Cybersecurity in 2018

cybersecurity blog

This article will appear in the January issue of the Grand Valley Construction Association Journal.

2017 was a year to forget in the field of cybersecurity.

  • In May, the WannaCry ransomware attack infected over 200,000 computers in over 150 countries.
  • In June, Petya malware spread across the Ukraine, disabling ATMs and shutting down the monitoring system at the Chernobyl nuclear power plant.
  • In September, over 140 million Equifax customers learned that their credit card numbers, social security numbers, and home addresses had been leaked.
  • Even Deloitte, a company that consults with organizations to prevent cyber-attacks, had its client and employee data breached by failing to deploy a simple two-factor authentication procedure.

A cyber-attack can severely damage your business’ reputation. Over 45% of Canadians would stop making online purchases from a vendor that suffered a data breach. Compare that to the 76% of Canadian executives who expect the number of data breaches to increase in 2018, but do not expect their organizations to invest in IT security.

Traditional thinking has been to invest in the basics like firewalls, anti-virus software, and if these fail, deal with the repercussions as best you can. The problem with this approach is that it applies a technical solution to a knowledge-based problem; hackers use known exploits and social engineering tactics, not superior hardware, to gain access to data.

Fortunately, 2018 promises several IT security advances will allow your company to identify and mitigate potential breaches before they affect your bottom line.

1. Customized Solutions: Increased demand for IT security has brought many new vendors into the market, expanding the range of solutions available to enterprise customers. This means a more tailored approach to security with experts who understand your infrastructure’s size and complexity.

2. Cloud Security: With more organizations moving their IT infrastructure to the cloud, it has become an increasingly attractive target for hackers. As such, cloud services providers like Microsoft Office 365 have embedded security in every stage of their services, from software development to license procurement, your programs are continuously updated to eliminate potential exploits.

3. Insights from Big Data: As your organizations adds pieces to solve the IT security puzzle, the vast amount of data generated by each system can cause analysis paralysis. Cybersecurity experts have identified this problem and are using advanced tools like User and Entity Behaviour Analytics to better understand weak points in IT infrastructures, strategically patch holes, and alert administrators to irregular activity.

These advances in customizability, software updates, and data analysis will enable real-time assessment and informed decision making for your company. Of course, developing and implementing an IT security strategy is easier said than done, which is the reason many organizations are looking to cybersecurity consultants to bridge the knowledge gap. A trusted cybersecurity consultant can assist in several ways:

• Perform an infrastructure review, gap analysis, and provide recommendations.
• Test current systems to determine potential problems or security threats.
• Conduct cloud security reviews and network security assessments.
• Prepare reports for senior management and regulatory bodies.
• Provide guidance on the selection of a cybersecurity insurance policy.
• Formulate an incident response and notification strategy.
• Keep you up to date, and prepared to overcome, the latest cybersecurity threats.

Read another blog post here.

Connect with Pund-IT at 519-342-4004 to discuss your company’s cybersecurity strategy.

The Big Picture, the Arc and Your Technology Strategy.

Business Consulting and Long Term Strategy

The Role of Strategy

What is strategy?In 1996, Michael Porter’s HBR article titled “What is strategy?” proposes that operational efficiency is insufficient if a firm wants to become – or remain – competitive. Porter argues that tools used to increase productivity, speed and quality can be replicated by any firm. A focus on tools and cost-control cannot create sustainable, long-term profitability. But, he insists, strategy can.

“Strategy” is one of those ephemeral business terms. And the truth is, not everyone knows what it is. Not everyone gets the concept that a business – like a novel or a movie – has an arc. A beginning that is building toward a big moment, a revelation, a future vision: one that is not rooted in the day-to-day management of tools or the bottom line. (And one whose path may move depending on market conditions or opportunities.)

