Connect with us

BizNews

Security response planning on the rise, but containing attacks remains an issue – IBM

While organizations surveyed have slowly improved in their ability to plan for, detect and respond to cyberattacks over the past five years, their ability to contain an attack has declined by 13% during this same period.

Published

on

IBM announced the results of a global report examining businesses’ effectiveness in preparing for and responding to cyberattacks. While organizations surveyed have slowly improved in their ability to plan for, detect and respond to cyberattacks over the past five years, their ability to contain an attack has declined by 13% during this same period.

The global survey conducted by Ponemon Institute and sponsored by IBM Security found that respondents’ security response efforts were hindered by the use of too many security tools, as well as a lack of specific playbooks for common attack types.

While security response planning is slowly improving, the vast majority of organizations surveyed (74%) are still reporting that their plans are either ad-hoc, applied inconsistently, or that they have no plans at all. This lack of planning can impact the cost of security incidents, as companies that have incident response teams and extensively test their incident response plans spend an average of $1.2 million less on data breaches than those who have both of these cost-saving factors in place.

The key findings of those surveyed from the fifth annual Cyber Resilient Organization Report include:

  • Slowly Improving: More surveyed organizations have adopted formal, enterprise-wide security response plans over the past 5 years of the study; growing from 18% of respondents in 2015, to 26% in this year’s report (a 44% improvement).
  • Playbooks Needed: Even amongst those with a formal security response plan, only one third (representing 17% of total respondents) had also developed specific playbooks for common attack types — and plans for emerging attack methods like ransomware lagged even further behind.
  • Complexity Hinders Response: The amount of security tools that an organization was using had a negative impact across multiple categories of the threat lifecycle amongst those surveyed. Organizations using 50+ security tools ranked themselves 8% lower in their ability to detect, and 7% lower in their ability to respond to an attack, than those respondents with less tools.
  • Better Planning, Less Disruption: Companies with formal security response plans applied across the business were less likely to experience significant disruption as the result of a cyberattack. Over the past two years, only 39% of these companies experienced a disruptive security incident, compared to 62% of those with less formal or consistent plans.

“While more organizations are taking incident response planning seriously, preparing for cyberattacks isn’t a one and done activity,” said Wendi Whitmore, Vice President of IBM X-Force Threat Intelligence. “Organizations must also focus on testing, practicing and reassessing their response plans regularly. Leveraging interoperable technologies and automation can also help overcome complexity challenges and speed the time it takes to contain an incident.”

Updating Playbooks for Emerging Threats
The survey found that even amongst organizations with a formal cybersecurity incident response plan (CSIRP), only 33% had playbooks in place for specific types of attacks. Since different breeds of attack require unique response techniques, having pre-defined playbooks provides organizations with consistent and repeatable action plans for the most common attacks they are likely to face.   

Amongst the minority of responding organizations who do have attack-specific playbooks, the most common playbooks are for DDoS attacks (64%) and malware (57%). While these methods have historically been top issues for the enterprise, additional attack methods such as ransomware are on the rise. While ransomware attacks have spiked nearly 70% in recent years, only 45% of those in the survey using playbooks had designated plans for ransomware attacks.

Additionally, more than half (52%) of those with security response plans said they have never reviewed or have no set time period for reviewing or testing those plans. With business operations changing rapidly due to an increasingly remote workforce, and new attack techniques constantly being introduced, this data suggests that surveyed businesses may be relying on outdated response plans which don’t reflect the current threat and business landscape.

More Tools Led to Worse Response Capabilities
The report also found that complexity is negatively impacting incident response capabilities. Those surveyed estimated their organization was using more than 45 different security tools on average, and that each incident they responded to required coordination across around 19 tools on average. However, the study also found that an over-abundance of tools may actually hinder organizations ability to handle attacks. In the survey, those using more than 50 tools ranked themselves 8% lower in their ability to detect an attack (5.83/10 vs. 6.66/10), and around 7% lower when it comes to responding to an attack (5.95/10 vs. 6.72/10).

These findings suggest that adopting more tools didn’t necessarily improve security response efforts — in fact, it may have done the opposite. The use of open, interoperable platforms as well as automation technologies can help reduce the complexity of responding across disconnected tools. Amongst high-performing organizations in the report, 63% said the use of interoperable tools helped them improve their response to cyberattacks.

While security response planning is slowly improving, the vast majority of organizations surveyed (74%) are still reporting that their plans are either ad-hoc, applied inconsistently, or that they have no plans at all.

Better Planning Pays Off
This year’s report suggests that surveyed organizations who invested in formal planning were more successful in responding to incidents. Amongst respondents with a CSIRP applied consistently across the business, only 39% experienced an incident that resulted in a significant disruption to the organization within the past two years  compared to 62% of those who didn’t have a formal plan in place.

Looking at specific reasons that these organizations cited for their ability to respond to attacks, security workforce skills were found to be a top factor. 61% of those surveyed attributed hiring skilled employees as a top reason for becoming more resilient; amongst those who said their resiliency did not improve, 41% cited the lack of skilled employees as the top reason.

