Cybersecurity Archives • NMS Consulting

The True Cost of Big Data

Arthur Mansourian — Fri, 31 Jan 2020 13:43:00 +0000

Between 2012 and 2020, the digital universe will grow by two times every two years.

The recent availability and generation of data has created multiple business opportunities. Decision support has been taken to a new level. The explosion in data has created new platforms to make better business decisions. Our world is a world of Business Intelligence that enable organizations to be proactive and not just react to market changes. It allows organizations to increase the pace of innovation and improve business processes. Big Data creates data driven organizations.

Companies can use current and historical sales data to adjust manufacturing and fulfillment levels. It facilitates “just in time” stock, the right product mix, reduces inventory levels and prevents out of stock situations for consumers, all while margins are improved and the company is able to approach customers in a personalized way and with the trade promotions that the market wants. Insurance companies can use large amounts of transactions to measure risks, conduct what if scenarios, stress tests, and external factors to generate exposure and risk analysis.

The Big Data Opportunity

The opportunity is to leverage all the data assets to be proactive and enhance the business opportunities, capture new markets, customers, and increase margins. The key is to leverage the value of the large amounts of data, identify the ideal business areas of an organization and maximize the use of technology to get the best business insight and edge. Most organizations do not use Business Intelligence and Analytics effectively. The vast majority are not leveraging the data and turning it into “Business Intelligence”. Companies have “Data Warehouses” or a collection of data in one place. Less than 20% of companies have mature Business Intelligence that are used in the execution of the company business strategy. Executives get out of date or incorrect information. However, companies that leverage Business Intelligence and Big Data are more competitive and profitable.

What are the true costs of Big Data? There are multiple studies concluding that an Open Source data warehouse with 30TB of data cost approximately $1,000,000 per year.

While Open Source Big Data offers low cost software, the hardware costs are high. Big Data offers business benefits in tackling Risk Management, Fraud Management, and Customer Insights. All costs of Big Data need to be evaluated including hardware, power/energy, and talent.

The latest big data statistics show some remarkable figures such as that from 2012- 2020, the digital data domain will grow by two times every two years (Source: IDC). Also, in a recent survey by MicroStrategy, Between 2012 and 2020, the digital universe will grow by two times every two years. (Source: IDC). This shows just how important it is to fully capture the power of the information that is beneath all the data we see around us. Another interesting fact is that data applications and analytics are estimated to grow from $5.3 billion in 2018 to an astounding $19.4 billion in 2026 (Source: Statista).

About the Authors

Oscar Perez

Oscar Perez has functional expertise in Artificial Intelligence, Big Data, supply chain, SOA, SAP, CRM, procurement, corporate finance, and product marketing. He specializes in software selection and implementation of SAP ERP packages. Oscar has appeared in publications including Computerworld, InformationWeek, and The Wall Street Journal.

Mr. Perez has conducted project reviews for Goldman Sachs, Bain Consultants, Brown Brothers Harriman, McKinsey & Company, Norges Bank Investment Management, P. Schoenfeld Asset Management, Iconiq Capital, Greencape Capital Pty Ltd, JMI Equity, Coatue Management, The Boston Consulting Group, Platinum Asset Management, Invesco, Guggenheim Partners and private equity firms.

Arthur Mansourian

Arthur Mansourian has a 12-year track record as both a management consultant and investment banker, advising clients on valuation, capital markets, structured financing, mergers, acquisitions and divestitures and general corporate strategy.

Mr. Mansourian served as Vice President while at NMS Capital Advisors, when the company achieved cumulative sales growth of over 5,100% with annual compounded sales growth in excess of 120% from 2012 to 2017.

The post The True Cost of Big Data appeared first on NMS Consulting.

Why Human Error is a Major Threat to Cybersecurity in 2022

nmsadmin — Wed, 21 Sep 2022 11:30:00 +0000

Studies show that up to 95% of cybersecurity breaches are due to human error.

