CIOs and IT leaders who use composability to deal with continuing business disruption due to the COVID-19 pandemic and other factors will make their enterprises more resilient, more sustainable and make more meaningful contributions, according to Gartner.
Analysts said that composable business means architecting for resilience and accepting that disruptive change is the norm. It supports a business that exploits the disruptions digital technology brings by making things modular – mixing and matching business functions to orchestrate the proper outcomes.
It supports a business that senses – or discovers – when change needs to happen; and then uses autonomous business units to creatively respond.
For some enterprises digital strategies became real for the first time
According to the 2021 Gartner Board of Directors survey, 69% of corporate directors want to accelerate enterprise digital strategies and implementations to help deal with the ongoing disruption. For some enterprises that means that their digital strategies became real for the first time, and for others that means rapidly scaling digital investments.
“Composable business is a natural acceleration of the digital business that organizations live every day,” said Daryl Plummer, research VP, Chief of Research and Gartner Fellow. “It allows organizations to finally deliver the resilience and agility that these interesting times demand.”
Don Scheibenreif, research VP at Gartner, explained that composable business starts with three building blocks — composable thinking, which ensures creative thinking is never lost; composable business architecture, which ensure flexibility and resiliency; and composable technologies, which are the tools for today and tomorrow.
“The world today demands something different from us. Composing – flexible, fluid, continuous, even improvisational – is how we will move forward. That is why composable business is more important than ever,” said Mr. Scheibenreif.
“During the COVID-19 pandemic crisis, most CIOs leveraged their organizations existing digital investments, and some CIOs accelerated their digital strategies by investing in some of the three composable building blocks,” said Tina Nunno, research VP and Gartner Fellow.
“To ensure their organizations were resilient, many CIOs also applied at least one of the four critical principles of composability, gaining more speed through discovery, greater agility through modularity, better leadership through orchestration, and resilience through autonomy.”
Composable business resilience
Analysts said that these four principles can be viewed differently depending on which building block organizations are working with:
- In composable thinking, these are design principles. They guide an organization’s approach to conceptualizing what to compose, and when.
- In composable business architecture, they are structural capabilities, giving an organization the mechanisms to use in architecting its business.
- In composable technologies, they are product design goals driving the features of technology that support the notions of composability.
“In the end, organizations need the principles and the building blocks to intentionally make composability real,” said Mr. Plummer.
The building blocks of composability can be used to pivot quickly to a new opportunity, industry, customer base or revenue stream. For example, a large Chinese retailer used composability when the pandemic hit to help re-architect their business. They used composable thinking and chose to pivot to live streaming sales activities.
They embraced social marketing technology and successfully retained over 5,000 in-store sales and customer support staff to become live streaming hosts. The retailer suffered no layoffs and minimal revenue loss.
“Throughout 2020, CIOs and IT leaders maintained their composure and delivered tremendous value,” said Ms. Nunno. “The next step is to create a more composable business using the three building blocks and applying the four principles. With composability, organizations can achieve digital acceleration, greater resiliency and the ability to innovate through disruption.”
The cybersecurity challenges of the global pandemic are now colliding with the 2020 U.S. presidential election resulting in a surge of cybercrime, VMware research reveals.
Attacks growing increasingly sophisticated and destructive
As eCrime groups grow more powerful, these attacks have grown increasingly sophisticated and destructive – respondents reported that 82 percent of attacks now involve instances of counter incident response (IR), and 55 percent involve island hopping, where an attacker infiltrates an organization’s network to launch attacks on others within the supply chain.
“The rapid shift to a remote world combined with the power and scale of the dark web has fueled the expansion of eCrime groups. And now ahead of the election, we are at cybersecurity tipping point, cybercriminals have become dramatically more sophisticated and punitive focused on destructive attacks.”
Data for the report is based on an online survey of eighty-three IR and cybersecurity professionals from around the world in September 2020.
Incidents of counter IR are at an all-time high, occurring in 82% of IR engagements
Suggesting the prevalence of increasingly sophisticated, often nation-state attackers, who have the resources and cyber savvy to colonize victims’ networks. Destructive attacks, which are often the final stage of counter IR have also surged, with respondents estimating victims experience them 54% of the time.
55% of cyberattacks target the victim’s digital infrastructure for the purpose of island hopping
The pandemic has left organizations increasingly vulnerable to such attacks as their employees shift to remote work – and less secure home networks and devices.
Custom malware is now being used in 50% of attacks reported by respondents
This demonstrates the scale of the dark web, where such malware and malware services can be purchased to empower traditional criminals, spies and terrorists, many of whom do not have the sophisticated resources to execute these attacks.
As we approach the 2020 presidential election, cybercrime remains a top concern
Drawing upon their security expertise – and in line with recent advisories from Cybersecurity & Infrastructure Security Agency (CISA) – 73% of respondents believe there will be foreign influence on the 2020 U.S. presidential election, and 60% believe it will be influenced by a cyberattack.
CISOs are conflicted about how their companies can best reposition themselves to address the sudden and rapid shift to remote work caused by the pandemic, a Hysolate research reveals.
The story emerging from the data in the study is clear:
- COVID-19 has accelerated the arrival of the remote-first era.
- Legacy remote access solutions such as virtual desktop infrastructure (VDI), desktop-as-a-service (DaaS), and virtual private networks (VPN), among others, leave much to be desired in the eyes of CISOs and are not well suited to handle many of the new demands of the remote-first era.
- Half of CISOs believe that security measures are impacting productivity when scaling remote-first policies.
- Bring-your-own-PC (BYOPC) policies further complicate organizations’ approaches to secure remote access.
Remote work becoming a permanent workflow
Beyond the overwhelming consensus that work-from-home is here to stay (87 percent of respondents believe remote work has become a permanent workflow in their companies’ operations), the study reveals that there is no singular best practice or market-leading approach to enabling workers in the remote-first era.
There is no prevailing solution in place to provide secure remote access to corporate assets:
- 24 percent of survey respondents utilize VPN, and more than half of these also employ split tunneling, a practice that allows users to access dissimilar security domains at the same time, to reduce the organization’s VPN loads and traffic backhauling. However, of those that use split tunneling, two-thirds of CISOs express concerns about the security of the split tunneling approach.
- 36 percent deploy VDI or DaaS. However, of those CISOs that utilize VDI or DaaS, only 18 percent say their employees are happy with their company’s VDI or DaaS solution. Further, dissatisfaction with these legacy remote access solutions isn’t limited to user experience; more than three-quarters of CISOs feel that their return on investment in VDI or DaaS has been medium to low.
Remote security policies issues
CISOs are also grappling with what their remote security policies should be in the new remote-first era:
- 26 percent of CISOs surveyed have introduced more stringent endpoint security and corporate access measures since the arrival of the pandemic.
- 35 percent have relaxed their security policies in order to foster greater productivity among remote workers.
- 39 percent have left their security policies the same.
More than 60 percent of companies felt that they weren’t ready for the changes that the proliferation of the pandemic forced. What is uncertain is whether the other 39 percent who have made no changes are standing pat because they are comfortable with their company’s security posture or because they don’t know what changes to make.
CISOs scramble to enable remote work and maintain security
“But when we surveyed CISOs who were scrambling to scale their remote workforce IT operations in light of the pandemic, it became clear how important worker productivity has now become and that legacy solutions like VPN, VDI and DaaS just can’t handle the demands of the new remote-first reality.”
Web browsing restrictions and BYOPC policies further muddy the remote-first waters. Sixty-two percent of CISOs said their companies restrict access to certain websites on corporate devices, while 22 percent say their companies do not allow access to corporate networks or applications from a non-corporate device.
The confusion indicated by the mixed results of the survey report is enough to cause many CISOs a sleepless night. In fact, the varied response trend carried over to the one unconventional question asked in the study regarding pandemic indulgences: 20 percent of CISOs report drinking more wine during the COVID-19 crisis; 32 percent drink more coffee; 8 percent choose whiskey; and, perhaps in what should come as a surprise to no one, 40 percent chose “All of the Above.”
