How Women Are Poised To Impact Cybersecurity

Debbie Fletcher

News from the murky world of cybersecurity seems to keep getting worse. From alleged election-related hackings to massive data breaches to DDoS attacks now capable of crippling some of the biggest websites on the Internet, the present is bleak, and the future appears to be even more daunting. However, there could be a new weapon emerging against cyberattacks of all types, and it’s not software patches or firewalls or new security protocols. It’s manpower, or to be more specific, womanpower.

A gap that needs closing

Like many STEM fields, cybersecurity has traditionally been underrepresented by women. In fact, a 2016 study from the Center of Cyber Safety and Education found that women make up just 10% of the global cybersecurity workforce – a percentage that, disappointingly, hasn’t increased since the Center’s 2014 study on the same subject.

If any industry is currently crying out for an influx of talent, though, it’s cybersecurity. Data breaches hit an all-time high in 2016 with 1,093 in the United States alone, a 40% increase from 2015’s 780. The business sector and healthcare industry were the hardest hit. Furthermore, while record-breaking DDoS attacks like the one on Dyn made headlines for taking websites like Twitter and PayPal offline, dealing with these devastating attacks has been a reality for businesses and websites of all sizes for years. With DDoS-for-hire services gaining popularity and DDoS botnets gaining size thanks to IoT devices, the problem is only getting worse.

This is undoubtedly bad news for businesses, governments, and the Internet at large, but it’s great news for a demographic in search of high-paying jobs.

Cybersecurity shortcomings

According to the Bureau of Labor Statistics by Peninsula Press, an initiative of the journalism program at Stanford University, in 2016 saw more than 200,000 cybersecurity jobs unfilled in the United States alone, with postings in that industry increasing 74% over the last five years. A 2015 study from Cisco estimated there were one million cybersecurity job openings around the world, a number that Michael Brown, CEO of Symantec, expects to grow to six million by 2019. Brown also projects that a full 1.5 million of those jobs will go unfilled.

With this dearth of skilled cybersecurity workers, it’s no surprise that leading companies all over the globe are looking to the half of the population that has historically been underrepresented in cybersecurity.

Emerging opportunities

Increasing gender diversity in cybersecurity isn’t just a numbers game. A 2014 analysis by the National Center for Women and Information Technology looked at 2,360 global companies and found that gender-balanced companies performed better financially, particularly when women held a significant number of top management positions. Gender-balanced companies also demonstrated superior productivity and team dynamics.

To help fill the gap in cybersecurity, companies and even cybersecurity defense contractors such as Raytheon have launched aggressive recruitment initiatives aimed at women. Post-secondary educational institutions are joining in as well, with private women’s colleges like Bay Path offering degrees in information security, stressing the leadership, problem solving, analytics, and communications skills necessary for careers in this industry.

Public colleges and universities are also focusing efforts on getting women into information technology and cybersecurity programs. Brigham Young University, for example, appeals to the large population of Mormon women that make up its student body by presenting cybersecurity as an option for women who want to pursue a career while also embracing the traditional homemaking values prized by the Mormon faith.

Words from leading women

As much as the cybersecurity industry needs to focus on recruiting women, many women are already working as leaders in the industry. Internet security firm Imperva Incapsula recently compiled a list of the top 50 women in Internet security, including their advice on getting into the industry and what can be done to attract women to it.

For instance, international cyber attorney Christina Ayiotis recommends a long-term approach to attracting women to STEM careers such as Internet security, saying companies need to commit to building the pipeline and processes that address retention. “Women need long-term career progression support from those who have the power to put them in available leadership roles, including at the Board level,” she said.

For women and students looking to distinguish themselves in security, Tumblr security engineer Aloria recommends being proactive to demonstrate passion for the field. She says this can include sharing small tools or scripts, participating in CTFs, and writing blogs.

The battle against cyber attacks of all types is only going to intensify in the future, and women in cybersecurity may very well be a major part of the solution. It will take a concerted effort from women, educational institutions, and companies combined, but with women getting involved in internet security and other STEM fields, the war on cybercrime might just be winnable.

