Cybersecurity: Is it Time To Change Our Mindset?

Mark Testoni

For years, the standard approach to cybersecurity has been to build bigger and bigger walls to “keep the bad guys out.” But as the threat of cybercrime has evolved over time, this approach alone is not enough. Here, we look at the growing cybersecurity challenge and key imperatives facing CIOs.

As the Internet has pervaded all aspects of business and personal life, so has the list of cyber threats that could impact your enterprise. It’s not just rival companies looking to steal ideas. Currently an attack on your network could come from a wide range of sources. Your company could find itself under siege from organized crime, terrorist groups, and even foreign governments.

State and commercial interests are merging, with the networks of private companies now seen as key targets when countries are in conflict. For this reason, many corporations are adopting the same cybersecurity strategies as our national security organizations.

The enemy within

A data breach event could potentially cost millions of dollars, leaving your corporate reputation in ruins. With so much at stake, how do you protect your organization and its intellectual property from all attacks?

This is the challenge. Technological developments have moved so fast in recent years that few networks could ever claim to be 100% impenetrable. And as fast as IT security experts establish barriers to their systems, technologically advanced hackers find ways around them.

Rapid detection, agile response

So, how can commercial companies respond to the evolving cyber threat?

What we need is an entirely new mindset when it comes to cybersecurity. We should assume that hackers can and will access our networks. To complement the evolution of perimeter defenses, we need to shift our focus to detecting and acting on attacks as quickly as possible.

If this approach is to be successful, speed is essential. It is not enough to look in the rear-view mirror to understand what happened yesterday. We need a “front windshield view” to analyze, understand, and respond to threats as they occur.

Revolutionary new approach

With traditional computing approaches, companies simply cannot react fast enough to respond effectively to cyber attacks as they take place. These companies are often only able to determine that a cyber attack has already occurred and attempt to limit the damage to their operations and customers. The prevalence of this can be seen in the number of companies issuing reports about data breaches and offering credit monitoring to their compromised customers. Companies need a way to detect attacks as they are happening, and before the attacker has an opportunity to cause damage.

Sophisticated in-memory computing solutions are enabling this revolution in the way we approach cybersecurity. In an environment where there will never be one, single cyber-product answer, we need to bring the best of all worlds together in an integrated, high-performance manner. For example, with our strategic partners SS8, ThreatConnect, and Babel Street, we are leveraging SAP HANA as a high-performance hub to integrate real-time cyber-situational awareness and threat context. This enables the enterprise to understand the threat, find it, and act on it in real time.

This high-performance computing platform can achieve speeds many thousands of times faster than traditional data architectures. This enables the processing of huge data sets in seconds rather than days and allows analysis at true cyber speed. Companies using this capability can detect and stop cyber attacks while they are underway and before their data can be compromised.

Setting priorities

From the outset, we need to understand that breaches are possible and not all targets can be protected equally. Instead we must identify the high-value targets that are most likely to be attacked and prioritize the areas where a security breach would be most damaging.

For example, finance operations and critical infrastructure are key for most organizations. In addition, personal information is a high-value commodity that cyber criminals are increasingly targeting.

Managing security risk

The Internet has given us the greatest opportunity for economic expansion since the Industrial Revolution. And when you consider the fact that e-commerce accounts for trillions of dollars each year, losses due to security breaches seem minimal.

However, cyber crime is evolving and the threat is growing.

There is no absolute solution or quick fix. The imperative for CIOs is to deploy their available resources effectively to close the aperture of risk as much as possible, and re-evaluate their strategy on an ongoing basis. They need solutions with speed to detect and stop attacks while they are underway. And they must use the latest in-memory technology innovations to stay one step ahead of the cyber criminals.

Threats to your organization can come in many forms, including Supply Chain Fraud: Theft That’s Hidden in Plain Sight.

