Coronavirus: securing the supply chain during remote working
The coronavirus is pushing the economy, companies and the workforce in new directions that were not even dreamed of just a few short months ago.
The ability of this virus to spread quickly is forcing companies almost overnight to adopt a work-from-home policy. These difficult times have introduced not just IT and company culture challenges, but have also created a mountain of cybersecurity challenges that companies must face because of a sudden shift to remote working on a massive scale. With this change, companies are not only going to have to layout policies for their own workforce, but also for their vendors in the supply chain whose security will be impacted as well.
This transition is introducing a myriad of security complications with employees lacking technical support, using their own potentially unvetted devices for corporate purposes, using their own networks and possibly connecting to sensitive corporate data. It is a recipe for disaster that only gets worse as this tidal wave of change and uncertainty washes over the supply chain, which cybercriminals are sure to exploit. While some larger companies may be more prepared with comprehensive contingency plans, some smaller companies in the supply chain may not.
Building a Defensive Wall
The first line of defence will always be employees. Now, more than ever, immediate education and reminders should be provided to employees who must be schooled on the possible risks from working at home versus a corporate, controlled environment. Phishing will be one of the biggest challenges that employees will be facing, especially as cybercriminals seek to exploit consumer fear by targeting irregularities in daily activity. This means that employees will most likely begin to see an increase in spam and phishing emails relating to coronavirus that pressure users to click on harmful links that may be disguised as health advice or government warnings. In addition, with the move to an all-inclusive email work environment, there will also be an increase in payment transaction requests, including fraudulent ones. With less stringent verification controls, such online fraud will be on the rise.
Companies will have to tighten communications with solid verification procedures for critical financial transactions, account access resets, credentials and the sharing of personal information. Employing two-factor authentication across all systems should be immediate, as well as increased monitoring of all systems. This will prove to be a difficult task, as the rising number of personal devices accessing corporate information will require monitoring. Managed Security Service Providers are able to help companies increase their ability to review alerts and logs and provide or complement with a continuous eye on all activities.
Looking Down the Supply Chain
While the bigger companies have more resources to handle this fire drill, the smaller companies intertwined within the supply chain may not. So, if one of the smaller companies gets hit by a cyberattack, the repercussions would be felt at the upstream partner. According to a Ponemon Institute study from 2018, 61% of US companies experienced a data breach through their suppliers. With suppliers now moving to work from home, the security of the supply chain makes this issue all the more severe.
In order to ensure the cyber resilience of the supply chain, companies must assess their suppliers’ security preparedness for a remote workforce. Questions should be asked in relation to authorization and authentication, resilience and business continuity, and procedures and processes. Here are some questions that companies should ask their suppliers:
1. Do you already have remote work practices and policies?
2. How many of your employees already have remote work capabilities?
3. How much of your day-to-day activity is suitable for remote working today?
4. What is your remote access mechanism?
5. Which client devices are allowed to access your digital assets remotely?
6. Do you enforce 2FA for employees with remote work capabilities?
7. Do you enforce strong passwords for all employees?
The answer to these questions will help companies reduce their potential risk, and by extension, implement steps that must be taken to mitigate specific challenges. Even in the best of times, things can go wrong. Having a response management plan in place is key.
Companies will even have to be prepared to give those in the supply chain remediation plans for closing those security gaps. During this upheaval, regular spreadsheet evaluations will not be efficient enough and the whole process will have to be automated to keep up with checks and balances that have to be made. If companies want to succeed in their transition to a fully remote workforce, they must ensure that their security policy is also enforced with their suppliers.
By Elad Shapira, Head of Research for Panorays
Marketing matters: from IBM to Kyndryl
Prior to joining Kyndryl as Chief Marketing Officer, Maria had a 25-year career at IBM, most recently as the tech giant’s CMO where she oversaw all marketing professionals and activities across North America, Canada and Latin America. She has held senior global marketing positions in a variety of disciplines and business units across IBM, most notably strategic initiatives in Smarter Cities and Watson Customer Engagement, as well as leading teams in services, business analytics, and mobile and industry solutions. She is known for her work with teams to leverage data, analytics and cloud technologies to build deeper engagements with customers and partners.
With a passion for marketing, business and people, and a recognized expert in data-driven marketing and brand engagement, Maria talks to Business Chief about her new role, her leadership style and what success means to her.
You've recently moved from IBM to Kyndryl, joining as CMO. Tell us about this exciting new role?
I’m Chief Marketing Officer for Kyndryl, the independent company that will be created following the separation from IBM of its Managed Infrastructure Services business, expected to occur by the end of 2021. My role is to plan, develop, and execute Kyndryl's marketing and advertising initiatives. This includes building a company culture and brand identity on which we base our marketing and advertising strategy.
We have an amazing opportunity ahead at Kyndryl to create a company brand that will stand apart in the market by leading with our people first. Once we are an independent company, each Kyndryl employee will advance the vital systems that power human progress. Our people are devoted, restless, empathetic, and anticipatory – key qualities needed as we build on existing customer relationships and cultivate new ones. Our people are at the heart of this business and I am deeply hopeful and excited for our future.
What experiences have helped prepare you for this new opportunity?
I’ve had a very rich and diverse career history at IBM that has lasted 25+ years. I started out in sales but landed explored opportunities at IBM in different roles, business units, geographies, and functions. Marketing and business are my passions and I landed on Marketing because it allowed me to utilize both my left and right brain, bringing together art and science. In college, I was no tonly a business major, but an art major. I love marketing because I can leverage my extensive knowledge of business, while also being able to think openly and creatively.
The opportunities I was given during my time at IBM and my natural curiosity have led me to the path I’m on now and there’s no better next career step than a once-in-a-lifetime-opportunity to help launch a company. The core of my role at Kyndryl is to create a culture centered on our people and growing up in my career at IBM has allowed me to see first-hand how to prioritize people and ensure they are at the heart of progress in everything Kyndryl will do.
How would you describe your leadership style?
I believe that people aren't your greatest assets, they are your only assets. My platform and background for leadership has always been grounded in authenticity to who I am and centered on diversity and inclusion. I immigrated to the US from Chile when I was 10 years old and so I know the power and beauty that comes from leaning into what makes you different from other people, and that's what I want every person in my marketing organization to feel – the value in bringing their most authentic self to work every day. The way our employees feel when they show up for themselves authentically is how they will also show up for our customers, and strong relationships drive growth.
I think this is especially true in light of a world forever changed by the pandemic. Living through such an unprecedented time has reinforced that we are all humans. We can't lead or care for one another without empathy and I think leaders everywhere have been reminded of this.
What’s the best leadership advice you’ve received?
When I was growing up as an immigrant in North Carolina, I often wanted to be just like everyone else. But my mother always told me: Be unique, be memorable – you have an authentic view and experience of the world that no one else will ever have, so don't try to be anyone else but you.
What does success look like to you?
I think the concept of success is multi-faceted. From a career perspective, being in a job where you're respected and appreciated, and where you can see how your contributions are providing value by motivating your teams to be better – that's success! From a personal perspective, there is no greater accomplishment than investing in the next generation. I love mentoring younger professionals – they are the future. I want my legacy as a leader to include providing value in work culture, but also in leaving a personal impact on the lives of professionals who will carry the workforce forward. Finding a position in life with a job and company that offers me a chance at all of that is what success looks like to me.
What advice would you give to your younger self just starting out in the industry?
I've always been a naturally curious person and it's easy for me to over-commit to projects that pique my interest. I've learned over years of practice how to manage that, so to my younger self I’d say… prioritize the things that are most important, and then become amazing at those things.