For more on gender equality in the tech industry, see Girls In Tech: From One Event To A Global Movement.

Comments

About Debbie Fletcher

Debbie Fletcher is an enthusiastic, experienced writer who has written for a range of different magazines and news publications over the years. Graduating from City University London specializing in English Literature, Debbie has a passion for writing has since grown. She loves anything and everything technology, and exploring different cultures across the world. She's currently looking towards starting her Masters in Comparative Literature in the next few years.

Why You Might Not Recognize Cybersecurity In A Few Years

Derek Klobucher

It’s already been an exciting National Cybersecurity Awareness Month. More than “an annual campaign to raise awareness about the importance of cybersecurity,” as the U.S. Department of Homeland Security describes it, October began with bicameral congressional hearings into the high-profile cyberattack on one of the nation’s largest credit reporting agencies.

Many cyberattacks are so severe because their victims don’t have the right tools – or don’t effectively use the tools available to them.

“Hearings into the Equifax breach that affected 143 million U.S. consumers could offer important, if painful, lessons on what companies should not do when it comes to protecting data and responding to incidents,” the Washington Examiner stated. “The company reportedly made a half-hearted attempt to use available patches to seal up the vulnerability that hackers exploited … and [it] did not use Department of Homeland Security cyber tools made available to all companies.”

The massive data breach at Equifax also highlights calls for enhanced cybersecurity, including a prescient appeal from an investigator at the U.S. Securities and Exchange Commission.

Where legacy fails

An SEC forensic unit warned of shabby cyber defenses – hamstrung by insufficient training and equipment – a mere two months before the agency discovered an epic hack of its corporate filing system, according to Reuters. Instead of the necessary resources, the unit resorted to using obsolete and repurposed hardware.

And it’s not just the SEC. More than 70% of federal chief information officers said most of their applications are legacy systems, according to a Professional Services Council survey released last month. And weak points in old apps were among the top concerns of the CIOs suffering from increasingly frequent cyberattacks.

More broadly, 95% of federal employees and contractors want common cybersecurity standards across the government, according to a Telos report released last month. And 88% of respondents agreed on a specific framework that “effectively helps organizations manage risk.”

But that would only go so far.

Back to basics

“Cybersecurity threats continue to increase in size and complexity,” Dark Reading stated recently. “But the real problem is that too many IT organizations are leaving their enterprises vulnerable to attacks because they overlook a number of simple tasks.”

Careless employees are the weakest cybersecurity link at small and midsize businesses in North America and the U.K., according to a Keeper Security and the Ponemon Institute study. This underscores the importance of cybersecurity basics, such as heeding security software warnings. (Find other best practices for 2018 in this TechRepublic list.)

“CISOs, CIOs, and boards of directors [must] think about cybersecurity, not just in the terms of the IT shops they run, but all products – anything that potentially exposes the company to a cyberattack,” GE global chief information and product cyber security officer Nasrin Rezai stated in CSO. She looks at securing an organization in three areas:

  • Operational technology (OT): Take special care when connecting parts of the business that had been secure only because they were isolated.
  • Consumer devices: Instead of just thinking about how to secure each device, focus on protecting all of your enterprise’s assets.
  • Readiness: Cybersecurity drills must ensure that everyone – from IT to manufacturing – knows what to do in case of a breach.

And a lot more is changing. In fact, you might not recognize cybersecurity in a few years.

The revolutionary future of cybersecurity

Students at the University of Central Arkansas will learn how to detect and defend against cyberattacks, thanks to a $500,000 grant to create a “cyber range.” And a startup in New York recently raised $8 million to ensure that cybersecurity credentials always remain with the user, authenticating people via biometrics, such as fingerprints and faces, as well as traditional passwords.

Keeping credentials with the user is a reason why U.S. Social Security numbers – once the holy grail for identity thieves – may be obsolete for national identification, according to the White House’s cybersecurity coordinator. That’s because victims can’t even change their numbers after they have been compromised.

“It’s a flawed system that we can’t roll back after a breach,” Rob Joyce said at a cybersecurity summit Oct. 3. “The Social Security number has outlived its usefulness.”

