How To Protect Your Small Business From The Alarming Cost Of Cybercrime

Christopher Putvinski

Earlier this year, Microsoft president Brad Smith called on nations to adopt a so-called Digital Geneva Convention. While aimed at world governments, I doubt few would argue the need for a set of international laws governing every nation, state, and human on issues of cybersecurity.

We can all probably guess why: Cybersecurity is one of the greatest threats we face today. For some context, consider that McAfee estimates the global economic cost of cybercrime and cyber-espionage at between $300 billion and $1 trillion per year.

Also think about the explosive growth of ransomware, a phenomenon by which a user’s or business’ data is hacked and held for ransom. Per a report published by SonicWall, ransomware rose from 3.8 million attacks in 2015 to 638 million in 2016. Yes, you read that right: There were 167 times more ransomware attacks in 2016 than 2015. (Verizon’s newly released 2017 data breach report also found significant growth in ransomware attacks.)

While it’s true that large corporations may be the most lucrative targets for hackers, it is the small businesses that hackers are now after. Indeed, 60% of all targeted cyberattacks in 2014 struck a small or midsized business. Shockingly however, most small businesses remain unconcerned about cyberattacks. According to a 2016 report by the National Federation of Independent Business, small business owners rank cybercrime 51st out of 75 possible business concerns.

Small businesses make for ripe targets for a host of reasons. For one, they often lack the security resources of larger corporations. They are also often a gateway to larger corporations. Many people remember the 2013 hacking of Target, but fewer know that the company was hacked through its much smaller HVAC vendor.

Even so, there is one bigger, more glaring reason why cybersecurity should be at the top of every small business’ list. It is estimated by the National Cyber Security Alliance that 60% of small businesses go out of business within six months of a data breach. And, as the Denver Post reports, “the average price for small businesses to clean up after their businesses have been hacked stands at $690,000; … for middle market companies, it’s over $1 million.”

How small businesses can protect themselves

For starters, when it comes to your business applications – things like your financial, marketing, and production systems – one of the smartest moves small businesses can make is to move to the cloud.

The advantages are compelling. They include the constant monitoring of infrastructure by highly trained solution providers. Also, secure servers are hosted in a variety of locations, safeguarding data better than an in-house data center. And, need I mention the convenience aspect? Think about it. Things like data storage, security patch management, vulnerability scanning, Web application firewall, advanced threat management (you get the idea) are no longer your problem, but your cloud provider’s. And these things are managed better, which in turn makes your business more secure.

Yes, there have been high-profile cases of cloud security breaches – say, Target and Apple’s iCloud. But, as Trip Wire points out, these “breaches were a result of human error, not shortcomings of the cloud.” In fact, human error is the primary cause of the majority of security breaches. A 2014 IBM report indicates that, in more than 95% of all the security incidents they investigated, human error was a factor.

Another way small businesses can improve their security – regardless if they’re fully cloud operational or not – is to improve collaboration between their chief security officers and their security and application teams. This is something small and midsized businesses can fix tomorrow. It’s amazing to me that in 2017 these groups often remain siloed from each other. Organizations are letting this happen at their own peril.

Breaches via mobile devices are another burgeoning security concern. According to an Intuit eBook: “Nearly half of small business owners use a smartphone as the primary device to run their operations.” As smartphone use and capabilities continue to boom, and as “bring your own device” policies continue to grow, mobile will increasingly become a security concern. We’re already seeing some of the problems. These include connecting to public WiFi hotspots, which can expose your data or be malicious. VPNs are a simple fix to this problem, yet, according to CNBC, it’s a step only 18% of consumers take.

The need for up-to-date cybersecurity measures is something that is growing in importance. As cybercrime evolves and as its reach and impact increase, it will demand more and more attention. This especially true for the small business community, which can no longer afford to remain blissfully indifferent, not when their entire business is on the line.

For more on the high cost of cybercrime, see The Future of Cybersecurity: Trust as Competitive Advantage.

Comments

Internet Of Things: Five Ways To Overcome Security Challenges

Jay Thoden van Velzen

The promise, benefits, and value of the Internet of Things (IoT) have been documented extensively, but a number of widely publicized IoT attacks leaves the impression that the IoT is deeply insecure. What is often not mentioned is that many of these attacks originated due to failures in implementing basic protections.

But even where the vendor has taken reasonable precautions, things can go horribly wrong, as can be seen in a – literally – fly-by attack on smart lighting.

Another challenge is that IoT-enabled devices are deployed “where the action is” – the factory floor, oil platforms, public roads, offices, stores, moving vehicles, or in cities running over wireless networks.

That means that they are often physically accessible by employees, contractors, and even the general public. If we compare that to modern cloud data centers, where only authorized personnel can enter, there is a substantial difference. More people with access means the risk of compromise goes up, so we may need to ensure devices themselves are physically protected against tampering.

