Connect with us

Featured

Now you can measure your appetite for cyber risk

Published

on

RSA, the security division of EMC has announced a new framework designed for companies to inventory and prioritize cyber risks.

The framework, issued in a report RSA prepared with support from Deloitte Advisory Cyber Risk Services, gives organizations a new way not only to factor cyber risk into their overall risk appetite but to define the level of cyber risk they are willing to accept in the context of their overall business strategy.

As businesses strive to improve performance, many of the fundamental moves they undertake expose them to new cyber risks. Since organizations can’t turn the clock back on globalization, outsourcing, extending their third-party networks and moving to the cloud, they will need to realign their thinking about risk. The report, entitled “Cyber Risk Appetite: Defining and Understanding Risk in the Modern Enterprise,” concludes that organizations need a systematic process for defining and comprehensively categorizing sources of cyber risk, a new accounting of key stakeholders and risk owners, and a new way to calculate cyber risk appetite.

First, organizations need to redefine the term “cyber risk.” The term extends beyond hacks – planned attacks on information systems. While hacks are an important part of the equation, cyber risk encompasses a wider range of events that lead to potential of loss or harm related to technical infrastructure of the use of technology within an organization.

The paper provides a practical framework for inventorying and categorizing cyber risks across two dimensions of intent.  Cyber risk events could be the result of deliberately malicious attacks, such as a hacker carrying out an attack with the aim of compromising sensitive information. They could also be unintentional, such as user error that makes a system temporarily unavailable. Risk events may come from sources outside the organization, such as cybercriminals or supply chain partners, or sources inside the organization such as employees or contractors.

To effectively assess their cyber risk appetite, the report recommends that organizations take a comprehensive inventory of these cyber risks, quantify their potential impact and prioritize them. Organizations need to ask the right questions, such as what losses would be catastrophic, and what information absolutely cannot fall into the wrong hands or be made public. They need to prioritize the risk according to impact, ranking mission- and business-critical systems ahead of facets like core infrastructure and extended ecosystem (supply chain management applications and partner portals) and external public facing points of interaction. Prioritization needs to be an ongoing process involving constant evaluation and re-evaluation.

The report concludes that an organization’s ability to quantify cyber risk and make informed decisions about their cyber risk appetite will put them in a position to succeed. Some costs can be easily quantified: costs that include fines, legal fees, lost productivity and mitigation remediation and incident response. Other costs can be more difficult to determine – like diminished brand equity, reduced goodwill and the loss of intellectual property. Organizations need to develop the ability to demonstrate that the investments they are making align with the risks they face.

EXECUTIVE QUOTES:

Emily Mossburg, partner, Deloitte & Touche LLP and Deloitte Advisory Cyber Risk Services Resilient Practice Leader

“The very fundamental things that organizations undertake in order to drive performance and execute on their business strategies happen to also be the things that actually create cyber risk. Cyber risk is an issue that exists at the intersection of business risk, regulation, and technology. Executive decision-makers should understand the nature and magnitude of those risks, consider them against the benefits a strategic shift would deliver, and then make more informed decisions.”

David Walter, RSA GM, Global GRC

“Cyber risk is a critical issue in today’s organizations, touching aspects of business risk, regulation and technology. To effectively deal with these risks, executive decision-makers need to understand their organizations’ cyber risk appetites’ – balancing the nature and magnitude of those risks against the benefits a strategic shift would deliver. Then they can make more informed decisions.”

Featured

Security gets an upgrade – with a few glitches

Video doorbells are all the rage in the USA. Can they work in South Africa? SEAN BACHER tries out the Ring Video DoorBell 2 and Floodlight Cam.

Published

on

IP cameras have become synonymous with both business and home security. They are readily available, fairly inexpensive and, in many cases, easy to install.

Many are wireless, allowing one to place the camera anywhere within Wi-Fi range. As a result, they are a solution that can be customised to suit any type of security situation.

A world leader in doorbell security, Amazon subsidiary Ring, has recently extended its range of security devices, which now includes doorbells, floodlights, and Wi-Fi extenders, all designed to enhance and complement existing security beams and electric fences.

First up is the Ring Video DoorBell 2

It doesn’t look much like your normal intercom system, except for the miniature eye that keeps track of mischief that may be happening.  

Setting up is fairly easy. All one needs to do is connect it to the network by pushing the connect button, create an account on the downloaded smartphone app and get started with customisation and certification. Features like sensitivity, alerts, and numbers where these alerts need to be sent can all be preprogrammed. It is then just a matter of positioning the doorbell to get the best video coverage.

Getting the correct position may take some time, though, as cars and pedestrians may set it off. 

Next up is the Floodlight Cam

This works much the same as the doorbell. However, it needs to be mounted to a wall. Ring has you covered there: in the box you will find drill bits, screws and even a screwdriver to help you secure the camera. 

You will have to set alerts, phone numbers, and sensitivity. The spotlight allows you to change what time it should light up and shut down, and the package also includes an alarm, should its beams be broken.

Although this all sounds good, there are a few drawbacks to the Ring solutions. Firstly, unlike the United States, where doorbells are stuck in the vicinity of a front door, allowing them to connect to a network easily, many houses in South Africa have gates that need to be opened before one can reach the front door. This means that the bells are on or near the gate, and they are unable to connect to a home or business network.