Doing our part

Put in context – especially in the wake of 2017’s deadly hurricanes – a sufficiently massive cyberattack could be worse for the U.S. infrastructure than hurricane season, according to an infrastructure security official at the Department of Energy. Deputy secretary L. Devon Streit’s comments at a cybersecurity and infrastructure panel echo an upcoming department report comparing the hazards of natural disasters to those of cyberattacks.

“The most worrisome threat we face in the energy sector is cyber,” Streit said. Potential solutions in the works include a pilot program to declassify and share cybersecurity threat information with both government- and privately owned infrastructure organizations.

More than a campaign, National Cybersecurity Awareness Month reminds us that there’s a lot at stake. And while others prepare to fend off future cyberattacks, the rest of us can use this month to refocus on best practices.

Learn more about The Future of Cybersecurity: Trust as Competitive Advantage.

Comments

About Derek Klobucher

Derek Klobucher is a Brand Journalist, Content Marketer and Master Digital Storyteller at SAP. His responsibilities include conceiving, developing and conducting global, company-wide employee brand journalism training; managing content, promotion and strategy for social networks and online media; and mentoring SAP employees, contractors and interns to optimize blogging and social media efforts.

Apathy, Not Hackers: The Real Enemy Of The Cloud And Emerging Tech

Paul Kurchina

The cloud is quickly moving past the hype to deliver tangible and transformational value. Across the board, cloud-based products and services are growing to the point where more than 92% of all workloads will be processed in cloud data centers by 2020. The cloud is also enabling heavy-hitter, emerging technology along the way, including advanced analytics, containers, artificial intelligence, cognitive computing, and virtual reality. And even the Internet of Things (IoT) is gaining momentum in the cloud as it sets to impact the world in the next decade 5-10x more than the entire existence of the Internet.

According to Mark Weatherford, senior vice president and chief cybersecurity strategist of vArmour, there are no signs of the cloud’s influence slowing down. In his upcoming Webcast “The Cloud, IoT, and Critical Infrastructure: It’s Not Too Late for the Cyber,” sponsored by Americas’ SAP Users’ Group (ASUG), he will share a much-needed reality check:

“Today is the slowest day in your life in terms of technology. If you think the pace is frantic now, just wait until Q4 … or 2018 … or 2020. The rate of change in business is going to be faster every year for the rest of your working life.”

Even though there is so much potential, very few business leaders understand how the cloud – and the technology it supports – will impact their company. Why? It’s most likely because their organizations are still outmatched in their ability to combat cyberattacks of any kind.

The truth about the cloud, virtualization, and cybersecurity

In no other area of the business are companies fighting to protect their business from so many ill-intended actors, ranging from international organized crime rings to terrorist organizations, politically charged hacktivists, and cyberspies acting on behalf of global nation states. Although there are high-stakes risks in the cloud, this doesn’t mean that locking down your IT systems and data to limit information-sharing and real-time insight is the answer.

Thomas Friedman, American journalist, author, and three-time Pulitzer Prize winner, poetically laid out the dangers of this lack of know-how in one of his recent New York Times columns:

“We’re moving into a world where computers and algorithms can analyze (reveal previously hidden patterns); optimize (tell a plane which altitude to fly each mile to get the best fuel efficiency); prophesize (tell you when your elevator will break or what your customer is likely to buy); customize (tailor any product or service for you alone); and digitize and automatize more and more products and services. Any company that doesn’t deploy all six elements will struggle, and this is changing every job and industry.”

To realize Friedman’s vision, businesses must somehow whittle down a seemingly infinite number of digital options to find technology that best fits their needs. But, as Weatherford suggests, the key to investing in the right technology is focusing on nine fundamental areas of strategic security:

  • Identity and access: Monitor privileged-account usage while allowing only authorized users to access critical systems and countering threats.
  • Network: Ensure that all networks in the IT landscape are secure.
  • Applications: Identify risks to all applications.
  • Security breaches: Understand the threat landscape and plan the right strategy to protect the business.
  • Compliance: Adhere to all application obligations as the company reduces its compliance burden.
  • Supplier risk: Track whether suppliers are adequately safeguarding organizational assets.
  • Business continuity: Strengthen protections to ensure continuous operations during a crisis.
  • Mobility: Secure mobile applications.
  • Cloud: Assess any security risks as a result of a cloud migration.

