ARCHIVE FOR THE ‘cyber-security’ CATEGORY

Employees are putting their businesses at risk of cyber-attacks by refusing to obey the rules when it comes to the apps they use in the workplace, according to a report from Maintel.

Workers have confessed to using unapproved apps in the office, including Instagram, Facebook Messenger and Snapchat to communicate with colleagues as well as friends and family. For example, four in ten employees (41%) admit to using Instagram for more than two hours each day, despite the app being banned in almost half of UK organisations.  

The majority of employees are well aware that certain apps are not approved for workplace use, but this hasn’t stopped them breaking the rules. In fact, the research found that usage is on the rise, with use of WhatsApp, Snapchat and Instagram increasing significantly over the past three years – 30%, 27% and 33% respectively. 

Staff told us that apps like WhatsApp offer ease of use (84 per cent), speed of response (44 per cent) and informality (35 per cent) in the workplace. This highlights that businesses need to implement more apps that meet their workers needs. But, while employees may be continuing to break the rules, using these unapproved apps is a danger for many businesses. The risks of using undocumented, unsecure apps should be obvious enough – especially in light of GDPR. 

Maintel CTO Rufus Grig said: “If this research tells us one thing, it’s that whilst organisations can go ahead and prohibit the use of as many tools as they like, this will never be enough to actually make this vision a reality. Businesses need to recognise that employees are still using these tools in the knowledge they are unauthorised, and make a conscious effort to understand why. Employers need to ensure the communication needs of a multi-generational workforce are catered for. To do this, it’s clear we need to invest more time into making sure that approved tools offer the best user experience possible, or in those words, offering platforms that are motivating, compelling and easy to use in the workplace”.

You can see the report here.

A new report from has highlighted that senior executives are still often the weakest link in the corporate cyber security chain and that cyber criminals target this vulnerability to commit serious data breaches. 

According to a white paper from The Bunker, many senior executives ignore the threat from hackers and cyber criminals and often feel that security policies in their respective organisations do not apply to their unique position. However, in reality, their often privileged access to company information make their personal accounts extremely valuable to exploit and heightens the need for extra care.

In addition to highlighting the common mistakes made by senior executives, the white paper lists the top security areas that should be prioritised to ensure cyber security resilience.Phil Bindley, Managing Director at The Bunker said: “In tackling and mitigating the security threat, a critical issue is a failure to securely back up email data. Many businesses assume that a cloud-hosted service, such as Office 365, comes with automatic back-up and security provisions.

Unfortunately, it does not.“Unless stated and agreed, vendors do not guarantee complete system security or data backup as standard, so organisations need to be careful and have a full understanding of the SLAs in place. We advise people to replace the word ‘cloud’ with ‘someone else’s computer’, to get a better perspective of the risks that need to be mitigated when deploying a cloud-based service”.

All employees -especially those at the top of the corporate ladder- need to realise that cyber criminals use social engineering, email phishing and malware to access personal accounts, and C-level staff especially need to avoid becoming the weakest link in the cyber security chain by adhering to regularly updated, company-wide security policies regarding data sharing and backup.He continued: “Cloud offers a highly secure and cost-effective platform to defend against threats and malicious attacks.

However, data stored in a public cloud typically resides outside the protection of an organisation’s internal systems and many vendors do not automatically back-up data or implement security and privacy controls as standard, making it a perfect entry-point for cyber criminals to exploit.

“Reviewing corporate policies, with a focus on people, premises, processes, systems and suppliers will provide valuable insights into which areas to improve, and by championing a ‘security first’ corporate culture, organisations and their senior executives will be well positioned to avoid the high financial costs, reputational damage and unexpected downtime that could result from a cyber attack or data breach,” he concluded.

 

Download a copy of the white paper click here,

 

Blockchain and its potential has been mooted in field service circles for years. Is it time we stop thinking big and instead build smaller use-cases before we lose sight of what’s actually important, the end-user? Mark Glover, Field Service News’ Deputy Editor finds out more.

In 2008, a person (or a group of people) known as Satoshi Nakamoto conceptualised the first blockchain. A year later, this digitised digital ledger was a critical accessory to the group’s (or his) headline act, the now ubiquitous cryptocurrency Bitcoin.

The impact of this decentralised digital currency on financial markets and a curious, confused society has been fascinating to follow. That the persona of the inventor or the inventors remains unknown adds to the plot.

Yet, without blockchain, the currency wouldn’t function. This smart ledger, driven by a peer-to-peer network has the potential to stamp itself on industry and in particular field service. But can the sector adopt the technology in a way that will ultimately benefit the end-user?

Firstly though, and apologies to all those who have a handle on the technology, what is blockchain? Scouring the internet for a simple definition is tricky, eventually, the excellent forward-thinking mission.com offered this: “Blockchain is the technology that underpins digital currency (Bitcoin, Litecoin, Ethereum and the like). The tech allows digital information to be distributed, but not copied. That means that each individual piece of data can only have one owner.”

