Kategori arşivi: english

english

How can a CEO survive and thrive in the digital age?

Yorum yapın

Over the past 20 years CEOs have witnessed tremendous upheavals as a result of globalisation and technological change. In the PwC 20th Annual Global CEO Survey, nearly 1,400 CEOs share their views on the impact of these forces on growth, talent, trust and society.

In this survey a sizeable number of CEOs are firmly convinced that, in an increasingly digitalised world, it’s harder for businesses to gain – and retain – people’s trust. They also think it’s become more important both to run their companies in a way that addresses wider shareholder expectations and to establish a strong corporate purpose that’s reflected in their organisation’s values, culture and behaviour.

So which risks arising from connectivity concern CEOs most? When ‘technology’ and ‘trust’ pop up in the same sentence, most of us automatically think of how reputations are made and lost overnight through mass communications. And, indeed, 87% of CEOs believe social media could have a negative impact on the level of stakeholder trust in their industry over the next five years. But as new technologies and new uses of existing technologies proliferate, they say new dangers are emerging – and old ones are getting worse.

It is no wonder as many companies already collect a vast amount of customer data, which they use to target specific customers and influence their behaviour, often in very subtle ways. As the Internet of Things (IoT) spreads to everything from wearables to consumables, cars, and every conceivable part of the home, what companies know about people will increase exponentially.

This data is an incredible asset for companies and their customers. It enables businesses to deliver a better service, develop closer relationships with their customers and earn their trust. It enables customers to get more targeted offerings and engage with companies in more meaningful ways. But what happens if a company crosses the line between anticipating customers’ needs and intruding on their privacy, or if a government tries to access the data in an effort to control security risks? And what happens if the data gets lost or stolen and ends up in the hands of criminals? Even worse, people’s physical security could be compromised, as cars and homes become increasingly connected.

The growing use of data in the workplace also poses new trust issues. As HR departments slowly but surely increase their use of data analytics, talent management is turning from an inexact art into a science. But monitoring employees’ activities in – and out of – work can quickly turn sour. What are the limits of the information companies can gather? How transparent is the use of that data in making decisions about employee rewards or penalties?

CEOs recognise the complexity of the situation. A full 91% say breaches of data privacy and ethics will have a negative impact on stakeholder trust in the next five years, and 89% are already on the case. However, CEOs in the largest companies are doing much more to address these areas than those in the smallest firms.

Security breaches aren’t confined to customer data; cyber spying is now a major threat in some industries, for example. Businesses in key areas like infrastructure, energy and banking are particularly prone to attacks. This explains why so many CEOs worry that breaches affecting business-critical information and systems could also impair public trust in their industry. The vast majority are already taking steps to try and forestall such problems – although, again, it’s the largest firms that are most active in this regard.

The companies that are most effective in addressing these issues will be those that are not only strengthening their IT security, risk and governance strategies, but also collaborating with government (for example, to create the right regulatory environment for public clouds, which can offer better end-to-end security and privacy management) and engaging with stakeholders. They will need to decide what levels of transparency stakeholders should be entitled to and how to balance competing interests, as well as educating people on how to manage their technology footprint. Employers will also have to consider how much information it is necessary or acceptable to gather on their people, and how open they should be about what they’re collecting, and why and how it will be used.

IT outages and disruptions are another source of concern. If the lights go out in a world that’s heavily reliant on technology, the consequences can be extremely disruptive. What happens if customers can’t access their money when they need it, or if their connected homes lock them out? Deeply inconvenient though such incidents are, they pale into insignificance next to the physical risks that will arise as we become more connected. Picture, for instance, the sort of accident that might occur as a result of a computer glitch in one or more smart cars.

It’s no wonder so many CEOs fear that IT outages and disruptions could impact stakeholders’ trust and why so many are taking action. But addressing such risks is very difficult. The complexities and interdependencies of enterprise systems are a big problem.