SOCs across the globe are most concerned with advanced threat detection and are increasingly looking to next-gen automation tools like AI and ML technologies to proactively safeguard the enterprise, Micro Focus reveals.
Growing deployment of next-gen tools and capabilities
The report’s findings show that over 93 percent of respondents employ AI and ML technologies with the leading goal of improving advanced threat detection capabilities, and that over 92 percent of respondents expect to use or acquire some form of automation tool within the next 12 months.
These findings indicate that as SOCs continue to mature, they will deploy next-gen tools and capabilities at an unprecedented rate to address gaps in security.
“The odds are stacked against today’s SOCs: more data, more sophisticated attacks, and larger surface areas to monitor. However, when properly implemented, AI technologies such as unsupervised machine learning, are helping to fuel next-generation security operations, as evidenced by this year’s report,” said Stephan Jou, CTO Interset at Micro Focus.
“We’re observing more and more enterprises discovering that AI and ML can be remarkably effective and augment advanced threat detection and response capabilities, thereby accelerating the ability of SecOps teams to better protect the enterprise.”
Organizations relying on the MITRE ATT&K framework
As the volume of threats rise, the report finds that 90 percent of organizations are relying on the MITRE ATT&K framework as a tool for understanding attack techniques, and that the most common reason for relying on the knowledge base of adversary tactics is for detecting advanced threats.
Further, the scale of technology needed to secure today’s digital assets means SOC teams are relying more heavily on tools to effectively do their jobs.
With so many responsibilities, the report found that SecOps teams are using numerous tools to help secure critical information, with organizations widely using 11 common types of security operations tools and with each tool expected to exceed 80% adoption in 2021.
- COVID-19: During the pandemic, security operations teams have faced many challenges. The biggest has been the increased volume of cyberthreats and security incidents (45 percent globally), followed by higher risks due to workforce usage of unmanaged devices (40 percent globally).
- Most severe SOC challenges: Approximately 1 in 3 respondents cite the two most severe challenges for the SOC team as prioritizing security incidents and monitoring security across a growing attack surface.
- Cloud journeys: Over 96 percent of organizations use the cloud for IT security operations, and on average nearly two-thirds of their IT security operations software and services are already deployed in the cloud.
Cybercriminals are targeting vulnerabilities created by the pandemic-driven worldwide transition to remote work, according to Secureworks.
The report is based on hundreds of incidents the company’s IR team has responded to since the start of the pandemic.
Threat level is unchanged
While initial news reports predicted a sharp uptick in cyber threats after the pandemic took hold, data on confirmed security incidents and genuine threats to customers show the threat level is largely unchanged. Instead, major changes in organizational and IT infrastructure to support remote work created new vulnerabilities for threat actors to exploit.
The sudden switch to remote work and increased use of cloud services and personal devices significantly expanded the attack surface for many organizations. Facing an urgent need for business continuity, many companies did not have time to put all the necessary protocols, processes and controls in place, making it difficult for security teams to respond to incidents.
Threat actors—including nation-states and financially-motivated cyber criminals—are exploiting these vulnerabilities with malware, phishing, and other social engineering tactics to take advantage of victims for their own gain. One in four attacks are now ransomware related—up from 1 in 10 in 2018—and new COVID-19 phishing attacks include stimulus check fraud.
Additionally, healthcare, pharmaceutical and government organizations and information related to vaccines and pandemic response are attack targets.
The issue with dispersed workforces
Barry Hensley, Chief Threat Intelligence Officer, Secureworks said: “Against a continuing threat of enterprise-wide disruption from ransomware, business email compromise and nation-state intrusions, security teams have faced growing challenges including increasingly dispersed workforces, issues arising from the rapid implementation of remote working with insufficient consideration to security implications, and the inevitable reduced focus on security from businesses adjusting to a changing world.”
As many business leaders look to close the skills gap and cultivate a sustainable workforce amid COVID-19, an IBM Institute for Business Value (IBV) study reveals less than 4 in 10 human resources (HR) executives surveyed report they have the skills needed to achieve their enterprise strategy.
COVID-19 exacerbated the skills gap in the enterprise
Pre-pandemic research in 2018 found as many as 120 million workers surveyed in the world’s 12 largest economies may need to be retrained or reskilled because of AI and automation in the next three years.
That challenge has only been exacerbated in the midst of the COVID-19 pandemic – as many C-suite leaders accelerate digital transformation, they report inadequate skills is one of their biggest hurdles to progress.
Employers should shift to meet new employee expectations
Ongoing consumer research also shows surveyed employees’ expectations for their employers have significantly changed during the COVID-19 pandemic but there’s a disconnect in how effective leaders and employees believe companies have been in addressing these gaps.
74% of executives surveyed believe their employers have been helping them learn the skills needed to work in a new way, compared to just 38% of employees surveyed, and 80% of executives surveyed said their company is supporting employees’ physical and emotional health, but only 46% of employees surveyed agreed.
“Today perhaps more than ever, organizations can either fail or thrive based on their ability to enable the agility and resiliency of their greatest competitive advantage – their people,” said Amy Wright, managing partner, IBM Talent & Transformation.
“Business leaders should shift to meet new employee expectations brought on by the COVID-19 pandemic, such as holistic support for their well-being, development of new skills and a truly personalized employee experiences even while working remotely.
“It’s imperative to bring forward a new era of HR – and those companies that were already on the path are better positioned to succeed amid disruption today and in the future.”
The study includes insights from more than 1,500 global HR executives surveyed in 20 countries and 15 industries. Based on those insights, the study provides a roadmap for the journey to the next era of HR, with practical examples of how HR leaders at surveyed “high-performing companies” – meaning those that outpace all others in profitability, revenue growth and innovation – can reinvent their function to build a more sustainable workforce.
- Nearly six in 10 high performing companies surveyed report using AI and analytics to make better decisions about their talent, such as skilling programs and compensation decisions. 41% are leveraging AI to identify skills they’ll need for the future, versus 8% of responding peers.
- 65% of surveyed high performing companies are looking to AI to identify behavioral skills like growth mindset and creativity for building diverse adaptable teams, compared to 16% of peers.
- More than two thirds of all respondents said agile practices are essential to the future of HR. However, less than half of HR units in participating organizations have capabilities in design thinking and agile practices.
- 71% of high performing companies surveyed report they are widely deploying a consistent HR technology architecture, compared to only 11% of others.
“In order to gain long-term business alignment between leaders and employees, this moment requires HR to operate as a strategic advisor – a new role for many HR organizations,” said Josh Bersin, global independent analyst and dean of the Josh Bersin Academy.
“Many HR departments are looking to technology, such as the cloud and analytics, to support a more cohesive and self-service approach to traditional HR responsibilities. Offering employee empowerment through holistic support can drive larger strategic change to the greater business.”
Three core elements to promote lasting change
According to the report, surveyed HR executives from high-performing companies were eight times as likely as their surveyed peers to be driving disruption in their organizations. Among those companies, the following actions are a clear priority:
- Accelerating the pace of continuous learning and feedback
- Cultivating empathetic leadership to support employees’ holistic well-being
- Reinventing their HR function and technology architecture to make more real-time data-driven decisions
COVID-19 has forced developer agility into overdrive, as the tech industry’s quick push to adapt to changing dynamics has accelerated digital transformation efforts and necessitated the rapid introduction of new software features, patches, and functionalities.
During this time, organizations across both the private and public sector have been turning to open source solutions as a means to tackle emerging challenges while retaining the rapidity and agility needed to respond to evolving needs and remain competitive.
Since well before the pandemic, software developers have leveraged open source code as a means to speed development cycles. The ability to leverage pre-made packages of code rather than build software from the ground up has enabled them to save valuable time. However, the rapid adoption of open source has not come without its own security challenges, which developers and organizations should resolve safely.
Here are some best practices developers should follow when implementing open source code to promote security:
Know what and where open source code is in use
First and foremost, developers should create and maintain a record of where open source code is being used across the software they build. Applications today are usually designed using hundreds of unique open source components, which then reside in their software and workspaces for years.
