RSA, the security division of EMC has announced a new framework designed for companies to inventory and prioritize cyber risks.
The framework, issued in a report RSA prepared with support from Deloitte Advisory Cyber Risk Services, gives organizations a new way not only to factor cyber risk into their overall risk appetite but to define the level of cyber risk they are willing to accept in the context of their overall business strategy.
As businesses strive to improve performance, many of the fundamental moves they undertake expose them to new cyber risks. Since organizations can’t turn the clock back on globalization, outsourcing, extending their third-party networks and moving to the cloud, they will need to realign their thinking about risk. The report, entitled “Cyber Risk Appetite: Defining and Understanding Risk in the Modern Enterprise,” concludes that organizations need a systematic process for defining and comprehensively categorizing sources of cyber risk, a new accounting of key stakeholders and risk owners, and a new way to calculate cyber risk appetite.
First, organizations need to redefine the term “cyber risk.” The term extends beyond hacks – planned attacks on information systems. While hacks are an important part of the equation, cyber risk encompasses a wider range of events that lead to potential of loss or harm related to technical infrastructure of the use of technology within an organization.
The paper provides a practical framework for inventorying and categorizing cyber risks across two dimensions of intent. Cyber risk events could be the result of deliberately malicious attacks, such as a hacker carrying out an attack with the aim of compromising sensitive information. They could also be unintentional, such as user error that makes a system temporarily unavailable. Risk events may come from sources outside the organization, such as cybercriminals or supply chain partners, or sources inside the organization such as employees or contractors.
To effectively assess their cyber risk appetite, the report recommends that organizations take a comprehensive inventory of these cyber risks, quantify their potential impact and prioritize them. Organizations need to ask the right questions, such as what losses would be catastrophic, and what information absolutely cannot fall into the wrong hands or be made public. They need to prioritize the risk according to impact, ranking mission- and business-critical systems ahead of facets like core infrastructure and extended ecosystem (supply chain management applications and partner portals) and external public facing points of interaction. Prioritization needs to be an ongoing process involving constant evaluation and re-evaluation.
The report concludes that an organization’s ability to quantify cyber risk and make informed decisions about their cyber risk appetite will put them in a position to succeed. Some costs can be easily quantified: costs that include fines, legal fees, lost productivity and mitigation remediation and incident response. Other costs can be more difficult to determine – like diminished brand equity, reduced goodwill and the loss of intellectual property. Organizations need to develop the ability to demonstrate that the investments they are making align with the risks they face.
Emily Mossburg, partner, Deloitte & Touche LLP and Deloitte Advisory Cyber Risk Services Resilient Practice Leader
“The very fundamental things that organizations undertake in order to drive performance and execute on their business strategies happen to also be the things that actually create cyber risk. Cyber risk is an issue that exists at the intersection of business risk, regulation, and technology. Executive decision-makers should understand the nature and magnitude of those risks, consider them against the benefits a strategic shift would deliver, and then make more informed decisions.”
David Walter, RSA GM, Global GRC
“Cyber risk is a critical issue in today’s organizations, touching aspects of business risk, regulation and technology. To effectively deal with these risks, executive decision-makers need to understand their organizations’ cyber risk appetites’ – balancing the nature and magnitude of those risks against the benefits a strategic shift would deliver. Then they can make more informed decisions.”
Rain, Telkom Mobile, lead in affordable data
A new report by the telecoms regulator in South Africa reveal the true consumer champions in mobile data costs
The latest bi-annual tariff analysis report produced by the Independent Communications Authority of South Africa (ICASA) reveals that Telkom Mobile data costs for bundles are two-thirds lower than those of Vodacom and MTN. On the other hand, Rain is half the price again of Telkom.
The report focuses on the 163 tariff notifications lodged with ICASA during the period 1 July 2018 to 31 December 2018.
“It seeks to ensure that there is retail price transparency within the electronic communications sector, the purpose of which is to enable consumers to make an informed choice, in terms of tariff plan preferences and/or preferred service providers based on their different offerings,” said Icasa.
ICASA says it observed the competitiveness between licensees in terms of the number of promotions that were on offer in the market, with 31 promotions launched during the period.
