In our increasingly competitive business environment, companies everywhere are looking for the next new thing to give them a competitive edge. But perhaps the next new thing is applying new techniques and capabilities to existing concepts such as risk management. The exponential growth of data as well as recent technologies and techniques for managing and analyzing data create more opportunities.
Enterprise risk management can encompass so much more than merely making sure your business has purchased the right types and amounts of insurance. With the tools now available, businesses can quantify and model the risks they face to enable smarter mitigation strategies and better strategic decisions.
The discipline of risk management in general and the increasingly popular field of enterprise risk management have been around for years. But several recent trends and developments have increased the ability to execute on the concept of enterprise risk management.
As the complexity and diversity of devices, platforms and modes of interaction advance, so do the associated risks from malicious individuals, criminal organisations and states that wish to exploit technology for their own purposes. Below, Michael Fimin, CEO at Netwrix, provides his major observations of IT security trends and the most crucial areas to keep watch over in 2015:
Many individuals and enterprises are already using cloud technologies to store sensitive information and perform business critical tasks. In response to security concerns, cloud technologies will continue to develop in 2015, focusing on improved data encryption; the ability to view audit trails for configuration management and secure access of data; and the development of security brokers for cloud access, allowing for user access control as a security enforcement point between a user and cloud service provider.
As the adoption and standardisation of a few select mobile OS platforms grows, the opportunity for attack also increases. We can expect to see further growth in smartphone malware, increases in mobile phishing attacks and fake apps making their way into app stores. Targeted attacks on mobile payment technologies can also be expected. In response, 2015 will see various solutions introduced to improve mobile protection, including the development of patch management across multiple devices and platforms, the blocking of apps from unknown sources and anti-malware protection.
Software defined data centre
’Software defined’ usually refers to the decoupling and abstracting of infrastructure elements followed by a centralised control. Software defined networking (SDN) and software defined storage (SDS) are clearly trending and we can expect this to expand in 2015. But while these modular software defined infrastructures improve operational efficiency, they also create new security risks. In particular, centralised controllers can become a single point of attack. While the adoption of this approach is not widespread enough to become a common target for attacks, as more companies run SDN and SDS pilots in 2015, we expect their security concerns will be raised. This will result in more of a focus on security from manufacturers, as well as new solutions from third party vendors.
Internet of things
The Internet of things (IoT) universe is expanding with a growing diversity of devices connecting to the network and/or holding sensitive data - from smart TVs and Wi-Fi-connected light bulbs to complex industrial operational technology systems.
With the IoT likely to play a more significant role in 2015 and beyond, devices and systems require proper management, as well as security policies and provisions. While the IoT security ecosystem has not yet developed, we do not expect attacks on the IoT to become widespread in 2015.
Most attacks are likely to be ’whitehat’ hacks to report vulnerabilities and proof of concept exploits. That being said, sophisticated targeted attacks may go beyond traditional networks and PCs.
Next generation security platforms
In 2015 and beyond, we can expect to see more vendors in the information security industry talking about integration, security analytics and the leveraging of big data. Security analytics platforms have to take into account more internal data sources as well as the external feeds, such as online reputation services and third party threat intelligence feeds. The role of context and risk assessment will also become more important. The focus of defence systems becomes more about minimising attack surfaces, isolating and segmenting the infrastructure to reduce potential damage and identifying the most business critical components to protect.
Looking back at previous years, new security challenges will continue to arise, so IT professionals should be armed with mission critical information and be prepared to defend against them.
When the topic of cybersecurity comes up at your organization, I’m guessing your executives immediately look to the CIO – yourself included. After all, when you’re talking about data, about information access and about the technology needed to keep both safe from unwanted activities, you assume IT has it covered. And your organization isn’t the only one operating under this assumption – far from it.
According to a report by Kroll and Compliance Week, three-quarters of Compliance Officers have no involvement in managing cybersecurity risk. Plus, 44 percent of respondents revealed that their Chief Compliance Officer is only given responsibility for privacy compliance and breach disclosure after a security incident has taken place and plays zero part in addressing the risks beforehand.
Here’s the problem with that approach: many breaches are preventable. According to the 2013 Verizon “Data Breach Investigations Report,” 78 percent of initial intrusions are rated as “low difficulty.” Now, don’t get me wrong: hackers are extremely crafty and are scheming new tactics as I write this. But part of the reason they are able to get their hands on data that isn’t theirs is because organizations simply aren’t prepared.