As these open source packages age, there is an increasing likelihood of vulnerabilities being discovered in them and publicly disclosed. If the use of components is not closely tracked against the countless new vulnerabilities discovered every year, software leveraging these components becomes open to exploitation.
Attackers understand all too well how often teams fall short in this regard, and software intrusions via known open source vulnerabilities are a highly common sources of breaches. Tracking open source code usage along with vigilance around updates and vulnerabilities will go a long way in mitigating security risk.
Understand the risks before adopting open source
Aside from tracking vulnerabilities in the code that’s already in use, developers must do their research on open source components before adopting them to begin with. While an obvious first step is ensuring that there are no known vulnerabilities in the component in question, other factors should be considered focused on the longevity of the software being built.
Teams should carefully consider the level of support offered for a given component. It’s important to get satisfactory answers to questions such as:
- How often is the component patched?
- Are the patches of high quality and do they address the most pressing security issues when released?
- Once implemented, are they communicated effectively and efficiently to the user base?
- Is the group or individual who built the component a trustworthy source?
Leverage automation to mitigate risk
It’s no secret that COVID-19 has altered developers’ working conditions. In fact, 38% of developers are now releasing software monthly or faster, up from 27% in 2018. But this increased pace often comes paired with unwanted budget cuts and organizational changes. As a result, the imperative to “do more with less” has become a rallying cry for business leaders. In this context, it is indisputable that automation across the entire IT security portfolio has skyrocketed to the top of the list of initiatives designed to improve operational efficiency.
While already an important asset for achieving true DevSecOps agility, automated scanning technology has become near-essential for any organization attempting to stay secure while leveraging open source code. Manually tracking and updating open source vulnerabilities across an organization’s entire software suite is hard work that only increases in difficulty with the scale of an organization’s software deployments. And what was inefficient in normal times has become unfeasible in the current context.
Automated scanning technologies alleviate the burden of open source security by handling processes that would otherwise take up precious time and resources. These tools are able to detect and identify open source components within applications, provide detailed risk metrics regarding open source vulnerabilities, and flag outdated libraries for developers to address. Furthermore, they provide detailed insight into thousands of public open source vulnerabilities, security advisories and bugs, to ensure that when components are chosen they are secure and reputable.
Finally, these tools help developers prioritize and triage remediation efforts once vulnerabilities are identified. Equipped with the knowledge of which vulnerabilities present the greatest risk, developers are able to allocate resources most efficiently to ensure security does not get in the way of timely release cycles.
Confidence in a secure future
When it comes to open source security, vigilance is the name of the game. Organizations must be sure to reiterate the importance of basic best practices to developers as they push for greater speed in software delivery.
While speed has long been understood to come at the cost of software security, this type of outdated thinking cannot persist, especially when technological advancements in automation have made such large strides in eliminating this classically understood tradeoff. By following the above best practices, organizations can be more confident that their COVID-19 driven software rollouts will be secure against issues down the road.
With both security budgets and talent pools negatively affected by the ongoing pandemic, state and local governments are struggling to cope with the constant wave of cyber threats more than ever before, a Deloitte study reveals.
The study is based on responses from 51 U.S. state and territory enterprise-level CISOs.
- COVID-19 has challenged continuity and amplified gaps in budget, talent and threats, and the need for partnerships.
- Collaboration with local governments and public higher education is critical to managing increasingly complex cyber risk within state borders.
- CISOs need a centralized structure to position cyber in a way that improves agility, effectiveness and efficiencies.
The report also details focus areas for states during the COVID-19 pandemic. While the pandemic has highlighted the resilience of public sector cyber leaders, it has also called attention to long-standing challenges facing state IT and cybersecurity organizations such as securing adequate budgets and talent, and coordinating consistent security implementation across agencies.
Remote work creating new opportunities for cyber threats
These challenges were exacerbated by the abrupt shift to remote work spurred by the pandemic. According to the study:
- Before the pandemic, 52% of respondents said less than 5% of staff worked remotely.
- During the pandemic, 35 states have had more than half of employees working remotely; nine states have had more than 90% remote workers.
“The last six months have created new opportunities for cyber threats and amplified existing cybersecurity challenges for state governments,” said Meredith Ward, director of policy and research at NASCIO.
“The budget and talent challenges experienced in recent years have only grown, and CISOs are now also faced with an acceleration of strategic initiatives to address threats associated with the pandemic.”
“However, continuing challenges with resources beset state CISOs/CIOs. This is evident when comparing the much higher levels of budget that federal agencies and other industries like financial services receive to fight cyber threats.”
The need for digital modernization amplified by the pandemic
State governments’ longstanding need for digital modernization has only been amplified by the pandemic, along with the essential role that cybersecurity needs to play in the discussion. Key takeaways from the 2020 study include:
- Fewer than 40% of states reported having a dedicated budget line item for cybersecurity.
- Half of states still allocate less than 3% of their total information technology budget on cybersecurity.
- CISOs identified financial fraud as three times greater of a threat as they did in 2018.
- Overall, respondents said they believe the probability of a security breach is higher in the next 12 months, compared to responses to the same question in the 2018 study.
- Only 27% of states provide cybersecurity training to local governments and public education entities.
- Only 28% of states reported that they had collaborated extensively with local governments as part of their state’s security program during the past year, with 65% reporting limited collaboration.
Vectra released its report on Microsoft Office 365, which highlights the use of Office 365 in enterprise cyberattacks. The report explains how cybercriminals use built-in Office 365 services in their attacks.
Attacks that target software-as-a-service (SaaS) user accounts are one of the fastest-growing and most prevalent problems for organizations, even before COVID-19 forced the vast and rapid shift to remote work.
Microsoft dominating the productivity space
With many organizations increasing their cloud software usage, Microsoft has dominated the productivity space, with more than 250 million active users each month. Office 365 is the foundation of enterprise data sharing, storage, and communication for many of those users, making it an incredibly rich treasure trove for attackers.
“Within the new work-from-home paradigm, user account takeover in Office 365 is the most effective way for an attacker to move laterally inside an organization’s network.” said Chris Morales, head of security analytics at Vectra.
“We expect this trend to magnify in the months ahead. Attackers will continue to exploit human behaviours, social engineering, and identity theft to establish a foothold and to steal data in every type of organization.”
Cost of account takeovers
Even with the increasing adoption of security postures to protect user accounts such as multifactor authentication (MFA), 40 percent of organizations still suffer from Office 365 breaches, leading to massive financial and reputational losses.
In a recent study, Forrester Research put the cost of account takeovers at $6.5 billion to $7 billion in annual losses across multiple industries.
Highlights from the report
- 96 percent of customers sampled exhibited lateral movement behaviours
- 71 percent of customers sampled exhibited suspicious Office 365 Power Automate behaviours
- 56 percent of customers sampled exhibited suspicious Office 365 eDiscovery behaviours
The report is based on the participation of 4 million Microsoft Office 365 accounts monitored by Vectra researchers from June-August 2020.
COVID-19 has accelerated the push toward digital business transformation for most businesses, and legal and compliance leaders are under pressure to anticipate both the potential improvements and possible risks that come with new legal technology innovations, according to Gartner.
Legal technology innovations
To address this challenge, Gartner lists the 31 must watch legal technologies to allow legal and compliance leaders to identify innovations that will allow them to act faster. They can use this information for internal planning and prioritization of emerging innovations.
“Legal and compliance leaders must collaborate with other stakeholders to garner support for organization wide and function wide investments in technology,” said Zack Hutto, director in the Gartner Legal and Compliance practice.
“They must address complex business demand by investing in technologies and practices to better anticipate, identify and manage risks, while seeking out opportunities to contribute to growth.”
Analysts said enterprise legal management (ELM), subject rights requests, predictive analytics, and robotic process automation (RPA) are likely to be most beneficial for the majority of legal and compliance organizations within a few years. They are also likely to help with the increased need for cost optimization and unplanned legal work arising from the pandemic.
Enterprise legal management
This is a multifaceted market where several vendors are trying to consolidate many of the technologies on this year’s Hype Cycle into unified platforms and suites to streamline the many aspects of corporate governance.
