The Unstoppable March Of Artificial Intelligence: From Speculation To Strategic Imperative

The Artificial Intelligence (AI) genie is out of the bottle. AI has transcended speculative innovation to become a cornerstone of contemporary business strategy, positioned at the forefront of an information revolution. With its profound ability to reshape operations, enhance productivity, and redefine workforce dynamics, AI has evolved from a supplementary tool to an indispensable asset for business leaders. As our demand for computational power rises to unprecedented levels, leading companies like Microsoft are embracing AI, alongside exploring unconventional sources such as nuclear power to fuel their data centers.

Embracing AI is no longer a mere opportunity; it’s a strategic imperative for any entity aspiring to thrive in today’s digital information era. However, history is full of technological predictions that have failed to materialize. As Times Magazine points out, in 1960, Herbert Simon, a Nobel Prize laureate in economics and recipient of the Turing Award, speculated that “machines will be capable, within 20 years, of doing any work that a man can do.” While great strides have been made, more than half a decade later we are still far off from this reality.

AI: Not a Replacement for Humans

Due to AI’s powerful and flexible nature, the technology is being shoehorned into almost any place possible. Amidst this excitement and hype, AI’s promised trajectory includes:

  • Find a target that could use some improvement
  • Dream it
  • Put some AI in there
  • Put it everywhere
  • Profit

It’s a likely supposition that this mindset contributes to the media’s continual suggestions that AI could replace all humans across the workforce, all the way up to executives in the boardrooms. This storyline may be a clever way to get clicks, but is a gross misrepresentation of AI’s potential for application. While AI has extreme power and merit, we can only hope such statements are unserious; a total AI takeover in the workplace is not a concept grounded in reality. These assertions illustrate a lack of understanding of what AI should mean, how it works, and how it came to be.

The Enduring Human Core of Nuanced Decision-Making

Despite the hype, the corporate embrace of AI does underscore an acknowledgment of technology’s disruptive potential as a catalyst for efficiency. AI, in particular, distinguishes itself through its ability to augment human efforts and automate tedious tasks to pave the way for higher-level, strategic endeavors. This shift heralds AI as an indispensable element for competitive viability, while simultaneously necessitating a reevaluation of its role. AI should be viewed not as a usurper of human positions, but as a powerful adjunct to human capabilities.

The ecosystem of decision-making is intricate and predicated on a blend of analytical foresight, emotional intelligence, and ethical judgment, which remain fundamentally human. For some individuals spirituality also plays a critical role in decision-making. Despite AI’s transformative influence, AI cannot supplant the nuanced human faculties essential to innovation, decision-making, spirituality, and leadership.

While AI’s prowess in data analysis and operational optimization is undeniable, it lacks the capacity for the empathetic and ethical discernment central to leadership. Thus, the notion of AI assuming C-level or similar roles is far-fetched; AI is better suited as a facilitator than a replacement.

Navigating Cybersecurity Challenges: A Synergy Between Humans and AI

Integrating AI into organizational strategies is complex, and often characterized by shifting job roles and the need for strategic workforce evolution. Leaders face the challenge of balancing the advantages of AI with the necessity of maintaining a flexible, future-ready workforce. It’s a continual balancing act between the technology and human input. Nowhere is this more salient than in the ever-evolving field of cybersecurity.

An example highlighting the indispensable role of human judgment within an AI-driven landscape is the discernment between “good” and “evil” AI. In cybersecurity, AI serves as a potent tool in combating AI-generated phishing and vishing attacks, yet bad actors also employ AI to craft increasingly convincing phishing emails and vishing voice mails, closely mimicking legitimate communications, to conduct their attacks. Distinguishing between genuine and malicious messages can be a formidable challenge for automated systems alone, and human intuition and experience play a paramount role in cyber defense strategies. For instance, an employee might detect subtle discrepancies in an email’s tone, context, or formatting that an AI overlooks, prompting a more thorough investigation.

It’s this necessity of human oversight in complementing AI’s capabilities, alongside the nuanced understanding and contextual awareness that humans bring to critical security decisions, which underscores the importance of this symbiotic relationship.

AI as a Complement to Human Discernment and Leadership

AI’s ascent in the corporate sector marks a pivotal moment of digital transformation, equipping organizations with tools to enhance operational efficiency, decision-making, and employee satisfaction. Yet, the unique confluence of cognitive, emotional, and interpersonal skills that characterizes effective leadership remains beyond the reach of current AI technology.

