- The ability for a large number of nodes to converge on a single consensus of the most up-to-date version of a record.
- The ability for any node that creates a transaction to, after a certain period of time, determine with a reasonable level of certainty whether the transaction is valid and became final (i.e. that there were no conflicting transactions confirmed elsewhere in the Blockchain that would make the transaction invalid, such as the same currency units: "double-spend").
- An automated form of resolution that ensures that conflicting transactions (such as two or more attempts to spend the same balance in different places) never become part of the confirmed record set.
Business Innovation: The potential to disrupt and transform industries.
There are still many issues to be overcome before Blockchain is widely adopted. Issues pertaining to network design (permissioned vs permissionless), scalability and business models need to be addressed. There is no “one size fits all” solution.What does this all mean for business? Opportunity!
In addition to the areas widely being discussed in relation to Blockchain, including payments (cryptocurrency), fraud (Everledger) and trading (NASDAQ), some other domains where Blockchain technology can be applied in driving business innovation include: 1. Auditing: With a single set of transparent records, Blockchain has the ability to fundamentally change auditing processes worldwide. 2. Insurance: A single set of transparent records, for example relating to building certification, fire safety, engineers reports etc. could potentially transform the insurance industry. 3. Business Records: A single set of searchable records pertaining to company directorships, asset ownership, property transactions and judgements has the potential to completely transform practices within the banking and legal professions. 4. Healthcare: Smart health systems, with functionality to include admittance and validation of patient’s identity. Other potential use cases could include a universal ledger for medical research.Therefore, Blockchain presents numerous business opportunities for organisation’s to innovate, disrupt and transform industry sectors. However, they need to act now towards ensuring that they are leading the digital transformation within their sectors.
On 6 October, the Court of Justice of the European Union issued a landmark ruling, declaring the U.S. Safe Harbour provision set up by the European Commission 15 years ago invalid.
The decision has resulted in a great deal of uncertainty regarding the transfer of data from European Union member states to the United States. But one implication of the decision is very clear. It points up a fundamental shift in perspective regarding cyber-security strategy.
Source: www.jatheon.com
For many years, cybersecurity has been regarded as a simple rote application of technologies like anti-virus, firewalls, intrusion detection systems and so on. There was certainly acknowledgement that security required attention to process and people as well. Nonetheless, not only international provisions such as Safe Harbour, but also guidance such as the ISO 27000 family of standards, focused on technology as the centre of cybersecurity. Meanwhile, attackers have shifted to a focus on users, rather than technology, as the weak link in cybersecurity. RSA recently published joint research performed with ISACA on the current state of cybersecurity (http://www.isaca.org/cyber/Documents/State-of-Cybersecurity_Res_Eng_0415.pdf) that sheds very important light on the dangers of social engineering attacks. The report provides the results of a survey of cybersecurity professionals, conducted in the first quarter of 2015, showing that phishing and other kinds of social engineering attacks targeting users were the most common attacks within enterprises in 2014, with nearly 70 percent of respondents citing phishing as having resulted in exploits in the enterprise, and 50 percent citing other social engineering attacks.
Source: www.v3.co.uk
A shifting frontline
These changes in attack strategies and regulatory policies mean that Irish businesses need to build a process-based cyberdefence that pays attention to the changing face of cyberthreats and regulatory issues. This “advanced cyberdefence” combines effective governance and intelligence-driven security solutions. To start, a company needs to understand the potential for attackers to exploit the vulnerability of its users, the interest of attackers in taking advantage of that potential and the impact that such an attack could have. Indeed, cyberattacks are more a case of when, not if. Having the right defensive tools, and the right organisational protocols in place, can be the difference between a glancing blow and a devastating breach. Companies need to think beyond traditional cyberdefence tools. For organisations that deal in e-commerce and sensitive data, like customer information, reliance on a standard anti-virus suite is not enough. Using intelligence-driven security software, on the other hand, provides a proactive line of defence against attack. Think of a traditional anti-virus as a perimeter wall. For determined hackers, this wall can be scaled easily, often before anyone notices. An intelligence-driven security solution, the kind we pioneer at RSA, is more like a patrolling sentinel, actively checking for intrusions and questioning those who seem suspicious. If I’m a hacker somewhere in South America trying to access a company’s server in Dublin using stolen credentials, an intelligence-driven security solution would analyse my location, my credentials and my computer, in addition to other variables, in order to check my identity. For someone who’s not who they're pretending to be, passing through this gauntlet of checks is extremely difficult and thus, access to private information is denied. In general, these intelligent solutions can be scaled to fit a company’s specific data protection and security policies, making them agile and flexible.A company's cybersecurity cannot depend entirely on technology.