Comments

Mark Testoni

About Mark Testoni

Mark Testoni is president and chief executive of SAP NS2. He is one of the nation’s leading experts in the application of information technology to solve problems in government and industry, especially in the U.S. national security space. With more than 15 years of IT industry experience, 20 years in the U.S. Air Force, and 30 years of public sector management experience, Testoni is a sought-after business strategist and thought leader, with a proven record of rebuilding under-performing organizations and converting visionary ideas into reality. record of rebuilding under-performing organizations and converting visionary ideas into reality.

Tags:

CIO , cybersecurity

Why You Might Not Recognize Cybersecurity In A Few Years

Derek Klobucher

It’s already been an exciting National Cybersecurity Awareness Month. More than “an annual campaign to raise awareness about the importance of cybersecurity,” as the U.S. Department of Homeland Security describes it, October began with bicameral congressional hearings into the high-profile cyberattack on one of the nation’s largest credit reporting agencies.

Many cyberattacks are so severe because their victims don’t have the right tools – or don’t effectively use the tools available to them.

“Hearings into the Equifax breach that affected 143 million U.S. consumers could offer important, if painful, lessons on what companies should not do when it comes to protecting data and responding to incidents,” the Washington Examiner stated. “The company reportedly made a half-hearted attempt to use available patches to seal up the vulnerability that hackers exploited … and [it] did not use Department of Homeland Security cyber tools made available to all companies.”

The massive data breach at Equifax also highlights calls for enhanced cybersecurity, including a prescient appeal from an investigator at the U.S. Securities and Exchange Commission.

Where legacy fails

An SEC forensic unit warned of shabby cyber defenses – hamstrung by insufficient training and equipment – a mere two months before the agency discovered an epic hack of its corporate filing system, according to Reuters. Instead of the necessary resources, the unit resorted to using obsolete and repurposed hardware.

And it’s not just the SEC. More than 70% of federal chief information officers said most of their applications are legacy systems, according to a Professional Services Council survey released last month. And weak points in old apps were among the top concerns of the CIOs suffering from increasingly frequent cyberattacks.

More broadly, 95% of federal employees and contractors want common cybersecurity standards across the government, according to a Telos report released last month. And 88% of respondents agreed on a specific framework that “effectively helps organizations manage risk.”

But that would only go so far.

Back to basics

“Cybersecurity threats continue to increase in size and complexity,” Dark Reading stated recently. “But the real problem is that too many IT organizations are leaving their enterprises vulnerable to attacks because they overlook a number of simple tasks.”

Careless employees are the weakest cybersecurity link at small and midsize businesses in North America and the U.K., according to a Keeper Security and the Ponemon Institute study. This underscores the importance of cybersecurity basics, such as heeding security software warnings. (Find other best practices for 2018 in this TechRepublic list.)

“CISOs, CIOs, and boards of directors [must] think about cybersecurity, not just in the terms of the IT shops they run, but all products – anything that potentially exposes the company to a cyberattack,” GE global chief information and product cyber security officer Nasrin Rezai stated in CSO. She looks at securing an organization in three areas:

  • Operational technology (OT): Take special care when connecting parts of the business that had been secure only because they were isolated.
  • Consumer devices: Instead of just thinking about how to secure each device, focus on protecting all of your enterprise’s assets.
  • Readiness: Cybersecurity drills must ensure that everyone – from IT to manufacturing – knows what to do in case of a breach.

And a lot more is changing. In fact, you might not recognize cybersecurity in a few years.

The revolutionary future of cybersecurity

Students at the University of Central Arkansas will learn how to detect and defend against cyberattacks, thanks to a $500,000 grant to create a “cyber range.” And a startup in New York recently raised $8 million to ensure that cybersecurity credentials always remain with the user, authenticating people via biometrics, such as fingerprints and faces, as well as traditional passwords.

Keeping credentials with the user is a reason why U.S. Social Security numbers – once the holy grail for identity thieves – may be obsolete for national identification, according to the White House’s cybersecurity coordinator. That’s because victims can’t even change their numbers after they have been compromised.

“It’s a flawed system that we can’t roll back after a breach,” Rob Joyce said at a cybersecurity summit Oct. 3. “The Social Security number has outlived its usefulness.”