But these are not insurmountable obstacles. The question is less one of not knowing what to do to protect IoT environments, rather how to implement and apply security measures to keep the solution safe.

Five recommendations for securing the IoT

1. Manage risk

Modern security practices follow a risk-based approach that considers both the ease of an attack and the impact should one happen – giving a strong indicator of how much security you’ll need. The reality is that an IoT solution that monitors, manages, and optimizes operations in a chemical factory requires much tighter security protocols than one that simply turns off the light in a conference room when sensors detect nobody is present. In the former, a successful attack could lead to a catastrophic industrial accident including injury and loss of life. In the latter, the worst that could happen is that an electricity bill is a little higher.

2. Limit device-to-device communication

There is a misconception that the Internet of Things, by definition, means that many devices are connected to many other devices, increasing the risk that a successful attack leads to catastrophic failure or takeover of a substantial portion of your IoT infrastructure. In many cases, devices have a single purpose and only need to send the data they collect to a single location. By limiting the number of IoT devices that talk to each other, we can better secure each one and limit the damage should any breaches occur.

3. Retain control over your IoT infrastructure

The risk is yours – any failure in security is your responsibility and you will be held accountable for the result – so it is important to maintain control. This starts with device selection: Make sure that devices either have the security features you need or, preferably, are “open” so you can analyze and understand how they work, and then add any features you need to fill security gaps. This includes the ability to update devices in an automated and secure way and to control that process yourself.

4. Use encryption from end to end

It’s critical to encrypt communication between devices and data-ingestion points to make sure nobody can listen in, tamper with sensitive data in transit, or recover enough information to spoof or impersonate the device and feed the system manipulated data. Modern encryption techniques work in much the same way as HTTPS does to protect information online. Encryption also needs to be tied to device identity to ensure the data we think comes from a particular device actually does.

5. Leverage existing expertise

Apply proven security technologies, tools, and best practices used in traditional IT landscapes. In many cases, they can be implemented directly: by using digital certificates or equivalent, by restricting what IoT devices can do and communicate with, and by adding protection and monitoring mechanisms. In other cases, such as micro-controllers and low-power networks, we may need to apply new techniques, but we can draw on existing principles and concepts.

IoT adoption is still in early days. Unfortunately, that means that there aren’t many established standards yet, and while the number of devices brought to market is quickly rising, certification schemes and regulations are lagging. As a result, adopters still need to carefully plan and build in security from the start and properly evaluate any IoT equipment brought in house.

As large technology providers recognize the security challenges with new IoT technologies and software solutions, the situation is rapidly improving. At SAP, we’re also committed to both describing the pitfalls and providing clear guidelines to overcome them.

This article originally appeared on the SAP Community.

Comments

Jay Thoden van Velzen

About Jay Thoden van Velzen

Jay Thoden van Velzen is Director of IoT Security at SAP.

How Governments And Industry Respond To Digital Risk

Andre Smith

The rush to digitalization around the world has come with a great amount of risk. The risk has been shared by private industry and governments alike, as news of data breaches and hacker attacks have made global headlines. Sometimes, simple misconfigurations have led to embarrassing and potentially privacy-compromising incidents. In other instances, specifically directed cyber attacks have exposed the personal data of millions of people.

Anytime data security issues such as these occur, the potential consequences are massive. This is true not only for the business or government at fault, but also for everyone whose data has been stolen. This year has produced some of the largest data security incidents to date, and all signs point to that trend continuing. This has left governments examining the steps necessary to create a safer and more secure digital environment going forward. It is also forcing businesses to review their digital risk-management strategies.

Regulatory responses

The high-profile nature of many of the latest data breaches has led to renewed regulatory scrutiny by governments around the world. In the U.S., there have been Congressional hearings in the wake of the Equifax hack, which exposed the financial information of 145.5 million American consumers. So far, it’s unclear if the hearings will lead to a new round of data-security regulations, but there’s already proposed legislation that would set standards and penalties for businesses regarding customer notification of data security breaches.

The European Union, by contrast, has been far more forward-thinking and decisive. The General Data Protection Regulation (GDPR), set to be implemented by May 2018, has created a framework of legal responsibilities for data security and enumerated rights for individuals regarding personal data collection and storage. The new regulation joins others that already set standards for European (and multinational) financial institutions regarding transparency and digital compliance reporting.

Businesses begin to adapt

In the business world, there is a universal need to update compliance and governance policies and to invest in digital security infrastructure. Most companies have been producing large volumes of digital data for many years, but few have the staff or expertise necessary to manage and secure all of it. Fortunately, the latest Big Data platforms allow companies to aggregate, process, and secure their data in a seamless architecture. Development of these systems is crucial to the future of cybersecurity.

