Author: Stuart Crawford

As the business world continues to evolve, digital transformation becomes even more important for every company, regardless of the industry. However, successfully moving into the digital arena and remaining on top requires companies to make the right choices when it comes to their money and their time.

Below are some tips to help your company achieve ongoing digital success.

1. Create a designated budget for digital projects.

In order to become a digital success, monetary investment is always required. Carve out a section of your budget that will be dedicated to digital projects only. In general, your digital expenses should represent at least five percent of your annual expenses. However, depending on your situation, you may decide to scale this amount up or down.

2. Involve your employees.

Investing money in digital projects alone is not enough to guarantee your success. You must also involve your employees in these endeavors. Every employee on your staff should be aware of your goals with regard to digital projects, and some of your employees should be working exclusively in roles related to digital.

3. Stay on top of emerging technologies.

The digital world is always changing, with new technologies on the horizon every day. To be successful digitally, your company needs to be aware of the new technologies as they emerge so you can incorporate them into your operations when appropriate.

4. Consider digital when looking for new talent.

Bringing your current employees onboard with your digital projects can be helpful, but it isn’t enough to ensure lasting success in this arena. As digital continues to become more widespread, hiring employees who are comfortable with technology becomes even more important for every company. When looking for new talent to add to your team, make digital skills a priority.

5. Make use of data.

To improve customer experiences digitally, your company needs to invest in and utilize data. Data allows you to customize every customer’s interactions with your company so he or she can have the highest level of satisfaction possible. Data also allows you to gain valuable insights about every aspect of your business’ operations so you can identify strengths and weaknesses.

6. Seek professional assistance.

Bringing digital to your company successfully can be a challenge, especially if you aren’t an expert in this field and/or if you have many other responsibilities. If you aren’t sure how to incorporate digital into your daily operations, consider hiring a consultant or even a full-time digital team to help you make the most of your investments and your efforts.

These are just a few of the strategies you can use to make your company a digital success. Keep in mind that success rarely comes overnight, so ongoing effort will likely be required before you will see the results you desire.

Intel Humiliated by Losing CPU Market Share to Eager AMD

Intel’s continued problems with delivering CPUs are expected to go on throughout the fall and potentially 2020. Intel’s CEO Bob Swan told shareholders during their second-quarter conference call that the delays in processor deliveries would continue until September.

The fallout benefits AMD, which increased its market share from 9.8 percent in 2018 to 18 percent by the end of June 2019.

Why is Intel having trouble shipping CPUs on time?

The culprit is Ice Lake, Intel’s high volume 10nm processor. The chipmaker announced Ice Lake at CES 2019, but the processor hasn’t been forthcoming in the volumes Intel promised. The 10nm project has slowed Intel’s other chip line production. Lower-end processors have especially suffered, leading to supply chain problems for manufacturers, retailers, and customers.

What are Intel’s problems with the 10nm CPU?

The current problems continue Intel’s struggles with 10nm chips which date back to 2013. Intel’s initial goal for 10nm CPUs was 2015. Year by year, Intel has pushed back the deadline for 10nm CPUs. Intel’s second-quarter conference call gave late 2019 as the deadline — but the real date is more likely to be 2020 for most people who want to buy PCs with the new CPU.

The bottom-line culprit is engineering choices. Intel’s 10nm design selections have consistently held mass production back on its 10nm CPU project. As problems continued, Intel responded by refining its 14nm CPU performance and production process. TSMC and Samsung have 10nm CPUs, but their performance is equivalent to Intel’s 14nm CPUs.

What is so good about increasingly tiny CPUs?

Intel and its competitors, including AMD, are continuing R & D on smaller and smaller gate-size processors. Smaller gate sizes allow more CPU cores, or they enable a smaller die for the same performance as a larger CPU.

Smaller CPUs also use less power and generate less heat, a must for mobile devices and laptops. With desktop PCs, heat and power consumption aren’t as important, so processor performance can be improved in other ways.

How have Intel’s supply problems affected its business?