The festive season is upon us and, assuming there are no postal strikes, Christmas Cards in their billions will be delivered to homes across the world spreading peace, joy and goodwill. Of course the Business Continuity Institute shares those same sentiments but, as has become tradition, we have decided not to send cards. Instead we will donate the money to those who need it more than we do.
This year, with the deadly virus Ebola high on our radar, we will be supporting Unicef in fighting this outbreak. As of the 1st December 2014, the total reported number of confirmed, probable, and suspected cases in the West African epidemic was 15,935 with 5,689 deaths. "Thousands of children are living through the deaths of their mother, father or family members from Ebola" said Manuel Fontaine, UNICEF Regional Director for West and Central Africa. "These children urgently need special attention and support; yet many of them feel unwanted and even abandoned. Orphans are usually taken in by a member of the extended family, but in some communities, the fear surrounding Ebola is becoming stronger than family ties."
As business continuity professionals, our role is to make sure that our organizations can continue to operate in the event of a 'disruption' but how would you prepare for a crisis of this magnitude? Can you prepare for a crisis of this magnitude? How do you continue to operate when death lurks around every corner and lives are consumed by fear? Fortunately most of us will never have to experience this, but we can play our part in helping those who do, which is why we are making this donation. If you would also like to make a donation to Unicef and help fight the spread of Ebola then please click here.
The BCI would wishes all our Chapter Leaders, Forum Leaders, the BCI Board, Global Membership Council and fellow business continuity practitioners around the world, Seasons' Greetings and a healthy 2015.
Note that the BCI Central Office will be closed on the 25th and 26th December and the 1st January 2015, re-opening on Friday 2nd January 2015. On the days between Christmas and New Year, the office will be staffed between 10am and 3pm only (GMT).
A recent court decision about the Target breach should have businesses of all sizes taking note.
“Although the third-party hackers’ activities caused harm, Target played a key role in allowing the harm to occur,” Magnuson wrote in his ruling. “Indeed, Plaintiffs’ allegation that Target purposely disabled one of the security features that would have prevented the harm is itself sufficient to plead a direct negligence case.”
While most risk professionals are satisfied with their insurers and brokers, those from of organizations with enterprise risk management (ERM) programs were the least content, according to the inaugural J.D. Power and Risk and Insurance Management Society (RIMS) 2014 Large Commercial Insurance Report.
The full report, based on findings of the J.D. Power 2014 Large Business Commercial Study, slated for release in February 2015, examines industry-level performance metrics among large business commercial insurers and brokers. The study, which interviewed almost 1,000 risk professionals, highlights best practices that are critical to satisfying them.
As an information technology (IT) leader dealing with the intricacies and complexities of enterprise technology every day, I can tell you this: it’s not the technology that is the toughest thing to change in IT. It’s the people. Here’s my personal take on 4 of the hardest IT transformations to implement – and how people make or break those changes.
1. Going global
There’s no question that transforming your company from regional-based systems to global systems is a big job. Global applications, global processes, global networks … that takes tech expertise to the nth degree. You need to talk with the regions, departments, and teams to ensure that you have all the business requirements clear and know how the end-to-end processes now need to work before you can consolidate disparate systems or stand up new ones.
That being said, chances are that you’ll find those separate regions have their own cultures, methodologies, goals, and initiatives … and they like it that way. It often works, and works well – for them. The most important thing when talking to these regions is to remember that people want to be heard and valued for their expertise. This doesn’t mean they’re absolutely tied to the old way of doing things. Most likely, they simply want to provide context so that their voices and inputs are considered in the new direction.
So as you transform your ERP apps to span the world, or plug in new SaaS apps to transform the user experience, you simultaneously need to build a culture that helps people move out of their regional silos. Hear what they have to say before you encourage them to embrace a new perspective. Having listened, you can then encourage them to look at what is best for the company and for the customer overall. Let them see the benefits that will come from globalization, such as the removal of inconsistencies or duplication. Acknowledge that they are giving up something when they lose their regional approach, but assure them that there are great answers to the ever present question “WIIFM”: “What’s in it for me?”
Claims Team in Place to Address Severe Weather in the West
LOS ANGELES -- The stream of tropical moisture referred to as the Pineapple Express continues to cause damage in Northern California, Oregon and Southwest Washington. Wind gusts of 60 mph have been reported in the path of the storm and have resulted in downed power lines and trees.
