Connect with us

BizNews

Security response planning on the rise, but containing attacks remains an issue – IBM

While organizations surveyed have slowly improved in their ability to plan for, detect and respond to cyberattacks over the past five years, their ability to contain an attack has declined by 13% during this same period.

Published

on

IBM announced the results of a global report examining businesses’ effectiveness in preparing for and responding to cyberattacks. While organizations surveyed have slowly improved in their ability to plan for, detect and respond to cyberattacks over the past five years, their ability to contain an attack has declined by 13% during this same period.

The global survey conducted by Ponemon Institute and sponsored by IBM Security found that respondents’ security response efforts were hindered by the use of too many security tools, as well as a lack of specific playbooks for common attack types.

While security response planning is slowly improving, the vast majority of organizations surveyed (74%) are still reporting that their plans are either ad-hoc, applied inconsistently, or that they have no plans at all. This lack of planning can impact the cost of security incidents, as companies that have incident response teams and extensively test their incident response plans spend an average of $1.2 million less on data breaches than those who have both of these cost-saving factors in place.

The key findings of those surveyed from the fifth annual Cyber Resilient Organization Report include:

  • Slowly Improving: More surveyed organizations have adopted formal, enterprise-wide security response plans over the past 5 years of the study; growing from 18% of respondents in 2015, to 26% in this year’s report (a 44% improvement).
  • Playbooks Needed: Even amongst those with a formal security response plan, only one third (representing 17% of total respondents) had also developed specific playbooks for common attack types — and plans for emerging attack methods like ransomware lagged even further behind.
  • Complexity Hinders Response: The amount of security tools that an organization was using had a negative impact across multiple categories of the threat lifecycle amongst those surveyed. Organizations using 50+ security tools ranked themselves 8% lower in their ability to detect, and 7% lower in their ability to respond to an attack, than those respondents with less tools.
  • Better Planning, Less Disruption: Companies with formal security response plans applied across the business were less likely to experience significant disruption as the result of a cyberattack. Over the past two years, only 39% of these companies experienced a disruptive security incident, compared to 62% of those with less formal or consistent plans.

“While more organizations are taking incident response planning seriously, preparing for cyberattacks isn’t a one and done activity,” said Wendi Whitmore, Vice President of IBM X-Force Threat Intelligence. “Organizations must also focus on testing, practicing and reassessing their response plans regularly. Leveraging interoperable technologies and automation can also help overcome complexity challenges and speed the time it takes to contain an incident.”

Updating Playbooks for Emerging Threats
The survey found that even amongst organizations with a formal cybersecurity incident response plan (CSIRP), only 33% had playbooks in place for specific types of attacks. Since different breeds of attack require unique response techniques, having pre-defined playbooks provides organizations with consistent and repeatable action plans for the most common attacks they are likely to face.   

Amongst the minority of responding organizations who do have attack-specific playbooks, the most common playbooks are for DDoS attacks (64%) and malware (57%). While these methods have historically been top issues for the enterprise, additional attack methods such as ransomware are on the rise. While ransomware attacks have spiked nearly 70% in recent years, only 45% of those in the survey using playbooks had designated plans for ransomware attacks.

Additionally, more than half (52%) of those with security response plans said they have never reviewed or have no set time period for reviewing or testing those plans. With business operations changing rapidly due to an increasingly remote workforce, and new attack techniques constantly being introduced, this data suggests that surveyed businesses may be relying on outdated response plans which don’t reflect the current threat and business landscape.

More Tools Led to Worse Response Capabilities
The report also found that complexity is negatively impacting incident response capabilities. Those surveyed estimated their organization was using more than 45 different security tools on average, and that each incident they responded to required coordination across around 19 tools on average. However, the study also found that an over-abundance of tools may actually hinder organizations ability to handle attacks. In the survey, those using more than 50 tools ranked themselves 8% lower in their ability to detect an attack (5.83/10 vs. 6.66/10), and around 7% lower when it comes to responding to an attack (5.95/10 vs. 6.72/10).

These findings suggest that adopting more tools didn’t necessarily improve security response efforts — in fact, it may have done the opposite. The use of open, interoperable platforms as well as automation technologies can help reduce the complexity of responding across disconnected tools. Amongst high-performing organizations in the report, 63% said the use of interoperable tools helped them improve their response to cyberattacks.

While security response planning is slowly improving, the vast majority of organizations surveyed (74%) are still reporting that their plans are either ad-hoc, applied inconsistently, or that they have no plans at all.

Better Planning Pays Off
This year’s report suggests that surveyed organizations who invested in formal planning were more successful in responding to incidents. Amongst respondents with a CSIRP applied consistently across the business, only 39% experienced an incident that resulted in a significant disruption to the organization within the past two years  compared to 62% of those who didn’t have a formal plan in place.

Looking at specific reasons that these organizations cited for their ability to respond to attacks, security workforce skills were found to be a top factor. 61% of those surveyed attributed hiring skilled employees as a top reason for becoming more resilient; amongst those who said their resiliency did not improve, 41% cited the lack of skilled employees as the top reason.