Whether one embodies the rationality of Spock or the intuition of Captain Kirk, the fortunes of any organization ultimately rest in the hands of human intelligence, intuition, spirituality, and ethics. While AI undeniably streamlines repetitive tasks, roles requiring emotional intelligence and nuanced judgment highlight the irreplaceable role of human insight. AI serves to augment, rather than supplant, the essential human elements of leadership.

In navigating the challenges and opportunities of the digital era, the symbiotic relationship between AI and human insight, particularly in critical domains like cybersecurity, charts the course towards a resilient, innovative, and flourishing organizational landscape.

Wondering how to best use AI within your organization, to complement existing operations and human intelligence and provide business value? Contact us to get started.

 

This article was originally published in Forbes.

Embracing AI In The Enterprise: Beyond Technology To Strategic Transformation

AI is a hot topic, with C-level executives, board members, and investors inquiring about company AI strategy. When discussing the integration of Artificial Intelligence in the enterprise, it’s crucial to understand it represents more than just a technological upgrade—it signifies a strategic transformation. A key aspect of this shift is the need to align AI with business objectives. It’s not merely about checking a box to satisfy executives and stakeholders; it’s about weaving AI into organizational fabric in a manner that complements and enhances business goals. Additionally, the technical intricacies of AI’s training and design play a pivotal role in the success of AI-related initiatives.

The Symbiotic Relationship Between AI and Human Intelligence

When talking about AI, a common question arises: How can one truly harness the power of AI? Despite the ongoing buzz and AI’s capabilities in performing tasks that seem neat, yet trivial, the real challenge lies in leveraging AI to provide genuine value.

Fundamentally, AI is a complex network of algorithms and data patterns, crafted to simulate human cognitive functions. The essence of AI’s evolution, however, lies in its symbiotic relationship with human intelligence. Humans are the architects behind AI, tasked with designing, training, and refining systems, infusing them with human thought and experience. It’s this human input that transforms AI from a mere data-driven response system into an adaptive and insightful tool.

The Journey to Enterprise AI

Transforming AI from a novelty into a valuable enterprise tool involves a disciplined process, starting with identification of business goals and the formation of a focused team of data analysts and business leaders. These individuals must be not only skilled, but inclusive and impeccable in their approach, capable of assembling a data lake and applying AI in practical, meaningful ways. Architects are needed to build, connect, and secure this ecosystem, along with a team of monitors to ensure the system operates correctly.

Transforming AI from a buzzword into a tangible asset that drives business value requires the execution of several steps:

  • Understanding Business Needs: This journey begins with a deep understanding of your business’s unique objectives, capabilities, training, scalability, and compliance, then positioning AI within these parameters to capture a clear value proposition from the outset.
  • Cultural and Ethical Considerations: Adoption of AI isn’t solely about the technical aspects; it equally involves cultural integration. Engaging executive stakeholders in a guided ideation process and addressing areas where AI can assist is essential. It’s also crucial to consider the ethical implications of AI use within the company and the kind of quality assurance humans will have over it, and to emphasize the augmentation of team performance rather than job replacement.
  • Discovery of Data Sources: Identifying all potential data sources within the company, whether interconnected or not, is a critical technical step. This includes, but is not limited to, CRMs, ERP systems, ticketing, monitoring systems, contact logs, chats, emails, images, plans, and drawings.
  • Planning for a Comprehensive Data Repository: Creating a specific data set that aligns with business objectives is crucial for training the AI engine. This involves methodical planning for a Data Lake, Data Warehouse, or Data Lakehouse, including data migration, modernization, storage, plus ensuring security and compliance.
  • Training AI Against Your Own Data: While pretrained models like ChatGPT are intriguing, AI’s real transformative power manifests when systems are trained on proprietary data sets. This will lead to groundbreaking uses of AI in augmenting and replacing repetitive tasks, and free up human resources for more advanced and value-added activities.

Proving Value to Stakeholders

A practical method to showcase AI’s value is proof of concept, a strategy that allows companies and executive stakeholders to observe the direct impact of AI implementations. This necessity for precise guidance and technical expertise cannot be overstated, as AI is inherently predictive and grounded in probabilities and historical analysis. Human and organizational intelligence are pivotal in steering and advancing AI applications, requiring a transparent explanation and widespread cultural acceptance.