Intel’s stock has increased 6% since January 2019 according to Fortune, but rival AMD’s stock has gone up 83%. Nvidia’s stock has risen 25% since January.

The supply problems are mirrored by leadership problems at “Chipzilla.” Intel’s former CEO Brian Krzanich resigned in June 2018 when a relationship with a former employee was disclosed. Krzanich’s replacement Bob Swan is credited with improving company morale and redirecting the floundering 10nm CPU team.

Has AMD taken advantage of Intel’s delays?

AMD is gaining market share with scaled-up production of 12nm circuits. The Santa Clara-based chipmaker is gaining market share from Intel with its Ryzen 14nm and 12nm CPUs. It has announced 7nm Ryzen and Rome CPUs. AMD’s year-to-year market share in desktop computers grew from 12.2% in the first quarter of 2018 to 17.1% by the first quarter of 2019. In notebooks, AMD’s share grew from 8% to 13.1 %.

AMD also expects the number of Ryzen CPU notebooks to grow significantly in 2019, with desktop units growing by 30% and notebooks by 50%. Lenovo, the world’s #2 PC manufacturer, will be using Ryzen 7 Pro 3700U chips in its upcoming ThinkPads.

Which Intel and AMD news should industry pros and investors watch in upcoming quarters?

Intel has delayed shipments of all of its CPUs, not just the promised 10nm Ice Lake and variant chips. Rivals AMD and Nvidia have taken advantage of ongoing delays to ink new deals with major companies including Lenovo.

Investors and industry pros should keep an eye on CPU market shares for the rest of 2019 and into 2020. This will indicate if the agile upstarts are going to continue to take on “Chipzilla” and change the landscape of computing power in 2020 and beyond.

We’re only halfway into 2019, yet data protection specialists and IT analysts have already seen an unfortunate spike in criminal activity across industries.

Thus far, here are the biggest cybersecurity crises of the year.

2019’s Top Cybersecurity Stories

#1 – Supply chain attacks

Unique to 2019 is a growing trend of supply chain attacks.

Supply chain attacks are also called third-party attacks. That’s because they are attacks that don’t directly target you and your company, but that still affect you. This occurs by a hacker targeting a third party that your company works with, thus, in the end, indirectly affecting your company.

For example, if your company contracts with another company to provide your stores with POC (point of sale) units, the company providing your POCs could be hacked in a way that ends up affecting your company.

This trend began in 2017 with NotPetya, a piece of malware that spread when Russian cybercriminals hacked how auto-updates were implemented within an accounting application based in the Ukraine. Since, similar attacks have hit several companies, from Asus and CCleaner (a computer cleanup program), to Visual Studio (an application from Microsoft).

#2 – Breach of the American Medical Collection Agency

The American Medical Collection Agency was hacked over a long period of time from August 2018 through March 2019. During this time, it is estimated that 20 million patients had their data stolen.

Information that was compromised included complete names and dates of birth, addresses and phone numbers, balances due for medical expenses, healthcare provider information, and dates of medical services rendered. Although Social Security numbers and insurance ID numbers were not known to be compromised in the attack, the fact that personal information was lost from so many customers is truly troubling.

#3 – Attacks from Iranian hackers

Iran has certainly been in the news recently for reasons other than cyberattacks. When Trump pulled the United States out of the Iranian nuclear agreement, escalations between the two countries escalated quickly. Although many citizens may not realize it, these attacks are happening both in the physical world and the cyber world.

Trump recently aborted a military strike to Iran after Iran attempted to shoot down a U.S. drone. However, he did approve a cyberattack against the control launch systems of Iran’s missile and rocket program. Since, Iran has fought back in a similar manner and perpetuated the cyber quarrel.

#4 – Breach of a U.S. Customs and Border Protection Surveillance Contractor

After the breach of a surveillance contractor for the U.S. Customs and Border Protection, hackers were able to obtain license plate information and traveler photos for approximately 100,000 people.

Many travelers going across U.S. borders in May were routinely photographed by Perceptics, a Tennessee-based surveillance contractor. Unknown hackers stole this information and later posted it on the dark web.

