Industry Hot News (6801)
When it comes to shadow IT, the enterprise has three choices: It can accept it, fight it or ignore it. All too often, however, organizations choose the third option, which in most cases not only fails to satisfy individual or organizational needs but can place systems and data at risk.
Fortunately, new practices and new technologies are making it easier to accommodate shadow IT, and even use it to gain an advantage in today’s digital economy.
According to a recent report by cloud security expert Netskope, shadow IT can creep into the enterprise even when service deployment and usage policies are in place to prevent it. In its latest quarterly assessment, the company reports that half of all Box and Dropbox users maintain personal instances on these platforms along with the sanctioned presences established by their employer. This makes it extremely difficult to detect and mitigate practices like data exfiltration and file sharing between the enterprise and private instances. At the same time, the company says that upwards of 95 percent of services employed in the cloud are not enterprise-ready, with particular deficiencies when it comes to compliance with government mandates like the EU’s General Data Protection Regulation.
Wordfence researchers are warning of a new and unusually effective phishing scam designed to steal login credentials from Gmail users, though it's also been seen targeting users of other services (h/t The Register).
An email is sent to a target's Gmail account, often from someone they know whose account has been hacked using the same technique, including an image of an attachment the recipient will likely recognize from the sender.
"You click on the image, expecting Gmail to give you a preview of the attachment," Wordfence CEO Mark Maunder explains in a blog post describing the attack. "You glance at the location bar and see you accounts.google.com in there."
Do you know how to actually execute a recovery using your defined disaster recovery strategy, or will your team have to figure it out? We’ve discussed developing a disaster recovery strategy at length, but what happens when it’s time to execute your strategy?
In his poem, To a Mouse, Robert Burns provides a well-known and insightful thought, “the best-laid plans of mice and men sometimes go awry.” We’ve seen how true this can be when we must perform an actual recovery that doesn’t go as smoothly as we might have hoped, even with all of our planning and document development.
Here are some ideas on providing training and validation of the execution of your DR strategy and plans.
Buying a system that provides built-in intelligence reduces both deployment time and total cost of ownership. This results in a program that aligns with proven best practices, industry standards, and governing regulations to exceed your program’s resiliency goals.
Why try to reinvent the wheel? Why spend your time building an untested, unproven solution? The smart answer is to embrace the built-in intelligence of a tested software product. Spend your valuable time elevating your Business Continuity/Disaster Recovery (BCDR) program instead. Unlike software that you build from scratch with your vendor over the course of months or years, ResilienceONE® from Strategic BCP® provides a Business Continuity Management (BCM) solution that is ready right out of the box and instantly provides users with the following:
Fully 95 percent of cloud services in use in the average enterprise aren't enterprise-ready, according to the January 2017 Netskope Cloud Report.
Specifically, 82 percent of cloud services don't encrypt data at rest, 66 percent don't specify in their terms of service that the customer owns the data, and 42 percent don't allow admins to enforce password controls.
An average of 1,031 cloud services are now in use per enterprise, up from 977 in the previous quarter.
In 2014, I collaborated with EY to develop Russia’s first risk management business game. It was great fun, and as a result, we created a pretty sophisticated business simulation.
Participants were split into teams of 10, each person receiving a game card that describes their role (CEO, CFO, risk manager, internal auditor, etc.). At the start of the game, teams must choose one of four industry sectors (telecom, oil and gas, energy or retail) and name their company. The game consists of four rounds, and in each round, teams must make risk-based decisions. Each decision has a cost associated with it and a number of possible outcomes. Teams must analyze and document the risks inherent in each decision they make. The riskier the decision, the higher the probability of adverse outcome. At the end of each round, computer simulation model chooses a scenario and the outcome is announced to each team. Each decision has consequences, and the outcome may either make money for the business or lose money.
The aim of the game is to increase the company valuation by properly weighing risks and making balanced business decisions. The winning team is the one that increases its company’s value the most after four rounds.
Despite the redundancy and resilience the enterprise has gained from virtualization and cloud computing, disaster recovery remains one of the most overlooked functions on the IT to-do list.
In many cases, organizations have established backup and recovery services for their primary applications, but without constant care and attention to the processes behind B&R, and the way they are affected by constantly evolving data loads and architectures, the reliability of these services is questionable at best. In the digital economy, it’s not enough to recover – you must recover quickly and thoroughly.
According to recent research from cloud recovery specialist Asigra, the typical enterprise recovers less than 5 percent of its data during the restore process, most of it from file systems. Most data recovery requests are the result of ransomware attacks and losses from cloud-based platforms like Office 365 and Salesforce, and more than half of all requests across multiple industry verticals are for previous generations of data. Only about 13 percent of recovered data was lost due to user error or accidental deletion. What this shows is that while only a small portion of data is typically needed to get applications and services up and running, many organizations still pay a premium for 100 percent backup of their online data.
Cloud-based security continues to emerge as a key growth area. The main reasons for this growth is due to the overall ease of deployment and strong expertise of cloud security teams, and the reduction in investment in hardware/infrastructure required to support the business. Businesses are no longer required to maintain equipment onsite that need a specialist to operate and maintain.
Cloud-based security solutions lower the operating cost because there is less need for upgrading software, monitoring and documenting software security activities. The cost of hardware and software is increasing dramatically which makes cloud-based security an attractive option for companies of all sizes.
According to PWC’s Key findings from The Global State of Information Security® Survey 2016, 79% said they use cloud-based cybersecurity services like real-time monitoring and analytics, advanced authentication, identity and access management. This survey included input from more than 10,000 IT professionals from around the globe.
With 2017 already underway, it’s a good time to look at what we think will be major drivers in the mass notification system market. One recent report estimates this market is to grow from $4.16 billion in 2016 to more than $9 billion by 2021. It appears the focus will be on business continuity strategies and IP-based notification devices. Let’s break those down a bit.
When an emergency happens, its ripple effect can extend beyond the initial incident to produce plenty of collateral damage. Any interruption in service and/or operations will directly impact the bottom line as well as customer satisfaction, brand reputation, and other less concrete but equally important metrics. Companies can spend millions of dollars to recover and continue operating as quickly as possible, from repairs and rebuilding to marketing and PR strategies.
As more companies fear the worst, which would be prolonged or complete organizational shutdowns, they are getting smarter about their emergency response plans. In today’s 24×7 news and social media, one misstep can lead to irreparable damage. Consumers expect a rapid response, one that balances the potential personal loss of its key stakeholders (employees/customer/supplier/partner base) and community with recovery strategies to get the business up and running. Consumers’ patience is fragile.
According to most experts, 2.5 quintillion bytes of data are being created each day, and 90% of the data that exists in the world today has been created in the last two years alone. By the year 2020, it is estimated that 1.7 megabytes of new information will be created every second for every human being on the planet.
More data brings more opportunities to businesses, but it brings new challenges with it, too. A specific challenge that many organizations are facing is safely storing and backing up the unprecedented amounts of data that they are finding themselves in charge of. Research shows that 60% of companies that improperly manage their data and lose it to a disaster will shut down within six months of the event. The importance of a proper disaster recovery plan is more critical than it ever has been before.
Here are six shocking statistics you may not know about Disaster Recovery. They might make you rethink the necessity of having a proven, tested plan in place should something go wrong.