The Business Continuity Institute - May 11, 2016 16:09 BST
“To expect the unexpected shows a thoroughly modern intellect.”
Oscar Wilde, Irish playwright, novelist, essayist, and poet. 1854-1900
Preparing for the 'unexpected' is not a new idea. Over the last 50 years, the business continuity industry has grown out of the need to protect businesses from the unexpected and expected interruption. However, when we stop and think about the threats business continuity professionals must mitigate in today’s business continuity (BC) plans versus 20, 10 or even 5 years ago, all agree there is a new threat landscape. Threats that are making the 'unexpected' drastically different today and unimaginable tomorrow.
Protecting an organization from an 'IT outage' is where most BC plans originated. Yet, even IT outages today have taken on a new level of complexity. We live in an 'Always on world' where complex, global infrastructures and open-source code systems join with the Internet of Thing’s 9 billion possible entry points to capture more and more data to the Cloud every minute. On top of that, we 'Bring (Y)our Own Devices' (BYOD) then capture and analyze Big Data to enable a ‘cognitive’ world. As BC planners we are asked to protect our businesses from interruptions caused by these many factors and do it faster, cheaper and with less staff to help solve the problem.
Moreover, there is now increased pressure from outright criminal activity. Yes, cybercrime. Our most precious business resource, our differentiating factor that is our competitive advantage - our intellectual property and personal information - is under sophisticated, malicious, criminal attack 24 hours a day, every day.
By the end of 2014, some estimates indicated more than one billion leaked personally identifiable information, think emails, credit card numbers, and passwords, was reported stolen1. An organization of 15,000 employees can expect to see 1.7 million security events in one week. However, typically only 1 out of every 100 security compromises actually are detected. So add two zeros to the 1.7 million and you get the picture2.
With this new threat landscape, what truths can BC Planners hold onto today?
Well we know the principles of BC, like the laws of physics, never change. However, what must change is how we apply and adapt these principles to new threats. In this world of rising crises, incidents, and organized cyber-attacks, how we apply the tried and true BC techniques we’ve practiced over dozens of years brings real benefits when teamed with security to win in this war against cybercrime. According to the 2015 Cost of Data breach Study by the Ponemon Institute and IBM, Business Continuity Management (BCM) involvement in data breach response can reduce the associated costs by $14 per affected record and reduce the time to contain the data breach by 41%3.
When business continuity and security team we apply three waves of defense: Frontline, Response, and Containment. Security prevents as much as possible with implemented frontline security services like strong security policies, passwords, encryption and personnel awareness training. Should, or when the attack comes, BC’s deep experience in incident response adds command and control, measured incident response and the 'who' needs to be involved. Lastly, if the worst happens and records are lost, our company’s reputation is protected through containment by implementing BC plans for IT outage and personnel depletion scenarios.
What would BCM and Security teaming look like in the real world?
First, establish joint representation where Security and BCM work as members of each other’s teams building the response plan. Work on each other’s teams, include BC in the response team, and involve the Chief Information Security Officer (CISO) throughout.
Second, BCM and Security work together to align cyber incident response and participate in joint testing with simulated exercises. Teams work together to validate the planned actions and educate all participants on their roles as well as the unique attributes of a cyber response.
Third, appoint crisis management representatives to coordinate BC and Cyber security efforts during and after the breach. Cyber response like BC response requires clear roles, responsibilities and communication. Joint roles defined in a communication plan delineate who can answer the tough questions.
Yes, threats are changing every day and cyber is just one of the many threats from which we must protect our businesses. Now, you are armed with hard evidence and three simple actions to start, or strengthen your BCM program from a cyber event and realize real value for your organization.
Linda Laun is the Chief Continuity Architect at IBM Global Business Continuity. During Business Continuity Awareness Week, she will be hosting a webinar on the same subject giving you the opportunity to ask questions. The webinar is in Monday 16th May and you can register for it by clicking here.