 

"The tech allows digital information to be distributed, but not copied. That means that each individual piece of data can only have one owner..."

 

Straightforward enough. But let’s expand it to industry. How can it fit into the aerospace sector and specifically a plane engine? Parties involved include the airline, the engine manufacturer and the service company all of whom are squirting data into that asset’s blockchain.

The jet engine is a high-end valuable piece of equipment, the blockchain systems enable a single, irrefutable history of that asset. The linking of parties (blocks) removes the requirement for inter-party consultation before extracting required information meaning critical decisions can be made quicker and more effectively. It’s also secure and visible to everyone and accurate and trust, therefore, is enhanced around the chain. The benefits are tangible. So why aren’t all companies rushing to implement it?

“Like all emerging technologies there are only going to be one or two applications that are going to come up for this kind of thing in the very early days,” says Stephen Jeffs-Watts, Senior Advisor – Service Management at IFS. Stephen is an expert in blockchain, a keen enthusiast of its benefits but warns that fields service shouldn’t get too carried away just yet, particularly as sectors are only starting to dip their toes in the murky blockchain water.

 

"We have to try and bear in mind that it [blockchain] is also directly proportionate to the type of kit that’s been installed...“

 

A lot of the use cases that are coming up at the moment,” he tells me, “are in very high-value assets and very highly regulated supply chains; in aerospace, defence, nuclear and very-high-end medical applications,” he pauses. “There aren’t too many Phillips Medicals out there.”

In field service, blockchain technology can potentially trace parts, verify assets and look-up maintenance and operations history, but according to Stephen, it needs to bed-in with modern hardware before its benefits can be felt. “We have to try and bear in mind that it [blockchain] is also directly proportionate to the type of kit that’s been installed,” he warns, “Are you really going to use blockchain to authenticate the asset history or the maintenance and servicing history for a ten-year-old piece of equipment?” Another pause, “You’re not.”

Let’s go back to the jet engine blockchain analogy; the engine itself is a high-end piece of equipment.

The airlines and engine manufacturer, themselves are high-end companies:  BA, KLM, Lufthansa, Rolls Royce, GE, Northrup Grumann, for example. All are big companies keen to monetise blockchain, the only real way to do this is through data-ownership but in a high-asset blockchain, this isn’t always straightforward.

Who owns the data from a jet-engine? Is it the airlines?

The thrust from their plane goes through that engine and what about linking that to the pilot who’s flying that aircraft and jet engine through the air? That’s the airline’s data too. They also have a hand in the plane’s load: the number of passengers and baggage, fuel etc. That’s also data from the airline.

The engine itself? Rolls Royce might run it on a power-by-the-hour contract, so it’s their engine, so do they own the blockchain data? Like that other revolution IoT, blockchain becomes an issue of data ownership. What can be done to grease the chains to make the process run smoother?

“You’re going to have to get industries and supply chains to actually come together and solve the underlying data ownership issue,” Steve offers. “There is going to have to be some kind of consensus; an informal consensus through co-operation; the introduction of some kind of industry standard or ultimately an enforced consensus through legislative means,

Be it an Industry standard or a regulatory framework, large-scale blockchain implementation ultimately needs sectors to work together, to come together in agreement and as Steve explains, it also becomes an issue of trust. “Let’s say there are ten people involved in the supply chain: the operator, the Original Equipment Manufacturer (OEM), there may be a service operator; they’re all contributing data to that chain.

“But does the end operator actually have enough trust in the OEM to question if they are going to use their data and benchmark it against its competitors”, he ponders.

Issues around data-ownership, trust and unfit equipment unable to handle what is essentially a large-scale, shared google document are indicators that large-scale field-service blockchain implementation isn’t as close as we might think. Perhaps we are setting our sights too high? Maybe the use-cases should be carried out on a much smaller scale?

After all, cryptocurrency, the original thread of blockchain was designed for electronic financial transactions, not necessarily jet engines. Stephen agrees, referencing a well-known tracking device, he suggests we should keep things simple. “We could use blockchain like a glorified RFID tag that authenticates, verifies and gives you a reference point,” he says. “I can look at the blockchain and I can see who made it, when it was made, how it was transported.

“Where they may be just a couple of parameters about its last usage, you can look at that by a component-by-component type level, specifically in those cases where that kind of information is critical, or the authenticity is critical.

 

"There’s got to be a realistic level of ambition and some specific use-cases that prove the technology and prove the value of the technology before there comes any mainstream adoption..“

 

There’s got to be a realistic level of ambition and some specific use-cases that prove the technology and prove the value of the technology before there comes any mainstream adoption,” Stephen urges.

