Sections

Cybersecurity In 2017: Don’t Be Afraid, Be Aware!

Chris Johnston

In today’s climate, it’s necessary for both small businesses and large global enterprises to have comprehensive cybersecurity plans. In this blog, I’d like to discuss how vulnerable small businesses can be to modern cyber threats, and share how global enterprises  are largely unprepared for the EU General Data Protection Regulation (only 14 months away).

A 2017 small-business cybersecurity story

I was sure that it was a “bum dial” when the name “Simon R” appeared on my phone close to midnight last Monday. Simon’s son plays football on the same team as my son but, although we share a Whatsapp group, he’d never actually called me before so I was sure it was a mistake. Unfortunately, it wasn’t!

“Hi, sorry it’s so late. I’m just not sure whether you can help me, but I didn’t know who else to call and I’m not sure what to do. My company has been hacked!”

Before this call, we had previously chatted at football matches a few times, and we had been to some of the same parties, but almost all of our shallow knowledge of each other came virtually, through social media. So with that limited information (and a fair amount of misunderstanding), Simon identified me as an appropriate person to contact for advice on his cyber breach.

When a small company gets hit with an encrypting ransomware attack

It wasn’t good news. His company was the victim of an encrypting ransomware attack. The three machines in his office had had all their files encrypted, and on initial investigation, all that could be found was a small text file indicating that the attackers would like to be paid through the Bitcoin Digital currency. Simon was a designer, not a computer expert, and unfortunately, he had completely underestimated how reliant his business was on the computers in his office. He had not considered a cyberattack as a significant risk at all. After all, he just used the computer for e-mails and research … right?

Unfortunately not. All his business accounts were on those computers: all his employees’ human resources information and salary detail, and all e-mails from clients (many of whom had sent ideas and designs with confidential information that he needed to work on). Gradually, he started to realize the enormity of his situation

The value—and difficulties—of backups

I explained that under no circumstances should he pay any ransom and that I would find a “real” cybersecurity expert to speak to him about the possibilities of decryption. However, I warned that decryption may not be possible, and he may need to just accept the situation and restore everything from backups. The silence at the other end of the line spoke volumes.

Computer backups had not been seen as a major priority for his company. When his backup tapes were full, someone was required to walk all the way across the office to agree to the “overwrite” prompt on the screen. Nobody had ever really been given responsibility for this task, and soon it simply stopped being done. The most recently available backup was 11 months old!

A week later, the situation is still not resolved, but is being managed. He has now engaged a computer management firm that will, in future, provide all network and application support, manage security and backups, and provide training to his team on an ongoing basis. He has had to accept the loss of tens of thousands of pounds and, more importantly, suffered significant reputational damage. For a small company fighting for a larger share in a busy market, Simon and his team were completely blindsided by this.

“I just don’t understand why someone would target me,” Simon said. “Surely there are more lucrative targets.”

The risks for small businesses

That, I think, is the biggest misunderstanding amongst many small business owners. The idea that someone would target them seems so unlikely that cybersecurity is a minor concern. The fact is that his company was not targeted, but simply received a mass spam phishing e-mail that someone in his office opened. That was the door opener. So he was not the victim of a targeted attack, but had simply not prepared to defend against random, hopeful, low-complexity, high-volume attacks.

According to Symantec, cyberattacks against small businesses increased from 18% in 2011 to 43% in 2015. Attackers are realizing that there is money to be made from smaller companies whose executives put little thought into their own protection. The most important things are usually the simple things—a cybersecurity policy, education of employees, and, of course, strong passwords.

The truth about passwords

Using the very limited information I thought I knew about Simon, I asked if I could try to guess his password. As a Facebook friend, I knew that he had just turned 52, had a wife called Sara, three young boys, and a dog called Sonic. I knew that he went on a skiing holiday once a year, had parents who lived in Spain, and that he voted differently from me in the last election. He was a fan of U.S. basketball, Spanish football, and cricket, and had a frustrating tendency to misspell the words “their” and “there.” He often played something called “Boom Beach” on his iPhone and repeatedly shared “People are Awesome” YouTube clips. As a LinkedIn contact, I knew that he grew up in Cardiff and went to University in Leeds, started his career in recruitment consulting, and for the last 12 years ran a small, 8-person design company in north London.