#5 – First American’s Data Exposure

First American is a title insurance and real estate firm that had personal and financial data from 885 million customers exposed for anyone who wanted a look-see.

This was not a security breach or a hack, but an internal error — and a terrible one at that. Anyone who visited the First American website during the exposure could have stolen detailed financial and personal information from the hundreds of millions of customers that First American had data on. It would have only taken some simple navigation around the site. Information that was available included Social Security numbers, mortgage documents, tax documents, bank account numbers, driver’s license images, and more.

Still, it is not known whether anything was indeed compromised or stolen.

#6 – Ransomware attacks on local governments

Ransomware attacks have long been a problem in the cybersphere. But recently, they’ve been taken to a whole new level.

Instead of targeting individuals or attempting to target huge enterprises, hackers specializing in ransomware are now aiming their attention at local governments and municipalities, such as the city of Baltimore in Maryland, three cities in Florida, Atlanta in Georgia, and many others around the nation.

Ransomware is a type of malicious software or malware that locks down data and/or computer systems from the owners. Once this occurs, the hackers who installed the malware demand a monetary sum (usually in bitcoin) in order for the owners to regain system and data access.

Often, cybersecurity specialists are unable to locate the perpetrators or unlock the ransomed systems or data. In these situations, many target cities have reluctantly decided to pay the ransom. In Riviera Beach, Florida, for example, the city voted to pay a whopping $500,000 in ransom in order to regain access to their computer systems.

Phishing scams — and, increasingly, spear-phishing scams — are the number one way that cyber hackers gain access to closed computer systems, steal information and money, and corrupt data.

Let’s take a look at what phishing and spear-phishing scams really are, how you can spot them, and how to help your organization avoid their highly detrimental consequences.

Phishing and spear-phishing: What’s the difference?

Both phishing and spear-phishing are forms of email-based cyberattacks.

Essentially, both terms refer to email-based attacks that attempt to gain personal or sensitive information using deceptive or disguised emails appearing to be from legitimate sources.

Phishing is the broad term for these attacks. Spear phishing only differs in that these email attacks are specifically targeted at an individual. This may mean that the email includes the individual’s actual name, address, and/or phone number. Or, the email may reference other personal information, such as the individual’s workplace, work position, alma mater, or where they bank.

Here are some examples of spear-phishing emails you may have seen before:

• An email appearing to be from your actual bank: “Dear YOUR NAME, Your debit card may have been compromised. Click here to login to your account and check your statement.”
• An email appearing to be from a store where you frequently shop online: “Your recent order from XXX STORE has been dispatched. Go here to track your shipment.”

Notice that each example includes a place where you should click. This is by design. Often, simply opening a phishing email will not result in any issues; however, clicking on a link inside the email can actually be enough to cause the bulk of the issues (sometimes, major issues). A police department employee in Florida recently opened a phishing email link that led to ransomware being installed on the city’s computer system. In the end, the ransomware cost the city hundreds of thousands of dollars.

How can clicking on a simple link end in such disaster?

The answer is malware.

Malware is a shortened term for malicious software. This software can be automatically downloaded to your computer and/or entire computer system and network by a “trap door.” These trap doors are disguised as links, attachments, login fields, or downloads, which are embedded within phishing emails.

If hackers can get a spear-phishing target to click on their “trap door,” they can use that gateway to install malware onto your system. And once this happens, your entire network and data are at risk.

How Can You Spot a Phishing Email?

Phishing emails often have specific features, which should raise red flags right away:

• The message is unusual (comes at an odd time, is from someone you don’t know, is in a bizarre tone, makes a bizarre or out-of-the-blue request).
• The message makes you panic (e.g., “Your money has been stolen!”).
• The message is threatening (e.g., “If you don’t click here now, you risk losing your job.”).
• It’s written poorly, as if by a non-English speaker.
• The email includes personal information … but not very much.
• The sender’s email address or the web address they want you to navigate doesn’t look right.

What Should You Do if You Think You’ve Received a Spear Phishing Email?