Don’t Go It Alone

Fully capitalizing on AI in the enterprise hinges on starting with a clear comprehension of your business objectives, establishing a scalable and compliant data framework, equipping your team with the necessary tools, and adeptly navigating the cultural transition. Similar to previous digital transformations and shifts in cloud adoption and cybersecurity strategies, navigating the AI landscape requires experienced guidance. Embarking on this rewarding, yet challenging, journey demands expert advice and safeguards. Enterprises should seek a seasoned “sherpa” to guide them in navigating these complexities, and to ensure their journey that is not only successful but also secure.

Wondering how integrating AI into your operations could provide business value for your organization? Contact us to get started.

 

This article was originally published in Forbes, please follow me on LinkedIn.

How Cloud Computing Revolutionized Business Operations And What Lies Ahead

Few technological advancements have had as profound an impact as the rise of cloud computing. Looking back at the cloud revolution illustrates how this paradigm has reshaped global business operations. From established enterprises optimizing their workloads, to startups “born in the cloud,” the cloud’s impact is pervasive and continually shaping the landscape of innovation. This article explores the far-reaching implications of the cloud, with a focus on its role in fueling innovation and enabling the AI revolution.

Empowering Global Enterprises and Startups Alike

The cloud has emerged as an equalizer for businesses of all sizes, from global enterprises to startups, offering a level playing field to innovate and optimize workloads. Large enterprises have harnessed cloud technologies to streamline operations, enhance scalability, and reduce costs. For startups, the cloud provides an environment for experimentation, iteration, and rapid scaling, free from the constraints of traditional infrastructure investments.

Born in the Cloud: A New Era of Innovation

One of the pivotal outcomes of the cloud revolution is the rise of businesses that are “born in the cloud.” These enterprises are not burdened by legacy systems, which enables them to embrace a cloud-native approach from the outset. This flexibility allows them to harness the cloud’s agility, scalability, and cost-efficiency, catalyzing innovation in previously unimaginable ways. Disruptors like Uber and Airbnb owe their existence to the cloud, which enabled them to create the platforms that revolutionized entire industries.

Agility and Scalability: A New Dawn for Operations

Cloud computing has dismantled the traditional constraints of business operations, ushering in an era of unparalleled agility and scalability. It has enabled organizations to swiftly adapt to evolving market demands by provisioning resources on-demand. This newfound flexibility empowers businesses to deploy applications, services, and infrastructure at a pace that was once inconceivable. By embracing cloud-based solutions, businesses gain the ability to respond nimbly to market dynamics, pivot when necessary, and seize opportunities quickly.

Furthermore, organizations have leveraged hybrid and multi-cloud computing, amalgamating the benefits of multiple environments into a cohesive information technology framework without missing a beat. This approach adds resiliency, performance, cost savings, and more to their operations.

AI Revolution: A Symphony in the Cloud

The synergy between cloud computing and artificial intelligence (AI) is a prime example of the cloud’s transformative potential. AI, a cornerstone of modern innovation, relies on vast amounts of data and computational power. The cloud’s ability to store and process massive datasets on-demand has paved the way for the AI revolution. AI’s intelligence draws from the cloud, which acts as a repository of human-created data and insights.

Harnessing Data for Prediction

AI’s strength lies in its predictive capabilities based on historical data and patterns. Just as words in a sentence are anticipated based on linguistic rules, AI predicts future steps using the wealth of data stored in the cloud. This predictive ability is made possible by the cloud’s capacity to gather, process, and serve information with unmatched speed and scale. Organizations can harness the cloud’s computational capabilities to process extensive datasets, unveiling patterns, trends, and actionable insights in the process. This power drives advanced machine learning algorithms and predictive analytics, enabling businesses to make informed decisions and gain a competitive edge.

Tailoring Cloud Solutions to Specific Needs

In the landscape of cloud computing, private and hybrid clouds also are emerging as dynamic solutions that cater to specific business requirements and play a pivotal role in the cloud revolution. While public clouds offer broad utility, private clouds provide a dedicated and highly controlled infrastructure, making them an ideal choice for organizations with strict data privacy and compliance needs. By keeping data and workloads on-premises or in a dedicated cloud environment, private clouds ensure a heightened level of security and governance. Alternatively, hybrid clouds bridge the gap between private and public cloud resources, combining the advantages of both. This configuration allows businesses to retain sensitive data on their private cloud while harnessing the scalability and cost-efficiency of the public cloud when required. For organizations with variable workloads and specific regulatory considerations, hybrid clouds provide a flexible and cost-effective approach. The choice between public, private, or hybrid cloud solutions ultimately depends on an organization’s unique needs, and it’s this adaptability that further exemplifies the cloud’s transformative potential in addressing diverse business challenges.

