By Kevin Bocek, VP of Security Strategy and Threat Intelligence, Venafi
The White House has been forced to rapidly issue new cyber security rulings for government agencies after it emerged that a second security breach against the U.S government’s Office of Personnel Management (OPM) has exposed the files of millions of federal workers, as well as information on their friends, families and colleagues.
The breach could leave federal workers and their contacts open to blackmail or spear phishing attacks by cyber criminals, or users may be duped into downloading dangerous malware.
The OPM breach was the second attack in as many weeks – and comes on the back of other high profile security attacks such as the Community Health Systems breach in the US, which affected 4.5 million patients and the attack on Sony Pictures. It therefore comes as no surprise to seethe White House announce major developments to ramp up encryption and intensify website security across the board.
In the wake of this second attack, The White House has directed all federal agencies to take a series of rapid measures to lock down government systems. U.S. Chief Information Officer Tony Scott has launched what is being referred to as a 30-day cyber security sprint. During this time, agencies are being asked to patch all known vulnerabilities and shore up systems using information provided by Homeland Security, the Government department designated to protect the nation. Agencies will all be asked to report on their progress during this period.
The U.S. Office of Management and Budget (OMB) has also announced that all federal agencies will be required to use HTTPS to improve website security. On its coat tails, the House Energy Commerce Committee sent letters to the CEOs of Apple, Google, Microsoft and Mozilla expressing concern that Certificate Authorities (CAs) owned by national governments have the power to issue certificates which could be used for fraudulent purposes. Although these two initiatives are unrelated – they are linked.
The Committee is seeking industry direction on whether limiting CAs can actually improve the way the certificate system is run, if it is technically possible, what adverse effects such restrictions would have, and how security can be improved overall?
Federal agencies will be required to inspect all inbound TLS/SSL traffic for potential risks as they move to 100 percent encryption.All traffic will need to be carefully examined as cyber criminals are happy to play the waiting game and hide out for as long as it takes to launch a successful attack.
Agencies will also need to search out the malicious use of forged, compromised, or fraudulent certificates across the Internet to brick wall so called spoofing and man-in-the-middle (MITM) attacks. With a compromised, stolen, or forged key and certificate, attackers can impersonate, surveil, and monitor their targets’ websites, infrastructure, clouds, mobile devices, and system administrators, and decrypt communications thought to be private.
While the motives behind increasing encryption are largely positive – the OMB’s announcement to use HTTPS has some gaping holes. If HTTPS isn’t properly implemented with an immune system to protect the cryptographic keys and digital certificates, the increased use of HTTPS may actually increases the security risks. More encrypted traffic will require bad guys to use HTTPS and either forge or compromise certificates to mount effective attacks. Unfortunately, we live in a world without trust today because there is no immune system to detect keys and certificates that do not belong and are being misused as the bad guys accelerate their attacks.
In its directive, the OMB has yet to specify or mandate any type of key or certificate management system to ensure it is efficiently managed and safeguarded. There has also been no reference to the U.S government’s National Institute of Standards and Technology(NIST) guidance issued two years ago for preparing for a CA breach. NIST guidelines are aligned with internationally accepted best practices and standards on computer security. This is what makes the Committee’s letters to the industry seeking advice on limiting CA’s all the more intriguing.
Governments should be anxious about who we trust in our browsers and if we can have confidence in the security of websites. This is why we welcomed Google’s decision to block CNNIC, the Chinese CA, earlier this year, following the discovery that the state-run organisation had issued unauthorised certificates for Google domains that left it exposed to man-in-the-middle attacks capable of intercepting private communications.
Shockingly, any CA in the world, through fraud or compromise, could issue malicious certificates for .gov domains, as well as more obvious .com sites and others. It is imperative that CAs cannot abuse certificates or issue malicious ones that could be used as ammunition against the US or its allies. Google Certificate Transparency (CT) is undoubtedly a help – butit only covers the high-level extended validation (EV) certificates, and does not address compromise or misuse after issuance. This is why we are seeing a rise in so called Certificate Reputation, which allows website operators to monitor their web domains to help ensure there are no fraudulent issued SSL certificates.
