Connect with us

BizNews

Security response planning on the rise, but containing attacks remains an issue – IBM

While organizations surveyed have slowly improved in their ability to plan for, detect and respond to cyberattacks over the past five years, their ability to contain an attack has declined by 13% during this same period.

Published

on

IBM announced the results of a global report examining businesses’ effectiveness in preparing for and responding to cyberattacks. While organizations surveyed have slowly improved in their ability to plan for, detect and respond to cyberattacks over the past five years, their ability to contain an attack has declined by 13% during this same period.

The global survey conducted by Ponemon Institute and sponsored by IBM Security found that respondents’ security response efforts were hindered by the use of too many security tools, as well as a lack of specific playbooks for common attack types.

While security response planning is slowly improving, the vast majority of organizations surveyed (74%) are still reporting that their plans are either ad-hoc, applied inconsistently, or that they have no plans at all. This lack of planning can impact the cost of security incidents, as companies that have incident response teams and extensively test their incident response plans spend an average of $1.2 million less on data breaches than those who have both of these cost-saving factors in place.

The key findings of those surveyed from the fifth annual Cyber Resilient Organization Report include:

  • Slowly Improving: More surveyed organizations have adopted formal, enterprise-wide security response plans over the past 5 years of the study; growing from 18% of respondents in 2015, to 26% in this year’s report (a 44% improvement).
  • Playbooks Needed: Even amongst those with a formal security response plan, only one third (representing 17% of total respondents) had also developed specific playbooks for common attack types — and plans for emerging attack methods like ransomware lagged even further behind.
  • Complexity Hinders Response: The amount of security tools that an organization was using had a negative impact across multiple categories of the threat lifecycle amongst those surveyed. Organizations using 50+ security tools ranked themselves 8% lower in their ability to detect, and 7% lower in their ability to respond to an attack, than those respondents with less tools.
  • Better Planning, Less Disruption: Companies with formal security response plans applied across the business were less likely to experience significant disruption as the result of a cyberattack. Over the past two years, only 39% of these companies experienced a disruptive security incident, compared to 62% of those with less formal or consistent plans.

“While more organizations are taking incident response planning seriously, preparing for cyberattacks isn’t a one and done activity,” said Wendi Whitmore, Vice President of IBM X-Force Threat Intelligence. “Organizations must also focus on testing, practicing and reassessing their response plans regularly. Leveraging interoperable technologies and automation can also help overcome complexity challenges and speed the time it takes to contain an incident.”

Updating Playbooks for Emerging Threats
The survey found that even amongst organizations with a formal cybersecurity incident response plan (CSIRP), only 33% had playbooks in place for specific types of attacks. Since different breeds of attack require unique response techniques, having pre-defined playbooks provides organizations with consistent and repeatable action plans for the most common attacks they are likely to face.   

Amongst the minority of responding organizations who do have attack-specific playbooks, the most common playbooks are for DDoS attacks (64%) and malware (57%). While these methods have historically been top issues for the enterprise, additional attack methods such as ransomware are on the rise. While ransomware attacks have spiked nearly 70% in recent years, only 45% of those in the survey using playbooks had designated plans for ransomware attacks.

Additionally, more than half (52%) of those with security response plans said they have never reviewed or have no set time period for reviewing or testing those plans. With business operations changing rapidly due to an increasingly remote workforce, and new attack techniques constantly being introduced, this data suggests that surveyed businesses may be relying on outdated response plans which don’t reflect the current threat and business landscape.

More Tools Led to Worse Response Capabilities
The report also found that complexity is negatively impacting incident response capabilities. Those surveyed estimated their organization was using more than 45 different security tools on average, and that each incident they responded to required coordination across around 19 tools on average. However, the study also found that an over-abundance of tools may actually hinder organizations ability to handle attacks. In the survey, those using more than 50 tools ranked themselves 8% lower in their ability to detect an attack (5.83/10 vs. 6.66/10), and around 7% lower when it comes to responding to an attack (5.95/10 vs. 6.72/10).

These findings suggest that adopting more tools didn’t necessarily improve security response efforts — in fact, it may have done the opposite. The use of open, interoperable platforms as well as automation technologies can help reduce the complexity of responding across disconnected tools. Amongst high-performing organizations in the report, 63% said the use of interoperable tools helped them improve their response to cyberattacks.

While security response planning is slowly improving, the vast majority of organizations surveyed (74%) are still reporting that their plans are either ad-hoc, applied inconsistently, or that they have no plans at all.