Impact of the Cloud Revolution: IT and Beyond

The influence of cloud on the global IT landscape cannot be overstated. IT departments have transformed from resource providers to strategic enablers, leveraging cloud resources to fuel innovation and optimize operations. The cloud’s agility has empowered IT to respond promptly to changing business needs, ushering in a new era of collaboration, flexibility, and efficiency.

The cloud revolution has fundamentally reshaped the trajectory of business operations, innovation, and technology itself. While every organization and professional approaches it differently, they all have access to a versatile toolbox of resources.

Cloud computing has evolved beyond a mere technology solution; it has become a transformative force that empowers businesses to adapt, thrive, and innovate in the dynamic digital age. From global enterprises optimizing workloads to startups born in the cloud, the impact is palpable across sectors. The interplay between the cloud and AI has brought unprecedented advancements, reshaping how we predict and understand the world around us. As we navigate the evolving digital landscape, the cloud’s transformative power continues to drive innovation, redefine industries, and empower businesses to shape the future. As organizations continue to embrace the cloud, its profound impact on business operations will undoubtedly shape the trajectory of industries for years to come, paving the way for further accelerated growth and innovation.

This article was originally published in Forbes, please follow me on LinkedIn.

Is the metaverse safe?

An immersive new virtual realm is an exciting undertaking, but without a properly executed security plan, things could go terribly wrong. Read this piece from Ntirety CEO Emil Sayegh, originally published in Forbes, for insights on security concerns with the all-new Metaverse. 

Is the metaverse safe? 

If it isn’t clear by now, it will be soon: the metaverse is coming. While still only a concept, all this talk about virtual worlds, brain chips, tactile interfaces and artificial intelligence (AI) can only mean these technologies will soon come together. Many folks will get wrapped up in this merger of the virtual world with the physical world once the metaverse fully arrives. Unfortunately, anytime new and exciting technologies emerge, cybersecurity is often an afterthought. Cybersecurity will be the Achilles heel of the metaverse. Without a total base-level security build, the entire metaverse will face significant issues that could take years to unravel. 

Welcome to the unsafe metaverse 

The first known mention of a metaverse came about in science fiction back in the 1990s. More recently, Facebook stepped in and transformed itself (and its name) towards a new concept of a personal, customized, and interactive virtual world that it is building while burning $500 billion of market cap in the process.  

Unmute 

By most definitions, however, the metaverse will be a place where physical meets virtual and boundaries between the two become increasingly faint. It will eventually incorporate our world of work, our friendships, where we shop, how we spend our free time, what we eat, how we learn, and countless other applications. The metaverse will have access to our most private information and habits. As people begin to live in these virtual worlds, the metaverse will be able to learn a lot about us, others, and things we would barely consider today.  

If the metaverse is an inevitability, then it is our moral obligation to build one that is safe, private and secure. With the advent of the metaverse, we are going to have to rebuild, redefine and relearn so many things we take for granted in the “real world.” 

What does it mean when you close and lock your front door? Or how about your call screening? How do the security protocols in your life look when you are at home versus how they come in when you are in a public place? How do you know who you are talking to?  The metaverse has so many unknowns that it just cannot possibly be considered safe, by any standards.  

The wild west of the metaverse  

Cue the image of Clint Eastwood for this — at this moment, the metaverse is the wild, wild West. A lawless land that few dare venture into — but just like the old west, some people are ready for the metaverse. Instead of old-fashioned bandits and outlaws, they’re called hackers, scammers and various other names.  

Nefarious types historically gravitate to new technologies in search of opportunities. Already, there are reports of scams in NFT transactions, fraud in Ethereum addresses, and several other types of abuse. Now please remember, all Facebook did was change their name to Meta.      