My conversation with Steve has been fascinating and his contribution to this article I’m sincerely grateful for. The insight he offered - most of which I’m unable to fit into this wordcount – was invaluable, yet despite all its potential of blockchain Stephen left me with a thought that goes beyond the blockchain hype: “So what?”

So what if an asset is pumping with blockchain data? All the customer wants is the device to start working again so they can get on with their business.

“What value does that bring to me as a customer,” argues Steve. “unless I’m in a highly regulated environment. When do you start loading up past-maintenance history? Is it good? Is it worthwhile? Probably not. So what’s the use-case that going to give killer value?

Steve continues from the end user's perspective: “Great, you’ve got blockchain. What do I get from you having blockchain? What do I get from being able to prove every last working second of this particular piece of kit? Why should I care?”

It’s an excellent point that perhaps gets lost in this fourth industrial revolution we find ourselves in. Among AI, and IoT and machine learning and blockchain should we not just focus on the customer needs and their requirements? Or will we continue to pursue the hype?

---

 

Be social and share... 

Customer needs require scalable, flexible cybersecurity solutions finds Frost & Sullivan...

High penetration of Industrial Internet of Things (IIoT) technology in critical infrastructure and the manufacturing sector has resulted in a growing number of potential cyber-attack surfaces.

According to a recent analysis from Frost & Sullivan, cyber-attacks within the energy and utilities industries alone cost an average of $13.2 million per year. These rising incidences of cyber-attacks, coupled with evolving compliance regulations by governments, and increased awareness among mature and less mature markets have accelerated the adoption of cybersecurity approaches. However, there is still a high level of ambiguity in addressing industrial cybersecurity, with existing cybersecurity services struggling to provide comprehensive visibility across both IT and OT networks.

[quote float="left"]The industrial cybersecurity services market is at the high growth stage of its lifecycle, with rising awareness among end users, increased industrial control systems (ICS)-based attacks, and the rising need for cybersecurity skills[/quote]"The industrial cybersecurity services market is at the high growth stage of its lifecycle, with rising awareness among end users, increased industrial control systems (ICS)-based attacks, and the rising need for cybersecurity skills,” said Riti Newa, Industrials Research Analyst. “Many end users have labor-intensive security practices and lack strong cybersecurity policies. Service providers can help automate cybersecurity services and provide a more holistic approach by offering joint solutions that provide a consolidated view of the IT and OT environment.”

Frost & Sullivan’s recent analysis, Global Industrial Cybersecurity Services Market, Forecast to 2022, explores market adoption rates, requirements, and trends across the market. It also covers emerging service models and their usages, as well as monetization strategies for those models.

For further information on this analysis, please visit: http://frost.ly/2yn

Companies that are eager to grow within the industrial cybersecurity market can find opportunities through:

[unordered_list style="bullet"]

• Providing integrated platforms that can deploy a range of services to enhance the security posture of end users while incorporating the best security practices.
• Using automated management services and advanced analytics to develop a comprehensive service portfolio that can be adapted for all types of end users.
• Offering flexible pricing models, such as Cybersecurity-as-a-Service (CSaaS), and lifetime services to increase accessibility across industries at a lower cost.

[/unordered_list]

"Despite the growing frequency of cyber-attacks, industries still have very low cyber resilience, struggling to ensure cybersecurity in the OT environment," said Newa. "With complexity and sophistication of the attacks, service providers will need to focus on advanced services that can address the threat landscape and automate cybersecurity."

Global Industrial Cybersecurity Services Market, Forecast to 2022 is the latest addition to Frost & Sullivan’s Industrials research and analyses available through the Frost & Sullivan Leadership Council, which helps organizations identify a continuous flow of growth opportunities to succeed in an unpredictable future.

[hr]

Be social and share... 

Blockchain, the technology developed to enable the crypto-currency Bitcoin has become the latest big buzz phrase technology across industries worldwide, but is it just hyperbole or can it be an important factor in the future of field service?

Business across the world are turning their attention to BlockChain right now and in the majority of cases, the main focus of this attention is centred around Bitcoin, the first globally recognized digital (crypto) currency that has hit the headlines largely for huge spikes and dips in its value across the last 12 months.

However, whilst Crypto-Currency is the most widely understood application of Blockchain technology, there may be a number of other applications which could be far more important to how the field service sector operates.

Blockchain 101

So for the uninitiated lets first get our heads around exactly what BlockChain is...

To begin a blockchain is a continuously growing list of records, called blocks, which are linked and secured using encrypted codes. Essentially, each block will typically contain a cryptographic hash of the previous block, alongside a time stamp and the transaction data.

Perhaps the most critical point to comprehend about blockchain is that by design, a blockchain is inherently resistant to modification of the dataPerhaps the most critical point to comprehend about blockchain is that by design, a blockchain is inherently resistant to modification of the data. The technical language is that it is “an open, distributed ledger that can record transactions between two parties efficiently and in a verifiable and permanent way”.