If you think you or someone else in your company has received a phishing email, do nothing at first. Remember that clicking on links, downloading attachments, and opening files or pictures are all the things that hackers want you to do, which is exactly why you should never do them if you are suspicious of an email.

On the other hand, some emails may be clearly legitimate. It’s important to know the difference.

For example, if you speak to Ross from accounting in person by the water cooler, and he tells you he’ll be sending over an invoice you need to sign in the next 10 minutes, if you get an email with an invoice attachment from Ross in the next 10 minutes, the email’s probably okay.

If you get an email from Ross out of the blue on a Saturday? And you didn’t expect it? And it’s not in the tone that Ross usually uses?

This is when you shouldn’t do anything. Instead, check the legitimacy of the email. Do this either in-person or over the phone. For example, call Ross or wait until Monday to speak with him personally. Double-check that he sent the email. If it turns out the email cannot be accounted for, contact your company’s IT security department immediately.

Train Your Employees to Spot Phishing and Spear Phishing Emails

Understanding and following these guidelines as a CEO or manager is important, but remember that spear-phishing emails can target your employees as well.

For this reason, ensure that all of your employees know and understand:

• What phishing and spear-phishing emails are
• How to spot these emails
• What you should never do with a suspicious email (click, download, or login via the email’s prompt)
• What to do if they suspect they’ve received a phishing email

By following these guidelines, you can keep your business safe from phishing scams and the subsequent ramifications.

How Do I Choose a Cloud Computing Model?

No matter what your company or organization specializes in, it’s sure that you have some form or forms of data that needs to be stored, well, somewhere.

Before the invention of cloud computing, most company data was always stored on-site — that is, in the hard drives at a place of business. Additionally, some businesses may have had data stored on remotely-located hard drives or discs; but the majority of data was “in the building.”

Naturally, you can see how this would be dangerous — both for you as a business owner and your clients, customers, and investors. Sensitive data such as customer specs or financial information could be easily stolen, corrupted, lost because of a computer glitch, or even destroyed in a fire.

Today, with the advent of cloud computing. The bulk of these worries are gone. Nearly all major companies, organizations, governments, and many individuals use the cloud.

What is the cloud and what is “cloud computing”?

The first thing to know about “the cloud” is that it’s not a physical thing like a computer or a hard drive. Instead, this term refers to a virtual space or a select part of the Internet — the part that stores data.

Just as you can surf the web from anywhere in the world as long as you have an Internet connection, you can also access the cloud from anywhere in the world — plus whatever you store there. Again, you simply need an Internet connection. In this way, many people simply define the “cloud” as a metaphor for the Internet.

“Cloud computing” is the generally recognized term for all computing actions done in or via the cloud. Therefore, cloud computing refers to cloud-based data storage, but it also means cloud-based:

• Data management
• Content delivery
• Access to applications and software
• Delivery of services

Should your business be using cloud computing?

Before we dive into how to choose a cloud computing method, let’s talk about why you should be using cloud computing — and you absolutely should be.

Cloud computing provides numerous benefits that old-fashioned computing methods just can’t live up to. Specifically, cloud computing provides:

• Mobility and Efficiency: You can work on the cloud from anywhere. Allow your employees, customers, clients, and investors to access the best that your company has to offer, without worrying about weighing down the system or collapsing your infrastructure.
• Ultimate Security: The cloud provides the best security available when it comes to storing your sensitive data. Even when hardware and equipment fails, you know your data will be stored safely and backed up.
• Scalability and Flexibility: With non-cloud computing solutions, you must anticipate the extent to which you’ll use your storage space and other computing needs beforehand. Cloud computing allows you to scale your cloud services up or down, based on your unique needs.
• Strategic Value: Cloud computing methods are always updated with the latest software and the newest tech. This gives your company a competitive edge. Plus, there’s no need to toss outdated technology or revamp your entire network, which would otherwise set your company timeline back significantly.

What method of cloud computing should my business use?

This depends on the organization’s specifications, needs, and goals. There are three basic methods of cloud computing to choose from.