Where was their plan and commitment to privacy, security or mental health of the users? Crypto, NFTs and smart contracts will undoubtedly be a fundamental part of the metaverse construct. Cyberbullying, doxing, ransom scams and other familiar schemes will also swiftly make their way over to the metaverse and they will be there early. Criminals are attracted to an environment where rules don’t exist, and victims have limited rights. 

One of the biggest risks in the metaverse will be data security and privacy. Before the metaverse, layers of abstraction existed, thanks to the physical world and our carefully balanced engagement through smartphones, computer systems, and apps. In the metaverse, significant engagement will run through artificial and virtual reality systems, creating a nexus point of data that is ripe for targeting. Data collection alone is cause for significant concern, with biometric, behavior, financial, profile information and troves of additional personal information built in.   

Garbage in, garbage out 

If you have been in information technology long enough, you are familiar with the phrase garbage in, garbage out. It’s a bad way of doing things and before we start packing up and moving to the metaverse we must make sure we will be ready for things such as:  

  •       Social engineering. As we’ve seen in corporate and individual scenarios, social engineering can lead to a massive loss of data, loss of access, and have financial implications. This is among the primary vectors for data breaches.  
  •     Blockchain security. Blockchain itself is strong on the validation of transactions and data. However, the integration of blockchain is an additional concern that bears scrutiny. For example, with just a bit of misdirection, an infiltrator can stage the interception and ownership of data. The network, identification, validation, and supporting DNS structures are examples of technical elements that must be secured. 
  •     Privacy concerns. The issues that plague us on the web and in databases everywhere will plague us in the virtual world. Data collection, retention, and sharing are just some of the examples that require definition, the establishment of individual rights, and regulation. 
  •       Digital boundaries. Users must maintain their rights of privacy and engagement with others. This matter could be complicated by the fact that there are no countries in the metaverse and no corresponding jurisdictions now. 
  •       Security on data transactions. From purchases to smart contracts, a binding construct will drive the exchange of data. The security of these transactions is critical to the success of the metaverse. Time will tell the extent of how general transactions may be regulated, taxed, and reported. 
  •       Identity of users. We are, in the physical world, what we are. Our being is tangible. One of the things that will have to be determined is what happens when an exact copy of your digital self is created or restored from a backup. If there’s a conflict, what version should continue to exist? What if a corrupted or erroneous copy comes into existence? What if that copy is intentionally modified or unintentionally wiped out?  
  •       Identity of others. Metaverse existence begins with avatars, a visual and perhaps audio-based representation of whatever that opposing creator put together. That user’s identity is questionable until you can confirm who they are in some real-world way that you trust. What about the inevitable presence of bots as we saw in the “meme stock” sagas? Are they friendly bots? Will you even know when you are engaging one? 

Concerns unchecked 

Let us not spoil what the metaverse can be by leaving these security and privacy concerns unchecked. Let us minimize, and hopefully avoid, the deafening noise and infiltration of non-human influence found on social media channels and online forums. The best metaverse is a genuine metaverse forum for humans void of bots and hackers.   

The metaverse is a concept that is launching lots of discussions and it is a likely part of our collective futures, but it needs to be a force for good. For now, the concept is vague, but the cybersecurity challenges ahead of us are clear, and we can act on those right now. 

 

Check out this piece, originally published in Forbes, here and follow me on LinkedIn. 

Cybersecurity Challenges in a Nutshell

Computer security researcher Dan Farmer once said, If security were all that mattered, computers would never be turned on, let alone hooked into a network with literally millions of potential intruders.” This is not reality because as individuals and businesses we rely on these devices. 

The mindset must be changed about where cybersecurity falls on a business priority list. Cyber incidents most often occur because a cybersecurity plan was not set in place prior to an incident. Cybercriminals around the world are deploying ransomware in our cyber infrastructures. after hours or over the weekend so that by the time the effects of it are seen, the damage is done through a phishing attack email or another form of exploitation.  

It is critical to be proactive when it comes to cybersecurity and already have defenses in place before bad actors reach your cyber infrastructure. Cybercrime has (unfortunately) cost companies trillions of dollars a year according to Cybersecurity Ventures 

$6 Trillion USD A YEAR 

$500 Billion A MONTH 

$115.4 Billion A WEEK 

$16.4 Billion A DAY 

$684.9 Million AN HOUR 

$11.4 Million A MINUTE 

Most recently, ransomware groups and criminal enterprises from Russia have been able to operate in their country with no chance of going to jail because it fits with the desires of the country’s leadership. If this leniency on cybercrime remains in countries like this, we cannot rest knowing our cyber infrastructures are not safe. 

