Category Archives: consumer

What are some emerging trends in cybersecurity?

Leave a reply

I read an interesting blog post on ten cyber security trends for organizations to consider.  Please read the entire blog posting here.  Below (copied directly from blog post) are the potential trends that I find the most interesting and accurate.

A new model of cyber security will emerge
As firms invest more in cloud computing, a new model for cyber security is emerging. Increasingly, firms can look to cloud providers to embed good IT security, but firms still own the problem of setting their requirements and determining just who can access what. The shift towards DevOps and agile development build on these more flexible infrastructures, but also demand new ways of embedding security into the development lifecycle and an equally agile test regime. Security can no longer engage at the end of development cycles and, if it does, it risks being seen as a blocker rather than an enabler.

Automation of controls and compliance will be the order of the day
Firms are coming under pressure to contain their burgeoning cyber security budgets. Manpower-intensive compliance processes are beginning to give way to continuous testing and controls monitoring, helping firms build a more accurate picture of their IT estate – helping the CIO as well as the CISO. The growing demand for supply chain security and third party assurance will also lead to a burgeoning industry of testing firms offering risk scoring and testing services for those third parties.

Digital channels will demand customer centric security
Digital channels are becoming more and more sophisticated, demanding new consumer identity and access management approaches, dynamic transaction risk scoring and fraud controls, and an emphasis on usable non-intrusive security measures which don’t impact the consumer’s experience. Open Banking and the arrival of Payment Services Directive 2 will drive richer interactions between a new ecosystem of payment service providers and the banks who handle our money. A new world of open API is on the horizon, but concerns over criminal exploitation of these rich interfaces abound.

Resilience and speed matters
Regulators are focusing on resilience – the ability of an organization to anticipate, absorb and adapt to disruptive events – whether cyber-attack, technology failure, physical events or collapse of a key supplier. Exercises and playbooks are in fashion as firms try to build the muscle memory they need to respond to a cyber-attack quickly and confidently, while cyber insurance is finding its place not just as a means of cost reimbursement but as a channel for access to specialist support in a crisis.

The Takeaways

  1. Review and discuss above trends and adjust any strategy as appropriate for your organization

 

How do you maintain Trust?

Leave a reply

I just read another post on maintaining trust with customers in era of data breaches. There is nothing new in the posting, but the content is impactful from  its simplicity and succinctness. Here are the items that should be acted on (easier to write about than implement)

  1. Ask for permission
  2. Be transparent about what data is being collected and how it is used
  3. Clearly explain policies on consumer date use to staff
  4. Keep data anonymous by default
  5. Don’t greedy. Only collect needed data

What 100,000 Tweets About the Volkswagen Scandal Tell Us About Angry Customers?

Leave a reply

A critical component of managing a cyber security incident is crisis communication. Swaminathan and Mah (2016) recently published, “What 100,000 Tweets About the Volkswagen Scandal Tell Us About Angry Customers” in  the Harvard Business Review. Their analysis focused on more than 100,000 tweets related to the Volkswagen Scandal. Their conclusions are relevant to CISOs and their cyber-incident management plans.

The Takeaways :

  1. Incident management plans need to include an analysis of tweets. As Swaminathan and Mah state, “by analyzing the topics most frequently discussed, managers can better understand what consumers are discussing and apply appropriate recovery strategies.”
  2. CISOs need to collaborate with their partners in Public Relations in managing the communication with customers..
  3. Understand that tweets change in terms of volume, valence and topics over the course of the incident. The figure below illustrates the three major changes from Swaminathan and Mah

Capture_tweets