By David Evans
Is the world of risk, continuity and crisis about to change as new concepts and approaches linked to resilience gain momentum or are we seeking solutions to the same old stories repacked through a different language?
Protecting organizations is big business, or at least it should be, as no one wants to fail and few if any executives can wish to face the negative impact of serious disruption or crises. In general, crises are expensive for organizations to handle, derail the best-laid plans and generally threaten the reputation of the top people in the business. Added to which there is a mix of guidance, regulatory requirements, employee concerns and shareholder expectations to address.
Patrick Alcantara explains why the BCI sees organizational resilience as an important framework that brings together various ‘protective disciplines’ and provides a strategic goal for organizations.
Resilience is fast becoming an industry buzzword which reveals underlying changes in the way practitioners view business continuity and other ‘protective disciplines’ such as emergency planning, risk management and cyber/physical security. From the development of clear boundaries which separate disciplines in the last decade or so, work is now underway to bring these fields together into a framework of organizational resilience. However, more than just thinking about it merely as the sum of ‘protective disciplines’, organizational resilience is thought of as a strategic goal that must be driven by top management. The quality of resilience is rooted in a series of capabilities that allow organizations to get through bad times (continuity) and thrive in good/changing times (adaptability). Organizational resilience involves a coherent approach ‘from the boardroom to the storeroom’ that requires strong governance and accountability among other ‘soft’ factors.
In the UK, this development in thinking culminates with the recent launch of the new British Standard 65000 (BS 65000) which outlines the principles and provides guidance behind organizational resilience. This parallels the development of global guidance on organizational resilience or ISO 22316 which is due on April 2017.
The ISP and hosting sectors were the most targeted industries of cyber-crime in 2014, and the trend is likely to continue in 2015. That’s according to Radware. The findings from its fourth annual ‘Global application and security report’, which surveyed 330 companies globally on cyber attacks on networks and applications, act as a strong warning to companies that depend on a hosting provider or ISP to ensure they do not become a ‘cyber-domino’ as a result of the security failings of their suppliers.
As part of the report, Radware has published a ‘Ring of Fire’, which tracks cyber attacks and predicts the likelihood of attack on major industries. In the last 12 months, ISPs have moved up the risk rankings to become some of the most at-risk companies, joining the gambling sector and government at the centre of the ‘Ring of Fire’. Hosting companies have jumped from ‘low risk’ on the outside of the ring to just outside the ‘high risk’ centre.
Adrian Crawley, UK & Ireland regional director for Radware, says: “The news presents a stark reality for thousands of British businesses that rely heavily on ISP and hosting provision to host their website and network operations. If companies fail to ensure their network security planning includes that of their ISP and hosting partners then there’s no doubt that 2015 will see a great number of ‘cyber-dominoes’ fall.”
Despite all the news headlines around data breaches, hackers and identity theft, it is a little known fact that since 2013 over 1 billion consumer records have been stolen by hackers. The estimated cost of this data theft is a staggering $5 billion dollars a year, which inevitably gets passed down to consumers and merchants in the form of higher prices and fees. No doubt, there is a global data security crisis, indeed a war being waged, that is getting harder and harder for the good guys to win.
The hackers only have to succeed a small percentage of the time to make a very big dent on our society. As a result, we are in an era where securing personal information requires more and more complex security and surveillance, by merchants, banks and the government agencies. The system of credit card processing introduced in the 1940s and 1950s and perfected in the 1970s and 1980s was just never designed for the 21st century, a century in which the Internet, the open source community and the dark web accelerate technology innovation at pace far more rapid than slow-moving merchant and banking infrastructure can keep up with. There is a need to address this global data security crisis, and this requires us to fundamentally rethink what it means for a consumer to spend money.
Retail companies have Big Data capabilities, but they’re not sure what to do with them. It’s just too… big, according to a special report released today by Brick Meets Clicks (available for free download with registration).
“Discussions about Big Data and retail often bog down in the vastness of its potential, leaving retailers with only the vaguest guidance as they try to figure out where and how to invest in this powerful tool,” states the report.