The move that the US Government have taken is undoubtedly a step in the right direction – but unfortunately more encrypted traffic makes them an even more inviting target for cyber criminals. Unless we have an Immune System for the Internet – a system that that can identify certificates, safely deliver them for use with SSL/TLS inspection, and detect and stop the misuse of certificates for governments and enterprises – we will continue to see a frightening number of attacks take place.
Should you reward high performance and if so how?
By Matthew Emerson, Founder and Managing Director, Blackmore Four
In our last article – “what do high-performing teams mean?” we identified four enabling conditions – a compelling direction, high accountability, clear expectations and trusting relationships to be the basic platform for high performing teams. But work teams do not operate in an organisational vacuum. Organisational performance is the key interest for managers and executives; however, organizations only perform efficiently if individuals feel satisfied and committed as well as cooperate with colleagues.
Features of the organisational context, such as the reward system, specific incentives and career development opportunities as well as the coaching and feedback behaviours of team leaders, can have.
a seismic impact on the outcome of the team. In today’s team-centric workplace, how do you recognise employees’ contributions to team success in the most effective way?
Individual vs. team reward
The problem is that group tasks are usually a mix of group and individual interests, a mixture of cooperative and competitive incentives. Therefore, is team recognition better? Or is it best to reward individual contributors?
When you reward individuals for their hard work and for achieving results, you incentivise them to keep up the good work. This recognition can, in turn, influence others to improve their performance. However, rewarding individuals may create a more competitive environment, potentially undermining any efforts to establish or maintain a collaborative culture within the organisation.
Through a meta-analysis of 30 studies involving more than 7,000 teams, Garbers and Konradt (2014) found that team-based rewards yield moderate positive effects on team performance. Recognising an entire team encourages greater camaraderie and when people are motivated to work harder for the good of the team, it often results in higher performance. Moreover, it demonstrates to the team that others in their organisation (specifically, those who designed the reward system and administer it) care enough about a team’s performance that they are willing to expend organisational resources to recognise what it accomplishes. Effective team rewards should elicit and reinforce collaboration among members as they work together to achieve compelling team purposes. Recognition for good team performance encourages members to think of “us” rather than “me” and goes a long way in helping to sustain collective motivation.
Both individual and team-based recognition have their pros and cons. So, what would be a compromise solution? A third option is offering a hybrid recognition program.
By simultaneously rewarding group and individual achievement, you can motivate everyone to work hard toward achieving the team’s goals. At the same time, you also recognise individual team members who go the extra mile. These are the people who make outstanding contributions to the team’s overall performance. The work they do is worthy of special recognition and should be rewarded appropriately. When a team receives something that members collectively value, it becomes more likely that members will do again whatever it is that they did before.
The consequences of excellent team performance, therefore, must be something that team members themselves view as favourable. Even if leaders think that putting a team’s name on the company intranet is kudos for high performance, that listing will have no effect if team members view it as silly, embarrassing or meaningless.
One kind of recognition that almost everyone cares about is money. At least in Western societies, people have learned well to “follow the money” if they want to understand what is going on or what is most valued by those in charge. Although compliments and nonmonetary rewards can go a long way in reinforcing team excellence, they cannot go all the way. At some point, people want to see some cash—or at least feel they have a piece of the financial action. What factors do you need to consider when designing your rewards strategy?
Equitable v’s equal
The evidence suggests that equitably distributed rewards are more effective than equally distributed rewards in
affecting team performance. So, for example, the practice of distributing the same bonus to all team members at the end of the financial year, while it might be easier to do, may yield weaker effects on future performance. Because fairness violations are processed more emotionally than rationally, even nominal rewards for team performance have implications for fairness perception and must be managed.
Communicate how you will distribute rewards: if you want to value individual contributions, you will need to define and say what the indicators of performance are (e.g., the amount of responsibility, hours worked, individual outcomes). In other words, use equitable pay and be meritocratic. Giving employees “voice” is an important first step of rewards fairness. Objectives and performance should be measured among individuals, so that you can show what each team member has done and what they each receive as a reward.