In addition to voluntary policy changes, the potential legal ramifications have spurred changes. In reaction to the pending regulations in the E.U. and the potential for new requirements in the U.S., many global businesses have started to update and bolster their digital risk management efforts. Since the E.U. regulations are (so far) the most stringent and wide-ranging, multinationals and regional firms are using them as the baseline on which to base their policies and practices. It is also intended to head off further legislation that could be costly to affected industries.

The future of digital risk

The very nature of the technological advancement that has created the present security challenges guarantees the risks will continue. To stay ahead of an ever-changing digital landscape, additional actions will surely be needed from actors on all sides. This likely means the promulgation of further regulations and reporting requirements from governments, as well as more comprehensive digital risk management efforts throughout the private sector. There’s still a fair amount of catching up to do, but it seems that the appropriate amount of attention is now being given this pressing global problem.

To learn more about cybersecurity and digital risk, check out Five Ignored Practices That Can Disarm Your Cybersecurity Time Bomb.

Comments

About Andre Smith

An Internet, Marketing and E-Commerce specialist with several years of experience in the industry. He has watched as the world of online business has grown and adapted to new technologies, and he has made it his mission to help keep businesses informed and up to date.

Human Skills for the Digital Future

Dan Wellers and Kai Goerlich

Technology Evolves.
So Must We.


Technology replacing human effort is as old as the first stone axe, and so is the disruption it creates.
Thanks to deep learning and other advances in AI, machine learning is catching up to the human mind faster than expected.
How do we maintain our value in a world in which AI can perform many high-value tasks?


Uniquely Human Abilities

AI is excellent at automating routine knowledge work and generating new insights from existing data — but humans know what they don’t know.

We’re driven to explore, try new and risky things, and make a difference.
 
 
 
We deduce the existence of information we don’t yet know about.
 
 
 
We imagine radical new business models, products, and opportunities.
 
 
 
We have creativity, imagination, humor, ethics, persistence, and critical thinking.


There’s Nothing Soft About “Soft Skills”

To stay ahead of AI in an increasingly automated world, we need to start cultivating our most human abilities on a societal level. There’s nothing soft about these skills, and we can’t afford to leave them to chance.

We must revamp how and what we teach to nurture the critical skills of passion, curiosity, imagination, creativity, critical thinking, and persistence. In the era of AI, no one will be able to thrive without these abilities, and most people will need help acquiring and improving them.

Anything artificial intelligence does has to fit into a human-centered value system that takes our unique abilities into account. While we help AI get more powerful, we need to get better at being human.


Download the executive brief Human Skills for the Digital Future.


Read the full article The Human Factor in an AI Future.


Comments

About Dan Wellers

Dan Wellers is founder and leader of Digital Futures at SAP, a strategic insights and thought leadership discipline that explores how digital technologies drive exponential change in business and society.

Kai Goerlich

About Kai Goerlich

Kai Goerlich is the Chief Futurist at SAP Innovation Center network His specialties include Competitive Intelligence, Market Intelligence, Corporate Foresight, Trends, Futuring and ideation.

Share your thoughts with Kai on Twitter @KaiGoe.heif Futu

Tags:

The Human Factor In An AI Future

Dan Wellers and Kai Goerlich

As artificial intelligence becomes more sophisticated and its ability to perform human tasks accelerates exponentially, we’re finally seeing some attempts to wrestle with what that means, not just for business, but for humanity as a whole.

From the first stone ax to the printing press to the latest ERP solution, technology that reduces or even eliminates physical and mental effort is as old as the human race itself. However, that doesn’t make each step forward any less uncomfortable for the people whose work is directly affected – and the rise of AI is qualitatively different from past developments.

Until now, we developed technology to handle specific routine tasks. A human needed to break down complex processes into their component tasks, determine how to automate each of those tasks, and finally create and refine the automation process. AI is different. Because AI can evaluate, select, act, and learn from its actions, it can be independent and self-sustaining.

Some people, like investor/inventor Elon Musk and Alibaba founder and chairman Jack Ma, are focusing intently on how AI will impact the labor market. It’s going to do far more than eliminate repetitive manual jobs like warehouse picking. Any job that involves routine problem-solving within existing structures, processes, and knowledge is ripe for handing over to a machine. Indeed, jobs like customer service, travel planning, medical diagnostics, stock trading, real estate, and even clothing design are already increasingly automated.

As for more complex problem-solving, we used to think it would take computers decades or even centuries to catch up to the nimble human mind, but we underestimated the exponential explosion of deep learning. IBM’s Watson trounced past Jeopardy champions in 2011 – and just last year, Google’s DeepMind AI beat the reigning European champion at Go, a game once thought too complex for even the most sophisticated computer.