Farmers Insurance advises residents in the path of this storm to protect themselves and their families (including their pets). Farmers reminds everyone to ensure they have a list of emergency contacts, water, canned food, a battery powered radio and a backup power supply for their cell phone, among other items that may be needed during a power outage. A list of items that can go in a family emergency kit can be found at www.Farmers.com/catastrophe/family-emergency-kit.
The Farmers Insurance claims team is working around the clock to track the weather system and prepare a quick and efficient response to customers. >From preparing additional call handlers in their multiple call centers across the country to placing national catastrophe claims handling staff on standby, Farmers Insurance is ready to ensure a speedy recovery for customers.
"At Farmers Insurance our claims staff continually prepares for severe weather events such as this," stated Keith Daly, Farmers chief claims officer. "We know that the path to a fast recovery starts with by being prepared for a fast, efficient response."
Daly advises that all Farmers customers who suffer damage from severe weather should file their claims at www.farmers.com, through their agent, or by calling the 24-hour claims center. Daly also noted that anyone in the path of this storm should closely monitor their local news stations for updates and follow the advice and directions of local authorities.
Farmers Claims Contact Center number: 1- 800-435-7764.
Foremost and 21st Century customers can also use the 1-800-435-7764 number for immediate assistance.
Bristol West customers can call 1-800-274-7865 for immediate assistance.
Spanish-language claims assistance is available to Farmers customers by calling:
Farmers Insurance Group of Companies is a leading U.S. insurer group of automobiles, homes and small businesses and also provides a wide range of other insurance and financial services products. Farmers Insurance is proud to serve more than 10 million households with more than 20 million individual policies across all 50 states through the efforts of over 50,000 exclusive and independent agents and approximately 22,000 employees.
For more information about Farmers, visit its Web site at www.farmers.com or at www.Facebook.com/FarmersInsurance.
Disruptive companies are being held back by HR projects taking twice the time, at twice the cost - says Adam Hale, CEO
Fairsail white paper shows businesses how to implement a new HRMS in 90 days
Fairsail, global cloud HRMS vendor, today laid down the gauntlet to the technology industry to better support disruptive businesses in this period of rapid growth.
While many large SaaS based HR software suppliers are quoting 18-24 month implementation periods, Fairsail is dedicated to delivering in 90 days, demonstrated by its project with technology and services company SDL.
Fairsail warns that, at a time where businesses need to be most agile, organisations are being held back by lengthy implementation times. Just when they need to drive the business forward, their ability to retain, recruit and reward the right people is being restricted.
“The ‘Race for Change’ means that all organisations must be capable of moving faster and faster to take advantage of an ever more disruptive business environment. So it’s equally important that internal systems are just as agile. HRMS is one of the fastest growing SaaS applications and users should demand and expect rapid deployment,” Richard Holway MBE and Chairman, TechMarketView LLP – The Technology Analyst.
Fairsail’s research shows that 76% of companies plan to change their HR system, with 60% planning to start the project over the course of this year. Despite the potential benefits, many organisations are held back from upgrading their HR system because they fear the disruption and cost of a lengthy upgrade process.
The issues these organisations are facing have come to light, during 2014, as they emerge from recession in need of the agility and scalability provided by cloud-based systems - but while still being plagued by manual inefficiencies and a lack of self-service, automated technology. Fairsail has spoken to many companies living in this “Excel hell”, which is widely reported.
Fairsail has launched a white paper for business entitled Unleash the people power in your business in less than 90 days. This details the key steps in the process to upgrade people management systems, and shows how it doesn’t have to take months, or years, to have a modern, global HR system in place.
The paper includes a checklist which outlines the essential success ingredients that will help organisations meet their business goals within a 90-day timescale: a clear and pressing business case, and an efficient project plan.
“Business has changed; the way we work has changed, and the workforce has changed. Unfortunately, for many organisations their systems for managing people have not,” said Adam Hale. “It is shocking to see agile and fast moving businesses so underserved by inadequate systems; creaking at the seams when companies are seeking growth during a time of accelerated change.”
As an example of how global implementation can happen rapidly, London-based Betting Exchange pioneer, Betfair, went live after a 90-day period; providing a global HR solution to its 1600+ employees spread across locations in the UK, Ireland, Malta, Gibraltar and Romania. The successful implementation process included integration of the cloud-based Fairsail system to separate country-specific payroll systems.