Consistency is key
Finally, we encourage team leaders to make sure they use fair decision-making criteria when they are deciding on who should receive recognition. Team members need to trust that you are recognising team members who make valuable contributions. Distributing formal recognition based on arbitrary factors, or simply rewarding “teacher’s pets,” may compromise the positive (and exacerbate the negative) changes found in our research. Many employees report feeling undervalued at the end of a project. These less favoured members are usually separated from the favourable team members due to hierarchy or departmental lines.
Team-based rewards have both potential benefits and drawbacks for an organization, especially in the context of team trust. While they can be successful in highly interdependent team environments when reward measurements are fair and clear, they can also result in motivational loss, competitive behaviour and feelings of discomfort by team members who are reluctant to determine each other’s pay when such preconditions are not in place. It is important for managers to take these dynamics into account when designing a team-based rewards program and remember that there is not a one size fits all approach.
Matthew Emerson is the Founder and Managing Director of Blackmore Four, an Essex based management consultancy working with leaders of ambitious businesses to achieve outstanding performance through periods of growth or significant change.
Starting his career at Ford Motor Company, Matthew has developed his expertise in Organisational Effectiveness in key senior HR, Organisational Development and Talent roles, predominantly in Financial Services (Credit Suisse, Barclays and DBS) and most recently as the Group Head of Talent and Performance at UBS AG.
Having worked in and across Asia for six years as well as having ‘global’ responsibility in a number of his roles, Matthew has an appreciation of international and multi-cultural working environments. He also has a multi-sector perspective, having worked with organisations in Manufacturing, Healthcare, Education and Technology.
Britain’s Boohoo buys Debenhams brand for 55 million sterling
LONDON (Reuters) – British online fashion retailer Boohoo said on Monday it had purchased the brand of collapsed department store group Debenhams for 55 million pounds ($75.4 million).
Debenhams’ administrators said last month it was starting a liquidation process, putting 12,000 jobs at risk.
(Reporting by James Davey; Editing by Kate Holton)
Asian shares near record highs as U.S. stimulus plans offset virus woes
By Swati Pandey
SYDNEY (Reuters) – Asian shares climbed to near all-time highs on Monday as concerns over rising COVID-19 cases and delays in vaccine supplies were eclipsed by optimism of a $1.9 trillion fiscal stimulus plan to help revive the U.S. economy.
Sentiment in the region was also boosted by a report that China had surpassed the United States to be the largest recipient of foreign direct investment in 2020 with $163 billion in inflows.
Futures markets also pointed to firmer starts elsewhere. E-mini futures for the S&P 500 rose 0.37%, futures for eurostoxx 50 as well as London’s FTSE were up 0.3% each while those for Germany’s DAX added 0.4%.
“The FDI story has definitely lifted China and its near neighbours today, blowing an economic recovery tailwind into geographically adjacent markets,” said OANDA’s Singapore-based market analyst Jeffery Halley.
“Looking ahead, equities will find more meaningful reactions from the progress or not of the Biden stimulus package, and the level of dovishness displayed by the Federal Reserve at their FOMC meeting this week.”
Global equity markets have scaled record highs in recent days on bets COVID-19 vaccines will start to reduce the infection rates worldwide and on a stronger U.S. economic recovery under President Joe Biden.
Still, investors are also wary about towering valuations amid questions over the efficiency of the vaccines in curbing the pandemic and as U.S.lawmakers continue to debate a coronavirus aid package.
MSCI’s broadest index of Asia-Pacific shares outside Japan rose to 726.46, within kissing distance of last week’s record high of 727.31.
The benchmark is up nearly 9% so far in January, on track for its fourth straight monthly rise.
Japan’s Nikkei rebounded from falls in early trading to be up 0.7%.
Australian shares added 0.4% after the country’s drug regulator approved the Pfizer/BioNTech COVID-19 vaccine with a phased rollout likely late next month.