On a warm November morning in 2017, Uber had finally announced a breach it concealed for an entire year where personal information and license plates of 600,000 drivers and personal data of 57 million users had been compromised. Uber tried to negotiate and retrieve the data without notifying those affected and even paid a ransom of USD 100,000 (registered as a bug bounty). One of the top unicorns was being exposed by two external individuals who gained access to the information stored in the third-party cloud service. How did it happen? Should we blame the cloud provider? Definitely not.

Uber had been lacking the cloud access control that prevented unauthorized access. Just the concealment of the breach alone cost the company $148 mil and, as in many cases, the loss in revenue, market value, damage to reputation and legal costs are very difficult to calculate as they expand on a rolling basis. Just a few days ago, Uber again experienced a cybersecurity issue, as a hacker was able to breach the company’s internal network.

An astonishing statistic indicates that cybercrimes collectively have yielded at least $1.5 trillion in profits for criminals annually. Since 2010, we have seen a sharp rise in the coverage of cyberattacks in the media such as Mossack Fonseca, Equifax, Marriott, and National Health Service to name a few. Cybercrime has been a substantial threat to companies and individuals for a few decades now, and it is only in the past few years that the topic gained adequate coverage. For instance, MI5 had presented astounding statistics regarding far Eastern espionage groups spying on established western firms. One group had nearly 500 targets and had gained access to IT systems for an average of 365 days, with the longest period being 4 years.

Companies often miss the learning point of such incidents, frequently assuming there is a tool that will come to their rescue. In a study of 50 major data breaches, inadequate technology solutions contributed to 28% of the attacks, and the remaining 72% of successful hacks stemmed from the failures in people and processes; namely phishing emails, malicious insiders and IT configuration errors. Also, according to Stanford University, roughly 88% of data breaches are caused by a mistake made by an employee. Even more surprisingly, an IBM study revealed that human error was the primary reason for 95% of cybersecurity breaches.

Examples of human error in cybersecurity typically include;

Decision-based
Physical security
Password issues
Skill-based

Based on these errors, it is imperative that proper cybersecurity training is conducted thoroughly and regularly with employees across the entire company.

Cyber Training

Cyber training is fundamental to the cyber defense strategy. An estimated 45% percent of companies indicate that their personnel have a problematic shortage of cybersecurity skills. “Training employees on security will immediately bolster the cyber defenses at most companies,” says Lawrence Pingree, Research Director at Gartner, because most data breaches are based on “exploiting common user knowledge gaps to social engineer them to install malware or give away their credentials.”

As an example, susceptibility to phishing declined by more than 40% after cyber training at Wells Fargo. The training, as any learning exercise, needs to be repeated on a continuous basis as shown in the example of the City of San Diego case, where susceptibility declined after training, but picked up again by the end of the year as the training effect “wore off”.

Cybercrime is on the rise – according to a global survey by Accenture, security breaches have increased by 67% over the last 5 years. Small companies are not safe either – a report by SCORE indicated that 43% of cybercrime targets small businesses. The personalized attacks are expected to prevail, and we see that industries like retail, oil & gas, utilities, media and legal are expected to be ranked in the top 10 attacks. Some of these industries are perhaps least protected of all, even though companies hold an immense amount of sensitive information.

Building the Culture of Cybersecurity

Organizations of every size and in nearly every industry are starting to realize that when it comes to cybersecurity, having an unlimited budget and spending most of it on new tools is probably not the best strategy. Such an approach distracts from more effective organizational and cultural improvements. In order to make a consistent long-lasting change and build a culture of cybersecurity, security personnel and other executives need to collaborate closely with the rest of the lines of businesses to work on the challenges that need to be addressed with a holistic approach.

People are crucial to establishing the successful cybersecurity program of an organization and building the resilience needed to defend against a potential breach. They are at the forefront of designing, testing, implementing, and operating defenses. Conversely, their failures, whether due to malicious intent, negligence, or ignorance, will likely be the source of an organization’s next breach.

Attackers focus on finding the weak link in the defense of the firm – that one flaw that will allow them an undetected passage to the information – so why would one focus on penetrating the firewalls when there is a perfect opportunity to exploit the human nature?

Understanding the prominent mechanisms of a healthy cybersecurity culture will give managers and directors specific pathways to increased organizational resilience. As shown in the diagram below, external influences, values, attitudes and beliefs create the core of a culture of cybersecurity.