Behind automation, robots and smart machines lie algorithms. These may be nothing more than instructions for computers to achieve particular outcomes, but they shape lives to a much bigger extent than many people imagine. The way we navigate websites, how we interact with connected devices, how the growing gig economy works: all are influenced by code. This raises questions about what safeguards are needed to ensure that machines carry out human orders effectively, in the way they were intended. It also raises various ethical questions. To what extent, for instance, is it acceptable to influence human choices? And can the humans who write these codes – or the companies they work for – be trusted?

A trust strategy for a digital age

In some respects, digital connectivity has made us more trusting; in the sharing economy, for example, consider how many people let strangers stay in their homes or buy from businesses they’ve never heard of before. In other respects, digital connectivity has eroded trust by creating new threats and exposing organisations to far more scrutiny. The growing complexity of technology and the increasingly distributed way in which we work, with greater individual autonomy, have also made it much harder for companies to build trust – or rebuild it, once it’s been lost. And no firm gets it right every time, which is why effective crisis management is as crucial as robust risk management.

But if forfeiting people’s trust is a sure-fire route to failure, earning their trust is the single biggest enabler of success. As an example, the take progression from assisted to augmented to autonomous intelligence heavily which depends on how much consumers and regulators trust machines to operate on their own. That, in turn, depends on whether those who create the machines have the right risk and governance structures in place, the means to verify and validate their claims independently and the mechanisms to engage effectively with stakeholders.

In short, trust is an opportunity, not just a risk. Many CEOs believe that how their firm manages data will be a differentiating factor in future. These CEOs understand that prioritising the human experience in an increasingly virtual world entails treating customers with integrity.

But, how? As a start, below quoted are the five tough questions for CEOs about gaining from connectivity without losing trust:

  1. Does your CIO know the extent to which the technology you’re investing in today will affect how your stakeholders trust you tomorrow?
  2. What are you doing to protect customer and employee data from theft, loss or misuse – and how robust are those strategies?
  3. How can you build the right infrastructure for collecting, managing, governing and securing data?
  4. As cybersecurity risks increase, have you got clear protocols in place for when systems go down and inconvenience your customers?
  5. What can you do to measure and leverage trust in your brand as a competitive advantage?

@AdilBurakSadic

Source: PwC 20th Annual Global CEO Survey, 2017

 

english

Data breaches increased by %50 in the Middle East, reports says

Yorum yapın

Saudi consumers place responsibility for protecting their personal data firmly on organizations holding their data — and not themselves, said a report.
The report said that 63.26 percent of Saudi consumers claim that companies are responsible for protecting their data while 36.74 percent believe that they are responsible for the security of their own data.
The report titled “2016 Data Breaches and Customer Loyalty” is prepared by Gemalto. According to the findings of the report, 42 percent of Saudis believe companies take protection of their personal data very seriously.
In the wake of data breaches worldwide, consumers are becoming increasingly fearful of their data being stolen. Globally, more than 4.8 billion data records have been exposed since 2013 with identity theft being the leading type of data breach.

“Consumers have clearly made the decision that they are prepared to take risks when it comes to their security, but should anything go wrong they put the blame with the business,” said Ahmad Abdallah, regional sales manager, KSA, Gemalto.

