piece, with all the considerations explored to optimise impact for business and society too.

And the results of getting this right speak for themselves! Tech-enabled transformations that exceed expectations now forecast an average annual revenue growth of 5.7% (EY 2022) – this compares to just 4.0% for transformations where delivery on expectations falls short. In combination, I hope this deep dive inspires further reflection and all feedback and questions are most welcomed! Additionally, for more on these very themes, EY’s Tech Horizon research and thought leadership are freely available to be explored in depth. All feedback and follow-on questions are most welcome. Many thanks, Sally

Research Notes and Additional Info *

Gartner, Becoming Composable: A Gartner Trend Insight Report, Yefim Natis, Janelle Hill, Partha Iyengar, Gene Alvarez, Jennifer Loveland and Chris Howard, 12 January 2023

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved

IDC Research, How to be a Digital Leader in 2022, Develop Your Digital Quotient To Be Successful on Your Cloud Journey. Europe and North America Info-Briefs, Francesca Ciarletta, Carla Arend, Archana Venkatraman and Frank Della Rossa.

IDC RESEARCH is a registered trademark and service mark of International Data Group Inc and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved

About the Author

Prof. Sally Eaves is a highly experienced chief technology officer, professor in advanced technologies, and a Global Strategic Advisor on digital transformation specializing in the application of emergent technologies, notably AI, 5G, cloud, security, and IoT disciplines, for business and IT transformation, alongside social impact at scale, especially from sustainability and DEI perspectives.

An international keynote speaker and author, Sally was an inaugural recipient of the Frontier Technology and Social Impact award, presented at the United Nations, and has been described as the “torchbearer for ethical tech”, founding Aspirational Futures to enhance inclusion, diversity, and belonging in the technology space and beyond. Sally is also the chair for the Global Cyber Trust at GFCYBER.

Source link

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address
Continue Reading


Shopify and Google Cloud AI integration boosts e-commerce capabilities



Cloud Computing News

Shopify and Google Cloud have unveiled an integration that enables retailers using Commerce Components – Shopify’s enterprise retail solution – to leverage Google-quality search capabilities and AI innovations. 

Enterprise brands on Shopify can today access Google Cloud’s Discovery Al solutions directly through Commerce Components, Shopify’s modern, composable stack for enterprise retail. This integration, which can now be used by Shopify merchants globally and is available in most languages, increases access to Google’s advanced search and browsing technologies so that retailers can create more fluid and fruitful shopping experiences for their customers. 

Shopify and Google Cloud’s new integration equips enterprise brands with artificial intelligence (AI)-driven product discovery capabilities that address real-world business challenges, including: 

  • Google Cloud Retail Search, which providesadvanced query understanding that can produce better results from even broad queries, including non-product and semantic searches, to effectively match product attributes with website content for fast, relevant product discovery. 
  • An AI-powered browse feature that uses machine learning to select the optimal ordering of products on a retailer’s ecommerce site once shoppers choose a category, like “women’s jackets” or “kitchenware.” Over time, the AI learns the preferred product ordering for each page on an ecommerce site using historical data, optimizing how and what products are shown for accuracy, relevance, and likelihood of making a sale. 
  • An AI-driven personalization capability that customizes the results customers get when they search and browse retailers’ websites. The AI underpinning the personalization capability uses a customer’s behavior on an ecommerce site, such as their clicks, cart, purchases, and other information, to determine shopper taste and preferences. 
  • A Google Cloud Recommendations AI solution thathelps retailers deliver personalized recommendations at scale. Recent upgrades to Recommendations AI can make a retailer’s ecommerce properties even more personalized, dynamic and helpful for individual customers.
  • Advanced security and privacy practices that help ensure retailer data is isolated with strong access controls and is only used to deliver relevant search results on their own properties.

Harley Finkelstein, president of Shopify, said: “We’re thrilled to continue our long-standing partnership with Google Cloud.

“We’re bringing together the best in commerce with the best in search to solve a complex and costly problem for enterprise retailers – world-class search and discovery for the online store.”  

Thomas Kurian, CEO of Google Cloud, said: “Shopify integrating Google Cloud’s Discovery AI technology into its enterprise retail solution puts the power of AI directly into the hands of merchants and brands to solve everyday problems.

“Now, retailers will be able to enhance their digital properties with better product discovery experiences, creating more fulfilling shopping experiences for their customers.”

Rainbow Shops builds a better customer experience with Google Cloud search technology

Rainbow Shops, a Shopify merchant and popular retail apparel chain with more than 1,000 stores, recently integrated Google Cloud’s Discovery AI for Retail technology directly into its own digital domains. After experiencing limitations with other search and product discovery solutions, Rainbow Shops approached Shopify about the possibility of using Google Cloud’s search and browse capabilities. 

When compared to other specialty search services, Rainbow Shops’ internal testing found that Google Cloud’s solution could deliver helpful results to an assortment of test queries 100% of the time. In addition to accuracy, Rainbow Shops saw an immediate reduction in the amount of time and effort its teams previously spent on manually refining search results, creating redirects, and pulling up to 50 other levers to get useful results.

Rainbow Shops is now using Google Cloud’s Retail Search technology, and importantly, it took less than a week for Google Cloud’s AI tools to be successfully integrated into Rainbow Shops’ online store and mobile app—all right before last year’s peak shopping moment for the retailer, Cyber Week. 

David Cost, VP of e-commerce and marketing, Rainbow Shops, said: “Now our search bar can handle almost anything our shoppers throw at it, surfacing helpful product results for nuanced queries like ‘lbd’ (little black dress) and extremely general searches like ‘Mardi Gras.’ We’ve also significantly advanced our ability to produce relevant results when a shopper has a typo in their query, which is commonly seen among our many customers now shopping on mobile devices.

“Rainbow Shops is using Google Cloud’s AI tools to create an undeniably better shopping experience for our customers. In just three months we’ve already seen search volume increase 48% and our bounce rate on visits has decreased three-fold.”

Consistency lacking in retailer search experiences, resulting in search abandonment

Despite the continued rise in online shopping, many shoppers report hurdles in the product discovery experience on retailers’ ecommerce properties. New research from a Google Cloud-commissioned Harris Poll survey found that search abandonment—when a shopper searches for a product on a retailer’s website or mobile app, but doesn’t find what they are looking for—costs retailers more than $2 trillion annually globally, and more than $234 billion in the U.S. alone.

Shoppers themselves say they depend on the search function or search box when shopping; it’s the most common way U.S. consumers search for products on retail websites (69%), followed closely by general website browsing (63%). The problem is that retailers’ search experiences lack consistency, as only one in 10 U.S. shoppers say they get exact results for their queries (12%) or good alternatives (11%) every time they use the search function on a retailer’s site. In fact, more than three in four U.S. consumers (76%) say that in the past month they have used the search function or search box on a retail website and it did not provide the item they were looking for. 

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and LondonExplore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: AI, E-commerce, Shopify

Source link

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address
Continue Reading