Risk Management Article

Alper Kerman’s picture

By: Alper Kerman

Huh? What? At least that was my response the first time I heard the words "zero trust" when I started working at the National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) in the fall of 2018. Mind you, I was also making a fresh start with an enormous jump to cybersecurity from a career track that had generally been in software engineering.

Sure, I did design and develop secure software solutions and even put together secure systems and platforms at times throughout my career, but zero trust seemed like a different ballgame to me. For one thing, it didn't have a fence.

What do I mean by that? Well, the traditional approach to cybersecurity relies on barriers—firewalls—that control traffic coming in and out of a network. Zero trust, on the other hand, is about assuming no barriers. It is usually mentioned in the same breath as "removing perimeters," "shrinking perimeters," "reducing perimeters," or "going perimeter-less." These are common references to the idea of "de-perimeterization," which was originally introduced by a group called the Jericho Forum back in 2005.

Gleb Tsipursky’s picture

By: Gleb Tsipursky

Does the phrase “garbage in—garbage out” (GIGO) ring a bell? That’s the idea that if you use flawed, low-quality information to inform your decisions and actions, you’ll end up with a rubbish outcome. Yet despite the popularity of the phrase, we see such bad outcomes informed by poor data all the time.

In one of the worst recent business disasters, two crashes of Boeing’s 737 Max airplane killed 346 people and led to Boeing losing more than $25 billion in market capitalization as well as more than $5 billion in direct revenue. We know from internal Boeing emails that many Boeing employees in production and testing knew about the quality problems with the design of the 737 Max; a number communicated these problems to the senior leadership.

However, as evidenced by the terrible outcome, the data collection and dissemination process at Boeing failed to take in such information effectively. The leadership instead relied on falsely optimistic evidence of the safety of the 737 Max in their rush to compete with the Airbus A320 model, which was increasingly outcompeting Boeing’s offerings.

Hamza Mudassir’s picture

By: Hamza Mudassir

Disney has announced a significant restructuring of its media and entertainment business, boldly placing most of its growth ambitions and investments into its recently launched streaming service, Disney+. The 97-year-old media conglomerate is now more like Netflix than ever before.

What this means is that Disney will be reducing its focus from (and potentially the investments routed to) theme parks, cruises, cinema releases, and cable TV. As CEO Bob Chapek says: “Given the incredible success of Disney+ and our plans to accelerate our direct-to-consumer business, we are strategically positioning our company to more effectively support our growth strategy and increase shareholder value.”

Victor Piedrafita’s picture

By: Victor Piedrafita

During the last decade, we’ve witnessed the emergence of sustainability issues among the most important business concerns in a firm’s supply chain. An increasing number of firms have reexamined their relations with suppliers and moved forward to build a more sustainable supply network, by not only monitoring their suppliers’ compliance, but also fostering their capabilities to properly address various environmental and social challenges.

FIBS, a Finnish organization that fosters sustainability, states as one of the key results of its Corporate Responsibility Survey 2017 Summary that sustainable and responsible supply chains have become strategic goals for Finnish companies. However, implementing this remains a challenging issue, as does the need for resources, systematic training, and learning from the best practices developed by others.

What is ‘sustainability?’

The most extended and accepted definition of sustainability was put forward in 1987 by the World Commission on Environment and Development. According to the commission, sustainability is ‘‘a development that meets the needs of the present without compromising the ability of future generations to meet their own needs.’’

Multiple Authors
By: Erik Fogelman, Jeff Orszak

With the increasing power of digital technology, the idea of a connected manufacturing system that can sense, analyze, and respond will soon be a reality. This idea—called “intelligent edge”—combines computing power, data analytics, and advanced connectivity to allow responses to be made much closer to where the data are captured. It takes emerging internet of things (IoT) and Industry 4.0 capabilities to the next level.

Cybersecurity plays a complex role in this vision. On one hand, technological advances can lead to improved cybersecurity capabilities. On the other hand, when built without a consideration for privacy, data integrity, or network resilience, such technological advances can instead increase cyber risks dramatically.

The capabilities that enable the intelligent edge include artificial intelligence (AI), computing hardware, networking capabilities, and standard protocols. Advances in these capabilities have converged to help tie together components that accelerate the realization of Industry 4.0. Here are the key components that enable new ways of working, new products and services, and new value creation.

