alt =""
Showing posts with label Happiest Minds UK. Show all posts
Showing posts with label Happiest Minds UK. Show all posts

Tuesday, 3 November 2015

Key Security Tactics to Help Protect Your Business from a TalkTalk hack

Isaac George, SVP & regional head of digital transformation company Happiest Minds UK, discusses the increased number of security threats UK organisations are exposed to following the TalkTalk hack.
Cyber crimes are not only occurring with mounting frequency in today’s wireless world, but they are also becoming increasingly sophisticated and widespread.
Just this month, major UK telecommunications, internet access and mobile network services company TalkTalk was the latest in a long line of brands to face media scrutiny after its website was breached by a significant and sustained cyber-attack.
The company said it was “too early to say” how many of its customers had been affected by the attack but credit card, bank account details, names, addresses, dates of birth, email addresses and telephone numbers could all have been accessed.
With a criminal investigation now underway, it is not yet known what the nature of the attack was, although early insight suggests that it may have been a distributed denial of service (DDoS) attack, where a website is hit by waves of traffic so intense that it cannot cope.
However, a second school of thought believes that the DDoS attack may have been a smokescreen to distract the organisation’s defence team whilst the cyber criminals set in practice their real objective of stealing data.
Should the second school of thought be accurate, this may even have been an Advanced Persistent Threat (APT).
What sets Advanced Persistent Threats (APTs) apart is the nature and scope of the attack as they stealthily exploit vulnerabilities over a period of time.
Gartner puts it simply:
‘Advanced’ means it gets through your existing defences.
‘Persistent’ means it succeeds in hiding from your existing level of detection.
‘Threat’ means it causes you harm.
Once inside the network, APTs move around surreptitiously, seeking out sensitive data rather than disrupting systems and raising red flags.
These attacks are well coordinated and have very specific objectives that target key users within the organisation to gain access to high-value information – be it top-secret military or government documents, trade secrets, blueprints, intellectual properties, source codes and other confidential information.
Security, Mobile network services company, disrupting systems, cyber security systems, cloud services.

The worst part is that no organisation, irrespective of size or type, is immune to these attacks.
What is clear, whether it turns out to be DDoS, APT or another means of cyber-attack, the bottom line is that many of today’s businesses are relying on basic security defences like firewalls, anti-viruses and spyware that are dealing with APTs, and other means of attack, conceived years ago.
Which means it is only a matter of time before our traditional cyber security systems will be faced with the next generation of attacks and it is unlikely that they will succeed.
It is now imperative to develop a layered security approach that will amp up the security arsenal with a 360 degree visibility into all corners of the network.
Forewarned is forearmed – Key elements to APT defence
Unfortunately, there is no magic wand to combat APTs. The stealthy and random nature of APTs makes it a daunting task to predict attacks. Daunting, but not impossible.
The time has come for organisations to move beyond a perimeter-based ideology to a more comprehensive and multi-layer security approach that ensures continual protection even in the case of a breach. The critical elements to a successful APT defence lies in an intelligent combination of defence, analytics and a proactive incident response plan.
1. Know what to protect


The first step in any APT defence strategy is knowing what assets to protect. Once this data is sorted and classified, it provides a bird’s eye-view of pieces of your infrastructure across storage, security and accessibility across devices and endpoints.
2. Assess your security loopholes


The next step is to identify and categorise the most-at-risk information systems and high liability assets that link back to critical data. Assessing these systems enable us to prioritise protection and remedial plans against potential vulnerabilities. It is especially important that risk assessment is an on-going process to keep abreast with the ever-evolving threat landscape.
3. Shore up monitoring and detecting capabilities


Comprehensive monitoring off all inbound, outbound and internal traffic network is imperative to contain the scope and impact of a potential attack. Additionally, advance detection and real-time analytic tools in conjunction with traditional security solutions enable organisations to identify malicious activities as and when they occur.
A truly effective solution lies in the ability to differentiate normal and anomalous traffic patterns or activities generated by any IP-based device that connects to the network. By applying threat intelligence through analytics, these real-time insights allow for immediate isolation and remediation to stop the attack in the early stages.
4. An informed user is a safe user


The fact that APTs are often employed in the form of phishing emails, employees are the most susceptible targets. It does not take much to trigger a malicious code through an enticing link or attached file.
Security education and training makes employees aware of the potential security pitfalls of BYOD and cloud services. It also places some level of responsibility on the employees themselves to ensure that sensitive data remains secure.
5. Put an APT incident response plan in place


It is absolutely vital for an organisation to have a carefully crafted and up-to-date incident response plan in place.
It helps guides the organisation in quick identification and response in controlling a potential breach. This is what ultimately determines the effectiveness of the organisation’s response to an attack.
Staying ahead of the APT curve


The complex nature of APTs pose huge challenges to our standard security defence systems. On the flip side, they provide a much-needed impetus to reassessing frameworks and utilising solutions that are scalable to protect the entire organisation.
This latest attack against TalkTalk’s website is a huge wakeup call to the business community at large around the perils of delaying taking positive action against cybercrime. Is it not easy to secure your business against every type of attack, but the fact remains that a multi-pronged and layered approach to security is no longer an option but a must-have.
If you need convincing, you only have to look at the huge financial and reputational losses that will ensue for TalkTalk.