According to Gemalto’s H1 2016 Breach Level Index, data breaches in the Middle East increased by 50 percent in the first six months of 2016 compared to the last six months of 2015. Additionally, 10,537,437 data records were compromised compared to 66,050 records previously, across the region.
Clearly, hackers continue to go after unprotected, sensitive personal data enabling them to steal identities, resulting in long-term implications for consumer confidence in digital services and the companies that provide them.
Despite becoming more aware of the threats posed to them online, 8 percent of Saudi consumers believe there are no apps or websites out there that pose the greatest risk to them and consumers are not changing their behavior as a result.
The report said that 72 percent of Saudi consumers believe they will be a victim of a breach at some point, and organizations need to be prepared for the loss of business such incidents may cause. 39 percent are unlikely to do business with an organization, be it health care, a bank or a retailer, that experienced a breach.
The study found that 65 percent of those who have been a victim of a breach attribute this to a fraudulent website.
The lack of consumer confidence could be due to the lack of strong security measures being implemented by businesses. Within online banking, passwords are still the most common authentication methods. Solutions like two-factor authentication and data encryption trail behind.
Similar results can be seen in both the retail space, with only 26 percent of Saudi consumers using online retail accounts claiming two-factor authentication is used on all their apps and websites, and in social media. Only 24 percent admitted to having a complete understanding of what data encryption is and does.
“The modern-day consumer is all about convenience and they expect businesses to provide this, while also keeping their data safe. With the impending threats of consumers taking legal action against companies, an education process is clearly needed to show consumers the steps companies take to protect their data,” said Abdallah.

english

Cyber-Attacks May Threaten Global Democracy

Yorum yapın

Russia’s alleged cyber-attack on the United States Democratic National Committee has shocked the world. US intelligence services believe Russia launched the attack to influence the outcome of the recent presidential election. In fact, both the Central Intelligence Agency and the Federal Bureau of Investigation have explicitly accused the former Cold War foe of having helped Donald Trump win the election.

Following the incident, the US government has imposed sanctions on Russia and expelled 35 of its diplomats who, along with their families, were given 72 hours to leave the country. The suspected hacking is believed to have had an impact on the outcome of the democratic process in America. In addition to the expulsion of the diplomats, the Obama administration will also close two Russian compounds, in Maryland and New York.

Cyber-attacks have become a common and growing trend globally since the advancement of information and communication technology. Many nations have developed cyber capabilities for both defensive and offensive purposes. The United States has even established its own cyber command, with a new branch within the military to deal with cyber threats. Not only the United States, but many other countries have also attempted to advance their cyber capacities.

There have been several cyber-attacks in the past aimed at strategic targets. One of them was the attack on the Ukrainian power grid. The attack created chaos after it disrupted the national electricity company’s network for months. It also disconnected emergency backup systems and bombarded the server and control room with false information. Similarly, another massive cyber-attack was also directed at Israel’s electrical grid in early 2016. The attack lasted for two days and affected the country’s Public Utility Authority. There have been many other cyber-attacks that forced affected countries to shut down critical infrastructure to prevent further damage.

Hackers have purposely targeted not only strategic assets, which affect people’s daily needs, but also important institutions. Russia’s alleged attack on the DNC has surprised everyone. It shows that cyber-attacks can be used to influence political processes in other countries. Ironically, the ultimate target was the United States, the most powerful country in the world, militarily and economically. With its advanced technology, the United States has surpassed any other country in the world in developing ICT. In fact, the country has set the pace for the global community to keep up with its innovative technology.

However, in the last presidential election, the country was humiliated by the apparent successful attack on one of its political institutions, which many assume has influenced the result.

This attack is alarming not only for the United States, but also for the rest of the world, since cyber-attacks have been adopted to target the political process in a democratic country. The issue of cyber-attacks has become a potential impediment in the democratic process. Such scenario may inspire others, either state or non-state actors, to try and manipulate opponents’ political processes. Having observed the circumstances, with the massive growth in the number of hackers who are mostly business-oriented, it is not difficult to employ some of them to achieve certain objectives. Using cyber-attacks to affect any democratic process in another country is likely to develop further soon. This may perhaps not seriously impinge on non-democratic countries, but it will endanger democracy globally.

Indonesia is a democratic country. The political processes on all levels – national, provincial and district – make use of computers. Though the votes are cast manually, the recapitulation process is performed in an integrated manner by using computerized technology. This may expose Indonesia to a threat, especially if all the devices being used are deliberately hacked by a rival candidate, either an individual or a party. With abundant resources, individuals or parties can hire hackers to target their rivals. In fact, hackers may also be employed to launch cyber-attacks on any legitimate institution to influence the outcome. The adoption of a “popular vote” winning system in Indonesia’s democratic process may even create a more vulnerable condition that may be exploited by hackers.