Now, however, Ring has launched a Wi-Fi extender, but this requires an additional set-up process – and a fairly expensive one, considering the camera cost.

The Ring devices come with Protection Plans that automatically upload any triggered recordings to the cloud, allowing you to view them at a later stage. This trial period only lasts for 30 days, after which the plans can be extended from R450 for a three month period, up to R1 500 for a twelve-month period.

In practice

The attention to detail in the packaging and the addition of the tools really does put the Ring in a class of its own. No short cuts were taken in its design, and you can immediately see that it’s no rip-off. However, the Protection Plans need to be looked at carefully in terms of their costs.

Aside from this challenge, I found the devices very handy inside my house. For instance, a few times my external alarm or fence would sound, at which stage I would get a notification from my armed response – while I was away. But I easily logged in to Ring from my phone to check if anything strange was happening – all in a matter of seconds and while I was sitting all the way in Berlin.

The devices are rather expensive, though, with the Video Door Bell starting at R3 500 and going up to R7 990, and the Floodlight Cam going for R5 000. It all adds up quickly.

The cost means these solutions may not be quite ready for the South African consumer looking for a complete external perimeter security system.

Despite the Protection Plans, I did find them very handy inside my house. For instance, a few times my external alarm or fence would sound, at which stage I would get a notification from my armed response.

But, I easily logged in to Ring from my phone to check if anything strange was happening – all in a matter of seconds and while I was sitting all the way in Berlin.

Continue Reading

Featured

It’s not a ‘techlash’ – it’s a ‘tech clash’

By RORY MOORE, Innovation Lead, Accenture South Africa

Published

on

People’s love for technology has let businesses weave it, and themselves, into our lives, transforming how we work live and interact in this new world which we at Accenture are referring to – in our Tech Vision 2020 – as the “post-digital era.” But now we are being held back.

At a time when people see the potential of embracing technology more deeply into their lives, systems and services built for a old era are not supporting where people want to go. The next five years will see radical transformation as technology is realigned to better reflect people’s needs and values.

We look at the latest emerging trends that will transform how we live in work in this fundamentally different post-digital world.
Tech trend 1: “The I in experience” – helping people choose their own adventure

The next generation of technology-driven experiences will be those that make the user an active participant in creating the experience. Businesses are increasingly looking to personalise and individualise experiences to a greater degree than ever before, but are faced with stricter data regulations and users that are wary of services being too invasive. To address this, leading businesses are changing the paradigm and making choice and agency a central component of what they deliver.

Tech trend 2: “Artificial intelligence (AI) and me” – reimagining business through human and AI collaboration

Businesses will have to tap the full potential of AI by making it an additive contributor to work, rather than a backstop for automating boring or repetitive tasks. Until now, enterprises have been using AI to automate parts of their workflows, but as AI capabilities grow, following the old path will limit the full benefit of AI investments, potentially marginalise people, and cap businesses’ ability for growth. Businesses must rethink the work they do to make AI a generative part of the process. To do so, they will have to build new capabilities that improve the contextual comprehension between people and machines.

Tech trend 3: “The dilemma of smart things” – overcoming the “beta burden”

As enterprises convert their products into platforms for digital experiences, new challenges arise that, if left unaddressed, will alienate customers and erode their trust. Now that the true value of a product is being driven by the experience, a facet of the product that enterprises have traditionally retained strict control over, businesses must re-evaluate central questions: how involved they are with the product lifecycle, how to maintain transparency and continuity over product features, when is a product truly “finished”, and even who owns it?

Tech trend 4: “Robots in the wild” – growing businesses’ reach and responsibility

Robotics are no longer contained to the warehouse or factory floor. Autonomous vehicles, delivery drones, and other robot-driven machines are fast entering the world around us, allowing businesses to extend this intelligence back into the physical world. As 5G is poised to accelerate this trend, every enterprise must begin to re-think their business through the lens of robotics. Where will they find the most value, and what partners do they need to unlock it? What challenges will they face as they undergo this transformation, and what new responsibilities do they have towards their customers and society at large?

Tech trend 5: “Innovation DNA” – creating an engine for continuous innovation

Businesses should assemble their unique innovation DNA to define how their enterprises grow in the future. Maturing digital technology is making it easier than ever before to transform parts of the business, or find new value in share tools with others. The three key building blocks of innovation DNA are:
Continue on the digital transformation journey
Accelerate research and development (R&D) of scientific advancements and utilise elements such as material sciences and genomic editing to ensure practical applications are leaving these labs quicker than ever before
Leverage the power of DARQ (distributed ledger technology, AI, extended reality and quantum computing) to transform and optimise the business
Differentiation in the post-digital era will be driven by the powerful combinations of innovation and these building blocks will enable exactly that.

It’s not a “techlash”, it’s a “tech-clash”

Essentially, this new digital world is more intimate and personal than ever imaginable, but the models for data, ownership, and experience that define that world have remained the same.

Tech-clash is a clash between old models that are incongruous with people’s expectations. The time to start transformation is now. To this end, businesses need to defuse the tech-clash, build human-centered models and foster deeply trusting relationships.

For more information on how Accenture can help enterprises adopt the latest tech trends to future-proof their businesses in the post-digital era, go to: https://www.accenture.com/za-en.

Continue Reading

Trending

Copyright © 2020 World Wide Worx