Connect with us

Tech & Innovation

Boxes to tick when choosing a threat intelligence provider

For any chief information security officer (CISO) or IT lead, operating in today’s highly digitalized environment, not only are they tasked with establishing and maintaining the digital transformation efforts of their companies on a tight budget, they must also ensure that the company’s IT policy is compliant with the data protection regimes in the markets that they operate in.

Published

on

Photo by Igor Miske from Unsplash.com

By Yeo Siang Tiong
General Manager for Southeast Asia, Kaspersky

A long time ago in the cybersecurity space far far away, the choice of a threat intelligence service was often restricted to a handful of providers. Today, the cybersecurity industry in APAC is worth at least USD 30.45 billion and expected to grow at an annual rate of 18.3% from 2020 to 2025, with multiple cybersecurity vendors seeking a bigger slice of the proverbial pie. 

For any chief information security officer (CISO) or IT lead, operating in today’s highly digitalized environment, not only are they tasked with establishing and maintaining the digital transformation efforts of their companies on a tight budget, they must also ensure that the company’s IT policy is compliant with the data protection regimes in the markets that they operate in. 

Clearly, it is not an easy task to take, but little things like having the right threat intelligence service can make life easier. We have been hearing a lot about this for several years now. But what is it threat intelligence exactly and what you should be looking for in a threat intelligence service provider?

Turning intelligence into action

Let’s have a quick refresher. Threat intelligence is data collected and analyzed by an organization in order to understand a threat actor’s motives, targets, and attack behavior. It empowers organizations of all shapes and sizes to make faster, more informed security decisions and shifts their cybersecurity posture from reactive to proactive in the fight against breaches and targeted attacks. 

I am aware that there are a lot of free threat intelligence if one has a knack on researching. However, let me put it this way. A premium threat intelligence report or feed is like a special block screening of an amazing movie. You get the first dibs of the plot and perhaps get to know the characters even. Eventually, the film will be shown in major cinemas. Then after say, six months or more, it will land on several streaming services.

With us at Kaspersky, we provide comprehensive, real-time, organic, and actionable information on our premium threat reports and data feed which is why they are exclusive to the enterprises and organizations which have subscribed to our services. We see to it that we share such with the law enforcement agencies as well, because cooperation is key to fighting cybercriminals.

After a few months, we will then make such data available in public. Why is it not ideal to wait until the mass release of a threat report? Because it will allow you to act fast, to assess your risks, check your endpoints, fix the loopholes which they may exploit. Because knowing first-hand such critical information can save you money, reputation, and headache. Because proactive security is necessary at this time and age.

You may wonder why don’t we make our findings public to begin with? Let us remember here that public here means anyone – including them, cybercriminals. The last thing we want is to tip them off.

Aside from these, what else should you be looking for in a threat intelligence service provider?

  1. Check their sources

Threat intelligence should make your systems smarter through data feeds. To get the feeds you need sensors scattered all across the globe to ensure that your data is reflective of the real-time, global threat landscape. 

For example, our very own Threat Intelligence portfolio is powered by millions of Kaspersky’s global users who agreed to share their anonymized data. This huge network builds our Kaspersky Security Network (KSN) which collects more than 340,000 malicious files per day, allowing us to get rich information compared with firms with limited sensors and workforce.

  1. The data collection strategy needs to be GReAT

Speaking of human force, a threat intelligence service’s data collection strategy should be the most important factor to consider in your evaluation of their capabilities because they can only provide intelligence as far as the parameters of their data sources. Given that cybersecurity attacks are often transnational in nature, it is important that a vendor can source information globally and put pieces of the puzzle together in a way that makes sense for your IT staff. It should not be aggregated, it should be organic. It should also be critically monitored and studied by the brightest minds who can understand tactics, techniques, and procedures (TTPs).

To assess whether a threat intelligence service has such a capability, look at their research team and see what kind of campaigns that they have uncovered. For example, Kaspersky’s Global Research & Analysis Team (GReAT) found that the Lazarus APT group shifted their modus operandi to launch targeted ransomware attacks against businesses in Asia, extending as far as France in Q2 this year. 

  1. Check the visibility

I have already mentioned the borderless nature of cyberthreats. Hence the visibility of your provider should be another box you have to tick. Look into their Advanced Persistent Threat (APT) logbook and their database. Are they monitoring cyberthreats only from a particular country or region? Or do they have a global reach? Are there researchers only based in one country? Or do they have a network of experts scattered around the world? The answers for these questions are essential.

  1. The provider should understand the difference between intelligence and data 

At the heart of the debate between intelligence and data lies the concept of context. Assuming now you’ve got your data sources setup and information is feeding in from all corners of the globe, but you’re asking yourself the million dollar question: how do I know what is important and why is it important?