Isaac George is the SVP and regional head at infrastructure, security and product engineering services company Happiest Minds UK


Thursday, 22 October 2015

The Critical Success Factors for Digital Transformation Programmes

Right now it feels like the whole world is moving to digital at breakneck speed. Banks, insurance companies, retailers and large manufacturers are all looking at how they can digitally transform the organisation to keep up with customer demand, business expectations and compete globally.

However, while digital transformation is becoming all-pervasive agreement on what digital transformation actually means, how to leverage its potential, and most importantly how to make a digital transformation project a success still remains elusive for many.

Digital transformation can be viewed holistically as the confluence of SMAC (social, mobile, analytics and cloud) technologies, cutting through business processes, enabling agile & secure infrastructure, leveraging IoT & connected devises, driven by seamless integration into (and upgrading) of current IT systems and underpinned by actionable insights for sustainable differentiation across customer experience and business efficiency.

See also: Cloud strategies for digital transformation

In fact, you could argue that customer experience is a big driver for digital transformation projects and will continue to be for a long time to come. What this means is:

The personalisation of content, experience, pricing, recommendation, service and so on; the provision of real-time and aware applications that leverage preferences, insights, context and location awareness; systems or processes that enable on-going customer engagement for deeper insights that drive higher loyalty and advocacy; an omni-channel approach that provides the flexibility and choice for customers to leverage any channel they want;

The business efficiency theme driving digital transformation projects is all around creating differentiation for organisations through one or more of the following: helping an organisation to become more agile and responsive in its ability to identify either opportunities or to protect against threats; taking cost optimisation to the next level by further automating mundane and routine tasks that can be more efficiently handled by intelligent systems; creating better decision making powered by real-time data and insights, rather than by gut-feel and intuition; and unleashing the ability to innovate through the provision of new offerings or different business models.

That said, the key driver for most organisations around digital transformation primarily stems from the fact that it offers tremendous opportunity to enable business differentiation and impact in the market.

It will give many organisations the competitive edge they are looking for - and in some instances change the game in their respective sectors.

However, embarking on a digital transformation programme comes with its own set of challenges and requires an enormous amount of change to the organisation in order to bring in this new approach.

This is a complicated programme of work that involves people, process and technology, which are all equally important.

Here are four critical success factors that will help organisations tap into the tremendous potential that digital can offer:

Transformation
Like any transformation exercise, digital transformation needs to align to business vision, strategy, with the clarity of an implementation roadmap and a series of connected initiatives to achieve the goals.
A digital transformation project with no executive management commitment and support is the most common pitfall for organisations. Point solution implementation without the definition of a roadmap of connected initiatives. It requires leadership buy-in and working collaboratively with a range of key stakeholders.

Complement your capabilities

Assessing your digital capabilities is just the first stage. You then need a plan to get your project from where you are to where you need to be. As this is likely to be a large transformation programme, it is critically important that the project team keeps referring back to their original assessment and plan.
This will keep the team grounded throughout as to why they are going through the pain to get the organisation where it needs to be to advance the business in a world that has become increasingly mobile and progressively digital.

Front & back end

Any digital transformation should look to leverage your current IT investments and systems. If you only focus on digitising the front-end technologies without adequate consideration for the enablement and modernisation of your existing systems, you won’t leverage the full potential and benefits of the digital project.

Multi-functional buy-in

A fundamental review of all your business processes and capabilities is required with a view tooptimise them by leveraging digital technologies. Digital is all pervasive and not something led by IT or Marketing or independent business departments - more than ever it needs a multi-function team.
A multi-disciplinary approach is a prerequisite for a digital transformation initiative to be successful. Companies need to be careful that it does not creates silos & internal competition.

See also: 3 steps to futureproofing a business with digital transformation

Most companies tend to start small with pilots and proof of concepts. That is a good way of getting buy-in, however it needs to be aligned to an overall vison and roadmap.

In my experience if a digital transformation project lacks management or stakeholder buy-in and/or fails to adequately take into consideration its current IT landscape, then alarm bells should start ringing as these two factors are the most common cause of stress, delays and failed digital projects. And remember, timeframes for these types of projects also tend to shrink due to demands from the business.

Try to set a realistic timeframe rather than the timeframe that the business dictates and work with a digital partner that has the ability and agility to deliver what you need. Otherwise you are certain to set yourself up for failure.

Sourced from Isaac George, Senior VP and Regional Head, Happiest Minds UK