Where does AI leave human?

This raises an urgent question for the future: How do human beings maintain our economic value in a world in which AI will keep getting better than us at more and more things?

The concept of the technological singularity – the point at which machines attain superhuman intelligence and permanently outpace the human mind – is based on the idea that human thinking can’t evolve fast enough to keep up with technology. However, the limits of human performance have yet to be found. It’s possible that people are only at risk of lagging behind machines because nothing has forced us to test ourselves at scale.

Other than a handful of notable individual thinkers, scientists, and artists, most of humanity has met survival-level needs through mostly repetitive tasks. Most people don’t have the time or energy for higher-level activities. But as the human race faces the unique challenge of imminent obsolescence, we need to think of those activities not as luxuries, but as necessities. As technology replaces our traditional economic value, the economic system may stop attaching value to us entirely unless we determine the unique value humanity offers – and what we can and must do to cultivate the uniquely human skills that deliver that value.

Honing the human advantage

As a species, humans are driven to push past boundaries, to try new things, to build something worthwhile, and to make a difference. We have strong instincts to explore and enjoy novelty and risk – but according to psychologist Mihaly Csikszentmihalyi, these instincts crumble if we don’t cultivate them.

AI is brilliant at automating routine knowledge work and generating new insights from existing data. What it can’t do is deduce the existence, or even the possibility, of information it isn’t already aware of. It can’t imagine radical new products and business models. Or ask previously unconceptualized questions. Or envision unimagined opportunities and achievements. AI doesn’t even have common sense! As theoretical physicist Michio Kaku says, a robot doesn’t know that water is wet or that strings can pull but not push. Nor can robots engage in what Kaku calls “intellectual capitalism” – activities that involve creativity, imagination, leadership, analysis, humor, and original thought.

At the moment, though, we don’t generally value these so-called “soft skills” enough to prioritize them. We expect people to develop their competency in emotional intelligence, cross-cultural awareness, curiosity, critical thinking, and persistence organically, as if these skills simply emerge on their own given enough time. But there’s nothing soft about these skills, and we can’t afford to leave them to chance.

Lessons in being human

To stay ahead of AI in an increasingly automated world, we need to start cultivating our most human abilities on a societal level – and to do so not just as soon as possible, but as early as possible.

Singularity University chairman Peter Diamandis, for example, advocates revamping the elementary school curriculum to nurture the critical skills of passion, curiosity, imagination, critical thinking, and persistence. He envisions a curriculum that, among other things, teaches kids to communicate, ask questions, solve problems with creativity, empathy, and ethics, and accept failure as an opportunity to try again. These concepts aren’t necessarily new – Waldorf and Montessori schools have been encouraging similar approaches for decades – but increasing automation and digitization make them newly relevant and urgent.

The Mastery Transcript Consortium is approaching the same problem from the opposite side, by starting with outcomes. This organization is pushing to redesign the secondary school transcript to better reflect whether and how high school students are acquiring the necessary combination of creative, critical, and analytical abilities. By measuring student achievement in a more nuanced way than through letter grades and test scores, the consortium’s approach would inherently require schools to reverse-engineer their curricula to emphasize those abilities.

Most critically, this isn’t simply a concern of high-tuition private schools and “good school districts” intended to create tomorrow’s executives and high-level knowledge workers. One critical aspect of the challenge we face is the assumption that the vast majority of people are inevitably destined for lives that don’t require creativity or critical thinking – that either they will somehow be able to thrive anyway or their inability to thrive isn’t a cause for concern. In the era of AI, no one will be able to thrive without these abilities, which means that everyone will need help acquiring them. For humanitarian, political, and economic reasons, we cannot just write off a large percentage of the population as disposable.

In the end, anything an AI does has to fit into a human-centered value system that takes our unique human abilities into account. Why would we want to give up our humanity in favor of letting machines determine whether or not an action or idea is valuable? Instead, while we let artificial intelligence get better at being what it is, we need to get better at being human. That’s how we’ll keep coming up with groundbreaking new ideas like jazz music, graphic novels, self-driving cars, blockchain, machine learning – and AI itself.

Read the executive brief Human Skills for the Digital Future.

Build an intelligent enterprise with AI and machine learning to unite human expertise and computer insights. Run live with SAP Leonardo.


Comments

About Dan Wellers

Dan Wellers is founder and leader of Digital Futures at SAP, a strategic insights and thought leadership discipline that explores how digital technologies drive exponential change in business and society.

Kai Goerlich

About Kai Goerlich

Kai Goerlich is the Chief Futurist at SAP Innovation Center network His specialties include Competitive Intelligence, Market Intelligence, Corporate Foresight, Trends, Futuring and ideation.

Share your thoughts with Kai on Twitter @KaiGoe.heif Futu