Weatherford also warns that insiders need to be better trained to prevent unintended security breaches. “The real danger is the uneducated user who is more likely to click on a link or push a button that shouldn’t be touched in the first place,” he said. “Educate, educate, educate. Drill, drill, drill. This is all necessary to raise the bar on security.”

In our increasingly digital world, hope is not a strategy, but a reasonable security program is. Maybe, one day within the next 10 years, security will become a top priority that everyone understands and acquires as a natural skill. But until then, let’s put a little more attention, time, and care into the security of the IT architecture and data while engaging technology that can drive significant competitive advantage.

For more cybersecurity insights and advice from Mark Weatherford, senior vice president and chief cybersecurity strategist of vArmour, join us on October 23 for the Americas’ SAP Users’ Group (ASUG) Webcast “The Cloud, IoT, and Critical Infrastructure: It’s Not Too Late for the Cyber.”

Comments

Paul Kurchina

About Paul Kurchina

Paul Kurchina is a community builder and evangelist with the Americas’ SAP Users Group (ASUG), responsible for developing a change management program for ASUG members.

The Future Will Be Co-Created

Dan Wellers and Timo Elliott

 

Just 3% of companies have completed enterprise digital transformation projects.
92% of those companies have significantly improved or transformed customer engagement.
81% of business executives say platforms will reshape industries into interconnected ecosystems.
More than half of large enterprises (80% of the Global 500) will join industry platforms by 2018.

Link to Sources


Redefining Customer Experience

Many business leaders think of the customer journey or experience as the interaction an individual or business has with their firm.

But the business value of the future will exist in the much broader, end-to-end experiences of a customer—the experience of travel, for example, or healthcare management or mobility. Individual companies alone, even with their existing supplier networks, lack the capacity to transform these comprehensive experiences.


A Network Effect

Rather than go it alone, companies will develop deep collaborative relationships across industries—even with their customers—to create powerful ecosystems that multiply the breadth and depth of the products, services, and experiences they can deliver. Digital native companies like Baidu and Uber have embraced ecosystem thinking from their early days. But forward-looking legacy companies are beginning to take the approach.

Solutions could include:

  • Packaging provider Weig has integrated partners into production with customers co-inventing custom materials.
  • China’s Ping An insurance company is aggressively expanding beyond its sector with a digital platform to help customers manage their healthcare experience.
  • British roadside assistance provider RAC is delivering a predictive breakdown service for drivers by acquiring and partnering with high-tech companies.

What Color Is Your Ecosystem?

Abandoning long-held notions of business value creation in favor of an ecosystem approach requires new tactics and strategies. Companies can:

1.  Dispassionately map the end-to-end customer experience, including those pieces outside company control.

2.  Employ future planning tactics, such as scenario planning, to examine how that experience might evolve.

3.  Identify organizations in that experience ecosystem with whom you might co-innovate.

4.  Embrace technologies that foster secure collaboration and joint innovation around delivery of experiences, such as cloud computing, APIs, and micro-services.

5.  Hire, train for, and reward creativity, innovation, and customer-centricity.


Evolve or Be Commoditized

Some companies will remain in their traditional industry boxes, churning out products and services in isolation. But they will be commodity players reaping commensurate returns. Companies that want to remain competitive will seek out their new ecosystem or get left out in the cold.


Download the executive brief The Future Will be Co-Created.


Read the full article The Future Belongs to Industry-Busting Ecosystems.

Turn insight into action, make better decisions, and transform your business.  Learn how.

Comments

About Dan Wellers

Dan Wellers is founder and leader of Digital Futures at SAP, a strategic insights and thought leadership discipline that explores how digital technologies drive exponential change in business and society.