Doing our part

Put in context – especially in the wake of 2017’s deadly hurricanes – a sufficiently massive cyberattack could be worse for the U.S. infrastructure than hurricane season, according to an infrastructure security official at the Department of Energy. Deputy secretary L. Devon Streit’s comments at a cybersecurity and infrastructure panel echo an upcoming department report comparing the hazards of natural disasters to those of cyberattacks.

“The most worrisome threat we face in the energy sector is cyber,” Streit said. Potential solutions in the works include a pilot program to declassify and share cybersecurity threat information with both government- and privately owned infrastructure organizations.

More than a campaign, National Cybersecurity Awareness Month reminds us that there’s a lot at stake. And while others prepare to fend off future cyberattacks, the rest of us can use this month to refocus on best practices.

Learn more about The Future of Cybersecurity: Trust as Competitive Advantage.

Comments

Derek Klobucher

About Derek Klobucher

Derek Klobucher is a Brand Journalist, Content Marketer and Master Digital Storyteller at SAP. His responsibilities include conceiving, developing and conducting global, company-wide employee brand journalism training; managing content, promotion and strategy for social networks and online media; and mentoring SAP employees, contractors and interns to optimize blogging and social media efforts.

Six Tips To Avoid Project Team Attrition

Shannon Schupbach

Employee attrition can hamper your team’s ability to meet deadlines and negatively affect overall engagement. Productivity suffers when high employee turnover forces you to bring in new people on a regular basis. Your employees need clear expectations, interesting challenges, and opportunities for deeper engagement with the work they’re doing. Use these tips to keep your employees engaged and your team intact as you make your way through the workload.

1. Define roles and responsibilities

Team members have strengths and weaknesses that you can leverage to optimize productivity. Having everyone simply take tasks as they become available is not the best way to maximize skills.

By defining roles and responsibilities, you can best utilize your team in a way that boosts their effectiveness and helps them stay engaged. After all, if you never have workers doing what they’re actually hired to do, they end up dissatisfied, and retention takes a hit.

Team members will know exactly what they should be doing, the role that they serve in the group, and how their duties relate to their core skill set. They can have confidence in the work they’re doing rather than second-guessing their tasks or getting too far outside their comfort zones.

2. Develop a training program

Employees want the opportunity to grow their skills and move forward in their chosen career paths. If they’re doing the same things on a project, they have no opportunity to learn.

Develop training programs that provide the resources needed to advance your team members. You’re investing in their future and showing that you care about offering opportunities for professional development.

This strategy also works well if you have to bring in costly external partners for in-demand skills. You can develop this talent from within to cover your skills gaps so you remain competitive without paying massive recruitment costs. Keep your eyes open for recruitment trends over the next 5 to 10 years so you know where you should focus most of your efforts.

3. Rotate subject-matter expertise

You don’t want to keep the same subject-matter experts on the same teams when their knowledge is useful elsewhere. Assign them to the projects that make the most sense for their talents, and keep them engaged by challenging them with new environments. The subject-matter experts can find new ways to apply their skills, and the rest of the team can pick up new information from them.

You can also gauge the interest in cross-training among your team members. Some employees may find themselves intrigued by what the subject-matter expert does. They can pursue professional development training and certification courses to learn more about what that type of work entails. The knowledge pool in your organization becomes broad and is less likely to take a major hit if someone gets sick or leaves the company.

4. Automate processes

Many employees find that a significant portion of their working hours are dedicated to repetitive manual processes such as putting together time sheets, tracking expenses, and creating revenue reports. This work is little more than data entry, in most cases, which is not what they expect to do with their talents.

By automating these processes, you decrease the hands-on time that’s required to keep up with documentation and administrative requirements. The goal is to enter data once and have it automatically populate where it’s needed.

For example, consultants can log their time against work items so all the information is added to their timesheets. The project financials get updated instantly to give everyone on the team full visibility in real time. You enjoy improved agility and the ability to quickly adapt to unexpected disruptions.

5. In-context digital assistants

Digital assistants are common in smart homes and on smartphones, but they also have a place in the enterprise. Think about the way you use this technology on your personal devices—assistants process conversation and add context to it. They determine the user’s intent, the right application to perform requested actions, and how to present this information appropriately.

