Tom Holloway, Principal Business Resilience Consultant, Sungard Availability Services
The manufacturing industry is among the most advanced in the world for its adoption of digital platforms. Robotic and connected sensor technology are now mainstream throughout most factories, allowing manufacturers to gather insights in real time. The use of digital technology in manufacturing is nothing new, it has been embedded within processes for decades, and routine disruption has become the norm given the industry’s reliance on technology. However, increasing automation, data-rich production cycles and complex global supply chains make this industry particularly vulnerable to cyber attacks.
It’s predicted that there will be 1.3 million robots in factories worldwide by the end of this year, which could open up as many security risks as it helps with operational efficiencies. Imagine if a hacker managed to access the software the business relies on – it could cause a total shut down of operations. Forcing industrial robotic arms to misperform even slightly could not only result in tons of ruined products but the robots could unwittingly grant access to the business’ security networks, bringing all operations to a halt. The cost of this could be astronomical to a manufacturing business; to put into perspective the cost of the recent NotPetya ransomware attack to businesses is estimated at $1.2Bn, not an improbable figure when you consider that a stoppage in a complex car manufacturing plant can cost £10,000s per minute. This trend is also playing out across other critical infrastructure sectors – with even the US government issuing a rare public warning that energy and industrial firms are vulnerable to sophisticated attacks.
Complicated systems require a hands-on approach. The huge amount of data needed to manage manufacturing processes with tiny degrees of tolerance, are sitting only a few degrees of separation away from public networks. The use of sensor-embedded automation controls, RFID tags and Radio Data Terminals reliant on WLAN infrastructure increase the potential points of system vulnerability.
Historically, investment in manufacturing has been focused on safety and cost reduction, which hasn’t been matched by investment in security. But with these growing risks against our critical infrastructure systems, it is vital that businesses take all the proper precautions.
You are the weakest link, goodbye
Despite these very real risks, our recent research shows that the industry is in danger of becoming complacent. The majority (67%) of IT Decision Makers in the manufacturing sector feel confident that they are prepared for a cyber-attack. While it is encouraging to see this confidence, the headlines have made it clear that manufacturers can’t afford to take the foot of the pedal when it comes to security.
A business works best if all the components work in harmony: people, processes and technology. If one of these falters, the remaining components won’t be able to perform. Each have their own weaknesses, but human error often becomes the most visible of these, but it can be avoidable. An employee clicking a link on a simple spam email might be all it takes to bring the system to a standstill. So, when looking at ways to prevent business downtime the best place to start is with your own people. Make sure everyone is kept appraised of the latest security threats. This could be through inductions or annual training that the organisation needs to take.
Avoiding the domino effect
Increased connectivity through Internet of Things (IoT) devices is transforming the manufacturing industry, allowing leaders to monitor and act upon data flowing between machines, devices and people. A multitude of sensors pour data into systems and build up a real-time picture of operations, however the added sensor touchpoints and more automated processes have left the industry with a more exposed attack surface. The level of disruption a hacker could cause has the potential to be far-reaching; not only would they have the power to stall productions lines, but privacy and even physical safety also pose significant risks to operations. As automation increasingly dominates all aspects of manufacturing processes, leaders need to analyse the robustness of the business’ core technology. IT teams need to make sure they have all their data backed up, whether in a physical data-centre or in the cloud and have regularly tested action plans in place for recovering data and keeping the production line moving.
Watch your WiFi
It’s well known that WiFi can be hacked and cause issues across the supply chain, from networks inside storage depos, to public WiFi used by people working remotely – even supermarket ‘zappers’ could be hacked. Hacking supermarket zappers may not sound alarming, but if the system that provides all this information is corrupted then it could potentially bring down the entire network. What can be done? Keep your inventory record up to date with software management.
While investment in safety and cost reduction are both key elements for success in the manufacturing industry, it should not come at the cost of security. Ultimately, if a customer comes to doubt the ability of your businesses to run efficient operations you risk losing the trust, and business of important suppliers. Careful preparation will help leadership teams manage a crisis when it happens.
Resilience training for operations teams is essential to improve awareness of the entire business and ensure any vulnerabilities can be swiftly resolved. Don’t assume that all staff are appraised of the latest technology in the work place. Spend time upskilling them on the latest technologies otherwise outside threats will get the better of them, and your business.
Track and Trace and Other Lost Data
By Ian Smith, General Manager and Finance Director at Invu
You, like me, were probably amazed by the now infamous loss of the over 16,000 positive test results in the track and trace system due to an Excel spreadsheet error.
You, like me, probably wondered how the Government could get something so important so wrong?
But perhaps we should aks are standing in a greenhouse launching stones?
Data risks from software
Today we are spoilt with software offerings that help us with both our personal and our work lives.