Within two minutes of my guessing, he admitted that I had mentioned an approximation of his, his wife’s, and his corporate domain passwords. Honestly, he’s not alone—for 20 years, security consultants have continued to highlight the importance of complex passwords, yet it still seems that this message is not getting through.

Common passwords and public information—two password don’ts

You can easily download a list of the 10,000 most common passwords from this site to try a “brute-force” attack, but you probably wouldn’t need that many. The figures are shocking:

  • 1.6% of users have a password from the top 10 passwords
  • 10% of users have a password from the top 100
  • 30% of users have a password from the top 10,000

Also, using personal, yet relatively public information is vulnerable due to social media. Almost everyone today has a Facebook page, a Twitter account, and various other forms of social media. People post their birthdays and their kids’ birthdays online. They give anyone who cares to look a glimpse at the most common dates and people in their lives – not a terrible thing, but it should make you wary of using that same information to safeguard vital systems and data.

This experience was a painful learning experience for Simon— the realization that even the smallest companies must consider cybersecurity as a major business risk. How could he have missed something so big?

“I’m so embarrassed,” he said. “I’m sure that if I ran a much bigger company, this would have been a much higher priority for me.”

I didn’t say anything because unfortunately, I think that he’s completely wrong. Even large companies don’t prioritize cybersecurity correctly. Right now, we have the perfect example of how cybersecurity continues to be underappreciated by the majority of global companies.

The underprepared global company and the EU General Data Protection Regulation

A small number of companies are rushing to prepare for the biggest overhaul of data protection regulations ever: the EU General Data Protection Regulation (GDPR). Only 14 months away, with massive fines promised and huge hurdles to overcome. Yet although a few companies are desperately seeking answers, figures suggest that the majority of companies are still totally unaware of what it entails or its myriad implications.

Perhaps some companies still persist with the myth that this is an IT issue and not a C-suite problem. A recent global survey by Dell makes worrying reading and to conclude, I’d just like to point out some of the findings.

  • More than 60% of respondents say they are aware something is going on with GDPR, but they know little or nothing about it.
  • Only 4% of respondents outside of Europe said they are very knowledgeable about the details of GDPR, while just 6% of those in Europe said they are very familiar with the requirements.
  • Fewer than 1 in 3 companies feel they are prepared for GDPR today.
  • Nearly 70% of respondents say their organization is definitely not or don’t know if their organization is prepared for GDPR today, and only 3% of these have a plan for readiness.
  • Less than half of respondents say they feel confident they’ll be ready when GDPR kicks off in 2018, while only 9% expect to be fully prepared in time.

This article, GRC Tuesdays:Cybersecurity In 2017—Don’t Be Afraid, Be Aware!, originally appeared on the SAP BusinessObjects Analytics blog and has been republished with permission.

Follow SAP Finance online: @SAPFinance (Twitter)  | LinkedIn | FacebookYouTube

Comments

Chris Johnston

About Chris Johnston

Chris Johnston is currently SAP’s Vice President of GRC Sales in EMEA. He has almost 20 years GRC experience and was one of the first people to be certified as a GRC Professional by OCEG. He is a firm believer in the strategic upside of the appropriate implementation of ‘governance, risk management and compliance’ technologies as one of the core drivers towards true enterprise performance. Prior to joining SAP, he worked in network security, as an ethical hacker, as a ‘Big 4’ auditor, and as one of the first European employees at Virsa Systems, creators of the Access Control product now sold by SAP.

The CFO Role In 2020

Estelle Lagorce

African American businessman looking out office window --- Image by © Mark Edward Atkinson/Blend Images/CorbisThe role of the CFO is undergoing a serious transformation, and CFOs can expect their role to continue to evolve, according to a recent CFO.com article by Deloitte COO and CFO Frank Friedman.

In the futurist article, Friedman says one of the biggest factors that will contribute to the CFO’s significant change over the next five years is technology.