When used as a distributed ledger, a blockchain is generally managed by a peer-to-peer network which adheres to the same protocols for validating new blocks collectively. What this means is that in practice, once the data is within in any given block it can not be altered retroactively without the alteration of all subsequent blocks. The particularly clever part here is that as each peer within the chain is working as part of the collective, such a change requires the collusion of a majority from the network - this makes pulling a fast one anywhere along the line pretty much near impossible.

Thus blockchains are inherently secure by design.

For the more technically minded amongst us, one could suggest quite rightly that the establishment of blockchain has meant that decentralized consensus has become realized, with blockchain ‘exemplifying a distributed computing system with high Byzantine fault tolerance’

For those of us who are perhaps more interested in the outcomes, however, essentially what we need to know is that due to the way they have been designed they are highly suitable for the recording of information that needs watertight security - such as medical records and of course financial transactions - which is where it all began.

Whilst Blockchain is rapidly gaining attention, it is the crypto-currency that it was created for use with, Bitcoins, even more widely recognized within the mainstream.

Blockchain was invented by wonderfully mysterious Satoshi Nakamoto back in 2008 as Bitcoin’s public transaction ledger.

Indeed it was the invention of the blockchain that allowed bitcoin to become the first digital currency to solve what is known as the ‘double spending problem’, without the need of a trusted authority or central server - essentially making crypto-currency viable.

So it’s just a new way of taking payment?

Well no, as we alluded to at the top there could be a lot more to how Blockchain plays a role in field service which we’ll go into shortly - but whilst we are at it there is certainly a case for adding crypto-currencies to the list of how your organisation receives payment for the services delivered - especially if you are serving the consumer directly.

Certainly whilst crypto-currency is by no means a mainstream payment method as yet, an increasing number of businesses are starting to accept it and with a lower barrier to entry than accepting plastic, any business in any industry has the ability to adopt crypto-currencies.

In Japan alone, an estimated 260,000 businesses were reported to offer the cryptocurrency as a payment channel in 2017.In Japan alone, an estimated 260,000 businesses were reported to offer the cryptocurrency as a payment channel in 2017.

But what are the benefits of accepting cryptocurrencies such as Bitcoin for a business?

There are plenty of positives in doing so but some key reasons cited in an article on business.com include:

• Eliminate chargeback fraud: A Bitcoin transaction is immutable. Once a client has paid for a product or service, the money is in your account. Unlike credit card payments, charges cannot be reversed.
• Immediate availability: There is no third party-dependent waiting period the way there is with bank-owned payments.Once payment is successful, the transaction amount is in your wallet and accessible immediately.You can convert Bitcoin into your local currency fiat at the end of each transaction, at the end of each working day or according to a custom set schedule.
• Lower transaction costs: Credit card payments usually end up costing you a 2 to 4 percent fee.With Bitcoin, this amount is a low flat fee, not a percentage of the transaction.
• Attract new customers: As Bitcoin rises in popularity, more users seek out participating businesses. This can mean exposure to a clientele you didn’t have before.
• Garner publicity: Bitcoin makes the news in a way fiat currency can’t. Local, national and even international news outlets are reporting on businesses taking Bitcoin payments, giving you an opportunity for free publicity.

Fixing the holes in the Internet of Things

However, as mentioned above, within the field service sector Blockchain has a huge amount more potential than just facilitating an additional means of receiving payment.

Firstly, there is its potential application within the Internet of Things - which is set to become the fundamental backbone of service delivery in the future - although widespread mass adoption is still arguably held back due to security concerns, a very real example of which being realized back in October 2016 when an unprecedented distributed denial of service (DDoS) attack involving an estimated 100,000 compromised devices in the Mirai malware botnet nearly brought the Internet to its knees in 2016 provided a clear indicator of the precarious state of IoT security.

The root of such weaknesses lies essentially within the security architecture of the IoT itself.

IoT architecture relies upon a distributed client-server model which uses a central authority to manage both the IoT devices as well as the data generated across an IoT network.

For IoT data to be trusted, all trust requests are aggregated into a single location which creates a sole point of security intelligence that can compromise IoT security. This is how Mirai-style botnet attacks can succeed.

Basically, during such an attack, IoT devices are unable to adapt their behaviour because they are not considered “smart” enough to make security decisions without the help of the central authority.

In an interview with computerweekly.com Joseph Pindar, Director for Strategy in the CTO office at Gemalto, and co-founder of the Trusted IoT Alliance, a non-profit group that advocates the use of blockchain to secure IoT ecosystem outlined why he believes Blockchain could hold the answer to true IoT security.

Pindar explained how blockchain removes the single point of decision-making that leads to failure, by enabling device networks to protect themselves in other ways, such as allowing devices to form group consensus about what is normal within a given network, and to quarantine any nodes that behave unusually.

