The CEO’s guide to the threat landscape
Last year, AT&T opened its Cybersecurity Insights Report with a startling fact: ‘The FBI estimates that ransomware is on track to become a $1 billion crime in 2016.’
This is just one element of the huge rise in cybercrime, and the reasons are obvious. Increasingly, businesses are placing sensitive information in potentially accessible areas via use of the cloud: ‘Widespread adoption of emerging technologies such as IoT, cloud technology and mobile devices provide new points of entry for cyber criminals to exploit using tool kits easily acquired on the Dark Web,’ the Executive Summary of the report explains. AT&T’s publication aims to outline the risks in brutal detail, and then show companies how to combat the threat before it can strike.
‘The Global State of Cybersecurity survey found 90 percent of organizations experienced at least one malware-related incident in the previous 12 months, with 58 percent acknowledging occasional or frequent malware threats… cybercrime has become a global business’, the report states. There was a 300 percent increase in malicious e-mail attachments between 2015 and 2916, and worryingly, between 25 percent and 30 percent of employees click on suspicious links in the workplace. The statistics are endless, and companies must lock down their data by securing the cloud and locking down portable devices.
John Vladimir Slamecka, Region President, Global Business, EMEA of AT&T has offered Business Review USA & Canada the following essay entitles ‘The CEO’s guide to the threat landscape’, in which he further describes the role of the Cybersecurity Insights Report, expresses hope for future security evolution, and predicts what we can expect in 2017:
Over the past year, the cybersecurity threat landscape has continued to grow. Each new device connected to the internet presents a new target for attackers. And each new social media post creates new risks for phishing attacks or social engineering.
The AT&T Cybersecurity Insights Report further emphasizes the impact of successful attacks: downtime (46 percent), loss of revenue (28 percent), reputational damage (26 percent), and even loss of customers (22 percent). In Europe, cyberattacks are also common and increasing in frequency. Some attacks make the headlines – like OVH, Krebs and DynDNS. However, most remain unheard of.
While this trend is concerning, security has come a long way this year. And it will continue to evolve in 2017. But, detecting and responding to threats isn’t getting easier. A rising tide of known threats and the mainstreaming of cyber-criminal activities has created an undercurrent of concern.
Despite the growing concern, many businesses are not taking the necessary steps to protect themselves. In today’s landscape, a company’s security should be one of its most important investments.
Businesses need to ask themselves: Are we doing enough to defend against known threats? Where will the next threat come from?
What’s in store for 2017 and beyond?
Looking at the year ahead we can expect some changes in cybersecurity that will affect businesses in the region:
- IoT security will remain a key concern for security in the upcoming year. Attackers will keep looking for weaknesses in devices across different verticals and industries spanning automotive, agriculture, manufacturing and healthcare to name a few. Hackers will become more interested in day-to-day items in these sectors such as network-connected wearables or smart coffee pots.
- Authentication technologies such as biometric scanning and facial recognition scanning will begin replacing passwords.
- There will be a call for more government support in Europe on cybersecurity. In 2017, we expect policymakers will focus on: how to better protect national IT systems; support for the deployment of more cyber resilient technologies; and the role of a national deterrence policy and active defense.
- There also will be a call for the continued development of industry standards and guidelines and possibly certification programs for IoT devices, as it is fast becoming the latest battleground.
The key thing to remember is prevention.
Criminals are always looking for the next way into your company. Your cybersecurity practices need to help keep them out.
How changing your company's software code can prevent bias
Two-third of tech professionals believe organizations aren’t doing enough to address racial inequality. After all, many companies will just hire a DEI consultant, have a few training sessions and call it a day.
Wanting to take a unique yet impactful approach to DEI, Deltek, the leading global provider of software and solutions for project-based businesses, took a look at and removed all exclusive terminology in their software code. By removing terms such as ‘master’ and ‘blacklist’ from company coding, Deltek is working to ensure that diversity and inclusion are woven into every aspect of their organization.
Business Chief North America talks to Lisa Roberts, Senior Director of HR and Leader of Diversity & Inclusion at Deltek to find out more.
Why should businesses today care about removing company bias within their software code?
We know that words can have a profound impact on people and leave a lasting impression. Many of the words that have been used in a technology environment were created many years ago, and today those words can be harmful to our customers and employees. Businesses should use words that will leave a positive impact and help create a more inclusive culture in their organization
What impact can exclusive terms have on employees?
Exclusive terms can have a significant impact on employees. It starts with the words we use in our job postings to describe the responsibilities in the position and of course, we also see this in our software code and other areas of the business. Exclusive terminology can be hurtful, and even make employees feel unwelcome. That can impact a person’s desire to join the team, stay at a company, or ultimately decide to leave. All of these critical actions impact the bottom line to the organization.
Please explain how Deltek has removed bias terminology from its software code
Deltek’s engineering team has removed biased terminology from our products, as well as from our documentation. The terms we focused on first that were easy to identify include blacklist, whitelist, and master/slave relationships in data architecture. We have also made some progress in removing gendered language, such as changing he and she to they in some documentation, as well as heteronormative language. We see this most commonly in pick lists that ask to identify someone as your husband or wife. The work is not done, but we are proud of how far we’ve come with this exercise!
What steps is Deltek taking to ensure biased terminology doesn’t end up in its code in the future?
What we are doing at Deltek, and what other organizations can do, is to put accountability on employees to recognize when this is happening – if you see something, say something! We also listen to feedback our customers give us and have heard their feedback on this topic. Those are both very reactive things of course, but we are also proactive. We have created guidance that identifies words that are more inclusive and also just good practice for communicating in a way that includes and respects others.
What advice would you give to other HR leaders who are looking to enhance DEI efforts within company technology?
My simple advice is to start with what makes sense to your organization and culture. Doing nothing is worse than doing something. And one of the best places to start is by acknowledging this is not just an HR initiative. Every employee owns the success of D&I efforts, and employees want to help the organization be better. For example, removing bias terminology was an action initiated by our Engineering and Product Strategy teams at Deltek, not HR. You can solicit the voices of employees by asking for feedback in engagement surveys, focus groups, and town halls. We hear great recommendations from employees and take those opportunities to improve.