Things such as threat names, timestamps, resolved IPs addresses of infected web resources are useless on their own if they are not enriched with actionable context. When a relationship context is established, the data can be used more readily to answer the questions of “who”, “what”, “where”, “questions”. It is only at this point that data becomes the finished article – intelligence – and you now receive a boost to incident investigation, as well as uncover new Indicators of Compromise (IoC) in your IT network. 

  1. The ability to integrate is key

Integration can be a dirty word of the IT industry. With constant technological upgrades and the evolution of standards happening all the time, the ability to integrate new processes into existing IT operations is a never-ending challenge. 

Similarly, for threat intelligence, it is important that your service provider can provide delivery methods, integration mechanisms and formats that support smooth integration of threat intelligence into your existing security controls. 

The endgame 

The above-mentioned tips are just a few of the many other aspects you should consider when looking for a threat intelligence service, but they serve as a good stepping stone in bolstering your cybersecurity posture for now. With threats becoming increasingly complex and malicious, having the latest enterprise security programs are no longer sufficient. Adding threat intelligence to your arsenal of cybersecurity countermeasures will allow you to bring the fight to them. 

BizNews

Robot-phobia could exacerbate hotel, restaurant labor shortage

Having a higher degree of robot-phobia was connected to greater feelings of job insecurity and stress – which were then correlated with “turnover intention” or workers’ plans to leave their jobs.

Published

on

Using more robots to close labor gaps in the hospitality industry may backfire and cause more human workers to quit, according to a Washington State University study.

The study, involving more than 620 lodging and food service employees, found that “robot-phobia” – specifically the fear that robots and technology will take human jobs – increased workers’ job insecurity and stress, leading to greater intentions to leave their jobs. The impact was more pronounced with employees who had real experience working with robotic technology. It also affected managers in addition to frontline workers.

The findings were published in the International Journal of Contemporary Hospitality Management.

“The turnover rate in the hospitality industry ranks among the highest across all non-farm sectors, so this is an issue that companies need to take seriously,” said lead author Bamboo Chen, a hospitality researcher in WSU’s Carson College of Business. “The findings seem to be consistent across sectors and across both frontline employees and managers. For everyone, regardless of their position or sector, robot-phobia has a real impact.”

Food service and lodging industries were hit particularly hard by the pandemic lockdowns, and many businesses are still struggling to find enough workers. For example, the accommodation workforce in April 2024 was still 9.2% below what it was in February 2020, according to US Bureau of Labor Statistics. The ongoing labor shortage has inspired some employers to turn to robotic technology to fill the gap.

While other studies have focused on customers’ comfort with robots, this study focuses on how the technology impacted hospitality workers. Chen and WSU colleague Ruying Cai surveyed 321 lodging and 308 food service employees from across the US, asking a range of questions about their jobs and attitudes toward robots. The survey defined “robots” broadly to include a range of robotic and automation technologies, such as human-like robot servers and automated robotic arms as well as self-service kiosks and tabletop devices.

Analyzing the survey data, the researchers found that having a higher degree of robot-phobia was connected to greater feelings of job insecurity and stress – which were then correlated with “turnover intention” or workers’ plans to leave their jobs. Those fears did not decrease with familiarity: employees who had more actual engagement with robotic technology in their daily jobs had higher fears that it would make human workers obsolete.

Perception also played a role. The employees who viewed robots as being more capable and efficient also ranked higher in turnover intention.

Robots and automation can be good ways to help augment service, Chen said, as they can handle tedious tasks humans typically do not like doing such as washing dishes or handling loads of hotel laundry. But the danger comes if the robotic additions cause more human workers to quit. The authors point out this can create a “negative feedback loop” that can make the hospitality labor shortage worse.

Chen recommended that employers communicate not only the benefits but the limitations of the technology – and place a particular emphasis on the role human workers play.

“When you’re introducing a new technology, make sure not to focus just on how good or efficient it will be. Instead, focus on how people and the technology can work together,” he said.

Continue Reading

Tech & Innovation

AI can enhance flexibility, efficiency for customer service centers

AI is a valuable asset, so long as it’s used properly, though these organizations shouldn’t rely on it exclusively to guide their strategies.

Published

on

Whenever you call a customer service contact center, the team on the other end of the line typically has three goals: to reduce their response time, solve your problem and do it within the shortest service time possible.

However, resolving your problem might entail a significant time investment, potentially clashing with an overarching business objective to keep service duration to a minimum. These conflicting priorities can be commonplace for customer service contact centers, which often rely on the latest technology to meet customers’ needs.

To pursue those conflicting demands, these organizations practice what’s referred to as ambidexterity, and there are three different modes to achieve it: structural separation, behavioral integration and sequential alternation. So, what role might artificial intelligence (AI) systems play in improving how these organizations move from one ambidexterity mode to another to accomplish their tasks?

New research involving the School of Management at Binghamton University, State University of New York explored that question. Using data from different contact center sites, researchers examined the impact of AI systems on a customer service organization’s ability to shift across ambidexterity modes.