Digital technology is obviously expected to drive change in high-tech companies, but Friedman says it’s industries outside of the tech sectors that are of particular interest, as they struggle to understand how to grasp and harness the digital capabilities available to them.

Working with high tech in low-tech industries

Five years from now, a finance team may be defined by how well it uses technology and innovative business tools, regardless of what industry it’s in. The article outlines some examples of ways that digital technology will increasingly be used by CFOs in “non-tech” sectors:

  • Predictive analytics: CFOs in manufacturing companies can forecast results and produce revenue predictions based on customer-experience profiles and current demand, instead of comparing to previous years as most companies still do today.
  • Social media and crowdsourcing: You may not think CFOs spend a lot of time on social media or crowdsourcing sites, but these methods can actually expedite finance processes, such as month-end responsibilities of the finance organization.
  • Big Data: CFOs already have a lot of data at their fingertips, but in 2020 they will have even more. CFOs in both tech and non-tech sectors who understand how to use that data to make valuable, informed decisions, can strategically guide their company and industry in a more digitally oriented world.

To do this, Friedman says CFOs can lead the way by addressing some critical areas:

  1. Know the issues: Gather the key questions that leaders expect Big Data analytics to answer.
  1. Make data easily accessible: Collect data that is manageable and easy to access.
  1. Broaden skills: The finance team needs people with the skills to understand and strategically interpret the data available to them.

The tech-savvy CFO

The role of today’s CFO has already expanded to include strategic corporate growth advice as well as managing the bottom line. In 2020, Friedman says expectations placed on the CFO are presumed to be even greater, and CFOs will likely need a much more diverse, multidisciplinary skill set to meet those demands.

The article details several traits and skills that CFOs will need in order to keep up with the pace of digital change in their role.

  1. Digital knowledge: CFOs must be tech-savvy in order to capitalize on technical innovations that will benefit their company and their industry as a whole.
  1. Data-driven execution: CFOs will need the ability to execute company strategy and operations decisions based on data-driven insights.
  1. Regulatory compliance: Regulations continue to be more stringent globally, so CFOs will need to be proficient at working closely with regulators and compliance systems.
  1. Risk management: With the growing global economy comes increased cyber and geopolitical risks worldwide. The CFOs of 2020, especially those in large multinational organizations, will need to have the expertise to monitor and manage risk in areas that may be unforeseen today.

The future CFO’s well-rounded resume

By 2020, the CFO role will require much more than just an accounting background. According to Deloitte’s Frank Friedman, “CFOs may need to bring a much more multidisciplinary skill set to the job as well as broader career experiences, from working overseas to holding positions in sales and marketing, and even running a business unit.”

So if you’re a current or aspiring CFO, you have five years to round out your resume with the necessary skills to be ready for the digitally driven role of the CFO in 2020.

The above information is based on the CFO.com article What Will the CFO Role Look Like In 2020?” by Deloitte COO & CFO, Frank Friedman – Copyright © 2015 CFO.com.

Want to learn more about best practices for transforming your finance organization? View the SAP/Deloitte Webinar, “Reshaping the Finance Function”.

For an in-depth look at digital technology’s role in business transformation, download the SAP eBook, The Digital Economy: Reinventing the Business World.

To learn more about the business and technology factors driving digital disruption, download the SAP eBook, Digital Disruption: How Digital Technology is Transforming Our World.

To read more CFO insights from a tech industry perspective, read the Wall Street Journal article with SAP CFO Luka Mucic: Driving Insight with In-memory Technology.

Discover 7 Questions CFOs Should Ask Themselves About Cyber Security.

Comments

Estelle Lagorce

About Estelle Lagorce

Estelle Lagorce is the Director, Global Partner Marketing, at SAP. She leads the global planning, successful implementation and business impact of integrated marketing programs with top global Strategic Partner across priority regions and countries (demand generation, thought leadership).

Get Your Payables House In Order

Chris Rauen

First of 8 blogs in the series

Too many organizations ignore the business potential from streamlining accounts payable operations. In a digital economy, however, this may represent one of the best opportunities to improve financial performance and boost the bottom line.