Microsoft Excel is a powerful application and offers many functions now that required moderately complex macro writing in the past, seducing all of us into submitting more data for it to analyse. In finance, we tend to solve all those problems our applications cannot address using Excel.
In finance, we also know the risks of formula errors, and if we have relied on it enough, we will have our own war stories to go with these risks. Yet, we often continue to use the tool for operations that make those folks with an information technology background shake their heads.
These Excel files nowadays may find themselves resident on a local file server or one of the many file servers in the cloud (like those from the big three, DropBox, Google Drive and Microsoft OneDrive or other less well-known file sharing applications). Many of us use these in multiple ways.
Beyond finance and Excel, there are now many applications that we run our data through and leave data stored in the form of documents, comments and notes.
The long-standing example is email. We today receive many documents via email, with content in the body often providing context. Email systems then become the store for that data. While this works from a personal point of view, for a business working at scale, the information stored this way can be lost to the rest of the business. Just like data falling off a spreadsheet when there are not enough rows to capture the results.
More recently, we have seen easy to consume applications develop in many areas like chat and productivity. Take for example task management apps, my own preference being Monday.com (I am sparing you the long list of these). The result of the task and how we got there, in the form of attachments or comments, are often stored in the application. Each application we touch encourages us to leave a bit of data behind in its store.
Many of these applications can have a personal use and an initial personal dalliance is what sparks up the motivation to apply the application to a business purpose. Just like the “Track and Trace System”, they can often find themselves being used in an environment where the scale of the operation overwhelms their intended use.
In our business lives, combining the use of applications in this way by liberally sprinkling our data across multiple systems often stored in documents (be they Microsoft Word, email, scans or comments and notes) puts us on the pathway to trouble.
Imagine how Matt Hancock felt explaining to Parliament that the world-class track and trace system depended on a spreadsheet.
Can you imagine a similar situation in your business life? Say, for example, that documents or data in some form was lost because of the use of disparate systems and/or applications that were not really designed for the task you assigned to them.
Who would be your Parliament?
Now you can see yourself in the greenhouse, you may not want to reach for that metaphorical stone.
If these observations create some concerns for you, you may want to consider the information management strategy at your business. You have a strategy, even if it is not addressed specifically in documents, plans or thought processes.
These steps may help figure out where you are and where you want to go.
- Assess your current environment.
Are you a centraliser, with all the information collected in one place? Or is all your data spread across multiple stores, as identified above? Are you storing your key business information on paper documents, or digitally or a mix of both.
- Assess your current processes.
Do your processes run on a limited number of software applications? Or do you enable staff to pick their own tools to get things done? The answer to this question is often a mix of both where staff bridge the gaps in those applications using tools like MS excel. A key application to think about is how the data in email, particularly the attachments, is made available to the business.
- Design a pathway for change and implement it.
Start with the end in mind. I suggest the goal is to enable the right people to have the right access to the information they require to do their job in real-time. I believe the way to effectively do this is to go digital. The fork in the road is then whether to centralise your information store or adopt a decentralised approach.
My own preferred route is to centralise using document management software that enables all your documents to be stored in one place. Applications like email can be integrated with it, significantly reducing the workload required to file and store the data. The data can then be used in business applications using workflows. Thinking these workflows through will help you assess the gaps between your key business applications and consider whether tools like excel are being stretched too far.
NICE Unveils ENLIGHTEN Fraud Prevention Powered by AI and Voice Biometrics to Empower Contact Centers in Safeguarding Consumers
Using AI-enabled interpretive and predictive models and advanced voice biometrics, the new solution continuously scans millions of calls to proactively identify fraudulent behavior and protect brand reputation
NICE (Nasdaq: NICE) today unveiled ENLIGHTEN Fraud Prevention, an innovative new solution for automatic and continuous fraudster detection and exposure. Bringing together NICE ENLIGHTEN’s comprehensive Customer Engagement AI platform with the company’s voice biometrics capabilities, the solution continuously scans millions of calls to accurately pinpoint suspicious behavior and uncover previously unidentified fraudsters. Adopting a proactive approach, NICE ENLIGHTEN Fraud Prevention significantly reduces fraud losses and handling time while protecting consumers and improving their experience.
“Contact center fraud is growing in frequency, breadth and sophistication,” observes Dan Miller, Lead Analyst at Opus Research. “NICE ENLIGHTEN Fraud Prevention stands out as an integrated, pre-emptive AI-based Fraud Prevention solution that actively prevents malicious activities with minimum additional effort from customers.”