Private Cloud Computing

This model of cloud computing provides dedicated use to your company’s data and systems over a private IT infrastructure. This is a good model to choose if you are particularly concerned about confidentiality and security. Only a trusted third-party or your company’s internal resources team should manage a private model of cloud computing, and you should only give access to those within your company.

Public Cloud Computing

This method of cloud computing allows your business’s resources (software, platforms, infrastructure) to be available to the general public. In some cases, these types of cloud computing models are offered to the public for free, but they may also be sold by a pay-per-usage model.

Hybrid Cloud Computing

As the name suggests, the hybrid cloud computing model blends a public cloud and a private cloud. The hybrid model is mostly by companies who need to operate both models, and thus, the two are integrated into one overarching system.

Resources in the cloud are easier to access, manage, and recover after an equipment malfunction. By switching your business to one of the cloud computing models outlined above, you’ll have a competitive edge and complete control of your company’s data and systems.

The Top Cyber Security Threats Facing Enterprises and How to Mitigate Them

As cybersecurity threats become more prominent and the Internet of Things (IoT) devices become more essential, the tactics behind the threats are evolving into more sophisticated forms. This can lead to an increase in certain types of cybersecurity attacks and threats that can sometimes catch IT managers off guard. Knowing what types of attacks and tactics are on the rise can help managers plan proper prevention and mitigation strategies. Given that 31 percent of organizations have been subject to cyber-attacks according to United States Cybersecurity Magazine, managers can no longer afford to be lax when it comes to security protocols.

What are the Top Threats?

Financial fraud through compromised business emails, credential stuffing, web application attacks, data breaches, and malware attacks have made the top list of threats. Compromised business emails come in the form of false requests to employees to pay nonexistent invoices, modify bank accounts, and purchase gift cards. Many of these emails are written using spoofing techniques that make it appear as though the email is coming from a top-level executive or a person of authority within the organization. When employees are misled by the emails and disclose the financial information the attackers are looking for, the company’s financial accounts and resources become compromised.

Credential stuffing occurs with unauthorized access to the company’s systems or enterprise-level applications via a legitimate employee’s username and password. With credential stuffing, a large number of employees’ usernames and passwords are either obtained through social engineering, phishing, or random guessing. Since it is natural for most to keep reusing the same usernames and passwords, it can make it easy for attackers to guess credentials that are similar in nature or that are updated in a sequential manner.

Web application attacks take advantage of vulnerabilities in the coding of applications and configurations. Common types of attacks include distributed denial of service (DDOS) and bypassing network firewalls to obtain sensitive data. Sometimes web application attacks are used in order to gain access into an organization, including physical access to a company’s servers. Data breaches can occur through web application attacks and unauthorized access to a company’s cloud storage accounts. Weak encryption systems and malware are often to blame with data breaches. Malware can come disguised in the form of freeware or shareware, file-sharing programs, programs or infected files stored on USB drives, and infected files or links shared through email.

Mitigating the Risks

Guarding an organization against compromised business emails includes enabling two-factor or multi-factor authentication. With two-factor authentication, a person must not only enter in credentials but provide another source of verification. This can be a code that is sent via text message to the person’s cell phone. Secondary means of authentication can also come in the form of a fingerprint or key fob. While it is easier for an attacker to guess a weak password and username, it is not easy to gain access to a code sent to a physical device that is only in the possession of the authorized user or duplicate a means of identification that is unique to the person’s physicality. Other means of guarding against compromised business emails include detection rules, employee education about spoofing, and more stringent policies regarding accounting and appropriate uses of email.

Two-factor authentication can also protect an organization against credential stuffing. Additional means include manual checking of passwords against known compromised credentials, enforcing frequent password change policies, employee education about not disclosing credentials, implementing detection rules, and employee education about social engineering and phishing tactics. Web application attacks can be prevented through more stringent firewalls, intrusion detection tools, limiting inbound access requests to server-based applications and systems, stricter scrutiny of cloud service providers and the providers’ security protocols, and the implementation of stricter internal security processes and policies.

