Connect with us

BizNews

Security response planning on the rise, but containing attacks remains an issue – IBM

While organizations surveyed have slowly improved in their ability to plan for, detect and respond to cyberattacks over the past five years, their ability to contain an attack has declined by 13% during this same period.

Published

on

IBM announced the results of a global report examining businesses’ effectiveness in preparing for and responding to cyberattacks. While organizations surveyed have slowly improved in their ability to plan for, detect and respond to cyberattacks over the past five years, their ability to contain an attack has declined by 13% during this same period.

The global survey conducted by Ponemon Institute and sponsored by IBM Security found that respondents’ security response efforts were hindered by the use of too many security tools, as well as a lack of specific playbooks for common attack types.

While security response planning is slowly improving, the vast majority of organizations surveyed (74%) are still reporting that their plans are either ad-hoc, applied inconsistently, or that they have no plans at all. This lack of planning can impact the cost of security incidents, as companies that have incident response teams and extensively test their incident response plans spend an average of $1.2 million less on data breaches than those who have both of these cost-saving factors in place.

The key findings of those surveyed from the fifth annual Cyber Resilient Organization Report include:

  • Slowly Improving: More surveyed organizations have adopted formal, enterprise-wide security response plans over the past 5 years of the study; growing from 18% of respondents in 2015, to 26% in this year’s report (a 44% improvement).
  • Playbooks Needed: Even amongst those with a formal security response plan, only one third (representing 17% of total respondents) had also developed specific playbooks for common attack types — and plans for emerging attack methods like ransomware lagged even further behind.
  • Complexity Hinders Response: The amount of security tools that an organization was using had a negative impact across multiple categories of the threat lifecycle amongst those surveyed. Organizations using 50+ security tools ranked themselves 8% lower in their ability to detect, and 7% lower in their ability to respond to an attack, than those respondents with less tools.
  • Better Planning, Less Disruption: Companies with formal security response plans applied across the business were less likely to experience significant disruption as the result of a cyberattack. Over the past two years, only 39% of these companies experienced a disruptive security incident, compared to 62% of those with less formal or consistent plans.

“While more organizations are taking incident response planning seriously, preparing for cyberattacks isn’t a one and done activity,” said Wendi Whitmore, Vice President of IBM X-Force Threat Intelligence. “Organizations must also focus on testing, practicing and reassessing their response plans regularly. Leveraging interoperable technologies and automation can also help overcome complexity challenges and speed the time it takes to contain an incident.”

Updating Playbooks for Emerging Threats
The survey found that even amongst organizations with a formal cybersecurity incident response plan (CSIRP), only 33% had playbooks in place for specific types of attacks. Since different breeds of attack require unique response techniques, having pre-defined playbooks provides organizations with consistent and repeatable action plans for the most common attacks they are likely to face.   

Amongst the minority of responding organizations who do have attack-specific playbooks, the most common playbooks are for DDoS attacks (64%) and malware (57%). While these methods have historically been top issues for the enterprise, additional attack methods such as ransomware are on the rise. While ransomware attacks have spiked nearly 70% in recent years, only 45% of those in the survey using playbooks had designated plans for ransomware attacks.

Additionally, more than half (52%) of those with security response plans said they have never reviewed or have no set time period for reviewing or testing those plans. With business operations changing rapidly due to an increasingly remote workforce, and new attack techniques constantly being introduced, this data suggests that surveyed businesses may be relying on outdated response plans which don’t reflect the current threat and business landscape.

More Tools Led to Worse Response Capabilities
The report also found that complexity is negatively impacting incident response capabilities. Those surveyed estimated their organization was using more than 45 different security tools on average, and that each incident they responded to required coordination across around 19 tools on average. However, the study also found that an over-abundance of tools may actually hinder organizations ability to handle attacks. In the survey, those using more than 50 tools ranked themselves 8% lower in their ability to detect an attack (5.83/10 vs. 6.66/10), and around 7% lower when it comes to responding to an attack (5.95/10 vs. 6.72/10).

These findings suggest that adopting more tools didn’t necessarily improve security response efforts — in fact, it may have done the opposite. The use of open, interoperable platforms as well as automation technologies can help reduce the complexity of responding across disconnected tools. Amongst high-performing organizations in the report, 63% said the use of interoperable tools helped them improve their response to cyberattacks.

While security response planning is slowly improving, the vast majority of organizations surveyed (74%) are still reporting that their plans are either ad-hoc, applied inconsistently, or that they have no plans at all.