1IBM X-Force Threat Intelligence Report 2016, pg. 2
22014 Cost of Data Breach Study, Ponemon Institute and IBM
32015 Cost of Data Breach Report, Ponemon Institute and IBM
LONDON – Perfecto Mobile, the market leader in empowering enterprises to deliver high-quality digital experiences, today announced it has been cited as a Leader in “The Forrester Wave™: Mobile Front-End Test Automation Tools, Q2 2016.” In its 40-criteria evaluation of mobile front-end test automation tools, Forrester Research, Inc. identified the 10 most significant providers and individually analysed their ability to help application development and delivery (AD&D) professionals select the best solution to maintain an organisation’s unique mobile properties.
According to Forrester Research, “The only bulletproof way to deliver faster is to introduce automation in the software development life cycle, which includes testing. In today’s world of Agile sprints and continuous delivery, practices such as testing mobile apps on the devices that happen to be lying around, with a tester’s fingers tapping away at screens, are gone. Testers can only keep up the pace using automated testing of an app’s user interface (UI) and associated functionality.”
Perfecto’s current offerings rank highest among the assessed vendors based on key evaluation areas such as operating environments, test targets, test creation and management, automation creation and integration. In particular, Perfecto is cited among vendors that “shine by providing on-premises, cloud and hybrid test labs, with rich functional mobile-device-specific testing capabilities.”
Forrester also noted in the report that, “Perfecto pioneered mobile device testing in the cloud [and] it is now expanding to include support for desktop browser and enterprise testing capabilities, giving it more ammunition for multichannel apps testing.”
“We are honoured to be named a Leader in the Forrester Wave: Mobile Front-End Test Automation Tools report. In our opinion, this recognition marks Perfecto as a trailblazer in the industry, with the strongest product offering in the space. We believe this validates our approach to digital quality and our ability to empower companies to deliver high-quality mobile and web apps and websites faster with our Continuous Quality Lab,” said Roi Carmel, Senior Vice President of Product and Strategy, Perfecto. “With our unique cloud-based offering, including our Wind Tunnel™ capabilities, we are enabling dev and test teams to test end-user experiences earlier and enhance test coverage to ensure high-quality digital experiences are part of their delivery pipeline.”
Perfecto recently launched the next version of its cloud-based Continuous Quality Lab™ (CQL) that expands test coverage from mobile web and apps to include web browsers on desktops. To learn more about Perfecto’s Continuous Quality Lab for omni-channel and responsive web testing and monitoring, visit the Continuous Quality Blog.
To download a copy of “The Forrester Wave™: Mobile Front-End Test Automation Tools, Q2 2016” visit here: http://info.perfectomobile.com/forrester-wave-mobile-test-automation.html
Perfecto enables exceptional digital experiences. We help you transform your business and strengthen every digital interaction with a quality-first approach to creating web and native apps, through a cloud-based test environment called the Continuous Quality Lab™. The CQL Lab is comprised of real devices and real end-user conditions, giving you the truest test environment available.
More than 1,500 customers, including 50% of the Fortune 500 across the banking, insurance, retail, telecommunications and media industries rely on Perfecto to deliver optimal mobile app functionality and end user experiences, ensuring their brand’s reputation, establishing loyal customers and continually attracting new users. For more information about Perfecto, visit www.perfectomobile.com, join our community or follow us on Twitter at @PerfectoMobile.
Expanded operations allow local businesses to grow IT needs securely and cost-effectively
CHARLOTTE, NC (May 10, 2016) – National IT infrastructure and cloud services provider, Peak 10, Inc., is growing its Midwest footprint with the upcoming expansion of its data center operations at 5307 Muhlhauser Road in West Chester, OH to support the region’s burgeoning business community. The 20,000-square foot greenfield expansion will feature 13,000 square feet of raised floor data center space and its own critical uptime infrastructure such as power, HVAC, generators, etc. The expansion comes on the heels of new federal data ranking the 15-county area the fastest growing in the region, representing $121.4 billion in annual revenue according to data from the U.S. Bureau of Economic Analysis.