“Just as enterprise resource planning (ERP) overhauled finance, there is promise for a foundational system of record to improve in-house legal operations and workflows,” said Mr. Hutto. “Legal leaders should take a lesson from ERP’s evolution: ‘monolithic’ IT systems tend to lack flexibility and can quickly become an anchor not a sail.”
Legal application leaders and general counsel must begin with their desired business outcomes, and only then find a technology that can help deliver those outcomes.
Subject rights requests
The demand for subject rights requests (SRRs) is growing along with the number of regulations that enshrine a data subject’s right to access their data and request amendment or deletion. Current regulations include the CCPA in the U.S., the EU’s GDPR and Brazil’s Lei Geral de Proteção de Dadosis.
Many organizations are funneling their subject access requests (SARs) through internal legal counsel to limit the potential exposure to liability. This is costing, on average, $1,406 per SAR.
“In the face of rising request volumes and significant costs, there is great potential for legal and compliance leaders to make substantial savings and free up time by using technology to automate part, if not most, of the SRR workflow,” said Mr. Hutto.
This is a well-established technology and the market is mature, so it can be relatively simple to use “out-of-the-box” or via a cloud service. Typically, the technology can examine data or content to answer the question, ”What is likely to happen if…?”
“Adoption of this technology in legal and compliance is typically less mature than other business functions,” said Mr. Hutto. “This likely means untapped use cases where existing solutions could be used in the legal and compliance context to offer some real benefits.
“While analytics platforms may make data analysis more ‘turnkey’ extracting real insights may be more elusive. Legal and compliance leaders still should consider and improve the usefulness of their data, the capabilities of their teams, and the attainability of data in various existing systems.”
Robotic process automation (RPA)
RPA’s potential to streamline workflows for repetitive, rule-based tasks is already well-established in other business functions. Typically, RPA is best suited to systems with a standardized — often legacy — user interfaces for which scripts can be written.
“Where legal departments already use these types of systems it is likely that RPA can drive higher efficiency,” said Mr. Hutto. “However, not all legal departments use such systems. If not, it could make sense to take a longer view and consider investing in systems that have automation functionality built in.”
Gartner advice is to consider these four technologies is not solely based on their position on the Hype Cycle. Legal and compliance leaders should focus on the technologies that have the most potential for driving the greatest transformation within their own organizations in the near to medium term; the position on the Hype Cycle is part of that but not the whole story.
For example, Mr. Hutto said blockchain is a technology that has the potential to make a successful journey to the Plateau of Productivity within five years. But for now, its application will likely be limited to quite a narrow set of use cases, and it is unlikely to be transformational for corporate legal and compliance leaders.
The ongoing global pandemic that has led to massive levels of remote work and an increased use of hybrid IT systems is leading to greater insecurity and risk exposure for enterprises.
According to new data released by Cybersecurity Insiders, 72% of organizations experienced an increase in endpoint and IoT security incidents in the last year, while 56% anticipate their organization will likely be compromised due to an endpoint or IoT-originated attack with the next 12 months.
The comprehensive survey of 325 IT and cybersecurity decision makers in the US, conducted in September 2020, represented a balanced cross-section of organizations from financial services, healthcare and technology to government and energy.
IoT and enpoint security challenge
Alongside headline data that the majority experienced an endpoint and IoT security incident over the last 12 months, the top 3 issues were related to malware (78%), insecure network and remote access (61%), and compromised credentials (58%).
Perhaps more concerning was that 43% of respondents expressed “moderate to unlikely means to discover, identify, and respond to unknown, unmanaged, or insecure devices accessing network and cloud resources.”
“It is clear from this new research that the challenge of securing IoT and endpoints has escalated considerably as employees have been forced to work remotely while organizations try to rapidly adapt to the situation,” said Scott Gordon, CMO at Pulse Secure.
“The threat is real and growing. Yet, on a positive note, the survey shows that organizations are investing in key initiatives and adopting zero trust elements such as remote access device posture checking and Network Access Control (NAC) to address some of these issues.“
The negative impact of an endpoint or IoT security issue
The research found that 41% will implement or advance on-premise device security enforcement, 35% will advance their remote access devices posture checking, and 22% will advance their IoT device identification and monitoring capabilities.
For those that have been victim of an endpoint or IoT security issue, the most significant negative impact was a reported loss of user (55%) and IT (45%) productivity, followed by system downtime (42%).
Holger Schulze, CEO at Cybersecurity Insiders added, “The diversity of users, devices, networks, and threats continue to grow as enterprises take advantage of greater workforce mobility, workplace flexibility, and cloud computing opportunities.
“Not only do organizations need to ensure endpoints are secure and adhering to usage policy, but they must also manage appropriate IoT device access. New zero trust security controls can fortify dynamic device discovery, verification, tracking, remediation, and access enforcement.”
Additional key findings
- Respondents rated the biggest endpoint and IoT security challenges as #1 insufficient protection against the latest threats (49%), #2 high complexity of deployment and operations (47%), and #3 inability to enforce endpoint and IoT device access/usage policy (40%).
- Respondents rated the most critical capabilities required to mitigate endpoint and IoT security as #1 monitoring endpoint or IoT devices for malicious or anomalous activity (54%), #2 blocking or isolating unknown or at-risk endpoint and IoT devices’ network access (51%), and #3 blocking at-risk devices’ access to network or cloud resources (46%).
- When asked about anticipated investments to secure remote worker access and endpoint security technology, most organizations (61%) anticipate an increase, or significant increase, while few expect a decrease (6%).
Despite ongoing economic uncertainty amidst a global pandemic, many dealmakers remain optimistic about the outlook for the year ahead as they increasingly pursue alternative merger and acquisition (M&A) methods to navigate the crisis and pursue new disruptive business growth strategies.
According to a Deloitte survey of 1,000 U.S. corporate M&A executives and private equity firm professionals, 61% of survey respondents expect U.S. M&A activity to return to pre-COVID-19 levels within the next 12 months.
Soon after the WHO declared COVID-19 a pandemic on March 11, deal activity in the U.S. plunged — most notably during April and May.
Responding M&A executives say they tentatively paused (92%) or abandoned (78%) at least one transaction as a result of the pandemic outbreak. However, since March 2020, possibly aiming to take advantage of pandemic-driven business disruptions, 60% say their organizations have been more focused on pursuing new deals.
“M&A executives have moved quickly to adapt and uncover value in new and innovative ways as systemic change driven by the pandemic has resulted in alternative approaches to transactions,” said Russell Thomson, partner, Deloitte & Touche LLP, and Deloitte’s U.S. merger and acquisition services practice leader.
“We expect both traditional and alternative M&A to be an important lever for dealmakers as businesses recover and thrive in a post-COVID economy.”
Alternative dealmaking on the rise
For many, alternative deals are quickly outpacing traditional M&A activity as the search for value intensifies in a low-growth environment.
When asked which type of deals their organizations are most interested in pursuing, responding corporate M&A executives’ top choice was alternatives to traditional M&A, including alliances, joint ventures, and Special Purpose Acquisition Companies (45%) — ranking higher than acquisitions (35%).
Private equity investors plan to remain more focused on traditional acquisitions (53%), while simultaneously pushing pursuit of M&A alternatives — including private investment in public equity deals, minority stakes, club deals and alliances (32%).
“As businesses prepare for a post-COVID world, including fundamentally reshaped economies and societies, the dealmaking environment will also materially change,” said Mark Purowitz, principal, Deloitte Consulting LLP, with Deloitte’s mergers and acquisitions consulting practice, and leader of the firm’s Future of M&A initiative.
“Companies were starting to expand their definition of M&A to include partnerships, alliances, joint ventures and other alternative investments that create intrinsic and long-lasting value, but COVID-19 has accelerated dealmakers’ needs to create more optionality for their organizations’ internal and external ecosystems.”
Virtual dealmaking to continue playing large role post-pandemic
87% of M&A professionals surveyed report that their organizations were able to effectively manage a deal in a purely virtual environment, so much so that 55% anticipate that virtual dealmaking will be the preferred platform even after the pandemic is over.