Better Planning Pays Off
This year’s report suggests that surveyed organizations who invested in formal planning were more successful in responding to incidents. Amongst respondents with a CSIRP applied consistently across the business, only 39% experienced an incident that resulted in a significant disruption to the organization within the past two years  compared to 62% of those who didn’t have a formal plan in place.

Looking at specific reasons that these organizations cited for their ability to respond to attacks, security workforce skills were found to be a top factor. 61% of those surveyed attributed hiring skilled employees as a top reason for becoming more resilient; amongst those who said their resiliency did not improve, 41% cited the lack of skilled employees as the top reason.

Technology was another differentiator that helped organizations in the report become more cyber resilient, especially when it comes to tools that helped them resolve complexity. Looking at organizations with higher levels of cyber resilience, the top two factors cited for improving their level of cyber resilience were visibility into applications and data (57% selecting) and automation tools (55% selecting). Overall, the data suggests that surveyed organizations that were more mature in their response preparedness relied more heavily on technology innovations to become more resilient.

BizNews

5 Trends shaping the future of online selling

The consumer ecommerce market is expected to approach $6 trillion by 2027, according to the International Trade Administration, up from roughly $4 trillion in 2024.

Published

on

Thanks to the explosion of ecommerce over the past couple decades, consumers can find virtually any product or service they can think of online. In fact, the consumer ecommerce market is expected to approach $6 trillion by 2027, according to the International Trade Administration, up from roughly $4 trillion in 2024.

A diverse collection of product segments is driving this growth, including everything from fashion and furniture to food and beverage. While major marketplace retailers still lead the category, ecommerce has become commonplace among small businesses, too. In fact, by the end of 2023, an estimated 80% of small businesses had at least basic ecommerce capabilities, according to a report by Digital Commerce 360.

However, small businesses are grappling with challenges such as inflation, supply chain issues and keeping pace with major retailers, among others, that are driving a variety of ecommerce trends in 2025 and beyond, including:

Video Content

Spurred by social media, video content is in high demand on ecommerce sites, too. Videos that explain how to use products, offer tips for using them and demonstrate projects that were completed using a product all earn favor with shoppers. In addition, videos that highlight product features, video reviews on social media and “live shopping events” on the social channels of ecommerce retailers can provide a more appealing interactive experience for shoppers.

Inclusive of the “live shopping events” trends, livestreaming is often popular among consumers as it can create a sense of FOMO (fear of missing out), leading to enhanced brand loyalty and engagement. Short-form videos sweeping social media also drive engagements and offer a quick, appealing way to demonstrate new or popular products.

Personalized Products

Ecommerce provides opportunities for shoppers who appreciate buying products that are uniquely their own. Online buying platforms that allow for customization of products such as shoes, clothing and drinkware can create buyer engagement and earn loyal shoppers who know they can purchase the items they want exactly to their own specifications.

In fact, a survey by McKinsey Insights found 80% of loyal customers prefer shopping with brands that offer tailored choices and personalized experiences. From color selection and accessories to performance variations, custom options can help create a highly personalized shopping experience that allow buyers to interact more directly than they would for a standardized transaction.

Beyond the initial purchase, customized reports and shipping notifications are also becoming the norm. Shippers can alert customers to their products’ delivery status – including any delays or changes – via email, text, video message or, in some cases, a customizable dashboard where consumers can view incoming shipments tied to their account or address, request a different delivery time or location, pre-sign for packages and more.

Micro Purchasing Moments

You may think phenomena like impulse buys or convenience purchases are reserved for brick-and-mortar stores, but micro-purchasing trends suggest otherwise. These purchases are typically made by someone looking for a quick solution or information in a hurry from a mobile device, such as comparing two or more similar products and clicking a “buy now” link, ordering and paying for food ahead of time to skip the line, making a hotel or excursion reservation while traveling or looking up movie showtimes and purchasing tickets from the same page. Ecommerce sites that can establish themselves as a resource, make information easy to digest and simplify the purchasing process are earning customers (and revenue).

Flexible Payment Options

Online purchases were once limited almost exclusively to credit card purchases, but over time, businesses have granted greater flexibility to shoppers when it comes to collecting payment. While this trend has been growing for several years, many contemporary ecommerce sites now accept credit or debit cards, online checks, digital wallet and mobile payment services, cryptocurrency and even installment payments via third-party providers. By 2029, the third-party payment market is expected to almost double from $62.5 billion in 2024, according to findings from Mordor Intelligence.

