Daily Archives: August 19, 2011

Listen to BrainNet – Invest your Avoidance Savings to Keep Costs Down

In the recent CPO Executive debate on public sector spend and savings measurement, transcribed in Cuts from the Centre and previously referenced in our post on how your Organizational Data is Organizational Data — NOT Department Data, Fredrik Henzler, Partner and MD, of BrainNet, made a great point — while there is no incentive for a provider to offer the same product or service at a 10% discount if they can continue to get what you are paying now, if you offer to split the savings and let the provider invest a portion of the savings in long-term operational and infrastructure improvements, then there is incentive. If the provider can reduce the cost of their product or service, then they have money to invest in new technologies to further improve efficiency and reduce cost, which will keep the provider competitive as time goes on.

Furthermore, if you don’t get greedy and allow your provider to keep a larger margin if, and only if, they invest in operational improvements, then you know that costs will continue to drop over time and you have likely bought yourself years of cost “savings” and will be able to acquire new products and services at a lower price point than your competitors. Not only is it a win-win, but it incentivizes your providers to reach new heights of efficiency and effectiveness. So invest your savings, and just like money deposited in a high-yield savings account, watch your savings grow over time.

Risk Management Is Your Top Priority – But Are You Prepared for the Billion Dollar Threat?

As per this recent article over on Chief Executive that asks [if] your company is vulnerable to cyber-sabotage, if your company gets hacked, like Sony had its PlayStation Game Network hacked, then you too could be looking at about $1 Billion in tangible damages and an incalculable toll in lost customer goodwill, tarnished brand equity and sleepless nights for the corporate brain trust. Especially if you are in the Financial, Retail, Restaurant, or Hospitality sectors.

Cyber-Sabotage is on the rise. According to IBM, more than 8,000 new cyber-sabotage “vulnerabilities” were identified last year, up 27% from 2009.

But what can you do? The article recommends that you:

  • Become the Security Champion
    And put cyber-security at the top of corporate priority lists.
  • Beware of “Social-Engineering”
    Make upper managers aware of their own vulnerabilities to attacks that exploit the behaviour of strategically positioned individuals rather than involve a broad cyber-sabotage campaign.
  • Draw the Difficult Lines
    And set up an early warning system since it’s impossible to prevent every possible attack.
  • Dig to the Roots
    Be aware that unhappy contractors, customers or partners can become cyber-accomplices, and even cyber-criminals, if they are financially desperate enough.
  • Survey the Changing “Threat Landscape”
    The rapidly rising number of smart-phone “apps” is providing cyber-criminals with opportunities to exploit mobile-data networks.
  • Know the Four Common Categories of Cyber-Saboteurs
    • Foreign Government Intelligence Services
    • Transnational Criminal Enterprises
    • Corrupt Competitors
    • Corporate Insiders

It’s not bad advice, but it doesn’t really help. It’s great to fly a flag, but that’s not enough. And even if a manager knows he is vulnerable to social engineering, that doesn’t tell him how to tell when an individual might be trying to socially engineer information out of him. And just what should an early warning system look like? And how do you identify what individuals inside your four walls might turn on you? And how does knowing what types of cyber-saboteurs are out there help you stop them from penetrating your networks?

You need to know A LOT more than you do. And you’re not going to figure it out on your own. So you pretty much have two choices.

  1. Outsource to a “Cloud” Company that are masters of SaaS and Security or
  2. Hire a Security Consultancy with the Expertise to Not Only do a Security Analysis but to Train you on what needs to be done to Minimize Risk from a Technical and Social Perspective.

That, in a nutshell, is what you need to know, because unless IT Security is your business, you won’t master it.