The key to establishing a strong culture of cybersecurity is ensuring that employees understand the importance of executing their daily tasks and activities while being cognizant of security. This may seem simple enough, but creating such a culture involves transformation from top to bottom – the way employees work, the way leaders lead, the way processes are executed, and the way issues are addressed.

About the Authors

Alexandra Di Nella

Alexandra Di Nella is an experienced management consultant with a focus on emerging technologies, digital transformation and organization design & development. She works across sectors of machine learning, big data and security. Her background is in new venture and product development, covering strategic, financial and operational aspects of venture companies.

Prominent firms Alexandra worked for include The Boston Consulting Group, where she served as a Technology Project Lead. Her role included TOM definition and PMO establishment, creating framework to guide security, design and architecture in core tech offerings, and development of talent recognition & retention program for a technologically challenged global firm.

Arthur Mansourian

Sources

https://cybersecurityventures.com/security-awareness-training-report/

https://www.theguardian.com/technology/2018/sep/26/uber-hack-fine-driver-data-breach

https://cybersecurityventures.com/cybersecurity-almanac-2019/

https://www.bcg.com/en-ar/publications/2018/cybersecurity-human-problem-masquerading-technical-problem.aspx

https://www.bcg.com/capabilities/technology-digital/mastering-cybersecurity.aspx

https://www.businessofapps.com/data/uber-statistics/

https://blog.getusecure.com/post/the-role-of-human-error-in-successful-cyber-security-breaches

https://www.thesslstore.com/blog/80-eye-opening-cyber-security-statistics-for-2019/

https://www.prnewswire.com/news-releases/43-of-cyberattacks-target-small-businesses-300729384.html

https://cams.mit.edu/wp-content/uploads/Building-a-Culture-of-Cybersecurity.pdf

https://cisomag.eccouncil.org/psychology-of-human-error-could-help-businesses-prevent-security-breaches/

Uber investigating cybersecurity incident after hacker breaches its internal network

The post Why Human Error is a Major Threat to Cybersecurity in 2022 appeared first on NMS Consulting.

COVID-19 and the Disruption of Global Business

Arthur Mansourian — Wed, 18 Mar 2020 16:02:36 +0000

COVID-19 is a black swan event that will impact businesses for months across the world.

COVID-19 has served as a test of how organizations can handle disruptions in their supply chain – and the situation is not pretty. For several decades, China has been the focus on supply chain optimization, allowing for minimizing costs, increasing asset utilization, and allowing companies to reduce inventories. However, these benefits come with a hefty price when unforeseen circumstances occur – and COVID-19 has made this clear. The negative impact of having such dependency on China has removed flexibility and buffers out of the hands of employers and executives. Companies are just now realizing the vulnerability of their supply chain relationships amidst the global shock. In Wuhan, China, the epicenter of COVID-19, more than 40% of the Fortune Global 500 firms have a presence, and almost all have been extremely impacted. Apple is facing supply chain challenges. Airlines and cruise ship companies are likely going to have to be bailed out by the Federal Reserve. Tesla is reevaluating its expansion into China. Tier 1 and Tier 2 suppliers in China are facing cash flows problems. Factories are shut down and their production capacity is idle. The impact index below is an overall rating of the effect of the pandemic on each industry:

The companies which have supply chains that rely upon the Tier 1 or Tier 2 suppliers in China are facing serious challenges, and are left to aggressively innovate to combat these issues. Many analysts are predicting the COVID-19 epidemic will continue to impact businesses for many months and even years. Even after governments give their citizens the “all clear”, businesses will be cautious with spending and it will take some time for the supply chain to get back to par.

In China, all tiers work together and are bound at the hip, as the Tier 1 suppliers work with Tier 2 suppliers and the Tier 2 suppliers work with Tier 3 suppliers. This has created a frail “daisy” chain of suppliers. In addition, most Fortune 500 companies cannot even identify Tier 2 and Tier 3 suppliers – the Chinese Supply Daisy Chain provides little or no transparency nor visibility. A disruption in the chain can not only be catastrophic, but many company executives that are not physically present in the country will be left in the dark.