The report shows that MTN and Vodacom charge the same prices for a 1GB and a 3GB data bundle at R149 and R299 respectively. On the other hand, Telkom Mobile charges (for similar-sized data bundles) R100 (1GB) and R201 (3GB). Cell C discontinued its 1GB bundle, which was replaced with a 1.5GB bundle offered at the same price as the replaced 1GB data bundle at R149.
Rain’s “One Plan Package” prepaid mobile data offering of R50 for a 1GB bundle remains the most affordable when compared to the offers from other MNOs (Mobile Network Operators) and MVNOs (Mobile Virtual Network Operators).
“This development should have a positive impact on customers’ pockets as they are paying less compared to similar data bundles and increases choice,” said Icasa.
The report also revealed that the cost of out-of-bundle data had halved at both MTN and Vodacom, from 99c per Megabyte a year ago to 49c per Megabyte in the first quarter of this year. This was still two thirds more expensive than Telkom Mobile, which has charged 29c per Megabyte throughout this period (see graph below).
Meanwhile, from having positioned itself as consumer champion in recent years, Cell C has fallen on hard times, image-wise: it is by far the most expensive mobile network for out-of-bundle data, at R1.10 per Megabyte. Its prices have not budged in the past year.
The report highlights the disparities between the haves and have-nots in the dramatically plummeting cost of data per Megabyte as one buys bigger and bigger bundles on a 30-day basis (see graph below).
For 20 Gigabyte bundles, all mobile operators are in effect charging 4c per Megabyte. Only at that level do costs come in at under Rain’s standard tariffs regardless of use.
Qualcomm wins 5G as Apple and Intel cave in
A flurry of announcements from three major tech players ushered in a new mobile chip landscape, wrItes ARTHUR GOLDSTUCK
Last week’s shock announcement by Intel that it was canning its 5G modem business leaves the American market wide open to Qualcomm, in the wake of the latter winning a bruising patent war with Apple.
Intel Corporation announced its intention to “exit the 5G smartphone modem business and complete an assessment of the opportunities for 4G and 5G modems in PCs, internet of things devices and other data-centric devices”.
Intel said it would also continue to invest in its 5G network infrastructure business, sharpening its focus on a market expected to be dominated by Huawei, Nokia and Ericsson.
Intel said it would continue to meet current customer commitments for its existing 4G smartphone modem product line, but did not expect to launch 5G modem products in the smartphone space, including those originally planned for launches in 2020. In other words, it would no longer be supplying chips for iPhones and iPads in competition with Qualcomm.
“We are very excited about the opportunity in 5G and the ‘cloudification’ of the network, but in the smartphone modem business it has become apparent that there is no clear path to profitability and positive returns,” said Intel CEO Bob Swan. “5G continues to be a strategic priority across Intel, and our team has developed a valuable portfolio of wireless products and intellectual property. We are assessing our options to realise the value we have created, including the opportunities in a wide variety of data-centric platforms and devices in a 5G world.”
The news came immediately after Qualcomm and Apple issued a joint announced of an agreement to dismiss all litigation between the two companies worldwide. The settlement includes a payment from Apple to Qualcomm, along with a six-year license agreement, and a multiyear chipset supply agreement.
Apple had previously accused Qualcomm of abusing its dominant position in modem chips for smartphones and charging excessive license fees. It ordered its contract manufacturers, first, to stop paying Qualcomm for the chips, and then to stop using the chips altogether, turning instead to Intel.
With Apple paying up and Intel pulling out, Qualcomm is suddenly in the pound seats. It shares hit their highest levels in five years after the announcements.
Qualcomm said in a statement: “As we lead the world to 5G, we envision this next big change in cellular technology spurring a new era of intelligent, connected devices and enabling new opportunities in connected cars, remote delivery of health care services, and the IoT — including smart cities, smart homes, and wearables. Qualcomm Incorporated includes our licensing business, QTL, and the vast majority of our patent portfolio.”
Meanwhile, Strategy Analytics released a report on the same day that showed Ericsson, Huawei and Nokia will lead the market in core 5G infrastructure, namely Radio Access Network (RAN) equipment, by 2023 as the 5G market takes off. Huawei is expected to have the edge as a result of the vast scale of the early 5G market in China and its long term steady investment in R&D. According to a report entitled “Comparison and 2023 5G Global Market Potential for leading 5G RAN Vendors – Ericsson, Huawei and Nokia”, two outliers, Samsung and ZTE, are expected to expand their global presence alongside emerging vendors as competition heats up.