However, virtual dealmaking does not remain without its own challenges. Fifty-one percent noted that cybersecurity threats are their organizations’ biggest concern around executing deals virtually.
“When it comes to cyber in an M&A world — it’s important to develop cyber threat profiles of prospective targets and portfolio companies to determine the risks each present,” said Deborah Golden, Deloitte Risk & Financial Advisory, cyber and strategic risk leader, Deloitte & Touche LLP.
“CISOs understand how a data breach can negatively impact the valuation and the underlying deal structure itself. Leaving cyber out of that risk picture may lead to not only brand and reputational risk, but also significant and unaccounted remediation costs.”
Other virtual dealmaking concerns included the ability to forge relationships with management teams (40%) and extended regulatory approvals (39%). When it comes to effectively managing the integration phase in a virtual environment, technology integration (16%) and legal entity alignment or simplification (16%) are surveyed M&A executives’ largest and most prevalent hurdles.
“It may be too early to assess the long-term implications of virtual dealmaking as many of the deals currently in progress now are resulting from management relationships that were formed pre-COVID. We also expect integration in a virtual setting will become much more complex a few months from now,” said Thomson.
“Culture and compatibility issues should be given greater attention on the diligence side, as they pose major downstream integration implications.”
International dealmaking declines, focus on domestic-only deals
Interest in foreign M&A targets declined in 2020 as corporate executives reported a significant shift in their approach to international dealmaking, with 17% reporting no plans to execute cross-border deals in the current economic environment, an 8 percentage point increase from 2019.
In addition, 57% of M&A executives say less than half of their current transactions involve acquiring targets operating primarily in foreign markets.
Notably, the number of survey respondents interested in pursuing deals with U.K. targets dropped by 8 percentage points, while Chinese targets declined by 7 percentage points. Interest in Canadian (32%) and Central American (19%) targets remained highest.
56% of IT and OT security professionals at industrial enterprises have seen an increase in cybersecurity threats since the start of the COVID-19 pandemic in March, a Claroty research reveals. Additionally, 70% have seen cybercriminals using new tactics to target their organizations in this timeframe.
The report is based on a global, independent survey of 1,100 full-time IT and OT security professionals who own, operate, or otherwise support critical infrastructure components within large enterprises across Europe, North America and Asia Pacific, examining how their concerns, attitudes, and experiences have changed since the pandemic began in March.
Cybersecurity still not a priority, regardless of the pandemic
- 32% said their organization’s OT environment is not properly safeguarded from potential threats
- One-fifth of organizations did not make cybersecurity a priority during the pandemic
- COVID-19 has not only accelerated the adoption of new technologies (41% stated implementing new technology solutions as a priority during the pandemic), but also brought to the fore the challenges of having siloed teams (56% said collaboration between IT and OT teams has become more challenging)
- 83% believe that, from a cybersecurity perspective, their organization is prepared should another major disruption occur
COVID-19 impact on IT/OT convergence
Across the globe, COVID-19 has led cybercriminals to use new tactics and organizations to become more vulnerable to cyber attacks, with 56% of global respondents saying that their organization has experienced more cybersecurity threats since the pandemic began. Further, 72% reported that their jobs have become more challenging.
COVID-19 has clearly had an impact on IT/OT convergence, as 67% say that their IT and OT networks have become more interconnected since the pandemic began and more than 75% expect they will become even more interconnected as a result of it.
While IT/OT convergence unlocks business value in terms of operations efficiency, performance, and quality of services, it can also be detrimental because threats – both targeted and non-targeted – can move freely between IT and OT environments.
“While we would be short-sighted to think that we won’t have more challenges as we continue to face unknowns from this pandemic, protecting critical infrastructure is especially important in a time of crisis,” said Yaniv Vardi, CEO of Claroty.
“As large enterprises are trying to improve their productivity by connecting more OT and IoT devices and remotely accessing their industrial networks, they are also increasing their exposure as a result. OT security needs to be brought to the fore and made a priority for all organizations.
“Attackers know that IT networks are covered with cybersecurity solutions so they’re moving to exploit vulnerabilities in OT to gain access to enterprise networks. Not protecting OT is like protecting a house with state-of-the-art security and alarm systems, but then leaving the front door open.”
Most vulnerable industries
In terms of industries, globally the respondents ranked pharmaceutical, oil & gas, electric utilities, manufacturing, and building management systems as the top five most vulnerable to attack.
Most regions followed similar patterns, identifying three to five industries clustered closely toward the top of the list. The exceptions are the DACH region, where oil & gas clearly holds the top spot at 36%, and Singapore, where pharmaceutical is at 22%.
More than 80% of global employees do not want to return to the office full-time, despite 30% employees claiming that being isolated from their team was the biggest hindrance to productivity during lockdown, a MobileIron study reveals.
The COVID-19 pandemic has clearly changed the way people work and accelerated the already growing remote work trend. This has also created new security challenges for IT departments, as employees are increasingly using their own personal devices to access corporate data and services.
Adding to the challenges posed by the new “everywhere enterprise” – in which employees, IT infrastructures, and customers are everywhere – is the fact that employees are not prioritizing security. The study found that 33% of workers consider IT security to be a low priority.
Mobile devices and a new threat landscape
The current distributed remote work environment has also triggered a new threat landscape, with malicious actors increasingly targeting mobile devices with phishing attacks. These attacks range from basic to sophisticated and are likely to succeed, with many employees unaware of how to identify and avoid a phishing attack. The study revealed that 43% of global employees are not sure what a phishing attack is.
“Mobile devices are everywhere and have access to practically everything, yet most employees have inadequate mobile security measures in place, enabling hackers to have a heyday,” said Brian Foster, SVP Product Management, MobileIron.
“Hackers know that people are using their loosely secured mobile devices more than ever before to access corporate data, and increasingly targeting them with phishing attacks. Every company needs to implement a mobile-centric security strategy that prioritizes user experience and enables employees to maintain maximum productivity on any device, anywhere, without compromising personal privacy.”
The study found that four distinct employee personas have emerged in the everywhere enterprise as a result of lockdown, and mobile devices play a more critical role than ever before in ensuring productivity.
- Typically works in financial services, professional services or the public sector.
- Ideally splits time equally between working at home and going into the office for face-to-face meetings; although this employee likes working from home, being isolated from teammates is the biggest hindrance to productivity.
- Depends on a laptop and mobile device, along with secure access to email, CRM applications and video collaboration tools, to stay productive.
- Believes that IT security ensures productivity and enhances the usability of devices. At the same time, this employee is only somewhat aware of phishing attacks.
- Works constantly on the go using a range of mobile devices, such as tablets and phones, and often relies on public WiFi networks for work.
- Relies on remote collaboration tools and cloud suites to get work done.
- Views unreliable technology as the biggest hindrance to productivity as this individual is always on-the-go and heavily relies on mobile devices.
- Views IT security as a hindrance to productivity as it slows down the ability to get tasks done. This employee also believes IT security compromises personal privacy.
- This is the most likely persona to click on a malicious link due to a heavy reliance on mobile devices.
- Finds being away from teammates and working from home a hindrance to productivity and can’t wait to get back to the office.
- Prefers to work on a desktop computer from a fixed location than on mobile devices.
- Relies heavily on productivity suites to communicate with colleagues in and out of the office.
- Views IT security as a low priority and leaves it to the IT department to deal with. This employee is also only somewhat aware of phishing attacks.
- Works on the frontlines in industries like healthcare, logistics or retail.
- Works from fixed and specific locations, such as hospitals or retail shops; This employee can’t work remotely.
- Relies on purpose-built devices and applications, such as medical or courier devices and applications, to work. This employee is not as dependent on personal mobile devices for productivity as other personas.
- Realizes that IT security is essential to enabling productivity. This employee can’t afford to have any device or application down time, given the specialist nature of their work.
“With more employees leveraging mobile devices to stay productive and work from anywhere than ever before, organizations need adopt a zero trust security approach to ensure that only trusted devices, apps, and users can access enterprise resources,” continued Foster.