Cybersecurity threats are unlikely to become a thing of the past as more devices and business processes become network integrated. However, simply having an internal IT security team in place is not enough to guard against attacks and unauthorized access. Developing both a defensive and an offensive game plan for the top threats most organizations face is an important step towards protecting a company’s sensitive data and technology-related resources.

3 Ways to Improve Your Cyber Security Plan

Cyber attacks cost organizations millions of dollars per incident and often results in system downtime. The average cost of system downtime per cyber attack is as much as $1.25 million, according to Cybersecurity Ventures. System downtime can be costly due to lost sales, frustrated clients, and unfulfilled requests that lead to a significant backlog. Some clients also have long memories that lead to negative word of mouth and a future drop in sales. Despite the real threat of cyber attacks, Cybersecurity Ventures reports that only 28% of firms involved in installing network-dependent technology regard security strategy as highly important. Although completely preventing cyber attacks is often regarded as unrealistic, assessing threats, establishing key performance indicators, and mitigating human factors can help technology leaders improve their security strategies.

Threat Assessment

A proper threat assessment does not involve a single activity or happen once. Threat assessment is an ongoing strategic activity involving research, analysis, simulations, and follow-up. Starting with a series of questions is critical during the start of the research phase, as it helps security teams and technology leaders develop a profile of potential threats to the organization. Some of the questions to ask during this phase include:

• Who is most likely to launch an attack against the organization and its resources?
• Why is the individual or group of individuals motivated to launch an attack?
• What data or information is valuable to the potential attacker(s)?
• How are the potential attacker(s) likely to try to gain unauthorized access to the organization’s systems and data?
• How has the potential attacker(s) breached other organizations?

Once security teams and leaders determine the answers to these questions, an analysis of the firm’s IT systems and infrastructure can occur. Finding vulnerabilities and ways to detect intrusions and other types of cyberattacks is as much about thinking like the potential attacker(s) as it is about discovering ways to stay a few steps ahead. This means setting up preventative measures and also conducting exercises to try to get around those preventative measures. By trying to accomplish a mock cyberattack, internal security teams can better identify previously unseen vulnerabilities in the organization’s infrastructure, processes, and security strategy. Follow-up activities involve analyzing system logs to determine if past indications of common or known attack methods exist.

Key Performance Indicators

Assessing vulnerabilities and developing a profile of high probability threats is important, but even the most sound threat assessment will be ineffective if performance measurements are not established. A sound cybersecurity plan contains ways to measure whether the organization’s strategy is working and identify areas for continued improvement. Common key performance indicators include:

• Average detection time
• Average time to mitigate detected threats
• Number of identified vulnerabilities
• Ability to control and prevent threats
• Ability to meet and comply with the plan’s objectives
• Whether key objectives or milestones were accomplished

Human Factors

Securing an organization’s systems and IT infrastructure against external threats is only part of a thorough cybersecurity strategy. Planning for the internal threats related to human error and inappropriate system access is even more crucial. Employees and vendors that have access to an organization’s systems should be subjected to security policies, including controlled access, account-level privileges, several layers of authentication, and awareness of social engineering and phishing techniques.

Education that includes security policies and training related to scenarios depicting potential threats is the cornerstone of a sound mitigation plan. Employees who understand what phishing attempts look like will be less likely to click on suspicious email links and less likely to download files that contain malware. Good communication, interactive training sessions, tests that simulate phishing and social engineering attempts, raising awareness about best practices, and implementing metrics can go a long way towards mitigating vulnerabilities related to human error. Implementing access policies that only give employees the system access they need to effectively perform their jobs is a secondary factor involved in mitigating internal threats.

The possibility of an organization becoming a target of a cyber attack is high if not a guarantee. Technology leaders and IT security teams cannot afford to not take cybersecurity strategy seriously. Conducting constant threat assessments, developing and refining key performance indicators, and finding effective ways to stress the importance of security protocols to employees and vendors are three foundations of a sound cybersecurity plan. Preventing cyber attacks from becoming serious incidents is important to an organization’s sustainability but learning how to make improvements based on existing vulnerabilities is even more critical to continued success.