Technology was another differentiator that helped organizations in the report become more cyber resilient, especially when it comes to tools that helped them resolve complexity. Looking at organizations with higher levels of cyber resilience, the top two factors cited for improving their level of cyber resilience were visibility into applications and data (57% selecting) and automation tools (55% selecting). Overall, the data suggests that surveyed organizations that were more mature in their response preparedness relied more heavily on technology innovations to become more resilient.

BizNews

Toxic workplaces increase risk of depression by 300%

Love thy employees; as evidence shows that companies who fail to reward or acknowledge their employees for hard work, impose unreasonable demands on workers, and do not give them autonomy, are placing their staff at a much greater risk of depression.

Published

on

Photo by Bethany Legg from Unsplash.com

A year-long Australian population study has found that full time workers employed by organisations that fail to prioritise their employees’ mental health have a threefold increased risk of being diagnosed with depression.

And while working long hours is a risk factor for dying from cardiovascular disease or having a stroke, poor management practices pose a greater risk for depression, the researchers found.

The University of South Australia study, published in the British Medical Journal today, is led by UniSA’s Psychosocial Safety Climate Observatory, the world’s first research platform exploring workplace psychological health and safety.

Psychosocial safety climate (PSC) is the term used to describe management practices and communication and participation systems that protect workers’ mental health and safety.

Lead author, Dr Amy Zadow, says that poor workplace mental health can be traced back to poor management practices, priorities and values, which then flows through to high job demands and low resources.

“Evidence shows that companies who fail to reward or acknowledge their employees for hard work, impose unreasonable demands on workers, and do not give them autonomy, are placing their staff at a much greater risk of depression,” says Dr Zadow.

Internationally renowned expert on workplace mental health, ARC Laureate Professor Maureen Dollard, says the study found that while enthusiastic and committed workers are valued, working long hours can lead to depression. Men are also more likely to become depressed if their workplace pays scant attention to their psychological health.

Due to the global burden of depression, which affects an estimated 300 million people worldwide and shows no sign of abating despite available treatments, more attention is now being paid to poorly functioning work environments which could contribute to the problem.

High levels of burnout and workplace bullying are also linked to corporations’ failure to support workers’ mental health.

A second paper co-authored by Professor Dollard and published in the European Journal of Work and Organizational Psychology earlier this month, found that low PSC was an important predictor of bullying and emotional exhaustion.

“Lack of consultation with employees and unions over workplace health and safety issues, and little support for stress prevention, is linked to low PSC in companies.

“We also found that bullying in a work unit can not only negatively affect the victim, but also the perpetrator and team members who witness that behaviour. It is not uncommon for everyone in the same unit to experience burnout as a result.

“In this study we investigated bullying in a group context and why it occurs. Sometimes stress is a trigger for bullying and in the worst cases it can set an ‘acceptable’ level of behaviour for other members of the team. But above all bullying can be predicted from a company’s commitment to mental health, so it can be prevented,” Prof Dollard says.

The global costs of workplace bullying and worker burnout are significant, manifested in absenteeism, poor work engagement, stress leave and low productivity.

The extent of the problem was recognised in 2019 with the International Labour Organization (ILO) implementing a Global Commission on the Future of Work and calling for “a human-centred approach, putting people and the work they do at the centre of economic and social policy and business practice”.

“The practical implications of this research are far reaching. High levels of worker burnout are extremely costly to organisations and it’s clear that top-level organisational change is needed to address the issue,” Prof Dollard says.

Continue Reading

BizNews

Is there a good reason online retailers should invest in physical stores?

By directing new customers to purchase a “deep product in-store” as their first purchase from a new retailer, they are more likely to: 1) buy deep products in the future online, indicating that they generalize trust across channels; and 2) buy adjacent categories online, indicating that they generalize trust across categories.

Published

on

Photo by Clay Banks from Unsplash.com

Researchers from Colorado State University, Amazon, and Dartmouth College published a paper that examines the role of physical stores for selling “deep” products.

The study, forthcoming in the Journal of Marketing, is titled “How Physical Stores Enhance Customer Value: The Importance of Product Inspection Depth” and is authored by Jonathan Zhang, Chunwei Chang, and Scott Neslin.

While some traditional offline retailers are struggling and are closing stores (e.g., Macy’s, Walgreens), online retailers are opening them (e.g. Amazon, Warby Parker). This conflicting trend raises the question, what is the physical store’s role in today’s multichannel environment?

The research team posits that products differ in the inspection depth – “deep” or “shallow” – customers require to purchase them. Deep products require ample inspection in order for the customer to make an informed decision. We propose that physical stores provide the physical engagement opportunity customers need to purchase deep products.

To test this thesis, the researchers conducted three studies. The first used transaction data from a national multichannel outdoor-product retailer. Two lab experiments demonstrated the same effect.

The large-scale transactional data involving 50,000 customers show that by using a “deep products in-store” promotional strategy to migrate new customers from a “low-value state” to a “high-value state,” average spending per trip increases by 40%, long-term sales increases by 20%, and profitability increases by 22%.

The lab experiments show that:

  • By onboarding new customers to purchase a “deep product in-store” as their first purchase from a new retailer, their re-patronage intention for this retailer increases by 12% compared to all other product/channel combinations.
  • By directing new customers to purchase a “deep product in-store” as their first purchase from a new retailer, they are more likely to: 1) buy deep products in the future online, indicating that they generalize trust across channels; and 2) buy adjacent categories online, indicating that they generalize trust across categories.

The last decade has witnessed a marked increase in the opening of physical stores by online retailers, despite myriad changes in the retailing environment. This attests that these findings are not ephemeral. Zhang says “The general lesson of our research is for retailers to create a concrete, tangible, and multi-sensory experience for customers buying products that require this physical engagement. This sets the stage for favorable experiential learning and increased customer value.” Retailers can do this in numerous ways:

First, when retailers find that a customer is buying deep products online but their spending is decreasing in value, they can provide a promotion for deep products in-store. This can increase customer value.

Second, retailers need to enhance physical engagement for deep products through merchandising and training sales personnel to walk customers through the engagement – e.g., by helping customers try and use deep products in-store.

Third, retailers cannot infer product inspection depth solely from predefined product categories because there is much variation in inspection depth within a particular category. Rather, management should infer inspection depth using the proposed measures, or expert, independent judges.

Fourth, retailers should use a deep/offline onboarding strategy for new customers. That is, they should use acquisition channels that encourage the first purchase to be deep/offline.

Zhang adds that “We also discuss related issues such as using stores versus showrooms; fielding full or limited staff; selling private label goods; designing loyalty and buy online, pickup in-store (BOPIS) programs; and leveraging technology to create physical engagement in online settings.”

Continue Reading

BizNews

Xendit launches payment gateway services to individual business owners

When individual sellers integrate their business with Xendit, their customers can make direct payments via direct debit through Bank of the Philippine Islands (BPI) and UnionBank of the Philippines (UBP), e-wallets such as GCash, GrabPay, and PayMaya, or Over-the-Counter via 7-Eleven and Cebuana Lhuillier. Meanwhile, sole proprietors, corporations, and partnerships can also process credit card payments.

Published

on

The ongoing pandemic has brought out the creative side of many Filipinos, who have found ways to supplement their incomes by selling various products or services on social media. Xendit is making it easier for individual business owners to settle payments with access to a world-class platform that makes billings simple, secure, and easy.

“The pandemic has seen a rise in individual sellers who utilize social media to sell their goods and services. The digital nature of transactions means payment methods need to adapt. We want to empower these rising contributors to the Philippine economy with a platform that handles payments for them while they focus on their business,” says Alyzza Acacio, Philippine SME Task Force Lead of Xendit Philippines.

When individual sellers integrate their business with Xendit, their customers can make direct payments via direct debit through Bank of the Philippine Islands (BPI) and UnionBank of the Philippines (UBP), e-wallets such as GCash, GrabPay, and PayMaya, or Over-the-Counter via 7-Eleven and Cebuana Lhuillier. Meanwhile, sole proprietors, corporations, and partnerships can also process credit card payments.

Since Xendit handles payments on the individual seller’s behalf, entrepreneurs can focus on fulfilling orders and growing their business. They no longer need to coordinate with each customer for payments because transaction statuses are updated in real-time on the Xendit dashboard. 

Xendit’s mission is to make payments simple, so that even entrepreneurs and small and medium enterprises (SMEs) unfamiliar who are not as technically savvy can integrate with the platform easily. Xendit is available in platforms such as Wix, Shopify, or WooCommerce. Those who rely solely on social media for business can generate payment links that customers can access. Sellers also have access to their transaction history on a centralized dashboard to monitor sales and payments.

“We need to continue to support the Filipino micro-entrepreneurs and small business owners to embrace the digital age; they have experienced the ease that online selling and marketing and smartphones have brought them closer to their customers. The next step is to help them grow their business by helping them manage day-to-day tasks in their enterprise and improve their financial literacy as they experience and use fintech products and platforms more and more,” says Ana Mijares, Senior Trainer for the Go Digital ASEAN initiative.

To welcome SMEs, Xendit is offering up to P1.6 million worth of waived transaction fees for new sign-ups. The platform is also waiving P1 million in fees for individual sellers.

Opening its platform to individual sellers is just one of Xendit’s many ways to empower SMEs using technology. Its Level Up accelerator program supports entrepreneurs through masterclasses and challenges that give them the tools and know-how to scale their businesses. The program also includes giving P3.5 million in free transactions for 1,000 startups for one year through its video challenge

Xendit is the simplest and most trusted name in digital transactions in the region. It powers SMEs as well as the Philippines’ largest enterprises. Xendit is committed to building a solid payment infrastructure for the country and the rest of Southeast Asia.

“We launched an SME task force at the beginning of the year to help create solutions for Filipino businesses that may have been affected by the pandemic. We hope to continue our support for Filipino MSMEs so they can grow their business and help the Philippine economy,” says Yang Yang Zhang, Managing Director of Xendit Philippines.

Continue Reading
Advertisement
Advertisement

Like us on Facebook

Trending