“Organizations also need to bolster their mobile threat defenses, as cybercriminals are increasingly targeting text and SMS messages, social media, productivity, and messaging apps that enable link sharing with phishing attacks.
“To prevent unauthorized access to corporate data, organizations need to provide seamless anti-phishing technical controls that go beyond corporate email, to keep users secure wherever they work, on all of the devices they use to access those resources.”
The global COVID-19 pandemic that hit every corner of the world forced us to reimagine our societies and reinvent the way we work and live. The Europol IOCTA 2020 cybercrime report takes a look at this evolving threat landscape.
Although this crisis showed us how criminals actively take advantage of society at its most vulnerable, this opportunistic behavior should not overshadow the overall threat landscape. In many cases, COVID-19 has enhanced existing problems.
Europol IOCTA 2020
Social engineering and phishing remain an effective threat to enable other types of cybercrime. Criminals use innovative methods to increase the volume and sophistication of their attacks, and inexperienced cybercriminals can carry out phishing campaigns more easily through crime as-a-service.
Criminals quickly exploited the pandemic to attack vulnerable people; phishing, online scams and the spread of fake news became an ideal strategy for cybercriminals seeking to sell items they claim will prevent or cure COVID-19.
Encryption continues to be a clear feature of an increasing number of services and tools. One of the principal challenges for law enforcement is how to access and gather relevant data for criminal investigations.
The value of being able to access data of criminal communication on an encrypted network is perhaps the most effective illustration of how encrypted data can provide law enforcement with crucial leads beyond the area of cybercrime.
Malware reigns supreme
Ransomware attacks have become more sophisticated, targeting specific organizations in the public and private sector through victim reconnaissance. While the pandemic has triggered an increase in cybercrime, ransomware attacks were targeting the healthcare industry long before the crisis.
Moreover, criminals have included another layer to their ransomware attacks by threatening to auction off the comprised data, increasing the pressure on the victims to pay the ransom.
Advanced forms of malware are a top threat in the EU: criminals have transformed some traditional banking Trojans into modular malware to cover more PC digital fingerprints, which are later sold for different needs.
Child sexual abuse material continues to increase
The main threats related to online child abuse exploitation have remained stable in recent years, however detection of online child sexual abuse material saw a sharp spike at the peak of the COVID-19 crisis.
Offenders keep using a number of ways to hide this horrifying crime, such as P2P networks, social networking platforms and using encrypted communications applications.
Dark web communities and forums are meeting places where participation is structured with affiliation rules to promote individuals based on their contribution to the community, which they do by recording and posting their abuse of children, encouraging others to do the same.
Livestream of child abuse continues to increase, becoming even more popular than usual during the COVID-19 crisis when travel restrictions prevented offenders from physically abusing children. In some cases, video chat applications in payment systems are used which becomes one of the key challenges for law enforcement as this material is not recorded.
Payment fraud: SIM swapping a new trend
SIM swapping, which allows perpetrators to take over accounts, is one of the new trends. As a type of account takeover, SIM swapping provides criminals access to sensitive user accounts.
Criminals fraudulently swap or port victims’ SIMs to one in the criminals’ possession in order to intercept the one-time password step of the authentication process.
Criminal abuse of the dark web
In 2019 and early 2020 there was a high level of volatility on the dark web. The lifecycle of dark web market places has shortened and there is no clear dominant market that has risen over the past year.
Tor remains the preferred infrastructure, however criminals have started to use other privacy-focused, decentralized marketplace platforms to sell their illegal goods. Although this is not a new phenomenon, these sorts of platforms have started to increase over the last year.
OpenBazaar is noteworthy, as certain threats have emerged on the platform over the past year such as COVID-19-related items during the pandemic.
VP for Promoting our European Way of Life, Margaritis Schinas, who is leading the European Commission’s work on the European Security Union, said: “Cybercrime is a hard reality. While the digital transformation of our societies evolves, so does cybercrime which is becoming more present and sophisticated.
“We will spare no efforts to further enhance our cybersecurity and step up law enforcement capabilities to fight against these evolving threats.”
EU Commissioner for Home Affairs, Ylva Johansson, said: “The Coronavirus Pandemic has slowed many aspects of our normal lives. But it has unfortunately accelerated online criminal activity. Organised Crime exploits the vulnerable, be it the newly unemployed, exposed businesses, or, worst of all, children.
Organizations are building confidence that their cybersecurity practices are headed in the right direction, aided by advanced technologies, more detailed processes, comprehensive education and specialized skills, a research from CompTIA finds.
Eight in 10 organizations surveyed said their cybersecurity practices are improving.
At the same time, many companies acknowledge that there is still more to do to make their security posture even more robust. Growing concerns about the number, scale and variety of cyberattacks, privacy considerations, a greater reliance on data and regulatory compliance are among the issues that have the attention of business and IT leaders.
Two factors – one anticipated, the other unexpected – have contributed to the heightened awareness about the need for strong cybersecurity measures.
“The COVID-19 pandemic has been the primary trigger for revisiting security,” said Seth Robinson, senior director for technology analysis at CompTIA. “The massive shift to remote work exposed vulnerabilities in workforce knowledge and connectivity, while phishing emails preyed on new health concerns.”
Robinson noted that the pandemic accelerated changes that were underway in many organizations that were undergoing the digital transformation of their business operations.
“This transformation elevated cybersecurity from an element within IT operations to an overarching business concern that demands executive-level attention,” he said. “It has become a critical business function, on par with a company’s financial procedures.”
As a result, companies have a better understanding of what do about cybersecurity. Nine in 10 organizations said their cybersecurity processes have become more formal and more critical.
Two examples are risk management, where companies assess their data and their systems to determine the level of security that each requires; and monitoring and measurement, where security efforts are continually tracked and new metrics are established to tie security activity to business objectives.
IT teams foundational skills
The report also highlights how the “cybersecurity chain” has expanded to include upper management, boards of directors, business units and outside firms in addition to IT personnel in conversations and decisions.
Within IT teams, foundational skills such as network and endpoint security have been paired with new skills, including identity management and application security, that have become more important as cloud and mobility have taken hold.
On the horizon, expect to see skills related to security monitoring and other proactive tactics gain a bigger foothold. Examples include data analysis, threat knowledge and understanding the regulatory landscape.
Cybersecurity insurance is another emerging area. The report reveals that 45% of large companies, 41% of mid-sized firms and 37% of small businesses currently have a cyber insurance policy.
Common coverage areas include the cost of restoring data (56% of policy holders), the cost of finding the root cause of a breach (47%), coverage for third-party incidents (43%) and response to ransomware (42%).
COVID-19 has put a spotlight on ethical issues emerging from the increased use of AI applications and the potential for bias and discrimination.
A report from the Capgemini Research Institute found that in 2020 45% of organizations have defined an ethical charter to provide guidelines on AI development, up from 5% in 2019, as businesses recognize the importance of having defined standards across industries.
However, a lack of leadership in terms of how these systems are developed and used is coming at a high cost for organizations.
The report notes that while organizations are more ethically aware, progress in implementing ethical AI has been inconsistent. For example, the progress on “fairness” (65%) and “auditability” (45%) dimensions of ethical AI has been non-existent, while transparency has dropped from 73% to 59%, despite the fact that 58% of businesses say they have been building awareness amongst employees about issues that can result from the use of AI.
The research also reveals that 70% of customers want a clear explanation of results and expect organizations to provide AI interactions that are transparent and fair.
Ethical governance has become a prerequisite
The need for organizations to implement an ethical charter is also driven by increased regulatory frameworks. For example, the European Commission has issued guidelines on the key ethical principles that should be used for designing AI applications.
Meanwhile, guidelines issued by the FTC in early 2020 call for transparent AI, stating that when an AI-enabled system makes an adverse decision (such as declining credit for a customer), then the organization should show the affected consumer the key data points used in arriving at the decision and give them the right to change any incorrect information.
However, while globally 73% of organizations informed users about the ways in which AI decisions might affect them in 2019, today, this has dropped to 59%.
According to the report, this is indicative of current circumstances brought about by COVID-19, growing complexity of AI models, and a change in consumer behavior, which has disrupted the functionalities of the AI algorithms.