Technology was another differentiator that helped organizations in the report become more cyber resilient, especially when it comes to tools that helped them resolve complexity. Looking at organizations with higher levels of cyber resilience, the top two factors cited for improving their level of cyber resilience were visibility into applications and data (57% selecting) and automation tools (55% selecting). Overall, the data suggests that surveyed organizations that were more mature in their response preparedness relied more heavily on technology innovations to become more resilient.

BizNews

Prime Asia Hotel thrives through technology, shared values

“Our model is to always adapt and to listen to our guests, to see their requirements in order to adjust accordingly and improve our facilities,” said Prime Asia Hotel General Manager Walid El Zeer.

Published

on

In the dynamic sphere of hospitality, Prime Asia Hotel (PAH) has carved a niche that was built on unwavering values and confidence in technology.

At the heart of its success, there is relentless dedication to offer guests a memorable stay, making use of innovative tools, coupled with a commitment to the company values: Pleasantness, Attentiveness, and Honesty.

“Our model is to always adapt and to listen to our guests, to see their requirements in order to adjust accordingly and improve our facilities,” said Prime Asia Hotel General Manager Walid El Zeer.

Making good on this promise, the hotel opened its doors to furparents who would like to bring their small pets with them. The hotel is also working to improve their facilities to soon accommodate even bigger breeds. 

Aside from that, the hotel also offers a 24-hour access to its swimming pool, a menu specially-made for kids, spa, and massage services, budget-friendly offerings, a 24/7 coffee shop, as well as diverse culinary options perfect for leisure, business, and family travelers.

“A satisfying aspect for us is providing a safe and friendly environment for families and kids, to see them happy, and enjoying their time in the hotel. It’s touching when you see them sad to leave, wanting to come back or to stay more. It gives us happiness that we are able to achieve something that is good for these families,” El Zeer noted. 

In a business where every second counts, technology’s ability to eliminate bureaucratic roadblocks and enable real-time decision-making has been a game-changer for Prime Asia Hotel. 

They harness technology to optimize operations, freeing up staff from tedious chores so they can concentrate on creating meaningful guest interactions. This helps them foster an environment where the team can thrive and guests feel truly valued.

Converge ICT Solutions Inc., their technology provider, plays a crucial role in this evolution by offering up-to-date solutions that complement the hotel’s aspirations.

Their subscription to business-grade fiber of Converge, flexiBIZ, sees to it that the connectivity remains fast and reliable, meeting the speed and consistency that travelers require.

“Today, even if you give the cleanest room, cook the best food, give the best service, the nicest smile and you are not providing a good reliable Wi-Fi connection, the guest will not be happy. Now we are on FlexiBiz. It’s it’s very efficient, budget friendly and reliable solution,” El Zeer said.

“Sometimes the guests have two or three gadgets in the same room, but we are not receiving any complaints about it. It’s still working very well and very reliable,” he added. 

Beyond technology, Prime Asia’s success is nurtured by the core values it stands up for. Having their values at the core of their hiring decisions, they make sure that every staff member is motivated by a shared vision and goal.

For El Zeer, skills can be developed, but values are innate. Combining this with necessary skills, the hotel is positioned to create a synergy that sets them for exceptional service.

Undoubtedly, Prime Asia Hotel’s future holds immense promise. As Prime Asia Hotel continues to stride forward, its commitment to guest-centricity and innovation remains unshaken. 

With this dedication, Prime Asia Hotel guarantees that each visitor leaves with treasured memories, a sense of belonging, and a promise to return.

Continue Reading

BizNews

Better or different? How brand differentiation affects pay and profits

High-quality brands taking advantage of brand cachet to pay employees less erodes profits due to negative effects on employee productivity and retention. More unique brands which tend to pay more, on the other hand, yield a net positive effect on profits due to positive effects on the same employee behaviors.

Published

on

New research finds brands that leverage a reputation for quality to pay employees less risk eroding profits.

The paper, published in the Journal of Marketing Research and authored by researchers from Duke University, London Business School and Texas A&M University, shows that vertical brand differentiation (being perceived as better) is associated with lower pay, whereas horizontal brand differentiation (being perceived as different) is associated with higher pay.

High-quality brands taking advantage of brand cachet to pay employees less erodes profits due to negative effects on employee productivity and retention. More unique brands which tend to pay more, on the other hand, yield a net positive effect on profits due to positive effects on the same employee behaviors.

“High-end brands, which are known for their quality and heritage of excellence, find it easier to attract employees who want the résumé boost of working for a well-known brand,” said Christine Moorman, Professor of Business Administration at Duke’s Fuqua School of Business. “Experiments undertaken during our study show that Human Resource managers believe, and employees agree that, on average, they will accept lower pay for such benefits.”

“More unique, lesser-known brands don’t have the same résumé cachet,” Moorman said. “Managers believe, and job candidates agree, that they require higher pay to work for these unique brands as such employment does not convey the same résumé power in securing future jobs.”  