Simplified Shipping Options

Evolving technology isn’t just improving the browsing and purchasing side of ecommerce; shipping operations are also seeing enhancements. For example, ShipAccel, a digital platform designed by Pitney Bowes, simplifies and enhances shipping operations with advanced ecommerce technology. The platform empowers early ecommerce brands to ship like larger companies with access to discounted carrier rates; more than 80 integrations including leading marketplaces, data and insights to help make smarter shipping decisions; branded tracking; and return capabilities. It features a collection of apps, widgets and application programming interfaces to easily configure new workflows and seamlessly meet the demands of business growth.

“As ecommerce becomes a mainstay, shippers must take a technology-first approach, utilizing platforms that can grow along with the business and partnering with providers who offer deep expertise in the segment,” said Shemin Nurmohamed, president of Sending Technology Solutions at Pitney Bowes. “As a result of using technology like ShipAccel, ecommerce shippers can save money, enhance operational efficiencies and delight customers – all of which support the business’ bottom line.”

Continue Reading

BizNews

‘Jekyll and Hyde’ leaders do lasting damage, new research shows

In today’s workplaces, employees are very attuned to their supervisors’ relationships with more senior leaders. If that relationship becomes unpredictable, or is marked by repeated bouts of good and bad behavior, it can cause real problems for the whole team.

Published

on

There’s only one thing worse than an abusive boss—and that’s a boss who thinks they can make up for their bad behavior by turning on the charm the following day. That’s the key finding from a new study from researchers at Stevens Institute of Technology, which shows that employees’ morale and job performance decline sharply when leaders lurch unpredictably between good and bad behavior. 

“We already know that abusive leadership takes a serious toll on workers—but now we’re seeing that leaders who swing back and forth between abusive and ethical leadership do even more damage to employees,” says Dr. Haoying Xu, the study’s lead author and an assistant professor of management in the Stevens School of Business. “It turns out that reverting to an ethical leadership style doesn’t magically erase the impact of prior bad behavior—and in some circumstances, it can actually make things worse.”  

The research, published in the Journal of Applied Psychology, used surveys and field experiments to examine the impact of “Jekyll-and-Hyde” leadership on more than 650 full-time employees based in the United States and Europe. Dr. Xu’s team confirmed that the workers struggled when their supervisors were abusive—but found an even stronger negative impact when supervisors alternated unpredictably between abusive and ethical leadership styles.

“If you’re constantly guessing which boss will turn up—the good cop or the bad cop—then you wind up emotionally exhausted, demoralized, and unable to work to your full potential,” Dr. Xu explains. 

The new research also shows for the first time that “Jekyll-and-Hyde” leadership can take a serious toll even when employees aren’t directly impacted by a leader’s on-again, off-again misbehavior. When a supervisor’s own boss alternated between abusive and ethical leadership, the study found, it created additional uncertainty and eroded employees’ confidence in the supervisor’s capabilities.

“In today’s workplaces, employees are very attuned to their supervisors’ relationships with more senior leaders,” Dr. Xu says. “If that relationship becomes unpredictable, or is marked by repeated bouts of good and bad behavior, it can cause real problems for the whole team.” 

For organizations, the research offers some important new insights—most notably the fact that leaders who seek to atone for intermittent bad behavior are often doing real harm to their employees. “Organizations tend to intervene when bosses are consistently abusive, but are more tolerant of leaders whose abusive behavior only shows through from time to time,” Dr. Xu says. “With this study, however, we’ve shown that intermittent bad behavior can actually be more toxic for organizations.” 

To counter Jekyll-and-Hyde leadership, Dr. Xu says, organizations should pay attention to employees who voice concerns, and hold leaders accountable for sporadic abusive behavior. It’s also worth considering anger management coaching for leaders who show signs of volatility. “This kind of intermittent abusive leadership tends to be impulsive,” Dr. Xu says. “That means there’s scope to reduce or eliminate it by helping leaders to manage their tempers and improve their impulse control.” 

In future research, Dr. Xu hopes to explore how employees respond to and learn from Jekyll-and-Hyde leadership, and how a leader’s periodic abusive behavior impacts individual behavior and team dynamics. “There are some indications that this kind of leadership could be contagious, with a leader’s volatility fostering volatility in others,” he says. 

There is also some intriguing early evidence that employees might learn from and emulate a leader’s bad behavior more than they replicate their good behavior. “If that’s the case, then it would be another big reason for organizations to take Jekyll-and-Hyde leadership seriously,” Dr. Xu warns.