The benefits of incorporating digital assistants into your workflow are twofold: You give employees another time-saving tool to streamline their workload, and the assistant also uses context to analyze data and make suggestions based on the intended usage.

6. Self-service analysis

Having the right information at the right time can make or break a project. When employees need to search multiple layers to access essential data, they will likely miss potentially critical opportunities.

A self-service option reduces the amount of back-and-forth that occurs when a team is trying to get their hands on relevant data. They can put together ad hoc requests, see updates in real time, and determine the best course of action. They wouldn’t have the opportunity to do this if they couldn’t get data in the form that makes the most sense for the project.

Project attrition shouldn’t prevent you from reaching the milestones. While the reasons behind employee team turnover can be complex, you have many options to reduce or reverse the trend.

To find out more about how to recognize what’s causing margin leakage, check out our one-pager on the 4 Steps of Digital Value Creation.

Comments

Shannon Schupbach

About Shannon Schupbach

Shannon Schupbach is a proven leader in helping customers and partners adopt “cloud first” architectures. Shannon is an expert in product strategy and go-to-market, having held many roles (presales, delivery, sales enablement and operations) at companies such as Salesforce, WebLogic, and others. Before joining SAP, he ran implementation services for a startup company and has firsthand experience with the challenges of professional services automation. Shannon is blessed to be part of SAP and its efforts to help customers adopt digital transformation via an intelligent ERP. Connect with Shannon directly via LinkedIn: https://www.linkedin.com/in/shannon-schupbach-57785/

Diving Deep Into Digital Experiences

Kai Goerlich

 

Google Cardboard VR goggles cost US$8
By 2019, immersive solutions
will be adopted in 20% of enterprise businesses
By 2025, the market for immersive hardware and software technology could be $182 billion
In 2017, Lowe’s launched
Holoroom How To VR DIY clinics

Link to Sources


From Dipping a Toe to Fully Immersed

The first wave of virtual reality (VR) and augmented reality (AR) is here,

using smartphones, glasses, and goggles to place us in the middle of 360-degree digital environments or overlay digital artifacts on the physical world. Prototypes, pilot projects, and first movers have already emerged:

  • Guiding warehouse pickers, cargo loaders, and truck drivers with AR
  • Overlaying constantly updated blueprints, measurements, and other construction data on building sites in real time with AR
  • Building 3D machine prototypes in VR for virtual testing and maintenance planning
  • Exhibiting new appliances and fixtures in a VR mockup of the customer’s home
  • Teaching medicine with AR tools that overlay diagnostics and instructions on patients’ bodies

A Vast Sea of Possibilities

Immersive technologies leapt forward in spring 2017 with the introduction of three new products:

  • Nvidia’s Project Holodeck, which generates shared photorealistic VR environments
  • A cloud-based platform for industrial AR from Lenovo New Vision AR and Wikitude
  • A workspace and headset from Meta that lets users use their hands to interact with AR artifacts

The Truly Digital Workplace

New immersive experiences won’t simply be new tools for existing tasks. They promise to create entirely new ways of working.

VR avatars that look and sound like their owners will soon be able to meet in realistic virtual meeting spaces without requiring users to leave their desks or even their homes. With enough computing power and a smart-enough AI, we could soon let VR avatars act as our proxies while we’re doing other things—and (theoretically) do it well enough that no one can tell the difference.

We’ll need a way to signal when an avatar is being human driven in real time, when it’s on autopilot, and when it’s owned by a bot.


What Is Immersion?

A completely immersive experience that’s indistinguishable from real life is impossible given the current constraints on power, throughput, and battery life.

To make current digital experiences more convincing, we’ll need interactive sensors in objects and materials, more powerful infrastructure to create realistic images, and smarter interfaces to interpret and interact with data.

When everything around us is intelligent and interactive, every environment could have an AR overlay or VR presence, with use cases ranging from gaming to firefighting.