Critically, these differential brand-pay relationships have important downstream effects on employee behavior and, consequently, on firms’ profits.

Nader Tavassoli, Professor of Marking at London Business School explained: “Taking advantage of high-quality brand cachet to lower pay represents a false economy because profits are diminished by negative effects on employee productivity and retention. Pay dissatisfaction can lead to people working less hard or leaving, ultimately costing companies money. Managers should, therefore, rely on brand reputation to attract talent, but not leverage it to suppress pay.”

“Higher pay can be motivating as employees exert extra effort, thereby driving up productivity and profits,” added Alina Sorescu, Professor of Marketing at Mays Business School, Texas A&M University.

“As Henry Ford once said, ‘Paying good wages is not charity at all, it is the best kind of business,'” Sorescu said. “This is borne out by our findings, which show that when managers at more unique firms pay more, profits increase.”

Given these dynamics, the researchers recommend that managers should consider brand differentiation in their pay benchmarking:

  • Consider your brand in setting pay, as your brand’s perceived quality and uniqueness have opposing pressures on employee pay.
  • Leverage your brand’s perceived quality to attract talent but not to pay less, as this results in a net profit loss due to negative effects on employee productivity and retention.
  • Take a benign view of paying employees more based on your brand’s perceived uniqueness, as this results in a net profit gain due to positive effects on employee productivity and retention.
  • Adjust your competitive pay benchmarking based on relative levels of both vertical and horizontal brand differentiation.
  • Have marketing and HR work together to compete effectively in the war for the “right” talent.

“Brands in the Labor Market: How Vertical and Horizontal Brand Differentiation Impact Pay and Profits Through Employee-Brand Matching” by Christine Moorman, Alina Sorescu and Nader T. Tavassoli appeared in the Journal of Marketing Research.

Continue Reading

BizNews

Nudging food delivery customers to skip fork drastically cuts plastic waste – study

As food delivery services became increasingly popular during the COVID-19 pandemic, the surge in plastic waste generated by single-use cutlery has become a key environmental challenge for many countries.

Published

on

In 2021, more than 400 million metric tons of plastic waste were produced worldwide, and it is predicted that the world’s plastic waste growth will continue to outpace the efforts to reduce plastic pollution in the coming decades. As food delivery services became increasingly popular during the COVID-19 pandemic, the surge in plastic waste generated by single-use cutlery has become a key environmental challenge for many countries.

A new study finds “green nudges” that encouraged customers to skip asking for cutlery with their delivery orders were dramatically successful and could be a powerful policy tool to reduce plastic waste.

“Few policies target plastic waste production at the consumer level, except charges on plastic bags,” says EPIC-China’s research director Guojun He, an author of the study and an Associate Professor at the Hong Kong University Business School. “Our findings show that simple nudges can make a big difference in changing consumers’ behaviors and could become a tool for policymakers as they confront the immense challenge of plastic waste.”

Reducing single-use cutlery waste in the food-delivery industry is particularly important in China, the world’s largest producer and consumer of single-use cutlery. As of 2019, more than 540 million Chinese were active users of food-delivery services and each day consumed more than 50 million sets of single-use cutlery that were not adequately treated or disposed of. To reduce single-use cutlery consumption, policy-makers in China set a target of reducing its usage in food deliveries by 30 percent by 2025.

Guojun He and his co-authors Yuhang Pan, Albert Park, Yasuyuki Sawada and Elaine Tan worked with Alibaba’s online food-ordering platform Eleme. Eleme is China’s second largest food-delivery company, similar to Uber Eats and DoorDash, with more than 753 million users in 2022. The researchers evaluated the effectiveness of Alibaba’s green nudges to reduce single-use cutlery consumption. These nudges included changing the default selection to “no cutlery” and including green points as rewards for not using the cutlery. When a customer accumulated enough green points, they could then be redeemed to plant a tree under the customer’s name.

The researchers studied each user’s monthly food-ordering history for two years through 2019-2020 in 10 major Chinese cities. These included the three treated cities with green nudges (i.e., Beijing, Shanghai, and Tianjin) and the seven control cities without the nudges (Qingdao, Xi’an, Guangzhou, Nanjing, Hangzhou, Wuhan, and Chengdu). Among these cities, the authors randomly sampled about 200,000 active users (i.e., those who placed at least one order between 2019 and 2020).

The authors found that the green nudges—changing the default to “no cutlery” and rewarding consumers with green points—increased the share of no-cutlery orders by 648 percent. If green nudges were applied to all of China, they discovered that more than 21.75 billion sets of single-use cutlery would be saved annually—eliminating 3.26 million metric tons of plastic waste and saving 5.44 million trees (from wooden chopsticks) each year.

“Other food delivery platforms, such as UberEats and DoorDash, could try similar nudges to reduce cutlery consumption and plastic waste globally,” says He.

Continue Reading
Advertisement
Advertisement

Like us on Facebook

Trending