A great, sustainable strategy guides the organization at the macro level. It is built on activities that are hard to measure and resistant to micromanagement. Things like:

  • employee efficiency & retention
  • reputation & brand
  • responsiveness & customer satisfaction
  • borrowing power
  • partnerships
  • diversification & expansion

These kinds of “measures” frustrate managers because they are inherently hard to quantify and control. But entrepreneurial executives instinctively understand that these are necessary. They’re part of that “arc” that helps an organization achieve a profitable, successful future state.

So what does this have to do with technology? (You knew we were going here.)

It is a truth universally acknowledged* that business must use technology (hardware, software, networks, etc.) in order to operate. That’s just the reality of the global economy. Period. So, is “technology” an operational tool? Or is it integral to achieving that future vision? The answer is: both.

How technology is perceived within the organization – and at different levels of management – is important. A manager who views technology only as tools and/or a cost centre, may be making decisions that negatively affect communications and employee satisfaction. An executive who is willing to invest a novel technology solution (i.e., be an early adopter) may feel that the boost to competitive advantage, reputation or customer satisfaction is worth a little extra cost or time spent “getting the kinks out.” These perspectives are at odds.

In some organizations, the realization that technology enables strategy results from (or leads to) decision-making being taken from managers and put in the hands of entrepreneurs and strategists. In some firms, tech decisions are made at the C-Level and managers simply operationalize them without truly understanding why.

Operationally, firms still have to navigate the cost/benefit/value-add matrix, but managers might make different decisions if they understood – strategically – why investment in technology (and in specific technologies) is important. It is, therefore, critical that organizations and team members understand the role that technology plays in a) supporting some of those “hard-to-measure” activities, and b) achieving a future vision. This top-down/bottom-up understanding of helps managers make good decisions. A technology strategy can be an effective way to codify and share that understanding.

In Praise of Technology Strategy

Pund-IT technology strategyA technology strategy is a piece of the overall business strategy (the big vision). It lays the operational groundwork and technological infrastructure that sets up and supports the future state of the organization. It helps firms budget five to ten years in advance. More importantly, it gives physical expression to some of those hard-to-measure activities and helps team members understand what to emphasize, where to economize, when to spend and why.

For instance, if employee efficiency, satisfaction and retention are important, how can technology support that aim? What technology software/hardware can a firm implement that will help team members be more productive, more easily? What does it cost? How does cost balance against the value it provides to the organization? How does a firm budget for it going forward?

This kind of “big picture” thinking has ramifications beyond employee satisfaction and increased productivity. Happy team members don’t leave; operational costs go down and knowledge retention goes up. Happy employees talk; reputation and brand get a boost. Happy employees deliver better service; customer satisfaction increases. (Let’s take this scenario all the way! The organization gets a “best employer” award, huge press and suddenly investors, new partners and new opportunities come flying out of the woodwork! How’s that for an arc?)

The purpose of sharing strategy within the organization is clarity – knowing where to go and how to get there. Think of it this way: a technology strategy empowers people. The execs and entrepreneurs know that the technology infrastructure exists to support growth, goals and those hard-to-measure activities. Managers have a clear understanding of what is important to the organization and when to invest time/money. Employees have the right equipment and support.

The Results

But what are the results? Well, Michael Porter says: competitive advantage. That seems simplistic when it comes to technology – it’s so pervasive within organizations and its impact is much broader than the productivity/operational tools Porter referenced in 1996. Twenty years later, technology is the foundation upon which all aspects of business and commerce operate. It stands to reason, then, that having a technology strategy to support overall business goals is more important than ever in helping firms succeed.

About Pund-IT Tech Strategy Consulting

Pund-IT technology consultingPund-IT helps firms create technology strategy. We work with growth-oriented organizations to imagine their future state, the “arc” required to get there, and outline what’s important to support going forward. Once we understand what’s important, we develop a technology strategy document that outlines a technology roadmap (including novel hardware/software technologies that may be considered), budget and an approach to using technology to support those long-term, strategic goals.

If you’re interested in taking control of your firm’s technology and making sure that it is aligned with your business objectives, call us.

*Apologies to Jane Austen. 😀