Small to medium businesses are at a high risk for ransomware attacks and often cannot fully recover afterwards. 71% of cyberattacks happen to businesses that have less than 500 employees. 

Implementing Zero-Trust and having visibility into attacks and resiliency in order to mitigate the damage is critical in moving forward for any business. Frequent patching is another key operational strategy for defending against attacks-a prime example of insufficient patching would be the recent log4j incident. Without proper patching, organizations remain vulnerable to external entities.  

Additionally, phishing is one of the top ways that cybercriminals enter IT infrastructures, and without proper training, employees and their organizations are vulnerable. Phishing accounts for 90% of data breaches. Through these phishing campaigns, bad actors can steal passwords, install malware to access/control the system, or ransomware to immediately shutdown the business. Weak or stolen passwords make up 81% of breaches according to the Data Breach Investigations Report. This is why it is important to create strong passwords and change them often along with implementing two-factor authentication.  

Vice President and Global Chief Information Security Officer Stéphane Nappo of Groupe SEB said, “The five most efficient cyber defenders are: Anticipation, Education, Detection, Reaction and Resilience. Do remember: “Cybersecurity is much more than an IT topic.” 

For more details on how to secure your cyber infrastructure watch our most recent webinar and schedule an assessment with us today. 

The Changing Cyber Landscape

Cyber-attacks have increased by over 800% since the start of the Russia-Ukraine war from suspected Russian bad actors. Attacks have become so much more frequent and unprecedented and their impacts even more devastating. The Colonial Pipeline ransomware attack in 2021 is a recent example and is the largest publicly disclosed attack against critical infrastructure in the United States. The Colonial Pipeline is the largest refined oil product pipeline in the U.S. and can carry 3 million barrels of fuel per day between Texas and New York. Attackers exploited an exposed password for a VPN account, stole data, and asked for a ransom of $4.4M. The attack was felt across the country through shortages of jet fuel, and fear of a gas shortage caused panic-buying, and a spike in gas prices. 

 

Global threats are not only dominating mainstream media headlines but unfortunately our cyber infrastructures as well. 2022 has already seen its fair share of challenges between Covid-19, supply chain issues, natural disasters, and the Russia-Ukraine war. Amidst all these events, cyber incidents were still the top global threat according to the Allianz Risk Barometer 2022 

 

Ransomware attacks cost companies millions each year. The top 5 known ransom payments include: 

 

  1. CWT Global 

AMOUNT PAID: $4.5 MILLION 

RANSOMWARE: RAGNAR LOCKER> 

  1. Colonial Pipeline 

AMOUNT PAID: $4.4 MILLION 

RANSOMWARE: DARKSIDE 

  1. Brenntag 

AMOUNT PAID: $4.4 MILLION 

RANSOMWARE: DARKSIDE 

  1. Travelex 

AMOUNT PAID: $2.3 MILLION 

RANSOMWARE: SODINOKIBI 

  1. University of California San Francisco (UCSF) 

AMOUNT PAID: $1.14 MILLION 

RANSOMWARE: NETWALKER 

 

 

Most of these vulnerabilities were hacked due to weak passwords or not having many defenses in place and only relying on firewalls. Most of these incidents could have been prevented through a proactive cybersecurity solution such as Identity and Access Management Services. 

 

Cyber criminals will often pose as co-workers, friends, or family members for network/password credentials or financial gain-this is called social engineering. The sense of urgency from an authority figure or family member often outwits our sense of realizing this is an out of character request. It often leads to instantly sending money to what seems like a familiar face. The network/password credentials shared provides entry that your typical security hardware and software won’t notice and allows unfettered access to valuable, critical data. 

 

Existential Threats 

As the attacks increase, so do the costs associated with them. The average cost of a data breach is $4.24 million for companies worldwide according to the 2021 Cost of a Data Breach Report. With all the hackers and scammers flooding our cyber infrastructures today, it is more crucial than ever to have the proper defenses in place. The toll on business productivity and financial standing is far too much. 

