As holiday shopping gets underway, several major retailers are opening even earlier this year offering the prospect of deep discounts and large crowds to an ever growing number of shoppers.
The National Retail Federation (NRF) notes that 140 million holiday shoppers are likely to take advantage of Thanksgiving weekend deals in stores and online.
Millennials are most eager to shop, with the NRF survey showing 8 in 10 (79.6 percent) of 18-24 year olds will or may shop over the weekend, the highest of any age group.
Much has been written about the risks of online shopping, but for those who still head to the stores, there are dangers there too.
Steelhenge Consulting has published the results of its Crisis Management Survey 2014: ‘Preparing for Crisis, Safeguarding Your Future’.
The aim of the Crisis Management Survey was to build a better picture of how organizations are preparing themselves to manage crises effectively in order to protect their reputation and performance. It asked the 375 participants from organizations around the world, what they are doing to prepare to manage crises, the challenges they face in creating a crisis management capability and to assess their overall level of crisis preparedness.
Over half rated themselves as less than very well prepared, with 13 percent responding that they were either not well prepared or not prepared at all.
The crisis communications function was shown to be lagging behind when it comes to crisis preparedness; while 84 percent of organizations surveyed had a documented crisis management plan, over a quarter of respondents recorded that they do not have a documented plan for how they will communicate in a crisis and 41 percent responded that they do not have guidance on handling social media in a crisis.
Other key themes from the survey results include:
Embedding: less than half of the respondents had a programme of regular reviews, training and exercising that would help embed crisis management within an organization and create a genuinely sustainable crisis management capability.
Engagement: in the face of high profile crises befalling major organizations year after year, 29 percent of organizations taking part in the survey still waited for the brutal experience of a crisis before creating a plan. Crisis preparedness is still a work in progress, particularly with regard to crisis communications planning.
Ownership: ownership of crisis management at the strategic level amongst the survey population lay predominantly with the chief executive. However, responsibility for day-to-day management of the crisis management capability was spread widely across a broad range of functional roles.
For the full results of the Crisis Management Survey, please click here (PDF).
A lack of widespread adherence to best practices, combined with the number of organizations that have suffered a significant cyber attack, potentially indicates a false sense of security.
SolarWinds has released the results of its Information Security Confidence Survey, which explored IT professionals’ confidence in their organizations’ security measures and processes. The survey found that while confidence is notably high, likely the result of several key factors, widespread adherence to security best practices is lacking and significant, damaging attacks continue: potentially indicating this confidence is a false sense of security.
“Organizations are taking positive steps toward improving their information security; most notably in terms of budget and resources,” said Mav Turner, director of security, SolarWinds. “It’s important, however, to never fall into the trap of over-confidence. IT pros should do everything they can to ensure the best defences possible, but never actually think they’ve done everything they can. This approach will ensure they are proactively taking all the steps necessary to truly protect their organizations’ infrastructures and sensitive data.”
Conducted in October 2014 in conjunction with Enterprise Management Associates, the survey yielded responses from 168 IT practitioners, managers, directors and executives in the UK from small and midsize enterprise companies.
Recently the US law firm of Foley and Lardner LLP and MZM Legal, Advocates & Legal Consultants in India jointly released a white paper, entitled “Anti-Bribery and Foreign Corrupt Practices Act Compliance Guide for U.S. Companies Doing Business in India”. For any compliance practitioner it is a welcome addition to country specific literature on the Foreign Corrupt Practices Act (FCPA), UK Bribery Act and other anti-corruption legislation and includes a section on India’s anti-corruption laws and regulations.
FCPA Enforcement Actions for Conduct Centered in India
Under the FCPA, several notable US companies have been through enforcement actions related to conduct in India. Although not monikered as a ‘Box Score’ the authors do provide a handy chart which lists the companies involved, a description of the conduct and fine/penalty involved.
Application development is a vital and ever-changing part of the mobile ecosystem. Now, there are rumblings that a new approach is necessary. Research sponsored by Kinvey points to dissatisfaction on the part of CIOs about mobile app creation. Half of those surveyed, according to the story at Associations Now, think that it takes too long to build an app. More than half says it takes seven months to a year and 35 percent think it takes less than six months.