New factors, including a preference of safety, bulk buying, and a lack of training data for similar situations from the past, has meant that organizations are redesigning their systems to suit a new normal; however, this has led to less transparency.
Discriminatory bias with AI systems come at a high cost for orgs
Many public and private institutions deployed a range of AI technologies during COVID-19 in an attempt to curtail the impacts wrought by the pandemic. As these continue, it is critical for organizations to uphold customer trust by furthering positive relationships between AI and consumers. However, reports show that datasets collected for healthcare and the public sector are subjected to social and cultural bias.
This is not limited to just the public sector. The research found that 65% of executives said they were aware of the issue of discriminatory bias with AI systems. Further, close to 60% of organizations have attracted legal scrutiny and 22% have faced a customer backlash in the last two to three years because of decisions reached by AI systems.
In fact, 45% of customers noted they will share their negative experiences with family and friends and urge them not to engage with an organization, 39% will raise their concerns with the organization and demand an explanation, and 39% will switch from the AI channel to a higher-cost human interaction. 27% of consumers say they would cease dealing with the organization altogether.
Establish ownership of ethical issues – leaders must be accountable
Only 53% of organizations have a leader who is responsible for the ethics of AI systems at their organization, such as a Chief Ethics Officer. It is crucial to establish leadership at the top to ensure these issues receive due priority from top management and to create ethically robust AI systems.
In addition, leaders in business and technology functions must be fully accountable for the ethical outcomes of AI applications. Our research shows that only half said they had a confidential hotline or ombudsman to enable customers and employees to raise ethical issues with AI systems.
The report highlights seven key actions for organizations to build an ethically robust AI system, which need to be underpinned by a strong foundation of leadership, governance, and internal practices:
- Clearly outline the intended purpose of AI systems and assess its overall potential impact
- Proactively deploy AI for the benefit of society and environment
- Embed diversity and inclusion principles throughout the lifecycle of AI systems
- Enhance transparency with the help of technology tools
- Humanize the AI experience and ensure human oversight of AI systems
- Ensure technological robustness of AI systems
- Protect people’s individual privacy by empowering them and putting them in charge of AI interactions
Anne-Laure Thieullent, Artificial Intelligence and Analytics Group Offer Leader at Capgemini, explains, “Given its potential, it would be a disservice if the ethical use of AI is only limited to ensure no harm to users and customers. It should be a proactive pursuit of environmental good and social welfare.
“AI is a transformational technology with the power to bring about far-reaching developments across the business, as well as society and the environment. This means governmental and non-governmental organizations that possess the AI capabilities, wealth of data, and a purpose to work for the welfare of society and environment must take greater responsibility in tackling these issues to benefit societies now and in the future.”
Vodafone Business launched a report focused on the impact IoT is having on businesses at a time when their digital capabilities are put to the test by the COVID-19 pandemic.
The report features responses from 1,639 businesses globally, exploring how they are using IoT and how IoT is helping them be ready for the future.
IoT has made the difference for business success
The pandemic has forced almost all businesses to change their working practices and priorities in a matter of weeks, with the findings showing 77% of adopters increased the pace of IoT projects during this time.
Adopters clearly believe IoT was vital to keep them going: 84% said the technology was key to maintaining business continuity during the pandemic. As a result, 84% of adopters now view the integration of IoT devices with workers as a higher priority and 73% of businesses considering IoT agree the pandemic will accelerate their adoption plans.
IoT is key to improving business performance
The research findings are clear: IoT continues to generate value and ROI for adopters and 87% agree their core business strategy has changed for the better as a result of adopting IoT.
95% say they have achieved a return on investment and 55% of adopters have seen operating costs decrease by an average of 21%.
From improving operational efficiency to creating new connected products and services, key benefits of IoT deployments include boosted employee productivity (49%) and improved customer experience (59%).
Data is the key to future readiness
You can’t manage what you can’t measure. IoT data is becoming essential to support businesses’ decision-making (59%) and 84% of adopters think they can do things they couldn’t do before thanks to IoT. And IoT data is also helping 84% of businesses meet their sustainability goals.
IoT benefits clearly outweigh the risks
Businesses see IoT as an essential element of being future ready. So much so that 73% say that organisations who have failed to embrace IoT will have fallen behind within five years.
While cybersecurity was one of the main barriers to business’ willingness to adopt IoT in previous years, the IoT Spotlight 2020 sees the concerns significantly reducing, with only 18% of businesses seeing it as one of the top-three barriers to IoT adoption.
This, coupled with the improvements in brand differentiation and competitiveness (43%) showed by mature adopters of IoT, proves businesses that embrace this technology believe the opportunities IoT offers businesses greatly outweigh the challenges of implementation.
Erik Brenneis, Internet of Things Director at Vodafone Business said: “IoT has grown up. It’s no longer just about increasing return on investment or providing cost savings to businesses: it’s changing the way they think and operate. And it’s giving them an opportunity to re-design their operations and future-proof their business model. This research proves IoT is an essential technology for businesses that want to be resilient, more flexible and quicker to adapt and react to change.”
Forter released its Fraud Attack Index, delivering in-depth insight into the impact of COVID-19 on online buyer behavior and ecommerce fraud trends.
This edition revealed that:
- New customer accounts now represent 30% of transactions, five times more than they did pre-COVID-19. This is good news for retailers, but merchants using legacy fraud prevention systems could miss out on some of this revenue potential due to high false decline rates. Legacy systems lack data on new customers and cannot accurately distinguish between legitimate consumers and fraudsters.
- The growth in transactions driven by the consumer shift from brick-and-mortar stores to online purchasing is masking the fact that the number of fraud attacks has risen in real terms, leading retailers into a false sense of security.
- Omnichannel fraud is growing: Buy Online, Pick-up In Store (BOPIS) fraud rose 55% as new customer service options are subjected to significant fraud.
- With transactions falling by 97% compared with H1 2019, fraud attack rates in the travel industry more than doubled, with hotel fraud attacks rising 139% and airline fraud attacks increasing 144%.
- Account takeover (ATO) and Policy Abuse such as returns abuse, promotion abuse, and reseller abuse are set to surge during the holiday season.
Michael Reitblat, CEO of Forter, comments: “A rapid rise in new customer accounts, coupled with having to pivot quickly from brick-and-mortar to online sales channels, put unprecedented stress on merchants as they tried to perfect the ecommerce experience.
“It is clear from what we’ve seen that some retailers were more agile and prepared for this than others, quickly introducing new services such as curbside pickup and Buy Online, Pick-up In-Store, in a bid to retain new customers.
“To fully realize this new revenue potential, merchants need more accurate fraud prevention that can distinguish between these valuable new customers and fraudsters. Merchants can have a false decline rate between 5-7x higher for new customers – typical of legacy systems that do not have sufficient data on new account holders.”
Growth in transaction volumes masks increasing fraud attack numbers
There have been dramatic increases in transaction volumes across the majority of vertical sectors, but particularly those traditionally served by brick-and-mortar stores. Volumes rose 172% in home, furnishings and garden, 93% in food delivery & beverage and 119% in groceries.
Ecommerce fraud attacks decreased as a percentage of all transactions but in real terms, the number of fraud attacks has risen. This represents significant losses for retailers at a critical time.
Holiday season fraud surge expected
As retailers prepare for a critical holiday season and aim to recoup some of the year’s earlier losses, the research indicates that ATO attacks, and returns and delivery fraud will surge as fraudsters seek to exploit the increase in online shopping.
At the same time, customers will be more likely to take unfair advantage of promotions and abuse delivery and returns policies. Fraud and abuse trends that retailers need to prepare for include:
- Account takeover fraud to dramatically increase: The analysis indicates that fraudsters will seek to operationalize the data they’ve stolen and collected through data breaches and social engineering scams conducted during COVID-19 disruption. Also, new customer accounts opened by less experienced users are likely to use weaker passwords, fewer security steps, and be more vulnerable to ATO. As a result, retailers need to prepare for increasing ATO attacks during the holiday season.