“The recent influx of Big Data, integration of the Internet of Things (IoT), and outsourcing increases the need for additional IT services such as data storage and security,” said PJ Kiggins, vice president and general manager for Peak 10’s Cincinnati operations. “The construction of our second data center facility here allows us to deliver our enterprise-level data center services and cloud so customers can continue to grow without the concern of data security or need to make investments for infrastructure regulatory compliance requirements.”
Like all Peak 10 facilities, the company’s new Cincinnati data center will be engineered to help customers meet regulatory compliance for SOC 1, SOC 2, SOC 3, HIPAA, PCI DSS, FISMA and ITAR regulations and boasts multiple levels of security, uninterruptible power, HVAC systems, fire suppression and around-the-clock monitoring and management and featuring concurrently maintainable power infrastructure.
The new data center will be capable of serving hundreds more customers throughout Ohio and northern Indiana and will bring the company’s total Cincinnati presence to more than 44,000 square feet. Cincinnati-based companies like ProMach and Gorilla Glue rely on Peak 10’s highly reliable solutions to maintain their production environments – the backbone of their business operations.
“Our consistent growth in all of our markets is the result of mid-market businesses in need of a true IT partner that can offer consultative expertise to support their long-term growth goals,” said David Jones, chairman and CEO of Peak 10. “While we evaluate other markets and opportunities we continue to realize a consistent, need for colocation and hybrid cloud solutions in our existing markets like Cincinnati.”
Headquartered in Charlotte, N.C., Peak 10 operates 27 data centers in key U.S. markets and serves a diverse range of customers in the U.S. and abroad. The company’s hands-on approach to IT has recently been recognized with a best in class Net Promoter (NPS) score of 67.4– the highest ever in the company’s history of tracking this metric and indicator of its focus on the customer experience.
To learn more about Peak 10 in Cincinnati, visit http://bit.ly/1VkppCQ.
About Peak 10
Peak 10 provides reliable, tailored cloud computing, data center and other information technology (IT) infrastructure solutions and managed services, primarily for mid-market businesses. Peak 10 solutions are designed to scale and adapt to customers’ changing business needs, enabling them to increase agility, lower costs, improve performance and focus internal IT resources on their core competencies. Peak 10 holds the Cisco® Cloud Provider Certification with a Cisco Powered Cloud Infrastructure as a Service (IaaS) and Disaster Recovery as a Service (DRaaS) designation. Peak 10 undergoes annual examinations by third party auditors and helps companies meet the requirements of various regulatory and industry standards such as SOC 1, SOC 2, SOC 3, HIPAA, PCI DSS, FISMA and ITAR. For more information, visit www.peak10.com or the Peak 10 Newsroom for the latest news.
FourKites' Comprehensive Tracking Solution Will Be Integrated Within JDA's Transportation Management Platform SCOTTSDALE, Ariz., – FourKites, the most comprehensive provider of real-time tracking solutions for shippers and 3PLs in North America, has announced it is collaborating with JDA Software Group Inc. to make FourKites' real-time visibility data available within JDA Transportation Management System (TMS). In part by leveraging traditional and more advanced streams of intelligence that FourKites provides, JDA is building a complementary ecosystem to enable end-to-end supply chain visibility. This partnership enables carrier connectivity, efficient on-boarding, and real-time visibility within JDA Transportation Management. FourKites can cover the entire spectrum of the trucking industry, from private fleets to individual owner-operators, through a combination of tracking technologies: 40+ ELD partnerships, a proprietary smartphone app, and app-less tracking using cell tower triangulation. "FourKites is thrilled to partner with an industry leader like JDA Software. FourKites real-time load tracking is a perfect compliment to JDA's transportation planning and execution capabilities. Together we are providing unparalleled capabilities to our common customers," said FourKites CEO Matt Elenjickal. FourKites tracks truck locations every 15 minutes, recalculates ETA using real-time location data, and automates arrivals and departures using robust geo-fencing technologies. Integration allows JDA's customers to access all of this powerful information within their JDA TMS. Integration virtually eliminates the need for expensive EDI setups or phone calls to drivers and dispatchers, saving customers both time and money. About FourKites: FourKites provides real-time supply chain visibility and logistics solutions across transportation modes and digital platforms. Using FourKites, the shipper, the broker, and the carrier can share the same, real-time truck location and shipment status information - from onboard systems in the largest commercial fleets to individual owner-operator cellphones - with a smartphone app and cell tower triangulation. Bypassing check calls and EDI, FourKites saves time and money across the transportation spectrum. Best of all, nothing falls through the cracks. For more information, email firstname.lastname@example.org or visit www.fourkites.com.