In its recent report, ePayables 2015: Higher Ground, the research and advisory firm Ardent Partners made a strong case for accounts payable transformation. “In 2015, more AP groups are accelerating their plans to transform their operations and scale to new heights,” states the report.

The digital makeover

From a payables perspective, how you go about fixing outdated procure-to-pay (P2P) practices is much like the decision to improve an aging home. Do you tear your house down and build a new one, or leverage as much of the existing structure as you can and begin a major home improvement project?

There is, of course, a third option. Take no action and make calls to plumbers, electricians, roofers, and other specialists as needed before the house falls apart altogether. While few organizations would consider a “triage” strategy the best option to address deficiencies in P2P operations, many still do. (Just don’t share that with your CFO.)

This blog post is the first in a series that will examine options for upgrading procure-to-pay processes from outclassed to best-in-class. Continuing to focus time and effort on managing transactions just doesn’t make sense. With today’s business networks, organizations have new ways to collaborate with suppliers and other partners to buy, sell, and manage cash.

Automation handles low-value activities, eliminating data entry, exception management, and payment status phone calls. That leaves more time for benchmarking operations, monitoring supplier performance, expanding early payment discounts, and improving management of working capital – the kinds of things that can dramatically improve business performance.

Where do you start?

To begin, you have to recognize that getting your payables house in order is much more than a process efficiency initiative. While cost savings from e-invoicing can be 60% to 80% lower than paper invoicing, there’s much more to the business case.

Improving contract compliance and expanding early payment discounts are other components of a business case for P2P transformation. According to various procure-to-pay research studies and Ariba customer results, the cost savings from getting your payables house in order are conservatively estimated to be $10 million per billion collars of spend. We’ll break down these ROI components in greater detail in future posts on this topic.

The value of alignment

Another important first step, validated by the Ardent Partners report, is getting procurement and finance-accounts payables in alignment. As this is a holistic process, you’ll need to make sure that both organizations are in sync, and you have support from upper management to make it happen.

Now, back to the question: Do you approach a payables makeover to support P2P transformation as a tear-down or a fixer-upper? If your procurement-accounts payable teams are out of alignment, your P2P processes are predominantly paper, and decentralized buying leaves little control over spend, you’re looking at a tear-down to lay the foundation for best practices payables. We’ll share a blueprint with you in the next post in this series.

Chris Rauen is a solution marketer for Ariba, an SAP company. He regularly contributes to topics including e-invoicing and dynamic discounting as well as the value of collaborating in a digital economy. 

Learn more about how to take your payables to the next level of performance in Ardent Partners’ research report “ ePayables 2015: Higher Ground.”

Comments

Chris Rauen

About Chris Rauen

In his role at SAP Ariba, Chris Rauen educates procurement, finance, and shared services professionals on the business value of accounts payable automation, procure-to-pay transformation, and collaboration via business networks. Chris has addressed these topics at finance and shared services conferences, in articles for trade and business publications, and in blogs for online communities. Chris has more than 15 years of experience in e-payables, and holds a B.A. in Economics from the University of California, Santa Barbara.

Running Future Cities on Blockchain

Dan Wellers , Raimund Gross and Ulrich Scholl

Building on the Blockchain Framework

Some experts say these seemingly far-future speculations about the possibilities of combining technologies using blockchain are actually both inevitable and imminent:


Democratizing design and manufacturing by enabling individuals and small businesses to buy, sell, share, and digitally remix products affordably while protecting intellectual property rights.
Decentralizing warehousing and logistics by combining autonomous vehicles, 3D printers, and smart contracts to optimize delivery of products and materials, and even to create them on site as needed.
Distributing commerce by mixing virtual reality, 3D scanning and printing, self-driving vehicles, and artificial intelligence into immersive, personalized, on-demand shopping experiences that still protect buyers’ personal and proprietary data.

The City of the Future

Imagine that every agency, building, office, residence, and piece of infrastructure has an entry on a blockchain used as a city’s digital ledger. This “digital twin” could transform the delivery of city services.