A big problem, according to the survey, is lack of a cohesive central strategy. Seventy-five percent of respondents say that product lines and “individual functions” drive development. The process may be changing, however: 54 percent of those who answered the survey say they will standardize development and 63 percent will utilize cloud approaches.
The call to change is being heard. Forrester released a report on the transitions occurring in the mobile app development sector. It identifies eight. The top four: Standalone apps will fade; hardware changes will create new opportunities; and mobile competition will shift to both accessories and ecosystems. The other four changes and details on all of them are available at the ReadWrite story on the Forrester research.
While organizations of just about any size have an interest in tapping into the potential of Big Data, the vast majority of them won’t have the resources required to actually do that any time soon unless they get some external help.
With that issue in mind, First Data, a provider of credit card processing services, has been building out an Insightics analytics service in the cloud that aggregates both internal data collected by First Data and external data sources. The latest external data source that First Data is including comes from Factual, provider of a location-based service that helps organizations deliver mobile experiences based on the physical location of a mobile computing device.
Sandeep Garg, vice president of information and analytics at First Data, says that rather than requiring small-to-medium-sized (SMB) organizations to build their own Big Data applications and acquire associated infrastructure, First Data has created an application that they can either interface directly or programmatically address via application programming interfaces (APIs).
Former FBI Director Robert Mueller once said, “There are only two types of companies: those that have been hacked and those that will be. Even that is merging into one category: those that have been hacked and will be again.” This is the environment in which risk managers must protect their businesses, and it isn’t easy.
Cyber risk is not an IT issue; it’s a business problem. As such, risk management strategies must include cyber risk insurance protection. Until recently, cyber insurance was considered a nice-to-have supplement to existing insurance coverage. However, following in the wake of numerous, high-profile data breaches, cyber coverage is fast becoming a must-have. In fact, new data from The Ponemon Institute indicates that policy purchases have more than doubled in the past year, and insiders estimate U.S. premiums at around $1 billion today and rising.
But is a cyber policy really necessary? In short, yes. As P.F. Chang’s China Bistro recently discovered, commercial general liability (CGL) policies generally do not include liability coverage to protect against cyber-related losses. CGL policies are intended to provide broad coverage, not necessarily deep coverage. Considering the complexity of cyber risks, there is a real and legitimate need for specialized policies that indemnify the insured against cyber-related loss and liability.
By Mark Kedgley
December 15th is the anniversary that Target's infamous security breach was discovered; but has anything really changed in the year that has gone by? Retailer after retailer is still falling foul of the same form of malware attack. So just what is going wrong?
The truth is that there is never going to be a 100 percent guarantee of security: and with today's carefully focused zero day attacks, the continued reliance on prevention rather than cure is obviously not working. Organizations are blithely continuing day to day operations while an attack is in progress because they are simply not spotting the breaches as they occur.
If an organization wants to maintain security and minimise the financial fall out of these attacks, the emphasis has to change. Accept it: the chances of stopping all breaches are unlikely at best with a prevention only strategy. Instead, with non-stop, continuous visibility of what is going on in the IT estate, an organization can at least spot in real-time the unusual changes that may represent a breach, and take action before it is too late.
Despite over half of companies wanting to retain control of their IT disaster recovery inhouse, a lack of frequent testing is putting these businesses more at risk of IT downtime than companies which outsource. The mismatch between the high levels of confidence that in-house disaster recovery yields and the high test failure rates indicates that either testing needs to be stepped up or companies would be better to outsource.
This was one of the key findings of research carried out by Plan B, through surveying 150 contacts that attended the BCI World conference in November 2014. All contacts interviewed were within an IT function of their business, with knowledge of the disaster recovery strategy and solution for their business.
Other findings include:
As efforts to contain and eliminate the current Ebola outbreak in West Africa continue, countries around the world are making preparations to be ready in case the virus arrives. The Australian government is also making plans to deal with such an event. Ebola already exists in Australia – but fortunately (so far) only as the subject of research in the high security Australian Animal Health and Research Centre in Geelong to develop a vaccine. But how does Australian preparedness compare with that if other countries? And what would happen if Ebola cases were declared in Australia in the way they have already occurred in Spain and in the United States?