The key takeaway: it’s a delicate balancing act; AI is a valuable asset, so long as it’s used properly, though these organizations shouldn’t rely on it exclusively to guide their strategies.

Associate Professor Sumantra Sarkar, who helped conduct the research, said the study’s goal was to understand better how organizations today might use AI to guide their transition from one ambidexterity mode to another because certain structures or approaches might be more beneficial from one month to the next. 

“Customer service organizations often balance exploiting the latest technology to boost efficiency and, therefore, save money,” Sarkar said. “This dichotomy is what ambidexterity is all about, exploring new technology to gain new insights and exploiting it to gain efficiency.”

As part of the three-year study, researchers examined the practices of five contact center sites: two global banks, one national bank in a developing country, a telecommunication Fortune 500 company in South Asia and a global infrastructure vendor in telecommunications hardware.

While many customer service organizations have spent recent years investing in AI, assuming that not doing so could lead to customer dissatisfaction, the researchers found these organizations haven’t used AI to its full potential. They have primarily used it for self-service applications.

Some of the AI-assisted tasks researchers tracked at those sites included:

  • using AI systems to automatically open applications, send emails and transfer information from one system to another
  • approving or disapproving loan applications
  • providing personalized service based on customer’s data and contact history

Researchers determined that while it’s beneficial for customer service companies to be open to harnessing the benefits and navigating any challenges of AI systems as a guide to their business strategies, they should not do so at the expense of supporting quality professional development and ongoing learning opportunities for their staff.

Sarkar said that to fully utilize AI’s benefits, those leading customer service organizations need to examine every customer touchpoint and identify opportunities to enhance the customer experience while boosting the operation’s efficiency.

As a result, Sarkar said newcomers in this technology-savvy industry should learn how companies with 20 or 30 years of experience have already adapted to changes in technology, especially AI, during that time before forming their own business strategies.

“Any business is a balancing game because what you decide to do at the start of the year based on a forecast has to be revised over and over again,” Sarkar said. “Since there’s that added tension within customer service organizations of whether they want to be more efficient or explore new areas, they have to work even harder at striking that balance. Using AI in the right way effectively helps them accomplish that.”

Continue Reading

BizNews

Emojis make tourism advertising on social media more effective, appealing

The use of emojis in online messages about tourism destinations facilitates processing and reduces ambiguity, especially when the recipients encounter content with low levels of congruence.

Published

on

The use of congruent messages and emojis when promoting tourist destinations on social media leads to greater user attention. This strategy helps users to process the information effectively and reduces their cognitive effort. More specifically, the use of emojis in online messages about tourism destinations facilitates processing and reduces ambiguity, especially when the recipients encounter content with low levels of congruence.

This is according to a research – “The effect of online message congruence, destination-positioning, and emojis on users’ cognitive effort and affective evaluation” – that was published in the Journal of Destination Marketing & Management.

The study, which was carried out at the University of Granada’s Mind, Brain and Behaviour Research Centre (CIMCYC), consisted of an experiment using eye-tracking techniques on 60 users of the social network Facebook. These individuals underwent a series of experimental procedures in which the researchers manipulated the level of congruence between the messages of those posting and the users, the use or omission of emojis in the content, and the way in which the tourist destination was positioned in the media (natural environment, gastronomy, hotels, sun and beach).

The UGR research team, which includes Beatriz García Carrión, Francisco Muñoz Leiva, Salvador del Barrio García and Lucia Porcu, point out that the study “clearly illustrates the benefits in terms of the effectiveness of using congruent messages in marketing communications in general, and especially in digital communications via social media, as well as how the use of emojis contributes to improving users’ information processing, increasing their attention and reducing the cognitive effort involved. Moreover, congruent messages not only facilitate users’ information processing, but also improve their affective evaluation — a crucial aspect when it comes to making a decision on a tourist destination.”

The key findings included:

  • Importance of maintaining a high level of congruence in the information they convey through social media. As the researchers explain: “This involves systematically reviewing and managing comments across all communication channels to identify any comments that do not align with the destination’s desired positioning, with a view to mitigating potential negative effects.”
  • Pictorial representations (emojis) significantly enhance the overall comprehension of the information. However, the study did not find a significant impact of emojis on the formation of affective evaluations.
  • Tourism managers should focus on information related to the destination’s gastronomy and natural environment, rather than more conventional aspects such as sun and beach facilities or hotel offerings, as the former attract more attention and are perceived more favorably, even under low levels of congruence.

The research findings suggest a shift in the preferences of potential consumers towards more nature-based tourism. “Therefore, tourism managers should place greater emphasis on communicating aspects related to the environment and sustainability of the tourist destination in their social media posts, thereby reaping benefits in terms of visual attention and affective evaluations,” the researchers stressed.

Continue Reading
Advertisement
Advertisement

Like us on Facebook

Trending