For example:

  • Property owners could easily monetize assets by renting rooms, selling solar power back to the grid, and more.
  • Utilities could use customer data and AIs to make energy-saving recommendations, and smart contracts to automatically adjust power usage for greater efficiency.
  • Embedded sensors could sense problems (like a water main break) and alert an AI to send a technician with the right parts, tools, and training.
  • Autonomous vehicles could route themselves to open parking spaces or charging stations, and pay for services safely and automatically.
  • Cities could improve traffic monitoring and routing, saving commuters’ time and fuel while increasing productivity.

Every interaction would be transparent and verifiable, providing more data to analyze for future improvements.


Welcome to the Next Industrial Revolution

When exponential technologies intersect and combine, transformation happens on a massive scale. It’s time to start thinking through outcomes in a disciplined, proactive way to prepare for a future we’re only just beginning to imagine.

Download the executive brief Running Future Cities on Blockchain.


Read the full article Pulling Cities Into The Future With Blockchain

Comments

Dan Wellers

About Dan Wellers

Dan Wellers is founder and leader of Digital Futures at SAP, a strategic insights and thought leadership discipline that explores how digital technologies drive exponential change in business and society.

Raimund Gross

About Raimund Gross

Raimund Gross is a solution architect and futurist at SAP Innovation Center Network, where he evaluates emerging technologies and trends to address the challenges of businesses arising from digitization. He is currently evaluating the impact of blockchain for SAP and our enterprise customers.

Ulrich Scholl

About Ulrich Scholl

Ulrich Scholl is Vice President of Industry Cloud and Custom Development at SAP. In this role, Ulrich discovers and implements best practices to help further the understanding and adoption of the SAP portfolio of industry cloud innovations.

Tags:

4 Traits Set Digital Leaders Apart From 97% Of The Competition

Vivek Bapat

Like the classic parable of the blind man and the elephant, it seems everyone has a unique take on digital transformation. Some equate digital transformation with emerging technologies, placing their bets on as the Internet of Things, machine learning, and artificial intelligence. Others see it as a way to increase efficiencies and change business processes to accelerate product to market. Some others think of it is a means of strategic differentiation, innovating new business models for serving and engaging their customers. Despite the range of viewpoints, many businesses are still challenged with pragmatically evolving digital in ways that are meaningful, industry-disruptive, and market-leading.

According to a recent study of more than 3,000 senior executives across 17 countries and regions, only a paltry three percent of businesses worldwide have successfully completed enterprise-wide digital transformation initiatives, even though 84% of C-level executives ranks such efforts as “critically important” to the fundamental sustenance of their business.

The most comprehensive global study of its kind, the SAP Center for Business Insight report “SAP Digital Transformation Executive Study: 4 Ways Leaders Set Themselves Apart,” in collaboration with Oxford Economics, identified the challenges, opportunities, value, and key technologies driving digital transformation. The findings specifically analyzed the performance of “digital leaders” – those who are connecting people, things, and businesses more intelligently, more effectively, and creating punctuated change faster than their less advanced rivals.

After analyzing the data, it was eye-opening to see that only three percent of companies (top 100) are successfully realizing their full potential through digital transformation. However, even more remarkable was that these leaders have four fundamental traits in common, regardless of their region of operation, their size, their organizational structure, or their industry.

We distilled these traits in the hope that others in the early stages of transformation or that are still struggling to find their bearings can embrace these principles in order to succeed. Ultimately I see these leaders as true ambidextrous organizations, managing evolutionary and revolutionary change simultaneously, willing to embrace innovation – not just on the edges of their business, but firmly into their core.

Here are the four traits that set these leaders apart from the rest:

Trait #1: They see digital transformation as truly transformational

An overwhelming majority (96%) of digital leaders view digital transformation as a core business goal that requires a unified digital mindset across the entire enterprise. But instead of allowing individual functions to change at their own pace, digital leaders prefer to evolve the organization to help ensure the success of their digital strategies.