Better Planning Pays Off
This year’s report suggests that surveyed organizations who invested in formal planning were more successful in responding to incidents. Amongst respondents with a CSIRP applied consistently across the business, only 39% experienced an incident that resulted in a significant disruption to the organization within the past two years  compared to 62% of those who didn’t have a formal plan in place.

Looking at specific reasons that these organizations cited for their ability to respond to attacks, security workforce skills were found to be a top factor. 61% of those surveyed attributed hiring skilled employees as a top reason for becoming more resilient; amongst those who said their resiliency did not improve, 41% cited the lack of skilled employees as the top reason.

Technology was another differentiator that helped organizations in the report become more cyber resilient, especially when it comes to tools that helped them resolve complexity. Looking at organizations with higher levels of cyber resilience, the top two factors cited for improving their level of cyber resilience were visibility into applications and data (57% selecting) and automation tools (55% selecting). Overall, the data suggests that surveyed organizations that were more mature in their response preparedness relied more heavily on technology innovations to become more resilient.

BizNews

LinkedIn lists top startups in PH, highlights rise of digital entrepreneurship, entertainment, education

The Philippines has always had a strong MSME (micro, small, and medium enterprises) sector. The pandemic further propelled its growth as Filipinos embarked on micro or solo entrepreneurship to augment their income and overcome financial challenges.

Published

on

LinkedIn, the world’s largest professional network, revealed its inaugural Top Startups in the Philippines list, which highlights the local startups that have shown resilience in an uncertain market environment and are continuing to innovate in 2022.  

LinkedIn analyzed data across four pillars to compile the list: employee growth, jobseeker interest, the attraction of top talent, and engagement with the company’s LinkedIn page and its employees. This is the first time LinkedIn has introduced the Top Startups list in the Philippines.

Satoshi Ebitani, Senior Managing Editor, LinkedIn News, said: “In an uncertain financial climate, what has proven resilient time and time again is the enterprising spirit that startups embody, especially those on this year’s LinkedIn Top Startups list. In the Philippines, we see a diverse mix in sectors such as e-commerce, education, and entertainment, which continue to lead the way in the future of skills by embracing innovation and attracting top talent with their robust cultures. Through this list, we hope to spark meaningful conversations surrounding the future of work and inspire professionals to equip themselves with the necessary skills to thrive, no matter the headwinds.”

New era of entrepreneurship

The Philippines has always had a strong MSME (micro, small, and medium enterprises) sector. The pandemic further propelled its growth as Filipinos embarked on micro or solo entrepreneurship to augment their income and overcome financial challenges. This new class of entrepreneurs behind startups such as SariSuki (#2), Shoppertainment Live (#3), Edamama (#5), Growsari (#6), Peddlr (#9), and Prosperna (#10) met opportunities to respond to the demands of the times.

Entertainment, E-sports, and Education companies are thriving 

The success of the live-streaming platform Kumu (#4), led by local creatives and talent, highlights the country’s growing demand for innovative and interactive digital entertainment that champions Filipino voices and perspectives. Meanwhile, gaming and e-sports company Tier One Entertainment (#1) shows the unique potential of this lucrative industry by investing in talent and technology.

“Investing in automation, the right people, and experienced leadership who are open to feedback and the ever-changing status quo of our industry was key for surviving and growing during the pandemic. Pivoting quickly through setbacks is vital to survival in these times,” Tryke Gutierrez, Co-Founder and CEO of Tier One Entertainment, said. “LinkedIn has helped us tell our story to the world. We’re able to share more long-form content that isn’t as readily digestible on other social media platforms to an audience that is more open to serious or nuanced discussion,” he added.

Education technology (Edtech) platform Edukasyon.ph (#8) saw an opportunity to be of service in response to the disruption in the education sector and emerging concerns about the future readiness of today’s youth.

Growth areas in digital finance

As digital finance becomes more mainstream in the Philippines, the rise of  PDAX (Philippine Digital Asset Exchange) (#7), a homegrown cryptocurrency exchange, indicates the Filipinos’ growing interest in exploring new frontiers in personal finance and investments to diversify and optimize their portfolios, navigate the current economic climate, and benefit from future growth potential.     

The top 10 startups in the Philippines are:

  1. Tier One Entertainment
  2. SariSuki
  3. Shoppertainment Live
  4. Kumu
  5. Edamama
  6. GrowSari
  7. PDAX (Philippine Digital Asset Exchange)
  8. Edukasyon.ph
  9. Peddlr
  10. Prosperna

More details on the LinkedIn Top Startups list in the Philippines are found here.