We could see a backlash touting the superiority of the unmediated physical world—but multisensory immersive experiences that we can navigate in 360-degree space will change what we consider “real.”


Download the executive brief Diving Deep Into Digital Experiences.


Read the full article Swimming in the Immersive Digital Experience.

Comments

Kai Goerlich

About Kai Goerlich

Kai Goerlich is the Chief Futurist at SAP Innovation Center network His specialties include Competitive Intelligence, Market Intelligence, Corporate Foresight, Trends, Futuring and ideation. Share your thoughts with Kai on Twitter @KaiGoe.heif Futu

Tags:

Blockchain: Much Ado About Nothing? How Very Wrong!

Juergen Roehricht

Let me start with a quote from McKinsey, that in my view hits the nail right on the head:

“No matter what the context, there’s a strong possibility that blockchain will affect your business. The very big question is when.”

Now, in the industries that I cover in my role as general manager and innovation lead for travel and transportation/cargo, engineering, construction and operations, professional services, and media, I engage with many different digital leaders on a regular basis. We are having visionary conversations about the impact of digital technologies and digital transformation on business models and business processes and the way companies address them. Many topics are at different stages of the hype cycle, but the one that definitely stands out is blockchain as a new enabling technology in the enterprise space.

Just a few weeks ago, a customer said to me: “My board is all about blockchain, but I don’t get what the excitement is about – isn’t this just about Bitcoin and a cryptocurrency?”

I can totally understand his confusion. I’ve been talking to many blockchain experts who know that it will have a big impact on many industries and the related business communities. But even they are uncertain about the where, how, and when, and about the strategy on how to deal with it. The reason is that we often look at it from a technology point of view. This is a common mistake, as the starting point should be the business problem and the business issue or process that you want to solve or create.

In my many interactions with Torsten Zube, vice president and blockchain lead at the SAP Innovation Center Network (ICN) in Potsdam, Germany, he has made it very clear that it’s mandatory to “start by identifying the real business problem and then … figure out how blockchain can add value.” This is the right approach.

What we really need to do is provide guidance for our customers to enable them to bring this into the context of their business in order to understand and define valuable use cases for blockchain. We need to use design thinking or other creative strategies to identify the relevant fields for a particular company. We must work with our customers and review their processes and business models to determine which key blockchain aspects, such as provenance and trust, are crucial elements in their industry. This way, we can identify use cases in which blockchain will benefit their business and make their company more successful.

My highly regarded colleague Ulrich Scholl, who is responsible for externalizing the latest industry innovations, especially blockchain, in our SAP Industries organization, recently said: “These kinds of use cases are often not evident, as blockchain capabilities sometimes provide minor but crucial elements when used in combination with other enabling technologies such as IoT and machine learning.” In one recent and very interesting customer case from the autonomous province of South Tyrol, Italy, blockchain was one of various cloud platform services required to make this scenario happen.

How to identify “blockchainable” processes and business topics (value drivers)

To understand the true value and impact of blockchain, we need to keep in mind that a verified transaction can involve any kind of digital asset such as cryptocurrency, contracts, and records (for instance, assets can be tangible equipment or digital media). While blockchain can be used for many different scenarios, some don’t need blockchain technology because they could be handled by a simple ledger, managed and owned by the company, or have such a large volume of data that a distributed ledger cannot support it. Blockchain would not the right solution for these scenarios.

Here are some common factors that can help identify potential blockchain use cases:

  • Multiparty collaboration: Are many different parties, and not just one, involved in the process or scenario, but one party dominates everything? For example, a company with many parties in the ecosystem that are all connected to it but not in a network or more decentralized structure.
  • Process optimization: Will blockchain massively improve a process that today is performed manually, involves multiple parties, needs to be digitized, and is very cumbersome to manage or be part of?
  • Transparency and auditability: Is it important to offer each party transparency (e.g., on the origin, delivery, geolocation, and hand-overs) and auditable steps? (e.g., How can I be sure that the wine in my bottle really is from Bordeaux?)
  • Risk and fraud minimization: Does it help (or is there a need) to minimize risk and fraud for each party, or at least for most of them in the chain? (e.g., A company might want to know if its goods have suffered any shocks in transit or whether the predefined route was not followed.)