Companies need to digitize their supply chains to minimize the impact. The digitized supply chains support flex procurement, work with alternate suppliers outside of China and other affected areas, evaluate the risk of Tier 1, 2 and 3 Chinese suppliers, and implement a plan centered on demand, supply, risk, technology and finance. Your company’s plan needs to have a flex sourcing scheme that allows you to shift suppliers to other locations including those located in North America.

The digitalization of supply chains will enable the speed and flexibility to react to such world events in the future. Digitalization will also enable companies to predict and mitigate challenges. The introduction of artificial intelligence, machine learning and robotics process automation (RPA) to your supply chain management is vital to its effective future. It is important that current inventory levels are optimized, and “just in time” manufacturing is disbanded. This type of manufacturing works fine in an ideal environment, but is not effective when conditions are bad and in times of emergencies. A solution is a flex supply chain that allows companies to predict and adjust in times of crisis. For some companies, managing their supply chain is a tedious and time-consuming process because they have little or no digitalization within the process. A robust supply chain provides full traceability from source to destination. Companies need to know where products were produced, and where the products are at during all stages of a product in the supply chain. The supply chain traceability needs to be auditable. Digitizing your supply chain will also position your company for the ramp up after all current disruptions are eliminated.

AI models help companies streamline their most time-intensive back-office processes. These technologies, which are part of our solutions, automatically extract data from ERP systems, for AI models to forecast and create trend analyses. AI algorithms help improve material flow, fleet management, warehouse administration, logistics processes, and freight processing.

Artificial intelligence (AI) and Big Data turn large amounts of structured and unstructured data into logistics and supply chain insight, and allow companies to optimize their supply chains. The benefits are accurate time of delivery estimates, optimized vehicle routes and sequence deliveries, efficient shipment consolidation, and insight into damage claims, returns, traceability, and accountable sourcing.

Concerned employers and C-suite executives need to respond to the immediate change with force. These steps include preparing alternative solutions in the face of high absenteeism and supply chain disruptions, and focusing on cash flow to prevent any liquidity problems. It is important for companies to enhance the focus on labor planning, supplier risk, and identify alternative logistics options to avoid inventory or capacity issues. Companies need to be prepared for more drastic events such as plant closures and the possible death of a key executive. To resolve such situations, companies need to plan out all potential scenarios, and put succession plans in place.

Today is a very important time in your company’s history. The way you respond to the situation and implement solutions will reverberate for years, and can be the difference between success and failure in the face of adversary.

About the Authors

Arthur Mansourian has an 11-year track record as both a management consultant and investment banker, advising clients on valuation, capital markets, structured financing, mergers, acquisitions and divestitures and general corporate strategy. Mr. Mansourian served as Vice President while at NMS Capital Advisors, when the company achieved cumulative sales growth of over 5,100% with annual compounded sales growth in excess of 120% from 2012 to 2017. With over $5 billion in completed transactions, the investment bank consistently ranked among the Top 10 investment banks by the Los Angeles Business Journal. Mr. Mansourian holds an MBA from USC’s Marshall School of Business and a Bachelor’s Degree from UCLA, and the CIPP/US certificate from IAPP.

Oscar Perez has over 24 years of experience in developing SAP supply chain solutions, business strategies, leading complex business transformation projects, solution architecture, program project management, business case development, business process development, AI, Robotics Process Automation and solution software selection. Mr. Perez currently serves on the Board of Directors of Credit Capital and BRACHIN LLC. He has functional expertise in SAP Leonardo, Artificial Intelligence, Big Data, supply chain, SOA, SAP, CRM, RPA, procurement, corporate finance, and product marketing. Mr. Perez specializes in software selection and implementation of SAP ERP packages. Mr. Perez has appeared in publications including Computerworld, InformationWeek, and The Wall Street Journal. He is a frequent speaker at industry events and is quoted by business and trade publications.

Sources

Avasant LLC 2020 RadarView^TM
https://www2.deloitte.com/global/en/pages/risk/articles/covid-19-managing-supply-chain-risk-and-disruption.html

The post COVID-19 and the Disruption of Global Business appeared first on NMS Consulting.