 

  • Existential Threat: Ransomware 
  • Real World Impact: Average cost of a ransomware attack is $732,520 when the ransom was not paid, but doubles to $1,448,458 if the ransom is paid 
  • Existential Threat: Downtime 
  • Real World Impact: Amazon, Microsoft,
    Delta, Sony, Nvidia—no company is immune from downtime and the brand damage
    it inflicts 
  • Existential Threat: Compliance Fines 
  • Real World Impact: New state compliance requirements are rolling out and the penalties are no slap on the wrist—California Consumer Privacy (CCPA) fines can run up to $7,500 per violation with no cap 
  • Existential Threat: Data Loss 
  • Real World Impact: Whether from a cyberattack or human error, 40%-60% of SMBs won’t reopen after data loss 

In addition to these existential threats, enterprises have faced a slew of IT challenges: 

  1. The average enterprise has 6 different forms of application infrastructure 
  1. …each of which comes with unique management systems and tools 
  1. 80% of time is spent managing risk 
  1. …which leaves little time for IT to create additional value for the business 
  1. Compliance requirements are evolving in real-time including the addition of state privacy laws.  California led the way with CCPA and 38 other states recently implemented privacy laws. 
  1. IT is expected to do more with less year-after-year managing cross-platforms, and security and compliance of different environments 

With the ever-increasing threat landscape affecting more businesses and individuals each year, it is understandable companies are seeking out a reliable partner to protect their cyber infrastructure. Ntirety can help your business build a security and compliance solution that meets today’s needs while strengthening your long-term strategy. For more information watch our recent webinar here and stay tuned for the next blog in this series. 

Readying For Regulation Response To Cyber Incidents – Forbes Article by Ntirety CEO Emil Sayegh

Recently, utility companies have been a major target for hackers, and critical infrastructure has been put at stake. As these cyberattacks have increased, taking action to keep bad actors away from our cyber environments must be a top priority. For industries such as utilities that provide services to almost all of us, we must all do our part to ensure security is enforced. 

 Ntirety CEO Emil Sayegh emphasizes the importance of the United States government’s involvement in protecting the ever-growing cyberspace, and the businesses and people whose lives could drastically change. The following piece, Readying For Regulation Response To Cyber Incidents, was originally published in Forbes.

Readying For Regulation Response To Cyber Incidents

In the wake of a prolonged season of significantly impactful cyberattacks, new regulations have arrived on the scene and we can expect more to soon follow. Good, bad, and ugly, regulations are a natural governmental response to significant situations that carry national implications. For now, the focus is on pipeline operators. But with so much vulnerability in the wild, a lack of overall standards -and also the fact that so much is at stake -cyber regulation is on a trajectory of growth, and may also find itself on a collision course across many more sensitive industries.

Back in May, the world was shocked when the Colonial Pipeline Company revealed that it was a victim of a ransomware attack. The immediate response was to halt operations in order to contain the attack. Five days later, operations resumed, but not before fuel prices on the East Coast of the U.S. skyrocketed and fuel shortages crippled the Eastern Seaboard.

Regulatory Response

The same day that operations resumed, President Biden signed an Executive Order on “Improving the Nation’s Cybersecurity.” Moving from voluntary participation to mandated compliance, some 100 pipeline operations had to formally designate a 24/7 cybersecurity coordinator and report confirmed and potential incidents to the Cybersecurity and Infrastructure Security Agency (CISA) under the new directives.

In late July, the rules tightened up from there with further regulations. The specific details that accompany this mission have not been fully revealed to the public, but some elements have been shared about the program. Participants will need:

  • To develop a cybersecurity contingency and recovery plan
  • Conduct a cybersecurity architecture design review
  • To implement mitigation measures to protect against cyberattacks immediately

In addition, the regulations have a bit of a bite to them, leveraging potential fines that can amount to close to $12,000 per day for each violation.

The Regulatory Trajectory

The age of self-driven, voluntary standards and industry participation is beginning to change as a response to the rash of successful attacks against critical organizations. With solid research and preparation, the implementation of these forthcoming compliance measures could possibly roll out smoothly. It is also likely that challenges will be felt throughout the industries affected by new compliance measures. Revisions and updates will follow, as already exhibited in the pipeline industry.

For most, compliance and regulation are not completely new territory, however the horizontal rollout and application to formerly voluntary industries will carry some challenges along for the ride. New technologies, cutting-edge standards, and continual assessment are not always associated with the considerably comprehensive publications of ordinary regulations.

Rolling out successful cybersecurity regulations in a comprehensive effort is going to require awareness on the contextual history of regulations as well as measures to keep regulations up-to-date and achievable.