That seems to be a common theme with Big Data right now. As I shared in my previous post on analytics, Dr. Shawna Thayer talked about executive paralysis with Big Data during the recent Data Strategy Symposium.
It’s been said that the cloud represents a fundamental shift in the relationship between users, the enterprise, and the data with which they work.
A key facet of this change is the ability to spin up virtual and even physical data center environments on a whim, which leads to the interesting notion of how these resources are developed and deployed. It is reasonable to assume that with the cloud as the new data center, traditional resources will no longer be purchased and provisioned on a piecemeal basis. Rather, entire data centers will be implemented all at once. This is the same dynamic behind today’s hardware deployment, where whole servers or PCs are implemented, rather than individual boards, fans and chip sets.
The vendor community, in fact, has been prepping itself for this reality for some time. Nearly all of the major players have offered turnkey solutions for decades, but these usually represent pre-integrated components from their various product lines. Lately, however, vendors have been teaming up with newly minted software-defined networking (SDN) and other platforms in order to provide end-to-end data center products that do away with systems integration, testing and other complex processes.
DRD, LLC acquired by Access
LIVERMORE, Calif. – Rob Alston, CEO of Access, has announced the company’s recent acquisition of Diversified Research and Development, LLC, of Portage, Indiana. This transaction is the company’s 75th since its founding and represents an expansion of its Chicago market area presence into northwestern Indiana. Closing took place on November 7, 2014.
Ron Bush, DRD, LLC’s former owner, shared his reasoning for selecting Access as the buyer. “The best possible outcome for our clients was our priority throughout this process. My wife, Dorian, and I quickly came to recognize the Access commitment to providing its clients the very best service. Our interactions with the Access acquisition and operations teams gave us the level of confidence and comfort we needed to make this important decision. Today, we know we made the right one.”
Access President John Chendo explained, “Ron Bush recognized the many benefits a sale of his company to Access would afford his clients with our increased capabilities and the nationwide footprint Access offers. I look forward to discussing these unique Access benefits with other industry business owners, who like Ron, may be considering the opportunity to partner with us.”
As the largest privately held records and information management services provider in the United States, Access now serves 38 markets across the nation and in Latin America.
About Access (www.InformationProtected.com)
Access is the largest privately held records and information management (RIM) services provider in the United States. A trusted partner to clients spanning multiple industries and markets throughout the country, Access’ complete suite of services includes records storage and document management, data protection (electronic computer media), secure destruction, digital formatting and breach reporting services. The valuable business services Access provides allow clients to focus on their core businesses while reducing the costs and risks associated with document retention, management and final disposition. Access is backed by growth equity investor Berkshire Partners.
Mobile DC Power Services units are part of new capabilities for enhanced service delivery
COLUMBUS, Ohio – Emerson Network Power, a business of Emerson (NYSE: EMR) and a global leader in maximizing availability, capacity and efficiency of critical infrastructure, announces expanded battery services delivered by its Electrical Reliability Services business—the nation’s leading independent electrical testing, maintenance and engineering service company.
Emerson has long provided battery services to customers, but has now expanded its capabilities to offer a more comprehensive battery management solution designed to protect utility and industrial customers’ emergency power systems. These expanded services include capacity and load testing, battery charger maintenance, battery replacement, and regular preventive maintenance programs.
To deliver these expanded services to customers locally, Emerson Network Power has invested in new Mobile DC Power Services units located strategically across the United States. These custom-engineered units enable DC system maintenance to be performed on site with all the necessary power and safety equipment conveniently located in a mobile unit, ensuring a reliable temporary power source when conducting required DC system maintenance.
“Our new mobile units add a unique offering to our already robust line of battery services,” said Tom Nation, vice president and general manager, for Emerson Network Power’s Electrical Reliability Services. “They are packed with state-of-the-art technology that allows for the most accurate, repeatable, and safe DC system maintenance, and they ensure there is no downtime or interruption to our customers’ businesses.”
In addition to continuous operation, customers who take advantage of these expanded capabilities will also see increased battery life and backup time; maximum system reliability; improved compliance with the North American Electric Reliability Corporation (NERC) and the Institute of Electrical and Electronics Engineers (IEEE); as well as reduced overall maintenance costs.