Continue Reading

BizNews

Not all ‘review bombing’ is bad for business

Having a one-size-fits-all, review bombing or political speech policy can lead to the suppression of legitimate expressions of support for the role a small business plays in the community.

Published

on

For a business on the receiving end of “review bombs” – the sudden influx of online customer reviews following a political or cultural controversy – an interventionist approach to content moderation might seem like a prudent strategy.

But a new open-access study by a Rutgers researcher finds that when review platforms such as Yelp enact tough moderation policies in a bid to sanitize political speech, it can unnecessarily constrain reasonable opinions and cultural context that consumers depend on to decide where to spend their money.

“Simply put, everything you think you know about review bombing is wrong,” said Will B. Payne, assistant professor of geographic information science at Rutgers’ Edward J. Bloustein School of Planning and Public Policy and author of the study, published in the journal Big Data & Society.

Online reviews can have a significant impact on an independent business’s revenue, particularly those on Yelp, the leading local review platform in the United States. One study found that a one-star increase in the average Yelp rating causes a 5% to 9% increase in revenue for nonchain restaurants.

To understand the geographic reach of review bombing incidents and how platforms define acceptable speech, Payne assessed Yelp’s moderation of comments on U.S. businesses embroiled in political controversies between 2004 and 2021. 

First, Payne created a database of businesses affected by national and local politics. Using news sources to identify specific cases and date ranges, he built a dataset of tens of thousands of political-themed reviews. Topics included the 2016 and 2020 U.S. elections, the Black Lives Matter and #MeToo movements and the COVID-19 pandemic.

Next, he analyzed Yelp’s publicly available metadata for reviews of affected businesses, including review date, username, star rating and user location.

Payne then selected two businesses with large numbers of Yelp reviews for in-depth analysis: Washington, D.C.-based pizzeria Comet Ping Pong (subject of the Pizzagate conspiracy theory in 2016) and St. Louis-based Pi Pizzeria, whose owner, Chris Sommers, became the target of online and offline harassment by pro-police supporters after he publicly backed the Black Lives Matter movement in 2017.

In Comet Ping Pong’s case, Payne found that review bombing resulted in primarily negative comments by reviewers mostly on the West Coast – thousands of miles away from the restaurant – while Pi Pizzeria experienced a much more local pattern (largely from the St. Louis area), with an even split of supporters and detractors.

Payne found that Yelp’s automated and human review filtering systems largely responded the same way to each incident, but with considerably different effects. For Comet Ping Pong, of the 283 reviews flagged and removed by Yelp, 229 were negative one-star reviews. By contrast, of the 588 Pi Pizzeria reviews that Yelp removed, most were in support of Sommers’ actions, positive reviews that averaged close to the restaurant’s four-star rating of Yelp-approved reviews.

“Local customers were censored for simply thanking Chris Sommers for standing with them as they marched against police violence,” Payne said. “They weren’t fake reviews about a conspiracy theory; they were legitimate statements by people supporting a business, in this case for the support its owner gave to the neighborhood.”

Payne also looked at Google’s approach to content moderation and found that unlike Yelp, Google rarely removes politically themed reviews. This, too, can be a double-edged sword; Comet Ping Pong still has dozens of public Google reviews referencing the false Pizzagate conspiracy. 

The data does have several limitations, Payne said. First is the possibility that the self-reported location of Yelp users was inaccurate, or that some users could have moved between the time they set up their Yelp profile and when they wrote a review.

Additionally, reviews on Google Maps – a popular Yelp competitor – don’t contain user location information and can be removed by Google without leaving the public metadata traces that Yelp provides for transparency.

As review bombing continues to test review platforms’ approaches to political discourse – the most recent example surfaced this month, when Yelp halted reviews of a McDonald’s franchise in Feasterville, Penn., where former President Donald J. Trump had held a campaign event – Payne said it’s worth considering whether content moderation has gone too far.

The question is particularly relevant for Yelp, which has used corporate communications and review search filters to support Black-owned, women-owned, and LGBTQ-inclusive businesses – speech that isn’t permitted by reviewers themselves unless accompanying a customer experience review.

“Having a one-size-fits-all, review bombing or political speech policy can lead to the suppression of legitimate expressions of support for the role a small business plays in the community, as in the case of Pi Pizzeria,” Payne said. “Some might disagree that the political positions of a business owner should guide consumer behavior, but on Yelp, it’s a choice that users can’t even make for themselves.”

Continue Reading
Advertisement
Advertisement

Like us on Facebook

Trending