Blockchain can play a crucial role in building trust in IoT dataIn addition to this blockchain can play a crucial role in building trust in IoT data by enabling what Pindar called the five digital security primitives: availability, auditability, accountability, integrity and confidentiality.

In blockchain, data is automatically stored in many locations and is always accessible to users.

For auditability and accountability, a private, permission-based blockchain is used – where all users are authorized to access the network – and because all data stored on the blockchain is signed, each device is accountable for its actions.

With regards to integrity, blockchain is as we’ve outlined above a public ledger of data entries.

With every entry, deletion or correction of data being confirmed across the network across a fully verifiable complete chain of events.

Further to this, there is also another perhaps less obvious but equally important benefit of utilizing Blockchain within IoT systems which Pinder raises.

There is a fairly widespread mindset amongst IT executive management regarding securing the industrial Internet which is that once a sensor, device or controller has been deployed and is working, it cannot be touched.

“Even if there is a known security vulnerability, it is not worth fixing it, because there is a chance that the security patch would cause problems elsewhere in the system that no one knows how to fix,” explained Pindar when speaking to Computer Weekly’s Aaron Tan “But as cloud computing has demonstrated, there are continual failures of devices and systems when operating at very large scale.”

“Simply put, it is not possible to manage large-scale systems that are fragile and not resilient to failure – as is the case with many current industrial IoT and OT systems.”

And the solution to this which Pindar recommends is to allow continuous deployment of software updates, alongside blockchain technology after devices have been deployed, with little or no downtime through an over-the-air update system - something he believes delivers both cost and operational efficiency when delivering over-the-air updates and patching to IoT devices and sensors.

With the IoT becoming more and more prevalent amongst field service organizations, the suggestions Pindar makes regarding the application of Blockchain in such systems should indeed be an important consideration for field service organisations as they establish their IoT processes.

The final piece of the 3D printing puzzle?

However, there could be yet another important place for blockchain within the field service sector, it could just be the missing piece of the puzzle in resolving one of the biggest challenges within our sector, namely managing the spare parts supply chain.

3D printing has for a long time been touted as a potential solution to getting parts needed to engineers as soon as possible, but one potential hurdle has always been how organisations control the licensing of the spare parts to ensure that firstly if the customer has 3D printing capability on-site - which has been one suggested use case, how can the provider ensure they don’t simply print off as many parts as needed once they have initially received the schematics file.

Similarly, by sending the parts data across in a digital file, the potential for such a file to make its way into the hands of unscrupulous third parties happy to make unauthorized parts for sale elsewhere is also a cause for concern for many organizations. Frankly, the risk to their IP and the significant loss of revenue this could lead has meant that many OEMs still view 3D printing with a distinct lack of trust.

However, could Blockchain perhaps hold the solution to such fears?

This certainly seems to be the thinking behind one Italian startup called 3D-TOKEN, which aims to integrate Blockchain and 3D printing technologies, in order to create a “unique, decentralized, global Just-In-Time Factory 4.0 for this century’s digital revolution.”

If successful it could certainly set a precedent for how Blockchain and 3D printing could work in harmonyAside from cramming as many manufacturing buzz phrases into their mission statement as possible, it seems it is certainly a concept that could have a potentially huge impact on service organizations within OEMs.

The goal for 3DToken is to connect thousands of 3D printers in a network hub based in Blockchain. In short, the plan is to create a Blockchain-managed network hub of desktop 3D printers.

The project will be used to bring just-in-time small-to-medium scale digital manufacturing to a new level.

Coin Telegraph described the startup as being capable of “accelerating the 3D printing market to its full potential” by changing up industry norms on product cost and time to market.

Whilst this project is still very much in its infancy, they have made impressive progress to date and although the focus on desktop 3D printers would suggest a consumer-centric approach initially as opposed to something suited for industry, if successful it could certainly set a precedent for how Blockchain and 3D printing could work in harmony, and the concept should at the very least give many OEMs food for thought as to how they could harness the potential of 3D printing. Especially as a means of bypassing much of the often highly complex service supply chain.

Be social and share

On global Computer Security Day, Monday 30th November, we  offer field service SMEs 10 tips staying  safe in cyberspace from David Tindall, managing director Talk Straight, the UK business telecoms and ISP provider .