Fairsail enables mid-size, multinational companies to manage modern workforces through its global cloud HRMS, transforming how organizations acquire, engage, manage and develop their people. Implemented quickly and simple to use, the system increases company productivity, reduces operational costs and provides better experiences across the entire workforce. Fairsail’s customer portfolio includes Laird, Roto Rooter, Antea Group, Cobalt International Energy, Solarwinds, Betfair, SDL, Monitise, and Cooper Gay.
Latest Version Offers Block-Level Backup across All Cloud Storage Providers; Makes File System, Bare Metal and System State Backup Faster and More Cost Effective
NEWPORT BEACH, Calif. – CloudBerry Lab™, a vendor of backup and management solutions for public cloud storage services, today announced CloudBerry Backup 4.0 featuring block-level backup across all supported cloud storage providers, including Amazon Web Services, Google Cloud, HP Helion, Microsoft Azure, OpenStack, Rackspace, and many others. Already one of the most robust online backup solutions available today, CloudBerry’s backup offering now provides small and mid-sized businesses (SMBs) and the IT service providers that serve them with even greater efficiency and ease of use, translating into less time required for cost effective, hassle-free, automated backup of valuable data.
New features in CloudBerry Backup 4.0 include:
• Block-Level Backup: Faster, Less Resource Intensive: Block-level backup analyzes source files and backs-up only those parts of files that have been modified since the most recent backup, saving a significant amount of time and storage space compared to running a full file backup. Additionally, restoring a block-level backup takes less time compared to restoring a full file-level backup.
• Improved Bare Metal and System State Backups: In addition to offering block-level backup for simple data backups, this latest offering also provides block-level backup for full Bare Metal Restore (BMR) and System State backups. BMR and System State backups can proceed quickly, without any requirements as to previously installed software or operating systems.
• Improved MS SQL Server Backup: This latest release of CloudBerry Backup comes with updated MS SQL Server backup, and includes seamless and transparent support for Transparent Data Encryption (TDE) and FILESTREAM. TDE protects data by encrypting the physical files of the database rather than the data itself in order to prevent unauthorized access by restoring the files to another server, while the FILESTREAM data type stores large unstructured objects, such as documents and images.
• Multithreading: Allows for Faster Restore: With CloudBerry Backup 4.0, multithreading is added to the restore process. Files can now be transferred in parallel threads, allowing users to retrieve and restore their data from the cloud much faster.
“CloudBerry Backup 4.0 with block-level backup is the perfect solution for everyday backup as it significantly reduces the amount of data that is moved to an online storage provider,” said Alexey Serkov, CTO at CloudBerry Lab. “In addition to reducing the amount of storage space required, block-level also greatly accelerates backup and allows users to prevent loss of valuable data even if their files have been modified multiple times since the last backup.”
With CloudBerry Backup, data confidentiality is enforced through the mechanism of transparent exchange whereby only the end-user has access to the actual data residing on external sources. Service providers initiate the process and oversee its completion, while the actual link is established directly between the end user’s computer and the cloud repository. In addition, to ensure complete security, CloudBerry protects all data with customer-controlled encryption keys.
“Block-level backup for bare metal solutions is essential for businesses running either onsite or hybrid server solutions,” said Director at F&J Professional Computer Services, Brian Ford. “CloudBerry Backup 4.0 now makes it possible to take advantage of the economies of cloud storage solutions such as Azure to provide this critical function for IT infrastructure."
All components of CloudBerry Backup v4.0 are available immediately in:
• Desktop edition for Windows workstations priced at $29.99;
• Server edition for Window Servers priced at $79.99;
• Bare-Metal edition with System State Backup and Bare Metal Recovery for Windows Servers priced at $119.99;
• MS SQL edition for Windows Servers with MS SQL Server priced at $149.99;
• MS Exchange edition for Windows Servers with MS Exchange priced at $229.99, and
• Enterprise edition with all-in-one features priced at $299.99.
About CloudBerry Lab
Established in 2008 by a group of experienced IT professionals, CloudBerry Lab™ provides cloud-based backup and file management services to small and mid-sized businesses (SMBs). CloudBerry’s offerings include powerful, easy-to-use backup management capabilities and military-grade encryption using customer-controlled keys. Customers can choose to store their backup data with more than 20 online storage providers, including Amazon S3, Microsoft Azure, Google Cloud, HP Cloud, Rackspace, Softlayer and others. CloudBerry also partners with thousands of VARs and MSPs to provide them with turnkey, white-label data protection services. CloudBerry Lab is an Amazon Web Services Advanced Technology Partner. For more information please visit www.cloudberrylab.com. Follow us on Twitter at @cloudberrylab.