About Timo Elliott

Timo Elliott is an Innovation Evangelist for SAP and a passionate advocate of innovation, digital business, analytics, and artificial intelligence. He was the eighth employee of BusinessObjects and for the last 25 years he has worked closely with SAP customers around the world on new technology directions and their impact on real-world organizations. His articles have appeared in articles such as Harvard Business Review, Forbes, ZDNet, The Guardian, and Digitalist Magazine. He has worked in the UK, Hong Kong, New Zealand, and Silicon Valley, and currently lives in Paris, France. He has a degree in Econometrics and a patent in mobile analytics. 

Tags:

Blockchain: Much Ado About Nothing? How Very Wrong!

Juergen Roehricht

Let me start with a quote from McKinsey, that in my view hits the nail right on the head:

“No matter what the context, there’s a strong possibility that blockchain will affect your business. The very big question is when.”

Now, in the industries that I cover in my role as general manager and innovation lead for travel and transportation/cargo, engineering, construction and operations, professional services, and media, I engage with many different digital leaders on a regular basis. We are having visionary conversations about the impact of digital technologies and digital transformation on business models and business processes and the way companies address them. Many topics are at different stages of the hype cycle, but the one that definitely stands out is blockchain as a new enabling technology in the enterprise space.

Just a few weeks ago, a customer said to me: “My board is all about blockchain, but I don’t get what the excitement is about – isn’t this just about Bitcoin and a cryptocurrency?”

I can totally understand his confusion. I’ve been talking to many blockchain experts who know that it will have a big impact on many industries and the related business communities. But even they are uncertain about the where, how, and when, and about the strategy on how to deal with it. The reason is that we often look at it from a technology point of view. This is a common mistake, as the starting point should be the business problem and the business issue or process that you want to solve or create.

In my many interactions with Torsten Zube, vice president and blockchain lead at the SAP Innovation Center Network (ICN) in Potsdam, Germany, he has made it very clear that it’s mandatory to “start by identifying the real business problem and then … figure out how blockchain can add value.” This is the right approach.

What we really need to do is provide guidance for our customers to enable them to bring this into the context of their business in order to understand and define valuable use cases for blockchain. We need to use design thinking or other creative strategies to identify the relevant fields for a particular company. We must work with our customers and review their processes and business models to determine which key blockchain aspects, such as provenance and trust, are crucial elements in their industry. This way, we can identify use cases in which blockchain will benefit their business and make their company more successful.

My highly regarded colleague Ulrich Scholl, who is responsible for externalizing the latest industry innovations, especially blockchain, in our SAP Industries organization, recently said: “These kinds of use cases are often not evident, as blockchain capabilities sometimes provide minor but crucial elements when used in combination with other enabling technologies such as IoT and machine learning.” In one recent and very interesting customer case from the autonomous province of South Tyrol, Italy, blockchain was one of various cloud platform services required to make this scenario happen.

How to identify “blockchainable” processes and business topics (value drivers)

To understand the true value and impact of blockchain, we need to keep in mind that a verified transaction can involve any kind of digital asset such as cryptocurrency, contracts, and records (for instance, assets can be tangible equipment or digital media). While blockchain can be used for many different scenarios, some don’t need blockchain technology because they could be handled by a simple ledger, managed and owned by the company, or have such a large volume of data that a distributed ledger cannot support it. Blockchain would not the right solution for these scenarios.

Here are some common factors that can help identify potential blockchain use cases:

  • Multiparty collaboration: Are many different parties, and not just one, involved in the process or scenario, but one party dominates everything? For example, a company with many parties in the ecosystem that are all connected to it but not in a network or more decentralized structure.
  • Process optimization: Will blockchain massively improve a process that today is performed manually, involves multiple parties, needs to be digitized, and is very cumbersome to manage or be part of?
  • Transparency and auditability: Is it important to offer each party transparency (e.g., on the origin, delivery, geolocation, and hand-overs) and auditable steps? (e.g., How can I be sure that the wine in my bottle really is from Bordeaux?)
  • Risk and fraud minimization: Does it help (or is there a need) to minimize risk and fraud for each party, or at least for most of them in the chain? (e.g., A company might want to know if its goods have suffered any shocks in transit or whether the predefined route was not followed.)