Unlike most technologies that focus on a single call, NICE ENLIGHTEN Fraud Prevention includes powerful AI interpretive and predictive models that scan millions of voice interactions over time to detect abnormal, risky behavior including requests to change addresses or authentication methods without relying on agents to manually capture dispositions. NICE’s Proactive Fraudster Exposure voice biometrics capability included within the solution is then used to expose perpetrators and create a ranked and prioritized list of suspected fraudsters. Importantly, the solution is self-training, constantly learning from identified behaviors, continuously updating its AI models and thus consistently improving results. With this novel solution, organizations can protect customers from account takeover and prevent exposure of personally identifiable information, reduce fraud losses, optimize fraud analyst team efficiency and safeguard brand loyalty.
“We are proud to bring yet another market-first offering with NICE ENLIGHTEN Fraud Prevention,” Barry Cooper, President, NICE Enterprise Group, said. “NICE ENLIGHTEN is NICE’s AI platform with models specific to the Customer Engagement domain. A number of solutions across our portfolio are being infused with AI from NICE ENLIGHTEN including our Proactive Fraudster Exposure solution. NICE ENLIGHTEN Fraud Prevention ensures that fraudsters are rapidly and proactively stopped in their tracks so organizations can protect their customers and their brand. We believe that by bringing AI to Fraud Prevention we provide organizations with the agility that makes it even more difficult for the fraudsters to win.”
Financial Services Sector Leads in Fixing Application Flaws, Lags in Time to Remediate
Veracode, the largest global provider of application security testing (AST) solutions, today released findings revealing that the financial services industry has the best flaw fix rate across six industries and leads a majority of industries in uncovering flaws within open source components. Fixing open source flaws is critical because the attack surface of applications is much larger than developers expect when open source libraries are included indirectly.
The findings came as a result of Veracode’s State of Software Security Volume 11, which analysed 130,000 applications from 2,500 companies. The research found that financial services organizations have the smallest proportion of applications with flaws and the second-lowest prevalence of severe flaws behind the manufacturing sector. It also has the highest fix rate among all industries, fixing 75% of flaws. Still, the research found that financial services firms require about six and a half months to resolve half of the flaws they find, indicating it is slower than other industries to remediate.
“Financial services firms have a median time to remediation of more than six months, despite having a high fix rate compared to other sectors,” said Chris Wysopal, Chief Technology Officer at Veracode. “However, developers in the financial services industry are often limited by the nature of the environments they are working in, as applications tend to be older, have a medium flaw density, and aren’t consistently following DevSecOps practices compared to other industries. With some additional training and sticking to best practices, they can quickly remediate issues and start to reduce security debt.”
Financial Services Specific Findings
Veracode’s research found compelling evidence that certain developer behaviours associated with DevSecOps yield substantial benefits to software security. The findings detail that financial services firms:
- Are a leading industry when it comes to fixing flaws in their open source software and establishing strong scan cadences.
- Fall to middle-of-the-road for scanning frequency and integrating security testing, and are not likely to be using dynamic analysis (DAST) scanning technology to uncover vulnerabilities.
- Outperform averages across all industries in dealing with issues related to cryptography, input validation, Cross-Site Scripting, and credentials management – all things related to protecting users of financial applications.
DAC 6 – D Day is imminent – Update of key elements
By Andrew Knight, managing partner of Harneys Introduction At a time when lengthy books are beginning to be written on...
5 steps for SMEs to budget properly for the coming year
By Fabio Comminot, Head of Dealing, Switzerland at Ebury, one of Europe’s largest Fintechs, has provided a five-step guide to...
Cash in the time of Covid-19: A tale of financial exclusion
By Matt Adam, company’s chief executive, We Are Digital Financial exclusion rates are on the rise thanks to Covid-19. But...
Track and Trace and Other Lost Data
By Ian Smith, General Manager and Finance Director at Invu You, like me, were probably amazed by the now infamous...
Why ID verification is no longer a barrier to global growth in banking
By Barley Laing, UK Managing Director at Melissa Issues related to effective identity (ID) verification have restricted the global growth...
Digital Finance: Unlocking New Capital in Disrupted Markets
By Krishnan Raghunathan, Head of Finance & Accounting Services at WNS, explores how a digitally transformed finance department can give enterprises...
Beyond the bottom line: why brands must show they care to connect with customers
By Vadim Grigoryan, Partner, Lunu Over the past few years, we’ve witnessed an ever-growing activism among consumers, with public opinion...
O-CITY enters Kenya to drive contactless payments across Matatu bus service
Up to 10,000 buses to become cashless with O-CITY’s M-Pesa-based ticketing solution O-CITY, the automated fare collection provider by BPC,...
Nearly 14 Million1 UK adults more likely to spend on Black Friday than they were last year
Yolt launches evolved app to help shoppers save whilst they spend Across the UK, consumers are set to spend £6.4bn...
Christmas isn’t cancelled: European shoppers plan to spend more online this Black Friday
Half (52%) of European consumers plan to do Christmas shopping around holiday sales, including Black Friday, compared to previous years...