Cyber-attacks are still a clear and present danger and as the threats continue to evolve,  so it’s important that SMEs adapt their security methods to tackle these new dangers, says Tindall. Here are his top 10 tips:

1. Educate - 50% of the worst cyber security breaches last year were caused by inadvertent human error. In particular, raise awareness of phishing and baiting scams.
2. Social media safety and security is paramount – work related information should not be accessible by social media. Personal accounts are much easier to infiltrate than a secure business network.
3.  Train your staff. Currently around 63% of SMEs nationwide provide ongoing security awareness training. Due to the nature of the cyber beast, the threat is constantly evolving so keep them abreast of the latest developments
4. Invest in the defence - the tools for tackling cyber-attacks are worth their weight in gold. The average price of a single breach is continuing to soar, with damage to an SME costing anywhere between £75k and £311k. For a larger business, that cost can rise into the millions.
5. Monitor your web traffic - good practice for any SME regardless of cyber security. Quickly identifying a sudden or irregular level of activity can significantly soften the blow of a cyber-attack. There are a range of free and paid services that will help your business accurately
6. Stay updated! 59% of businesses expect to suffer more security incidents within the next year. Being aware of the changing digital landscape and its potential new threats can help keep you ahead of the game.measure traffic.
7. Plan! Should the worst case scenario happen, are you prepared? Do you, your IT staff or external telecoms provider have the proper protocols in place to react? Offsite back-ups and mirrored servers are some of the most common practises that help prevent the irreversible loss of data.
8.  Use a professional. Put your cyber security in the hands of a professional. Be it internal IT staff or a telecoms provider’s Managed Security Service, their expertise will help them quickly recognise potential dangers and keep your network secure.
9. Assess the risks. Knowing where you’re most vulnerable, or what data/network would be most attractive to a potential cyber security attacker is valuable information. You or your IT department/service are then able to prioritise security and be aware of the most likely forms and targets of attack.
10.  Report any attack. If you are unfortunate enough to suffer a damaging attack, report it. This is your best chance of recouping any losses and bringing the guilty party to justice. The UK's National Cyber Crime Unit (NCCU) and The Cyber Incident Response (CIR) scheme should be your first ports of call.

Talk Straight provides internet services to hundreds of UK businesses and was awarded winner of Best Business use of Cloud and finalist for internet safety and security at the 2014 Internet Service Providers Association Awards.  It is also a managed security service provider for US network security specialist Fortinet in the UK.

---

 

Be social and share this article

In a time when more and more field service companies are considering moving to  cloud based solution new research from leading market analysts, Juniper Research, suggests that the rapid digitisation of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015....

The research, entitled ‘The Future of Cybercrime & Security: Financial and Corporate Threats & Mitigation’, has found that the majority of these breaches will come from existing IT and network infrastructure. While new threats targeting mobile devices and the IoT (Internet of Things) are being reported at an increasing rate, the number of infected devices is minimal in comparison to more traditional computing devices.

The Cybercrime Economy Driving Action

The report also highlights the increasing professionalism of cybercrime, with the emergence of cybercrime products (i.e. sale of malware creation software) over the past year, as well as the decline in casual activist hacks. Hacktivism has become more successful and less prolific – in future, Juniper expects fewer attacks overall, but more successful ones.

‘Currently, we aren’t seeing much dangerous mobile or IoT malware because it’s not profitable’, noted report author James Moar. ‘The kind of threats we will see on these devices will be either ransomware, with consumers’ devices locked down until they pay the hackers to use their devices, or as part of botnets, where processing power is harnessed as part of a more lucrative hack. With the absence of a direct payout from IoT hacks, there is little motive for criminals to develop the required tools.’

Other key findings include:

• Nearly 60% of anticipated data breaches worldwide in 2015 will occur in North America, but this proportion will decrease over time as other countries become both richer and more digitised.
• The average cost of a data breach in 2020 will exceed $150 million by 2020, as more business infrastructure gets connected.

The whitepaper, ‘Cybercrime and the Internet of Threats’ is available to download from the Juniper website together with further details of the full research.

 

---

 

Be social and share this feature

As the Internet of Things, Big Data, and Cloud computing all become commonly heard phrases within Field Service we must start to consider the very real question of cyber-security with ever greater attention. But what does Cyber security look like in 2015?

One of the significant themes that came through from the victims of high profile cyber attacks in the last year was that they all had heavy investment in IT security, regular testing programmes and almost certainly long lists of accreditations. However, event his was not enough to keep them safe from groups of attackers and the resultant losses and associated fines for such detected breaches.

This year the cyber security landscape will once again continue to develop swiftly as attacks likely become even more frequent and sophisticated and from more corners of the world than ever before. The one thing that will remain the same however is that investing in the wrong defences will again result in an openness to cyber attack and the potential of real damage.

Cyber threat actors are commonly split into three groups: nation states, cyber criminals and cyber activists or hacktivists. As 2015 evolves these threat factors look set to continue to advance their capabilities.

Often nation states – who see cyber attacks as being a cheap, effective and most importantly plausibly deniable espionage tool – can be the dark hand behind theft of proprietary or sensitive data for the benefit of one of their home-grown enterprises.

Cyber criminals, motivated by financial gain, have traditionally targeted a company’s customer base, stealing personal details or credit card information to use in fraud or to sell.

Cyber activists, motivated by a range of factors – including most simply personal amusement, but also factors such as, anti-capitalist sentiment, environmental concerns, religion and nationalism – base their activities on disrupting operations or generating embarrassment.