With the upcoming regional elections, it is important for the country to prepare for a worst-case scenario in dealing with any likely cyber-attacks. Every official institution that plays a critical role in facilitating the democratic process in Indonesia should be equipped with sufficient countermeasures. This is intended to prevent any interruption or even unexpected intervention by certain actors that may control the result. Countermeasures should be able to detect and prevent any cyber-attacks, not only domestically but also externally. Of course, such preventative measures will supplement overall efforts to address cyber-attacks that may affect other areas such as the power grid, financial transactions and any other vital infrastructure.

Cyber-attacks should be listed as a top priority for the national defense and security establishment. The impact is detrimental for any country, including Indonesia. Improper handling of the issue may lead to an unbearable, chaotic situation. Not only will it force the shutdown of critical infrastructure, but it will also seriously affect institutions that are important in facilitating daily activities in the country. And the worst part is that the hacking may influence the outcome of the democratic process to elect a leader at national, provincial or district level.

With the possibility of employing either “in-house” or outsourced hackers, any individuals or parties may use cyber-attacks as an ultimate tool to achieve their objectives. This may happen in any democratic country in the world. Indeed, should this scenario occur, it may damage Indonesia’s so-called democracy. For the country, a collaboration between related stakeholders is crucial to prevent or mitigate cyber-attacks. Interagency cooperation is mandatory to effectively counter any possible attacks in the future.

The Ministry of Defense, Ministry of Communication and Information Technology, Indonesian Military, National Police and other pertinent agencies should work together to deal with the threat. Nobody wants to see cyber-attacks damaging this country’s democracy, but it is likely to happen and it is therefore important to prepare. So, let us make our best efforts to prevent this potential scenario.

Frega Ferdinand Wenas Inkiriwang is a lecturer at the Indonesian Defense University and currently listed as a Ph.D. student at the London School of Economics. He is also a Political Science (LSE) and LPDP Scholarship awardee PK 62.

english

Turkish researcher: iOS suffering from heap overflow bug

Yorum yapın

A Turkish expert who discovered a security vulnerability that Apple patched in its 10.2 update has claimed that iPhones are vulnerable to a heap overflow bug.

Speaking to Siber Bülten in an exclusive interview, Celil Ünüver said: “We discovered two vulnerabilities in iOS. The first, harmless according to us, was a null pointer dereference. We wanted to report this to Apple to get a reference. It took 2-3 months for Apple to patch this. The other, a heap overflow, we consider worthy but did not report it to Apple as we wanted to keep it a zero-day.”

The heap overflow bug gives malicious programs a chance to work in targeted Apple products.

Apple released an update, iOS 10.2, on December 12, 2016 to patch a null pointer dereference, among many others. The company said the bug was processing a maliciously crafted font file that may lead to unexpected application termination.

The bug was addressed “through improved input validation,” according to Apple. That bug affected iPhone 5 and later models, 4th generation and later iPads, and the iPod touch (6th generation and later).

Ünüver, a co-owner of the Izmir-based security firm TRAPMINE, a subsidiary of SignalSEC, stressed that his company had found a double free bug in Windows Mobile systems in 2010.

“That bug could be exploited through an SMS that would let a code work from a distance,” Ünüver said, adding that “it was one of the first bugs that was detected in Windows Mobile.”

SignalSEC is a research company that provides information security services. The company said it has been working with respected corporations in Europe, the Middle East and Africa since 2011. SignalSEC has also provided consultancy and training services to banks, GSM carriers, CERT, and military and police institutions.

Ünüver said he tried to draw attention to vulnerabilities present in mobile systems during a conference held in Switzerland in 2011.

During his presentation on “Threats On Your Smartphone,” Ünüver said hackers’ new target would be media players in smartphones, adding that he predicted the Stagefright vulnerability, which was discovered in 2015 in Android smartphones, four year earlier.