Loss per Call, Exposure by Institution, Affected Verticals, All Increasing
ATLANTA, Ga. – (Marketwired - May 10, 2016) - Pindrop, the leader in call center fraud protection and authentication, today announced research indicating increases in phone fraud incidents and costs in multiple areas in its 2016 Call Center Fraud Report. Researchers at Pindrop Labs, the authoritative source for voice/audio fraud and authentication trends, analyzed over 10 million calls to major enterprise call centers in the US and UK using patented Phoneprinting™ technology. The report outlines impact by vertical, attacker device type, and attacker location for enterprises in the US and UK, as well as new trends and attack vectors used by organized crime.
Strong online and mobile security plus the abundance of breach data and the rollout of EMV chip cards in the US means cybercriminals are changing tactics, exploiting the weakest link in the organization: the call center. The rate of call center fraud attacks has grown 45 percent since 2013. Other key findings and data points in the report include:
- In 2015, enterprises lost an average of $0.65 to fraud per call. This means a large call center that receives 40 million calls per year can expect to lose between $17 million and $27 million per year.
- UK financial institution call centers are being hit with very high levels of fraud attacks when compared to its counterparts in the US. In the UK, fraud rates are at 1 in 700 calls, which is more than double the 1 in 1,700 calls in the US.
- Fraud rate and exposure vary by industry. This past year, credit unions had the potential to lose $29 million in fraud exposure. Life Insurance companies faced a greater risk of $31 million in potential loss, which is three times larger than the average of other financial institutions.
To see fraud in additional industries, you can download the complete white paper here.
According to David Dewey, Director of Pindrop Labs, "There is an alarmingly large increase in attackers targeting call centers to gain access to funds and steal key assets including money, merchandise and proprietary information. This problem is not restricted to US financial institutions -- this is a growing problem on a global scale. The common thread is that criminals go where the likelihood of detection is lowest and the rewards are high."
The 2016 Call Center Fraud Report can be found here: https://www.pindrop.com/phone-fraud-report/
Pindrop is the pioneer in voice fraud prevention an authentication. Pindrop provides enterprise solutions to reduce fraud losses and authentication expense for some of the largest call centers in the world. Pindrop's patented Phoneprinting™ technology can identify, locate and authenticate phone devices uniquely just from the call audio thereby detecting fraudulent calls as well as verifying legitimate callers. Pindrop has been selected by the world's largest banks, insurers, brokerages and retailers, detecting over 80% of fraud, even for attackers never seen before. Pindrop's solutions are allowing customers to reduce call time and improve their customers' experience even while reducing fraud losses. Pindrop was founded in 2011 and is venture backed by Andreessen Horowitz, Citi Ventures, Felicis Ventures, Google Capital, GV and IVP. In total, Pindrop has raised $122 million.