“In industries such as oil and gas, petrochemical, and power generation, a maintenance plan targeted specifically to the batteries that support the emergency power system is required. We’ve seen firsthand how neglecting battery maintenance can cause unplanned downtime leading to dangerous chemical process instability, damage to process equipment, or in some cases, the complete and costly shutdown of a facility,” Nation said.
Emerson’s Electrical Reliability Services has been providing comprehensive service solutions to data center, utility and industrial customers for decades. Having more than 30 service centers, expanded battery service capabilities, and the mobile units mean its team is available 24/7 to provide customers with industry-leading, on-site battery services.
To learn more about the Mobile DC Power Services units, visit the Emerson Network Power YouTube page. For more information on electrical testing, maintenance and engineering solutions, as well as information on other technologies and solutions from Emerson Network Power, visit www.EmersonNetworkPower.com.
About Emerson Network Power
Emerson Network Power, a business of Emerson, delivers software, hardware and services that maximize availability, capacity and efficiency for data centers, healthcare and industrial facilities. A trusted industry leader in smart infrastructure technologies, Emerson Network Power provides innovative data center infrastructure management solutions that bridge the gap between IT and facility management and deliver efficiency and uncompromised availability regardless of capacity demands. Our solutions are supported globally by local Emerson Network Power service technicians. Learn more about Emerson Network Power products and services at www.EmersonNetworkPower.com.
Emerson (NYSE: EMR), based in St. Louis, Missouri (USA), is a global leader in bringing technology and engineering together to provide innovative solutions for customers in industrial, commercial, and consumer markets around the world. The company is comprised of five business segments: Process Management, Industrial Automation, Network Power, Climate Technologies, and Commercial & Residential Solutions. Sales in fiscal 2014 were $24.5 billion. For more information, visit Emerson.com.
As the complexity and diversity of devices, platforms and modes of interaction advance, so do the associated risks from malicious individuals, criminal organisations and states that wish to exploit technology for their own purposes. Below, Michael Fimin, CEO at Netwrix provides his major observations of IT security trends and the most crucial areas to keep watch over in 2015:
Many individuals and enterprises are already using cloud technologies to store sensitive information and perform business-critical tasks. In response to security concerns, cloud technologies will continue to develop in 2015, focusing on improved data encryption; the ability to view audit trails for configuration management and secure access of data; and the development of security brokers for cloud access, allowing for user access control as a security enforcement point between a user and cloud service provider.
As the adoption and standardisation of a few select mobile OS platforms grows, the opportunity for attack also increases. We can expect to see further growth in smartphone malware, increases in mobile phishing attacks and fake apps making their way into app stores. Targeted attacks on mobile payment technologies can also be expected. In response, 2015 will see various solutions introduced to improve mobile protection, including the development of patch management across multiple devices and platforms, the blocking of apps from unknown sources and anti-malware protection.
Software defined data centre
’Software defined’ usually refers to the decoupling and abstracting of infrastructure elements followed by a centralised control. Software defined networking (SDN) and software defined storage (SDS) are clearly trending and we can expect this to expand in 2015. But while these modular software defined infrastructures improve operational efficiency, they also create new security risks. In particular, centralised controllers can become a single point of attack. While the adoption of this approach is not widespread enough to become a common target for attacks, as more companies run SDN and SDS pilots in 2015, we expect their security concerns will be raised. This will result in more of a focus on security from manufacturers, as well as new solutions from third party vendors.
Internet of Things
The Internet of Things (IoT) universe is expanding with a growing diversity of devices connecting to the network and/or holding sensitive data - from smart TVs and Wi-Fi-connected light bulbs to complex industrial operational technology systems.
With the IoT likely to play a more significant role in 2015 and beyond, devices and systems require proper management, as well as security policies and provisions. While the IoT security ecosystem has not yet developed, we do not expect attacks on the IoT to become widespread in 2015.