Chinese shares rose, with the blue-chip CSI300 index up 1.1%. Hong Kong’s Hang Seng index leapt nearly 2% led by technology stocks.
All eyes are on Washington DC as U.S. lawmakers agreed that getting the COVID-19 vaccine to Americans should be a priority even as they lock horns over the size of the U.S. pandemic relief package.
Financial markets have been eyeing a massive package though disagreements have meant months of indecision in a country suffering more than 175,000 COVID-19 cases a day with millions out of work.
Global COVID-19 cases are inching towards 100 million with more than 2 million dead.
Hong Kong locked down an area of the Kowloon peninsula on Saturday, the first such measure the city has taken since the pandemic began.
Reports the new UK COVID variant was not only highly infectious but perhaps more deadly than the original strain also added to worries.
In the European Union, political leaders expressed widespread dismay over a hold-up by AstraZeneca and Pfizer Inc in delivering promised doses, with Italy’s prime minister lashing out at the vaccine suppliers, saying delays amounted to a serious breach of contractual obligations.
On Friday, the Dow fell 0.57%, the S&P 500 lost 0.30% and the Nasdaq added 0.09%. The three main U.S. indexes closed higher for the week, with the Nasdaq up over 4%.
Jefferies analysts said U.S. stock markets looked overvalued though they still remained bullish.
“For the stock market to have a real nasty unwind, rather than just a bull market correction, there needs to be a catalyst,” analyst Christopher Wood said.
“That means either an economic downturn or a material tightening in Fed policy,” Wood said, adding neither was likely to occur in a hurry.
In currencies, major pairs were trapped in a tight range as markets awaited the Fed’s Wednesday meeting.
The dollar index eased to 90.073, with the euro at $1.2181, while sterling was last a tad firmer at $1.3721.
The Japanese yen was a shade weaker at 103.69 per dollar.
In commodities, Brent gave up early losses to be last flat at $55.41 a barrel and U.S. crude rose 3 cents to $52.30.
Gold was flat at $1,852.9 an ounce.
(Editing by Shri Navaratnam and Jacqueline Wong)
Should you reward high performance and if so how?
By Matthew Emerson, Founder and Managing Director, Blackmore Four In our last article – “what do high-performing teams mean?” we...
Britain’s Boohoo buys Debenhams brand for 55 million sterling
LONDON (Reuters) – British online fashion retailer Boohoo said on Monday it had purchased the brand of collapsed department store...
Asian shares near record highs as U.S. stimulus plans offset virus woes
By Swati Pandey SYDNEY (Reuters) – Asian shares climbed to near all-time highs on Monday as concerns over rising COVID-19...
Philips fourth-quarter core profit up 7% on continued strong COVID-19 demand
AMSTERDAM (Reuters) – Dutch health technology company Philips on Monday reported a 7% increase in fourth-quarter core earnings as the...
Global life insurers impose restrictions, worried about long-term pandemic risks
By Suzanne Barlyn, Carolyn Cohn and Noor Zainab Hussain (Reuters) – Global life insurers are taking steps to curb payouts...
Dollar pauses its decline on fresh virus worries
By Hideyuki Sano TOKYO (Reuters) – The U.S. dollar stabilised on Monday after a recent decline as fresh worries about...
European lenders exit Amazon oil trade after scrutiny by campaigners
By Brenna Hughes Neghaiwi, Matthew Green and Simon Jessop ZURICH/LONDON (Reuters) – Credit Suisse, Dutch lender ING and France’s BNP...
Asian shares rise as U.S. stimulus plans offset virus woes
By Swati Pandey SYDNEY (Reuters) – Asian shares rose on Monday as concerns over rising COVID-19 cases and delays in...
Oil prices edge lower as COVID-19 lockdown concerns overshadow demand prospects
By Florence Tan SINGAPORE (Reuters) – Oil prices slipped for a second straight session on Monday as renewed COVID-19 lockdowns...
BP’s oil exploration team swept aside in climate revolution
By Ron Bousso LONDON (Reuters) – Nothing escapes the winds of change now sweeping through BP, not even the exploration...