The study found that 56% of these businesses regularly shift their organizational structure, which includes processes, partners, suppliers, and customers, compared to 10% of remaining companies. Plus, 70% actively bring lines of business together through cross-functional processes and technologies.

By creating a firm foundation for transformation, digital leaders are further widening the gap between themselves and their less advanced competitors as they innovate business models that can mitigate emerging risks and seize new opportunities quickly.

Trait #2: They focus on transforming customer-facing functions first

Although most companies believe technology, the pace of change, and growing global competition are the key global trends that will affect everything for years to come, digital leaders are expanding their frame of mind to consider the influence of customer empowerment. Executives who build a momentum of breakthrough innovation and industry transformation are the ones that are moving beyond the high stakes of the market to the activation of complete, end-to-end customer experiences.

In fact, 92% of digital leaders have established sophisticated digital transformation strategies and processes to drive transformational change in customer satisfaction and engagement, compared to 22% of their less mature counterparts. As a result, 70% have realized significant or transformational value from these efforts.

Trait #3: They create a virtuous cycle of digital talent

There’s little doubt that the competition for qualified talent is fierce. But for nearly three-quarters of companies that demonstrate digital-transformation leadership, it is easier to attract and retain talent because they are five times more likely to leverage digitization to change their talent management efforts.

The impact of their efforts goes beyond empowering recruiters to identify best-fit candidates, highlight risk factors and hiring errors, and predict long-term talent needs. Nearly half (48%) of digital leaders understand that they must invest heavily in the development of digital skills and technology to drive revenue, retain productive employees, and create new roles to keep up with their digital maturity over the next two years, compared to 30% of all surveyed executives.

Trait #4: They invest in next-generation technology using a bimodal architecture

A couple years ago, Peter Sondergaard, senior vice president at Gartner and global head of research, observed that “CIOs can’t transform their old IT organization into a digital startup, but they can turn it into a bi-modal IT organization. Forty-five percent of CIOs state they currently have a fast mode of operation, and we predict that 75% of IT organizations will be bimodal in some way by 2017.”

Based on the results of the SAP Center for Business Insight study, Sondergaard’s prediction was spot on. As digital leaders dive into advanced technologies, 72% are using a digital twin of the conventional IT organization to operate efficiently without disruption while refining innovative scenarios to resolve business challenges and integrate them to stay ahead of the competition. Unfortunately, only 30% of less advanced businesses embrace this view.

Working within this bimodal architecture is emboldening digital leaders to take on incredibly progressive technology. For example, the study found that 50% of these firms are using artificial intelligence and machine learning, compared to seven percent of all respondents. They are also leading the adoption curve of Big Data solutions and analytics (94% vs. 60%) and the Internet of Things (76% vs. 52%).

Digital leadership is a practice of balance, not pure digitization

Most executives understand that digital transformation is a critical driver of revenue growth, profitability, and business expansion. However, as digital leaders are proving, digital strategies must deliver a balance of organizational flexibility, forward-looking technology adoption, and bold change. And clearly, this approach is paying dividends for them. They are growing market share, increasing customer satisfaction, improving employee engagement, and, perhaps more important, achieving more profitability than ever before.

For any company looking to catch up to digital leaders, the conversation around digital transformation needs to change immediately to combat three deadly sins: Stop investing in one-off, isolated projects hidden in a single organization. Stop viewing IT as an enabler instead of a strategic partner. Stop walling off the rest of the business from siloed digital successes.

As our study shows, companies that treat their digital transformation as an all-encompassing, all-sharing, and all-knowing business imperative will be the ones that disrupt the competitive landscape and stay ahead of a constantly evolving economy.

Follow me on twitter @vivek_bapat 

For more insight on digital leaders, check out the SAP Center for Business Insight report, conducted in collaboration with Oxford Economics,SAP Digital Transformation Executive Study: 4 Ways Leaders Set Themselves Apart.”

Comments

Vivek Bapat

About Vivek Bapat

Vivek Bapat is the Senior Vice President, Global Head of Marketing Strategy and Thought Leadership, at SAP. He leads SAP's Global Marketing Strategy, Messaging, Positioning and related Thought Leadership initiatives.