Effective governance and “security hygiene” amongst all staff, not just the IT department, is vital to protect assets. This can be as straightforward as a company-wide training day on the importance of updating software when prompted, creating strong, unique passwords and deleting unsolicited emails with suspicious attachments. Companies must also put in place a defined structure and hierarchy to deal with security breaches quickly and effectively. This “critical incident response team” must know how to act, who to contact and which assets to secure in a time of crisis. As the latest Court of Justice ruling shows, it’s difficult to find a safe harbour in the storm of cyberattacks, but there are ways to protect against damage and mitigate risk. An advanced cyberdefence policy combines intelligent technology with sensible, proactive governance, and it’s an essential strategy for Irish companies to safeguard data.Often, security breaches can be found and fixed in a short space of time, but they can have long-term, sometimes permanent, effects on a business’s reputation and viability.
Robert Griffin is Chief Security Architect at RSA, the Security Division of EMC and is also teaching on the IMI Diploma in Digital Business which will commence Spring 2016. At RSA he is responsible for technical architecture and standards and is particularly active in RSA’s initiatives to address the challenges of new threats and new models for IT. He is a frequent speaker at many professional and industry conferences and has instructed courses within both professional and university settings. [post_title] => Finding a Safe Harbour in the Storms of Cyberattacks [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => finding-safe-harbour-storms-cyberattacks [to_ping] => [pinged] => [post_modified] => 2020-05-11 20:33:15 [post_modified_gmt] => 2020-05-11 20:33:15 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.imi.ie/?p=12660 [menu_order] => 0 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [2] => WP_Post Object ( [ID] => 4755 [post_author] => 3 [post_date] => 2012-12-20 14:59:22 [post_date_gmt] => 2012-12-20 14:59:22 [post_content] => The IMI Diploma in Data Business leading to an MSc in Data Business The companies of tomorrow are already thriving today on the fact that harnessing data not only delivers an exceptional user experience to all stakeholders, but also drives incremental organisational change, while reducing time and costs spent on IT and encouraging company-wide innovation. Has your business successfully harnessed the explosive growth of data that is available to you? The IMI and UCC are pleased to announce the launch in spring 2013 of the part time IMI Diploma in Data Business. In essence the programme will help you build a data business strategy and roadmap to propel your business’s future strength and security. The issue with Big Data is that right now it suffers from a dearth of in-house expertise in the majority of today’s thriving businesses. Businesses that as a result may cease to thrive in the future. Big data is only going to get bigger so there's no better time than the present for your organisation to start treating data as you should do – that is to say – as your most valuable asset. Programme Partners EMC and SAS are programme partners to the UCC-IMI Alliance in the launch of this programme, which ultimately leads to an MSc in Data Business. Those who have the technical experience and want to develop a more business/holistic view of data strategy and those who are non technical but need to have a sufficient understanding to manage data/or collaborate with the data analysts should read on.'The new Diploma and MSc in Data Business will play a critical role in educating the next generation of business leaders. The use of data analytics in everyday business activities is expanding dramatically and shaping the global business environment. It is imperative that we ensure business leaders have the necessary skills to take advantage of this new IT revolution and enable the creation of high-quality job opportunities. As a global leader in Big Data and data analytics, EMC is pleased to partner with UCC and IMI in supporting and assisting on this programme which will ensure Ireland positions itself to take advantage of new high-tech trends in global IT.'
Donagh Buckley, Chief Technology Officer and Director of EMC Research Europe
'Big Data and its exploitation using data analytics are no longer concepts, they are now a key part of the strategic make up of leading companies looking to find a competitive edge. SAS believe the Masters in Data Business programme is important for business leaders of today and the future, who are looking to get the most from data by building new business models and strategies to leverage data and the analysis of it.'
Geoffrey Taylor, Academic Program Manager, SAS UK and Ireland
In the Classroom Alongside classroom discussion with UCC and IMI experts, participants will learn first-hand from several industry speakers what their practical experience of implementing Data Business solutions through workshops with senior specialists. The IMI Diploma in Data Business will enable participants to identify and evaluate Data Business strategies for their organisations, and develop a sound business case for deploying new data enabled business models. As part of the programme, every participant will develop a comprehensive “Data Business blueprint” for their organisation. “This Diploma will be characterised by a unique classroom dynamic that will bring together both technical and non-technical managers to jointly analyse Data Business strategies and map out new ways of doing business,” commented IMI Executive Chairman Dr Phil Nolan. Why Data Business Legacy businesses are trying to re-invent themselves with the advent of more internal data and reporting challenges as well as new data sources from business and channel partners, the advent of Open Data etc. New service enabled business models are being developed at a rapid pace with little thought to some of the strategic issues that should be considered. IT and business professionals are challenged with developing reporting strategies for their ever increasing complex business footprint. Very few businesses, surviving in today's economic climate, want to lose existing customers, over/under order materials/goods, or just put more simply, operate at a loss through making what seems to be straight forward business decisions. Therefore, usable high quality data is a key resource for any such business. However, these same businesses often inappropriately treat information as a ‘by-product’ as opposed to a ‘product’ and do not effectively manage data as a ‘business resource’ or ‘corporate asset’. In fact, reports suggest that only 1 in 10 businesses have an enterprise data strategy and as a result are not managing their data as a corporate asset. The reality is that the on-going behaviour of these businesses leads to a misplaced perception about the quality of their data and to the absence of data governance and data quality initiatives. So, while business data is a key strategic asset and should be managed accordingly, how does your business manage your data? The programme will provide technical and non-technical management with a new and highly applicable skill-set to help support an existing data business or help develop a new data enabled business. Participants will develop an enterprise data strategy for their business.'Without a prolonged and active focus, data enabled business initiatives are likely to fail. While there are several technical programmes in the market place at the postgraduate level these are usually taught as full time postgrad programmes aimed at a technical role. These typically do not attract non-technical business functions, those looking for a business driven perspective to the content as opposed to technical. This programme is about business and for businesses.'