Most attacks are likely to be ’whitehat’ hacks to report vulnerabilities and proof of concept exploits. That being said, sophisticated targeted attacks may go beyond traditional networks and PCs.
Next generation security platforms
In 2015 and beyond, we can expect to see more vendors in the information security industry talking about integration, security analytics and the leveraging of big data. Security analytics platforms have to take into account more internal data sources as well as the external feeds, such as online reputation services and third party threat intelligence feeds. The role of context and risk assessment will also become more important. The focus of defence systems becomes more about minimising attack surfaces, isolating and segmenting the infrastructure to reduce potential damage and identifying the most business-critical components to protect.
Looking back at previous years, new security challenges will continue to arise, so IT professionals should be armed with mission-critical information and be prepared to defend against them.
For more information about security predictions for 2015, please visit: www.netwrix.com/go/predictions2015
About Netwrix Corporation
Netwrix Corporation, the #1 provider of change and configuration auditing solutions, delivers complete visibility into who did what, when, and where across the entire IT infrastructure. This streamlines compliance, strengthens security, and simplifies root cause analysis. Founded in 2006, Netwrix is ranked in the Inc. 5000 and Deloitte Technology Fast 500. Netwrix software is used by 160,000 users worldwide. For more information, visit www.netwrix.com.
Mobile alert system empowers members to protect themselves and help prevent America's fastest-growing crime
PORTLAND, Ore. – Moda Health individual insurance plan members now can have built-in protection against medical ID fraud, America's fastest-growing crime, through the MIDAS alert and resolution system powered by ID Experts.
Healthcare data breaches have now affected about 40 million individuals, according to HIPAA statistics collected by the Department of Health and Human Services. Use of stolen medical identities to commit medical identity fraud can corrupt the information in a patient's file, leading to future misdiagnoses, prescription confusion or inappropriate treatment decisions.
"Medical ID fraud is both an invasion of privacy and a threat to an individual's health and wellbeing," said Jonathan Nicholas, vice president of marketing at Moda. "MIDAS empowers Moda's individual plan members to spot false claims early."
Moda members who sign up for MIDAS will receive text or email alerts any time a new claim is made against their identity. Members can approve the claim or flag it if they don't recognize it. If fraud has occurred, ID Experts will resolve the issue and work to return the member to pre-theft status. Moda employees participated in a pilot test of the MIDAS system at an earlier phase of its development.
"Medical identity theft presents consumer safety challenges unlike any other form of data breach," said Bob Gregg, CEO of ID Experts. "Moda has pushed strongly into the individual insurance market with the idea that members should expect more from their insurers. MIDAS is helping Moda protect its members and deliver on that promise."
As the individual insurance market expands, more consumers than ever are paying out of pocket for their coverage. Keeping down costs by reducing fraud and improving the quality of care has become an important pocketbook issue and an area of shared responsibility. At present, 56 percent of patients do not check their health records and explanations of benefits statements for accuracy, according to a Ponemon Institute study.
Gartner, Inc. selected ID Experts and its MIDAS offering as a Cool Vendor for Healthcare Payers in 2014. Jeff Cribbs, Gartner principle research analyst and author of the report, praised MIDAS by saying it "represents a low-cost, high-consumer-engagement tool that can not only help foster good relationships with members, but also save money by stopping payments for claims and services that are not valid."
Moda members can sign up for MIDAS through the myModa portal at modahealth.com.
About Moda Health
Moda Health is a multifaceted organization that provides medical, dental, pharmacy, vision, and professional liability insurance products, along with a variety of business services including benefits administration. Moda Health is headquartered in Portland, and its service area encompasses Oregon, Washington, and Alaska. Visit: http://www.modahealth.com.
About ID Experts
ID Experts provides software and services for managing the disclosure and breaches of regulated data. The Medical Identity Alert System – MIDAS – is the first and only member-focused healthcare fraud solution that engages health plan members to monitor their healthcare transactions and take control of their medical identities. Exclusively endorsed by the American Hospital Association, ID Experts is an advocate for privacy and a leading contributor to legislation and industry organizations that focus on the protection of PHI and PII. On the web: http://www.idexpertscorp.com/midas-software.