Data centers worldwide are energy transformation devices. They draw in raw electric power on one side, spin a few electrons around, spit out a bit of useful work, and then shed more than 98 percent of the electricity as not-so-useful low-grade heat energy. They are almost the opposite of hydroelectric dams and wind turbines, which transform kinetic energy of moving fluids into clean, cheap, highly transportable electricity to be consumed tens or hundreds of miles away.
But maybe data centers don’t have to be the complete opposite of generation facilities. Energy transformation is not inherently a bad thing. Cradle-to-Cradle author and thought leader William McDonough teaches companies how to think differently, so that process waste isn’t just reduced, but actively reused. This same thinking can be applied to data center design so that heat-creating operations like data centers might be paired with heat-consuming operations like district energy systems, creating a closed-loop system that has no waste.
It’s not a new idea for data centers. There are dozens of examples around the globe of data centers cooperating with businesses in the area to turn waste heat into great heat. Lots of people know about IBM in Switzerland reusing data center heat to warm a local swimming pool. In Finland, data centers by Yandex and Academica share heat with local residents, replacing the heat energy used by 500-1000 homes with data center energy that would have been vented to the atmosphere. There are heat-reuse data centers in Canada, England, even the US. Cloud computing giant Amazon has gotten great visibility from reuse of a nearby data center’s heat at the biosphere project in downtown Seattle.
Information is critical to our businesses. We cannot make good decisions without it. We identify the cause of issues based on it. In a crisis, without information, we may be making decisions or trying to contact appropriate parties like a myopic without his glasses.
What is the information that may be required during a crisis?
- The severity of the impact to business processes
- How long the crisis may last
- Internal contact lists
- External contact lists
- Crisis & Recovery Team members and responsibilities
- Recovery plans and checklists
- Business processing requirements
- Manual processing procedures
- Information on business risks
Today, many Fortune 500 companies are enlisting a hybrid cloud approach that uses a patchwork of on-premises, private cloud and third-party, public cloud services to allow workloads to move between clouds to meet the ever-evolving demands of computing needs and cost expectations. In turn, these companies benefit from greater flexibility and more data deployment options.
However, Tom Gillis, founder of startup Bracket Computing, quickly realized that this approach, with server hardware, software applications, storage capacity, and networking services spread across data centers and multiple service providers, invites operational complexity and introduces an opportunity for error. Gillis decided there was an unmet need for a new virtualization technology; one that could secure multiple cloud environments by creating a container for infrastructure so that an enterprise could move data out on the public cloud, while still maintaining the control it wanted.
On his mission to create a virtualization technology that could provide one set of infrastructure across multiple clouds, Gillis was met with a technical challenge: when sticking a hypervisor on top of a hypervisor at the cloud, the technology was incredibly slow and performance was being cut in half. To overcome this challenge, a lot of trial and error, fine-tuning and tweaking was needed to get the technology—Bracket Computing Cell—to a point that Gillis refers to as “lightning fast.”
Your data is a valuable asset. Especially in today’s world of faster consumers, your data needs to be in tip-top shape to target, engage, and convert prospects. If not properly maintained, you risk any number of lost opportunities, decreased efficiency, and a negative impact to your bottom line.
Marketing data has become so important that 97% of companies feel driven to turn their data into insights, according to the 2015 Data Quality Benchmark report by Experian. According to the research, the top three drivers include:
- 53% - Wanting to understand customer needs
- 51% - Wanting to find new customers
- 49% - Wanting to increase the value of each customer
- Chart reason for maintaining high-quality data
The increase of ransomware has been discussed in great length over the past year. In my 2016 security predictions round-up, I noted that we should expect to see substantial growth in ransomware attacks, quoting Stu Sjouwerman, founder and CEO of KnowBe4:
Current estimates from the Cyber Threat Alliance put the damage caused by CryptoWall ransomware at $325 million, up 1800 percent since the FBI's report in June 2015.
And I’m not the only one who had ransomware on the mind. Others also were concerned about the rise of ransomware. For example, CSO had this to say: