Connect with us

BizNews

Security response planning on the rise, but containing attacks remains an issue – IBM

While organizations surveyed have slowly improved in their ability to plan for, detect and respond to cyberattacks over the past five years, their ability to contain an attack has declined by 13% during this same period.

Published

on

IBM announced the results of a global report examining businesses’ effectiveness in preparing for and responding to cyberattacks. While organizations surveyed have slowly improved in their ability to plan for, detect and respond to cyberattacks over the past five years, their ability to contain an attack has declined by 13% during this same period.

The global survey conducted by Ponemon Institute and sponsored by IBM Security found that respondents’ security response efforts were hindered by the use of too many security tools, as well as a lack of specific playbooks for common attack types.

While security response planning is slowly improving, the vast majority of organizations surveyed (74%) are still reporting that their plans are either ad-hoc, applied inconsistently, or that they have no plans at all. This lack of planning can impact the cost of security incidents, as companies that have incident response teams and extensively test their incident response plans spend an average of $1.2 million less on data breaches than those who have both of these cost-saving factors in place.

The key findings of those surveyed from the fifth annual Cyber Resilient Organization Report include:

  • Slowly Improving: More surveyed organizations have adopted formal, enterprise-wide security response plans over the past 5 years of the study; growing from 18% of respondents in 2015, to 26% in this year’s report (a 44% improvement).
  • Playbooks Needed: Even amongst those with a formal security response plan, only one third (representing 17% of total respondents) had also developed specific playbooks for common attack types — and plans for emerging attack methods like ransomware lagged even further behind.
  • Complexity Hinders Response: The amount of security tools that an organization was using had a negative impact across multiple categories of the threat lifecycle amongst those surveyed. Organizations using 50+ security tools ranked themselves 8% lower in their ability to detect, and 7% lower in their ability to respond to an attack, than those respondents with less tools.
  • Better Planning, Less Disruption: Companies with formal security response plans applied across the business were less likely to experience significant disruption as the result of a cyberattack. Over the past two years, only 39% of these companies experienced a disruptive security incident, compared to 62% of those with less formal or consistent plans.

“While more organizations are taking incident response planning seriously, preparing for cyberattacks isn’t a one and done activity,” said Wendi Whitmore, Vice President of IBM X-Force Threat Intelligence. “Organizations must also focus on testing, practicing and reassessing their response plans regularly. Leveraging interoperable technologies and automation can also help overcome complexity challenges and speed the time it takes to contain an incident.”

Updating Playbooks for Emerging Threats
The survey found that even amongst organizations with a formal cybersecurity incident response plan (CSIRP), only 33% had playbooks in place for specific types of attacks. Since different breeds of attack require unique response techniques, having pre-defined playbooks provides organizations with consistent and repeatable action plans for the most common attacks they are likely to face.   

Amongst the minority of responding organizations who do have attack-specific playbooks, the most common playbooks are for DDoS attacks (64%) and malware (57%). While these methods have historically been top issues for the enterprise, additional attack methods such as ransomware are on the rise. While ransomware attacks have spiked nearly 70% in recent years, only 45% of those in the survey using playbooks had designated plans for ransomware attacks.

Additionally, more than half (52%) of those with security response plans said they have never reviewed or have no set time period for reviewing or testing those plans. With business operations changing rapidly due to an increasingly remote workforce, and new attack techniques constantly being introduced, this data suggests that surveyed businesses may be relying on outdated response plans which don’t reflect the current threat and business landscape.

More Tools Led to Worse Response Capabilities
The report also found that complexity is negatively impacting incident response capabilities. Those surveyed estimated their organization was using more than 45 different security tools on average, and that each incident they responded to required coordination across around 19 tools on average. However, the study also found that an over-abundance of tools may actually hinder organizations ability to handle attacks. In the survey, those using more than 50 tools ranked themselves 8% lower in their ability to detect an attack (5.83/10 vs. 6.66/10), and around 7% lower when it comes to responding to an attack (5.95/10 vs. 6.72/10).

These findings suggest that adopting more tools didn’t necessarily improve security response efforts — in fact, it may have done the opposite. The use of open, interoperable platforms as well as automation technologies can help reduce the complexity of responding across disconnected tools. Amongst high-performing organizations in the report, 63% said the use of interoperable tools helped them improve their response to cyberattacks.

While security response planning is slowly improving, the vast majority of organizations surveyed (74%) are still reporting that their plans are either ad-hoc, applied inconsistently, or that they have no plans at all.

Better Planning Pays Off
This year’s report suggests that surveyed organizations who invested in formal planning were more successful in responding to incidents. Amongst respondents with a CSIRP applied consistently across the business, only 39% experienced an incident that resulted in a significant disruption to the organization within the past two years  compared to 62% of those who didn’t have a formal plan in place.

Looking at specific reasons that these organizations cited for their ability to respond to attacks, security workforce skills were found to be a top factor. 61% of those surveyed attributed hiring skilled employees as a top reason for becoming more resilient; amongst those who said their resiliency did not improve, 41% cited the lack of skilled employees as the top reason.

Technology was another differentiator that helped organizations in the report become more cyber resilient, especially when it comes to tools that helped them resolve complexity. Looking at organizations with higher levels of cyber resilience, the top two factors cited for improving their level of cyber resilience were visibility into applications and data (57% selecting) and automation tools (55% selecting). Overall, the data suggests that surveyed organizations that were more mature in their response preparedness relied more heavily on technology innovations to become more resilient.

BizNews

Xendit launches payment gateway services to individual business owners

When individual sellers integrate their business with Xendit, their customers can make direct payments via direct debit through Bank of the Philippine Islands (BPI) and UnionBank of the Philippines (UBP), e-wallets such as GCash, GrabPay, and PayMaya, or Over-the-Counter via 7-Eleven and Cebuana Lhuillier. Meanwhile, sole proprietors, corporations, and partnerships can also process credit card payments.

Published

on

The ongoing pandemic has brought out the creative side of many Filipinos, who have found ways to supplement their incomes by selling various products or services on social media. Xendit is making it easier for individual business owners to settle payments with access to a world-class platform that makes billings simple, secure, and easy.

“The pandemic has seen a rise in individual sellers who utilize social media to sell their goods and services. The digital nature of transactions means payment methods need to adapt. We want to empower these rising contributors to the Philippine economy with a platform that handles payments for them while they focus on their business,” says Alyzza Acacio, Philippine SME Task Force Lead of Xendit Philippines.

When individual sellers integrate their business with Xendit, their customers can make direct payments via direct debit through Bank of the Philippine Islands (BPI) and UnionBank of the Philippines (UBP), e-wallets such as GCash, GrabPay, and PayMaya, or Over-the-Counter via 7-Eleven and Cebuana Lhuillier. Meanwhile, sole proprietors, corporations, and partnerships can also process credit card payments.

Since Xendit handles payments on the individual seller’s behalf, entrepreneurs can focus on fulfilling orders and growing their business. They no longer need to coordinate with each customer for payments because transaction statuses are updated in real-time on the Xendit dashboard. 

Xendit’s mission is to make payments simple, so that even entrepreneurs and small and medium enterprises (SMEs) unfamiliar who are not as technically savvy can integrate with the platform easily. Xendit is available in platforms such as Wix, Shopify, or WooCommerce. Those who rely solely on social media for business can generate payment links that customers can access. Sellers also have access to their transaction history on a centralized dashboard to monitor sales and payments.

“We need to continue to support the Filipino micro-entrepreneurs and small business owners to embrace the digital age; they have experienced the ease that online selling and marketing and smartphones have brought them closer to their customers. The next step is to help them grow their business by helping them manage day-to-day tasks in their enterprise and improve their financial literacy as they experience and use fintech products and platforms more and more,” says Ana Mijares, Senior Trainer for the Go Digital ASEAN initiative.

To welcome SMEs, Xendit is offering up to P1.6 million worth of waived transaction fees for new sign-ups. The platform is also waiving P1 million in fees for individual sellers.

Opening its platform to individual sellers is just one of Xendit’s many ways to empower SMEs using technology. Its Level Up accelerator program supports entrepreneurs through masterclasses and challenges that give them the tools and know-how to scale their businesses. The program also includes giving P3.5 million in free transactions for 1,000 startups for one year through its video challenge

Xendit is the simplest and most trusted name in digital transactions in the region. It powers SMEs as well as the Philippines’ largest enterprises. Xendit is committed to building a solid payment infrastructure for the country and the rest of Southeast Asia.

“We launched an SME task force at the beginning of the year to help create solutions for Filipino businesses that may have been affected by the pandemic. We hope to continue our support for Filipino MSMEs so they can grow their business and help the Philippine economy,” says Yang Yang Zhang, Managing Director of Xendit Philippines.

Continue Reading

BizNews

Gender bias is real for women in family-owned businesses

A study examining gender bias and family-owned businesses found daughters were rarely encouraged nor received support to pursue entrepreneurship education while sons mostly did.

Published

on

Photo by Tim Mossholder from Pexels.com

A study examining gender bias and family-owned businesses found daughters were rarely encouraged nor received support to pursue entrepreneurship education while sons mostly did.

Professors James Combs, Peter Jaskiewicz, and Sabine Raul from the Telfer School of Management uncovered new insights about how gender bias – the preference of a gender over the other – affects the succession strategy in multi-generational family firms. Their findings are published in the Journal of Small Business Management.

When nurturing the next generation, entrepreneurial families often prepare their daughters and sons differently for their careers. The researchers noticed a common pattern in the stories shared by the next generation: Sons are often nurtured to become entrepreneurial, whether they are expected to take over the firm one day or to start a venture elsewhere. Daughters, however, receive little to no incentive to develop the leadership skills and entrepreneurial passion required to contribute to the family firm or start their own business.

In conversations with 26 children who were raised in 13 multi-generational family firms – some being centuries old – but not expected to work in the firm, the researchers found that:

  • Seven of the nine sons (78%), pursued entrepreneurial careers;
  • Only one among the 15 daughters (7%) gained an entrepreneurial education and engaged in entrepreneurship (7%);
  • Women were not encouraged to pursue entrepreneurship education, gain business experience, start a new venture;
  • Men rather than women received financial resources from the family to start their own business

“Even when these female non-successors have opportunities to acquire relevant knowledge and work to start a business, becoming entrepreneurial was still a challenging uphill battle,” says Jaskiewicz, who believes the data reveals women do not pursue entrepreneurship outside of the family because they lacked sufficient emotional and financial support from the family.

Continue Reading

BizNews

Do customer loyalty programs really help sellers make money?

A non-tiered customer loyalty program’s reduction in attrition accounts for more than 80% of the program’s total lift or success. On the other hand, increased frequency accounts for less than 20% of the program’s lift or effectiveness.

Published

on

Photo by Blake Wisz from Unsplash.com

Customer loyalty programs have been around for decades and are used to help businesses, marketers and sellers build a sustainable relationship with their customers. But do they work? A recent study sought to find out and researchers learned that while yes, customer loyalty programs do work, perhaps not in ways most may assume.

There are two basic types of customer loyalty programs, tiered and non-tiered. Airlines and hotels often use tiered customer loyalty programs that increase rewards as program members reach higher thresholds of spending over time. Retailers and service industry businesses are more likely to offer non-tiered customer loyalty programs, in which members are rewarded with frequent, but not increasing rewards, such as “buy 10 get one free.”

This research investigated if those non-tiered customer loyalty programs actually do what they are designed to do.

The study to be published in the June issue of the INFORMS journal Marketing Science, “Can Non-tiered Customer Loyalty Programs Be Profitable?”, is authored by Arun Gopalakrishnan of Rice University, Zhenling Jiang of the Wharton School of Business at the University of Pennsylvania, and Yulia Nevskaya and Raphael Thomadsen of the Olin Business School at Washington University in St. Louis.

The authors found that non-tiered customer loyalty programs increase customer value by almost 30% over a five-year time period. They discovered that the program’s effectiveness is not so much through increased spending per transaction or frequency of purchasing but rather through the reduction of attrition. In other words, the chief benefit is that the customer loyalty program reduces customer fall-off and turnover.

“We found that a non-tiered customer loyalty program’s reduction in attrition accounts for more than 80% of the program’s total lift or success,” said Thomadsen. “On the other hand, increased frequency accounts for less than 20% of the program’s lift or effectiveness.”

Jiang added, “One of the more interesting findings was that the impact of the loyalty program does not necessarily contribute to increased spending per transaction or increased frequency of transactions. Rather, the benefit to the business is creating more sustainable and lasting relationships with customers.”

To conduct their research, the authors worked with a company to collect data of more than 5,500 new customers who first started purchasing from that company in the same three-month period. This helped to ensure that the customers were comparable in terms of the amount of time they had to become acquainted with the selling firm. For the next 30 months, the researchers collected all subsequent transaction data from those consumers. During that period, a non-tiered customer loyalty program was introduced.

In the process, some of these new customers were automatically enrolled into the loyalty program. This helped researchers better gauge pre-program visit frequency and spending and then compare it to post-enrollment visit frequency and spending. “We were able to analyze the behaviors of consumers absent a customer loyalty program, and then after the rollout of the program,” said Nevskaya. “We evaluated frequency and actual spending amounts, and whether customers come back for repeat transactions.”

Gopalakrishnan summarized, “In the end, the primary value of a non-tiered customer loyalty program is not a means to increase frequency or spending. It’s a way to nurture a long-term and lasting relationship with the customer to reduce the defection of loyal customers over time. Non-tiered loyalty programs may provide psychological benefits that help cultivate such loyalty.”

Continue Reading
Advertisement
Advertisement

Like us on Facebook

Trending