Professor Ciaran Murphy, UCC
For Further Infomation To apply please call IMI at 1800 22 33 88 or e-mail programmeadvisors@imi.ie. Please note programme numbers are limited. The programme is scheduled for March 2013 and applicants must submit an application form and make themselves available for a one to one conversation with the Programme Director in advance of their application being considered for acceptance. [post_title] => We Mean Business with Data Business... [post_excerpt] => [post_status] => publish [comment_status] => open [ping_status] => open [post_password] => [post_name] => we-mean-business-with-data-business-6 [to_ping] => [pinged] => [post_modified] => 2020-05-11 21:51:00 [post_modified_gmt] => 2020-05-11 21:51:00 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.imi.ie/news-and-events/?p=1010 [menu_order] => 0 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) )
Hugh Torpey
Hugh Torpey is Content Manager at the IMI
Related Articles
People Hacking – A Risky Business
Lock the doors, close the windows, set the alarm and secure your building. Create firewalls, encrypt mobile phones, beef up email security, and you’ve begun to protect yourself digitally.
Lock the doors, close the windows, set the alarm and secure your building. Create firewalls, encrypt mobile phones, beef up email security, and you’ve begun to protect yourself digitally. There is one factor however that means you will never be fully protected – people.
As technology gets better, security for that technology will get better in parallel. It’s an arms race to a certain extent, but it’s a race that organisations will, to a large degree, have to rely on outside expertise. For the criminals out there looking to exploit your organisation, this means that people are their best way in.
The Bad Actors
Jenny Radcliffe is an expert in finding the bad apple in an organisation or, more regularly, making a good apple go bad. Jenny spent most of her adult life ‘people hacking’, using social engineering techniques and the digital landscape to gain access to businesses. In this world where an organisation’s digital security may be airtight to the average criminal, using the internet to spot the human weak spots within an organisation is easier than you would imagine.
If, for example, an outside bad actor wanted to gain access to a member of your board’s computer system, how would they do it? The answer is, nearly always, online.
By searching each board member you can, very easily, find out who their partner is, do they have children or pets, their phone number, home address, what’s their favourite TV show… the information unique to each individual. Once the bad actor has these hooks, they can use them to target individuals. The person with lots of dogs, for example, would be vulnerable to an email asking them to re-book an appointment with the local vet.
This online research will also give clues to the outsider on who to overtly target to recruit for corporate espionage. If you surveyed CEOs today corporate espionage would probably not be high on their list (although cybersecurity might) as it doesn’t feel like something that would be common to an organisation. This is not the case.
At the time of writing, WeWork – the largest company in the co-working space business (like an Airbnb for office space) – has been accused of sending two spies to infiltrate rival Knotel to steal information and customers. The spies allegedly visited seven Knotel properties in Manhatten in September in a “systematic attempt to pilfer Knotel’s proprietary information and trade secrets”.
Of course, there is nothing like a malicious employee to damage your organisation. From straightforward leaks of information, stealing and sharing of plans and projects, to outright sabotage, the internal employee has a huge amount of power to damage your organisation.
If they weren’t a plant from the beginning, it is people using the techniques laid out by Jenny that can turn them into the malicious insider through the use of fear, emotional manipulation and, most commonly, money.
Protecting your Organisation
Unfortunately, there is no real way to protect your organisation entirely. Kevin Mitnick, one of the world’s most foremost computer security consultants, once said ‘there is no patch for human stupidity’, and this could probably be extended to greed as well. If a bad actor is within your organisation, all the security in the world may not be enough to combat a big enough monetary reward.
For those attempting to stop bad actors ‘people hacking’ their way into an organisation, the best prevention strategy is awareness. Make your employees – especially the high-value targets – aware of the threat and give at least basic training. Arming your employees with insights on how they can be targeted and what to look out for is the best shield.
Digital security is today both the lock and the key, but organisations should begin thinking about the people that can actually open the door. It is not computers stealing internal company information, it’s people.
This blog was adapted from a talk given at the IMI by Jenny Radcliffe at the National Management Conference 2017. Jenny Radcliffe – aka “The People Hacker” – is an expert in social engineering. She speaks, consults and trains people in the skills of “people hacking” and explains how social engineering using psychological methods can be a huge threat to organisations of all sizes.