- Returns and delivery fraud will continue to rise: Retailers increasingly offered omnichannel customer service options such as Buy Online, Return in Store (BORIS) and BOPIS, to satisfy new customers during COVID-19. Fraud attacks exploiting BOPIS policies increased 55% compared to H1 2019, as merchants offering frictionless experiences are less likely to ask for customer identification. It is anticipated that fraudsters will increasingly target and exploit returns and delivery services as online shopping surges over the holiday season.
- Policy abuse set to spike: Merchants courting new customers with aggressive promotions and user-friendly omnichannel options, will expose themselves to greater abuse risk, including returns, promotion and reseller abuse.
Vikrant Gandhi, Senior Industry Director at Frost & Sullivan commented: “Fraud and policy abuse issues have magnified in the recent months in the global ecommerce industry. Our research indicates a rise in sophisticated fraud attempts, including promotions abuse by using synthetic identities and friendly fraud in 2020.
“The challenge for merchants is to deliver frictionless customer experiences without letting fraud prevention come in their way of doing so. Our recommendation to merchants is if they do not prioritize working with identity-based, integrated fraud prevention platforms that leverage behavioral analytics, machine learning and the power of big data that is informed and refined by highly trained analysts, they will never be able to stay ahead of fraudsters and policy abusers.”
Nearly six in ten organizations have accelerated their digital transformation due to the COVID-19 pandemic, an IBM study of global C-suite executives revealed.
Top priorities are shifting dramatically as executives plan for an uncertain future
Digital transformation barriers
Traditional and perceived barriers like technology immaturity and employee opposition to change have fallen away – in fact, 66% of executives surveyed said they have completed initiatives that previously encountered resistance.
Participating businesses are seeing more clearly the critical role people play in driving their ongoing transformation. Leaders surveyed called out organizational complexity, inadequate skills and employee burnout as the biggest hurdles to overcome – both today and in the next two years.
The study finds a significant disconnect in how effective leaders and employees believe companies have been in addressing these gaps. 74% of executives surveyed believe they have been helping their employees learn the skills needed to work in a new way, just 38% of employees surveyed agree.
80% of executives surveyed say that they are supporting the physical and emotional health of their workforce, while just 46% of employees surveyed feel that support.
The study which includes input from more than 3,800 C-suite executives in 20 countries and 22 industries, shows that executives surveyed are facing a proliferation of initiatives due to the pandemic and having difficulty focusing, but do plan to prioritize internal and operational capabilities such as workforce skills and flexibility – critical areas to address in order to jumpstart progress.
“For many the pandemic has knocked down previous barriers to digital transformation, and leaders are increasingly relying on technology for mission-critical aspects of their enterprise operations,” said Mark Foster, senior vice president, IBM Services.
“But looking ahead, leaders need to redouble their focus on their people as well as the workflows and technology infrastructure that enable them – we can’t underestimate the power of empathetic leadership to drive employees’ confidence, effectiveness and well-being amid disruption.”
The study reveals three proactive steps that emerging leaders surveyed are taking to survive and thrive.
Improving operational scalability and flexibility
The ongoing disruption of the pandemic has shown how important it can be for businesses to be built for change. Many executives are facing demand fluctuations, new challenges to support employees working remotely and requirements to cut costs.
In addition, the study reveals that the majority of organizations are making permanent changes to their organizational strategy. For instance, 94% of executives surveyed plan to participate in platform-based business models by 2022, and many reported they will increase participation in ecosystems and partner networks.
Executing these new strategies may require a more scalable and flexible IT infrastructure. Executives are already anticipating this: the survey showed respondents plan a 20 percentage point increase in prioritization of cloud technology in the next two years.
What’s more, executives surveyed plan to move more of their business functions to the cloud over the next two years, with customer engagement and marketing being the top two cloudified functions.
Applying AI and automation to help make workflows more intelligent
COVID-19 has disrupted critical workflows and processes at the heart of many organizations’ core operations. Technologies like AI, automation and cybersecurity that could help make workflows more intelligent, responsive and secure are increasing in priority across the board for responding global executives. Over the next two years, the report finds:
- Prioritization of AI technology will increase by 20 percentage points
- 60% of executives surveyed say they have accelerated process automation, and many will increasingly apply automation across all business functions
- 76% of executives surveyed plan to prioritize cybersecurity – twice as many as deploy the technology today.
As executives increasingly invest in cloud, AI, automation and other exponential technologies, leaders should keep in mind the users of that technology – their people. These digital tools should enable a positive employee experience by design, and support people’s innovation and productivity.
COVID-19 created a sense of urgency around digital transformation
Leading, engaging and enabling the workforce in new ways
The study showed placing a renewed focus on people may be critical amid the COVID-19 pandemic while many employees are working outside of traditional offices and dealing with heightened personal stress and uncertainty.
Ongoing IBV consumer research has shown that the expectations employees have of their employers have shifted amidst the pandemic – employees now expect that their employers will take an active role in supporting their physical and emotional health as well as the skills they need to work in new ways.
To address this gap, executives should place deeper focus on their people, putting employees’ end-to-end well-being first. Empathetic leaders who encourage personal accountability and support employees to work in self-directed squads that apply design thinking, Agile principles and DevOps tools and techniques can be beneficial.
Organizations should also think about adopting a holistic, multi-modal model of skills development to help employees develop both the behavioral and technical skills required to work in the new normal and foster a culture of continuous learning.
58% of organizations make decisions based on outdated data, according to an Exasol research.
The report reveals that 84% of organizations are under increasing pressure to make faster decisions as a result of the COVID-19 pandemic, yet 58% of organizations lack access to real-time insights.
The report further reveals that 63% of respondents confirm that daily insights are needed to make informed business decisions, but these are hampered by long query run times.
A query taking to long to come back
75% of respondents have to wait between 2 hours and a full day for a query to come back, and only 15% of respondents’ query run times are between 15 and 60 minutes. 56% believe they can’t make informed decisions based on their organization’s data.
“As a healthcare, retail, or financial services business you cannot afford to make decisions based on yesterday’s data,” said Rishi Diwan, CPO of Exasol.
“If the pandemic has made one thing clear it’s that business conditions can turn on a dime, yet 6 in 10 businesses find themselves saddled with decision-making infrastructure that is just not responsive enough.”
The report is based on a global survey of 2,500 data decision makers and reveals ample pessimism among data and IT professionals regarding the extent to which current infrastructure set-ups can power a crisis recovery. According to the research:
- 51% believe their organization’s data infrastructure will need improvements in order to help them recover from macro or micro economic challenges.
- The top areas highlighted for performance improvement include data literacy (84%), data infrastructure (55%) and data quality (33%). However, 85% report action being taken to improve literacy across the business, which is an encouraging sign.
- Of the 36% of organizations that have increased the size of their decision-making teams during the COVID-19 pandemic to compensate the long time-to-insights, 86% have experienced an increase in decision-making speed.
- 69% of respondents reported receiving a higher number of data analytics requests from both multiple business departments and their end-users in recent months.
Demand for data analytics will continue to rise
Going forward, 45% of respondents agreed that demand for data analytics will continue to rise. While the bulk of these requests is expected to come from marketing, operations and sales, demand from all areas is expected to increase, adding to the urgency for organizations to review their data-driven decision-making capabilities.
“One way that organizations compensate for the long time-to-insights during the COVID-19 pandemic is by expanding the number of people with decision-making authority,” said Mathias Golombek, CTO at Exasol.
“Our research clearly shows that organizations want to increase their speed and agility regarding data-driven decisions. Data-democratization and self-service analytics across the organization are the ultimate goal, but existing legacy systems are struggling with these workloads. That’s where a reduction of query response times from hours to seconds is a game changer.”
“If you want to evolve towards a data-driven agile enterprise, you need to start with your existing data infrastructure. Not only must it be set up to support your future growth, but it should also enable data democratization,” said Philip Howard, Bloor Research.
“You should also look at whether your infrastructure can deliver the time to insight – the performance – that you need. Can it scale across all your knowledge workers? Because if it doesn’t do all of these things, then it’s not supporting your business goals and you need to think about changing it.”