Connecting blockchain with the Internet of Things

This is where blockchain’s value can be increased and automated. Just think about a blockchain that is not just maintained or simply added by a human, but automatically acquires different signals from sensors, such as geolocation, temperature, shock, usage hours, alerts, etc. One that knows when a payment or any kind of money transfer has been made, a delivery has been received or arrived at its destination, or a digital asset has been downloaded from the Internet. The relevant automated actions or signals are then recorded in the distributed ledger/blockchain.

Of course, given the massive amount of data that is created by those sensors, automated signals, and data streams, it is imperative that only the very few pieces of data coming from a signal that are relevant for a specific business process or transaction be stored in a blockchain. By recording non-relevant data in a blockchain, we would soon hit data size and performance issues.

Ideas to ignite thinking in specific industries

  • The digital, “blockchained” physical asset (asset lifecycle management): No matter whether you build, use, or maintain an asset, such as a machine, a piece of equipment, a turbine, or a whole aircraft, a blockchain transaction (genesis block) can be created when the asset is created. The blockchain will contain all the contracts and information for the asset as a whole and its parts. In this scenario, an entry is made in the blockchain every time an asset is: sold; maintained by the producer or owner’s maintenance team; audited by a third-party auditor; has malfunctioning parts; sends or receives information from sensors; meets specific thresholds; has spare parts built in; requires a change to the purpose or the capability of the assets due to age or usage duration; receives (or doesn’t receive) payments; etc.
  • The delivery chain, bill of lading: In today’s world, shipping freight from A to B involves lots of manual steps. For example, a carrier receives a booking from a shipper or forwarder, confirms it, and, before the document cut-off time, receives the shipping instructions describing the content and how the master bill of lading should be created. The carrier creates the original bill of lading and hands it over to the ordering party (the current owner of the cargo). Today, that original paper-based bill of lading is required for the freight (the container) to be picked up at the destination (the port of discharge). Imagine if we could do this as a blockchain transaction and by forwarding a PDF by email. There would be one transaction at the beginning, when the shipping carrier creates the bill of lading. Then there would be look-ups, e.g., by the import and release processing clerk of the shipper at the port of discharge and the new owner of the cargo at the destination. Then another transaction could document that the container had been handed over.

The future

I personally believe in the massive transformative power of blockchain, even though we are just at the very beginning. This transformation will be achieved by looking at larger networks with many participants that all have a nearly equal part in a process. Today, many blockchain ideas still have a more centralistic approach, in which one company has a more prominent role than the (many) others and often is “managing” this blockchain/distributed ledger-supported process/approach.

But think about the delivery scenario today, where goods are shipped from one door or company to another door or company, across many parties in the delivery chain: from the shipper/producer via the third-party logistics service provider and/or freight forwarder; to the companies doing the actual transport, like vessels, trucks, aircraft, trains, cars, ferries, and so on; to the final destination/receiver. And all of this happens across many countries, many borders, many handovers, customs, etc., and involves a lot of paperwork, across all constituents.

“Blockchaining” this will be truly transformational. But it will need all constituents in the process or network to participate, even if they have different interests, and to agree on basic principles and an approach.

As Torsten Zube put it, I am not a “blockchain extremist” nor a denier that believes this is just a hype, but a realist open to embracing a new technology in order to change our processes for our collective benefit.

Turn insight into action, make better decisions, and transform your business. Learn how.

Comments

Juergen Roehricht

About Juergen Roehricht

Juergen Roehricht is General Manager of Services Industries and Innovation Lead of the Middle and Eastern Europe region for SAP. The industries he covers include travel and transportation; professional services; media; and engineering, construction and operations. Besides managing the business in those segments, Juergen is focused on supporting innovation and digital transformation strategies of SAP customers. With more than 20 years of experience in IT, he stays up to date on the leading edge of innovation, pioneering and bringing new technologies to market and providing thought leadership. He has published several articles and books, including Collaborative Business and The Multi-Channel Company.