John Keogh’s picture

By: John Keogh

Almost all businesses involved in the food supply chain have experienced effects ranging from a mild shock to severe disruptions during the Covid-19 pandemic, and further disruptions may be ahead this winter.

Yet not all organizations have learned critical lessons, and history shows us some companies are destined to remain unprepared for the next wave.

Many companies have taken decisive action to survive the pandemic and enhance their supply chain resilience. In doing so, they are protecting their interests and those of their business customers or consumers. We believe that successful firms are taking what’s known as a systems thinking approach to enhance food supply-chain resilience.

In the systems engineering world, systems represent the interconnected complexity of ecosystems that are connected both internally and externally.

For example, a food production business is connected to numerous ecosystems internally and to those of its suppliers, business partners, and customers.

Zane Patalive’s picture

By: Zane Patalive

Meet Humphrey. Humphrey is a gray squirrel that a friend of mine rescued as an abandoned baby squirrel. For weeks, my friend and his family nursed the young creature by hand. While Humphrey was growing, he became very friendly with the family members, often perching on their shoulders and snuggling in their arms for naps.

Humphrey was permitted the run of the house and had a basket for his sleeping quarters, which he often used at night. As time passed, he grew strong enough to survive on his own, and the family released him back into the wild to enjoy the life of a healthy gray squirrel. Having grown fond of his human family, Humphrey built a nest in a tree just outside their back door and still hops on laps and shoulders while the family sits together outside.

The ‘tail’ of two cities

So how does a story of a rescued squirrel connect with the timely topic of cybersecurity? There is a rampant and significant vulnerability that exists for homeowners and enterprise businesses alike, and in many ways correlates with Humphrey’s story.

Celia Paulsen’s picture

By: Celia Paulsen

October happens to be (among other things) Breast Cancer Awareness Month, Dental Hygiene Month, National Bullying Prevention Month, and my personal favorite, National Pizza Month. Plus, it’s Halloween! But I digress. We’re here to talk about cybersecurity.

Every manufacturer should hold cybersecurity awareness training for all its staff at least once a year. Many people are spooked by the mere mention of the words “cybersecurity” and “training,” so October could be an appropriate time for it. Your training should, at a minimum, cover relevant company policies such as your IT security, information security, and physical security.

Over the years many of us have taken this type of training and learned to dread it: Training where someone gives the exact same cybersecurity speech they gave last year, and then hands out a paper for you to sign saying you were there. A real snooze fest. This kind of training does its job as far as meeting the bare minimum but has little impact on actually molding employee behavior.

Eric Stoop’s picture

By: Eric Stoop

Data can transform manufacturing. It’s also a term that continues to prompt discussions within the industry. People have been saying it for years now, and there is plenty of empirical evidence: Data are the way forward in business generally and manufacturing in particular.

But right now, when people talk about data, they often mean either data analytics or automation using artificial intelligence (AI), a technology that is ‘fed’ with data. Often, these discussions focus on marketing and the customer experience, or on cutting business costs by automating specific processes.

All of these things are important, and many of them can be useful to manufacturing businesses, but they don’t entirely represent the potential of data in manufacturing.

What’s more, amidst talk of crunching numbers and automation, it has become too easy to lose track of the human element. But most plants still rely heavily on human behavior, and on processes undertaken by people. If these aren’t done correctly, the business will become inefficient at best, and catastrophically dysfunctional or dangerous at worst.

NordVPN Teams’s picture

By: NordVPN Teams

The FBI reported earlier this year that complaints of cyber attacks received by its cyber division had risen to almost 4,000 a day—a 400-percent increase over pre-coronavirus numbers. In one four-month period (January to April), 907,000 spam messages, 737 incidents related to malware, and 48,000 malicious URLs—all related to Covid-19—were also detected by one of INTERPOL’s private-sector partners.

Hardware-reliant, legacy, and even hybrid network infrastructures have suffered terribly from a lack of quick-fix solutions. These solutions are necessary to facilitate the exponential increase in remote “offices” that require adequate protection.

“One of the things that’s changed is that corporations no longer have control over the infrastructure their employees use for work,” says Juta Gurinaviciute, chief technology officer at NordVPN Teams.

Although no network is immune to attacks, a stable and efficient network security system is essential for protecting data.

Syndicate content