Connecting blockchain with the Internet of Things

This is where blockchain’s value can be increased and automated. Just think about a blockchain that is not just maintained or simply added by a human, but automatically acquires different signals from sensors, such as geolocation, temperature, shock, usage hours, alerts, etc. One that knows when a payment or any kind of money transfer has been made, a delivery has been received or arrived at its destination, or a digital asset has been downloaded from the Internet. The relevant automated actions or signals are then recorded in the distributed ledger/blockchain.

Of course, given the massive amount of data that is created by those sensors, automated signals, and data streams, it is imperative that only the very few pieces of data coming from a signal that are relevant for a specific business process or transaction be stored in a blockchain. By recording non-relevant data in a blockchain, we would soon hit data size and performance issues.

Ideas to ignite thinking in specific industries

  • The digital, “blockchained” physical asset (asset lifecycle management): No matter whether you build, use, or maintain an asset, such as a machine, a piece of equipment, a turbine, or a whole aircraft, a blockchain transaction (genesis block) can be created when the asset is created. The blockchain will contain all the contracts and information for the asset as a whole and its parts. In this scenario, an entry is made in the blockchain every time an asset is: sold; maintained by the producer or owner’s maintenance team; audited by a third-party auditor; has malfunctioning parts; sends or receives information from sensors; meets specific thresholds; has spare parts built in; requires a change to the purpose or the capability of the assets due to age or usage duration; receives (or doesn’t receive) payments; etc.
  • The delivery chain, bill of lading: In today’s world, shipping freight from A to B involves lots of manual steps. For example, a carrier receives a booking from a shipper or forwarder, confirms it, and, before the document cut-off time, receives the shipping instructions describing the content and how the master bill of lading should be created. The carrier creates the original bill of lading and hands it over to the ordering party (the current owner of the cargo). Today, that original paper-based bill of lading is required for the freight (the container) to be picked up at the destination (the port of discharge). Imagine if we could do this as a blockchain transaction and by forwarding a PDF by email. There would be one transaction at the beginning, when the shipping carrier creates the bill of lading. Then there would be look-ups, e.g., by the import and release processing clerk of the shipper at the port of discharge and the new owner of the cargo at the destination. Then another transaction could document that the container had been handed over.

The future

I personally believe in the massive transformative power of blockchain, even though we are just at the very beginning. This transformation will be achieved by looking at larger networks with many participants that all have a nearly equal part in a process. Today, many blockchain ideas still have a more centralistic approach, in which one company has a more prominent role than the (many) others and often is “managing” this blockchain/distributed ledger-supported process/approach.

But think about the delivery scenario today, where goods are shipped from one door or company to another door or company, across many parties in the delivery chain: from the shipper/producer via the third-party logistics service provider and/or freight forwarder; to the companies doing the actual transport, like vessels, trucks, aircraft, trains, cars, ferries, and so on; to the final destination/receiver. And all of this happens across many countries, many borders, many handovers, customs, etc., and involves a lot of paperwork, across all constituents.

“Blockchaining” this will be truly transformational. But it will need all constituents in the process or network to participate, even if they have different interests, and to agree on basic principles and an approach.

As Torsten Zube put it, I am not a “blockchain extremist” nor a denier that believes this is just a hype, but a realist open to embracing a new technology in order to change our processes for our collective benefit.

Turn insight into action, make better decisions, and transform your business. Learn how.

Comments

Juergen Roehricht

About Juergen Roehricht

Juergen Roehricht is General Manager of Services Industries and Innovation Lead of the Middle and Eastern Europe region for SAP. The industries he covers include travel and transportation; professional services; media; and engineering, construction and operations. Besides managing the business in those segments, Juergen is focused on supporting innovation and digital transformation strategies of SAP customers. With more than 20 years of experience in IT, he stays up to date on the leading edge of innovation, pioneering and bringing new technologies to market and providing thought leadership. He has published several articles and books, including Collaborative Business and The Multi-Channel Company.