An ever-changing landscape

It is also predicted that many global political developments will also have their impact on shaping the cyber threat environment across 2015 and beyond.

Countries that not too long ago would have been clumsy and naive when it comes to their cyber capabilities have now established sophisticated capabilities by nurturing their local home-grown hacktivist groups.

Meanwhile new hubs of cyber criminal activity will emerge and will set their focus on new targets. Driven by the disparity between the rich nations and the poor on an international level, plus the growing access of IT and as such rapidly developing IT skills of members of the latter.

All of this is also becoming easier and being better facilitated by new ways of communicating, such as cyber criminals' and activists' use of the Dark Web to buy and sell hacking tools and techniques, using anonymous currency such as Bitcoin.

 

Another trend that we will likely see continue on from 2014 is the gradual blurring of the lines of the roles and loyalties of these threat actors. Last year we shad the emergence of criminals acting with a degree of impunity contingent on targeting politically expedient victims, or hacktivist groups becoming involved in attacks in support of government agenda.

As sophisticated tools and techniques become more widespread, and the distinctions between the threat actors become more blurred, the long-term outlook for cyber threats is concerning. The constraining factor previously was that the people with the intent to conduct widespread and high-impact cyber attacks – the activists and the criminals – did not have the capability. This may not remain the case for much longer.

How best to defend your organisation

Very simply throwing more money at the problem is no longer a viable solution.

With finite resources, it is just simply impossible to protect every asset against every possible threat.

The key is to understand which threat actors are likely to be targeting your organisation, what are your key assets and how do you protect those.

Modern Cyber defence needs to be intelligence-led, risk-based and prioritised – it is no longer just a compliance exercise.

There are five mistakes that organisations cannot afford to make during 2015:

1. Taking a broad sweep approach: You cannot fail to build your cyber defences around a granular understanding of threat. In 2015 all cyber-defence programs should be intelligence led. This includes collecting operational and strategic information that helps you understand the specific nature of the threat. It may also be necessary across your supply chain, as vulnerabilities in subcontractors or suppliers often affect a larger organisation (or vice-versa) – attackers will always focus on the weakest link.
2. Spending too much time, effort and money on prevention and not enough on detection. Companies need to just accept that breaches will be inevitable in todays world and spend time developing and testing response plans, moving form different types of attacks to highlight which plans are most important.
3. Treating cyber security as an IT issue rather than a business risk. Many organisations accept that cyber security is a business risk, rather than an IT-specific issue – but not many act on this by integrating cyber security risk management with wider business risk management processes.
4. Not identifying and protecting your most important assets. Companies need to focus their budgets on prioritising protection. Many tend to be excessively targeted on delivering company-wide compliance, yet don’t effectively protect their key assets.
5. Final many companies simply do not have the technical defences to deal with sophisticated and persistent threats. Across 2015, an increasingly broad group of highly capable actors will target critical assets across a wide range of organisations.

 

---

 

Be social and share this feature

Technology and field service are now almost inherently intertwined such is the rapid evolution of field service industry. As we enter the New Year Field Service News continues to take a look at some of the key technologies that we believe will have a significant impact on the way field service will continue to evolve.

In the first part of this series we looked at wearables, NFC and the Cloud. Now we turn our attention to the Internet of Things, Big Data and Cyber Security…

The Internet of Things will start becoming an integral part of field service…

Ahh Gartner’s Hype-Cycle. The “peak of inflated expectations”, the “trough of despair” and the brilliant “plateau of productivity” – every-time I look at it I conjure up images of a Jules Verne –esque mysterious lost island where herds of wild analysts and ferrel consultants roam wild, free and happy. I may well be alone in this, but I’m certainly not alone in keeping an eye on where emerging tech is on the cycle.

They may not always get it right, but to be fair to the good folk at Gartner, their usually pretty close.

 

So it was with interest last August that I looked at the latest hype cycle and saw that Internet of Things had just superseded Big Data at the top of the tree where the “hyperbole has hit hyperdrive” (If anyone at Gartner’s paying attention you can have that one for free!). I found this particularly interesting for two reasons.

Firstly whilst it may like some kind of earth shattering tragedy for all those data scientists who were being treated like geek-royalty what seems like ten minutes ago, the reality is that Big Data slipping into the trough of despair just means that we are starting to think about it in grown up terms (see below) rather than the Chuck Norris of technology.

The second and perhaps most important part is that whilst according to Gartner IoT may now have officially the most over inflated expectations, the reality is that in field service at least it is already being actively used far more openly than Big Data was when it was on the same point of the Hype Cycle. In fact I would go as far as to say that this time Gartner have got it wrong and the Internet of Things is perhaps just past the top of the peak and starting to stare down into the trough.