Continue Reading

BizNews

Cash may not be most effective way to motivate employees

84 per cent spent more than $90 billion annually on tangible employee rewards, such as gift cards, recreation trips and merchandise in hopes of increasing productivity. 

Published

on

Photo by Andre Taissin from Unsplash.com

Tangible rewards motivate employees when they’re easy to use, pleasurable, unexpected, and distinct from salary, a new study found. 

A recent survey of firms in the US revealed that 84 per cent spent more than $90 billion annually on tangible employee rewards, such as gift cards, recreation trips and merchandise in hopes of increasing productivity. 

“We found that there is, at best, mixed evidence regarding the motivational efficacy of tangible rewards versus cash rewards,” said Adam Presslee, an associate professor at the University of Waterloo’s School of Accounting and Finance. “It is somewhat puzzling why so many companies go to the trouble of tangible rewards when cash rewards also lead to motivational differences.”

Presslee and his co-author, University of Wisconsin-Madison’s Willie Choi, used four experiments to investigate the factors driving the preference between cash and tangible rewards. The attributes examined include ease of use of the reward (fungibility), hedonic nature of the reward (want vs. need), the novelty of the reward, and how the reward is presented. 

“Rewards are constellations of attributes, and firms should focus more on the motivational effects of the attributes associated with a reward rather than the reward type itself,” Presslee said. “Results confirmed that each of these attributes – individually and in combination – increases employee effort and performance.”

The researchers recommend managers interested in motivating employees using tangible rewards would be best served to offer tangible rewards that incorporate these four attributes.

“If for whatever reason tangible rewards are the only tool available, our results show compelling evidence that employees are motivated by rewards that are perceived as distinct from salary,” Presslee said. “Therefore, firms looking to get the most out of their reward programs should emphasize the distinctiveness of those rewards, and the attributes above are four ways firms can do that.”

The study, authored by Presslee and Choi, was recently published in the journal Accounting, Organizations, and Society.

Continue Reading

BizNews

Engaging leadership style may boost employee engagement

Supervisors perceived as engaged leaders in the initial survey did indeed enhance employee engagement as captured in the second survey. This impact appeared to occur via a boost in employees’ personal psychological resources of optimism, resiliency, self-efficacy, and flexibility—these results are in line with evidence from previous studies.

Published

on

Photo by UX Indonesia from Unsplash.com

A new analysis suggests that a particular leadership style dubbed “engaging leadership” can boost employees’ engagement and enhance team effectiveness within the workplace. Greta Mazzetti of the University of Bologna, Italy, and Wilmar Schaufeli of Utrecht University in the Netherlands present these findings in the open-access journal PLOS ONE.

An employee who is engaged typically has a positive state of mind relating to their work and shows vigor, dedication, and absorption in their work. Previous research suggests that more engaged employees tend to have greater well-being and better job performance.

Previous research also suggests that a certain style of leadership known as engaging leadership—involving leaders who fulfill employees’ need for autonomy, feeling competent, and feeling cared for—may boost employee engagement. However, most studies of workplace leadership styles have focused on a single point in time, without analyzing potential effects over time.

To provide new insights, Mazzetti and Schaufeli explored the impact of an engaged leadership style on work engagement and team effectiveness of 1,048 employees across 90 teams within a Dutch workplace. Participants each took two surveys, one year apart, which included questions about their supervisors’ level of engaging leadership, their own work engagement, and other personal and team characteristics.

Statistical analysis of the responses suggests that supervisors perceived as engaged leaders in the initial survey did indeed enhance employee engagement as captured in the second survey. This impact appeared to occur via a boost in employees’ personal psychological resources of optimism, resiliency, self-efficacy, and flexibility—these results are in line with evidence from previous studies.

Similarly, engaged leaders appeared to enhance team effectiveness by boosting team resources, which consisted of performance feedback, trust in management, communication, and participation in decision-making. Team resources also appeared to affect individual employee engagement.

These findings support the use of engaging leadership to boost employee engagement and team effectiveness in the workplace. Future research could compare the effects of engaging leadership versus other leadership styles on employees and teams over time.

The authors add: “A leader who inspires, strengthens and connects team members fosters a shared perception of available resources (in terms of performance feedback, trust in management, communication, and participation in decision-making), and a greater psychological capital (i.e., self-efficacy, optimism, resilience, and flexibility).”

Continue Reading
Advertisement
Advertisement

Like us on Facebook

Trending