 

Maybe it’s a distorted view in the field service industry, but I genuinely feel that whilst it may be a minority, there is a decent amount of companies that have implemented some form of IoT control or monitoring into their Field Service operations. In some corners it’s not even that new, heck, medical device manufacturer Elekta have been building connection into their devices for twenty odd years – they even used to ship their devices with 56K modems of their own back in the day.

As we roll into 2015, connected devices are booming, from thermostats to thermonuclear power generators, and the ability to remotely monitor, diagnose and even repair device faults is such a no brainer for field service companies that they cannot afford to miss the IoT revolution.

BigData in field service will get past those awkward teen years and get to work…

So back to Big Data then.

One of my favourite phrases I’ve heard about Big Data was from Dave Hart at ServiceMax when he said Big Data is like teenage sex, everyone’s talking about it, everyone thinks everyone else is doing it but no one actually knows how to actually do it.

This I think is why Gartner may have their timings a bit backwards when it comes to Big Data and IoT.

 

For whilst I can see Big Data languishing within the ‘Trough’ as we mere mortals spend time still trying to define exactly what Big Data is (how many V’s are we up to now?) and reluctantly turning to those mystic shaman we call Data Scientists to try and get some sense out it all, I see IoT racing by to it’s own little place in the ‘plateau’.

Why? because IoT is pretty much results in tangible outcomes and combines two factors we are already comfortable with, that is ‘Internet’ and ‘Things’. And I’m not trying to be flippant when I say that either, it’s just IoT is that much easier to get.

So back to Big Data then (again?) where does this leave us in field service?

Well hopefully with a much more mature, sensible mindset because there is no denying the sheer power of Big Data to revolutionise a business and there is also no denying that as field service companies have access to huge, vast swathes of data – they perhaps more than any other industry segment could benefit from the true application of Big Data.

However, what Big Data is not is adding a new module to a field service management software with a few convertible dashboards and hey presto the board can tick off that pesky little box empty box on their to do list.

 

Let’s think about this for a moment, when in our lives has anything that is billed to be powerful enough to reshape the way we do business been as easy as buying a new module. This is where Big Data got lost to the hyperbole. In some quarters it was the magic bullet that would cure all evils. As we all know magic bullets don’t really work. However, hard-work combined with a clear strategy and intelligent implementation does.

Big Data is reliant on investment.

Investment in technology, investment in personel with new skill sets unique to the task and investment in time to devise and implement a Big Data strategy. However, once it is succesfully implemented that investment could yield a phenomenal return on investment both financially and also in our understanding of both our business and our customers.

I believe 2015 could be the year that field service companies will start to see through the hyperbole that just scratches the surface of Big Data and see it’s true game changing potential. However, for that to happen we need to treat it with the respect it deserves.

We need to re-adjust our thinking around risk management and cyber security…

Given the two points above this third point of the article is a bit of a given. So we won’t dwell to long here.

There are two simple facts here; Firstly Data is essentially becoming a new form of currency, and I’m not referring to crypto-currencies here but to the fact that the information available to be mined from data is inherently valuable.

Secondly,as we turn more and more of our functions across to the cloud including data storage, the more it will become a place of interest for twenty first century criminals.

This doesn’t necessarily mean the Cloud is any less secure than on premise data centres. It just means that we must realign our thinking to ensure we are protected.

According to Cloud Security experts Trend Micro the three key best security practices for 2015 are to:

• Develop and implement an overall risk management strategy
• Secure and regularly maintain web infrastructure
• Enforce stricter mobile device and data management policies

Lets take a quick look at each of these in turn…

Firstly, whilst it is of course recommended to turn to a cyber security specialist in devising your security strategies, a [quote float="left"]When it comes to risk management, much like insurance it can be disastrous if you cut corners and opt for the cheapest package. And often we only realise this when it’s too late.

quick, easy off the shelf solution is simply not going to cut the mustard. A robust cyber defence should be custom built to meet the requirements of your company. When it comes to risk management, much like insurance it can be disastrous if you cut corners and opt for the cheapest package. And often we only realise this when it’s too late.

 

With regards to point two, last years exposure to Shellshock and Heartbleed identified significant vulnerabilities and this should serve as a warning to companies that they need to keep software regularly updated and patched. Heuristic scanning and sandbox technologies are two of the key technologies that Trend Micro recommend here.

And as we look at the final point we also enter the world of HR as well as technology.

In field service in particular, where our workforce is becoming ever more reliant on mobile devices, we really need to consider the introduction of mobile safety policies to safeguard your data – even more so if you are operating a BYOD policy, whilst of course IT administrators must address mobile device management concerns to protect work related apps and data.

As mentioned above, today’s world of the internet, cloud and mobile is not necessarily any less secure than days gone by. It is just with new methods come new security concerns, so we must remain vigilant and I think 2015 will see us to further improve in this area once more.

Look out for the final part of this series where we complete our look at technology trends we believe we will see in field service across 2015.

Be social and share this feature