Preparing Now

Based on technical and operational components, the gold standard reference point throughout the industry are the standards set forth by CISA. Organizations can get ahead of these and create a better security baseline by assessing cybersecurity policies and procedures and updating them as necessary.

Among the advancing best security practices and technologies, prepare to assess and incorporate:

  • Updated backup and recovery tools and processes
  • Risk prioritization exercises
  • Secure cloud service practices
  • Segmenting networks
  • Multi-factor authentication
  • Zero trust capable architecture
  • Robust endpoint management
  • Enterprise threat mapping
  • Data encryption at rest and in transit

Every environment is different, with different realities to consider.

It can be difficult to turn down the background noise of emerging products, industry buzzwords, and marketing smoke. With so much to navigate, I cannot blame anyone that has completely tuned out. But please don’t. Silence is not bliss in this case. Most companies are ill-equipped to deal with this threat alone and must find competent cybersecurity partners. This movement has already started-this is a clarion call and moment of action on every digital front. Cybersecurity is becoming an imperative across the land.

Ntirety’s Inaugural Partner Advisory Council

Further Cementing our Channel-Only Strategy, Ntirety Selects Nine Partners for Exclusive Council to Create Long-term Channel Success.

In the ever-evolving field of information and technology, it is important to be adaptable; new devices are released every year, so cybersecurity awareness and education are of utmost importance. Ntirety’s Channel-Only approach has proven to be the ideal way to help raise awareness and security postures through our trusted Channel Partners.

To continue leading in the industry for both our partners and Ntirety, we invited partners to join our first Partner Advisory Council. We extend our sincerest thanks to our partners for their participation and for making Ntirety the trusted provider we are today. See our full press release covering the event below:

AUSTIN, Texas, Oct. 19, 2021 /PRNewswire/ — Ntirety, the most trusted Comprehensive Security provider, today announced the creation of their inaugural Partner Advisory Council. This council brings together top partners from the Channel industry to advise on best practices and collaborate on goals and initiatives for the upcoming year. This comes to further cement Ntirety’s strategy as a company that exclusively sells through the Channel.

The partners serve as the trusted voice of Ntirety customers, providing unique insights and firsthand knowledge on the brand’s services. The council’s goal is to help the Ntirety team fine-tune its product offerings, messaging, and marketing programs to further accelerate the adoption of its Compliant Security Suite of Services.

“Ntirety is 100% Channel focused, and the forming of this council reaffirms the brand’s commitment to our Channel partners,” said Emil Sayegh, CEO of Ntirety. “I’m thrilled to be able to form this council of passionate channel professionals who care deeply about the success of our clients and delivering to them pervasive, compliant security services that empower businesses to move faster with less risk.”

During the inaugural council meeting, partners gathered to align on bridging the gaps between technology, operations, and the human element of the Channel. The inaugural meeting identified a need for Channel partners to get more comfortable speaking about cybersecurity, as well as advising on compliance as new regulations across all industries continue to roll out.

“It was an honor to participate in this inaugural gathering,” said Auburn Holbrook, CRO of Opex Technologies. “For the first meeting, the content, and presenters were excellent. Ntirety is unique on multiple fronts with their Channel Only and Security First strategy. Their offering of compliant data security services comprehensively and compellingly for enterprise are unique and differentiated.”

The formation of this council directly follows Ntirety’s platinum sponsorship of the 2021 Avant Special Forces Summit in Austin, TX where CTO, Josh Henderson, and VP & Field CTO, Tony Scribner, were both featured panelists. It is the latest in a productive year connecting and collaborating with partners, including Ntirety’s participation as a platinum sponsor with speaking engagements at Telarus Partner Summit in San Diego, CA in June, and attending and co-hosting multiple events with Intelisys. Through these major conferences and summits to more exclusive gatherings, Ntirety continues to set the company apart with its cybersecurity thought leadership from other managed security providers in every interaction.

Ntirety’s exclusive commitment to Channel includes dedicated training resources, co-branded marketing collateral, reciprocal opportunity generation, and partner advisory boards, as well as evergreen commission structures and opportunity-specific incentive plans.

To learn more about Ntirety’s Channel Partner commitment or how to become a partner, visit ntirety.com/partners today!

Worldwide Cybersecurity Best Practices Part 2

Cybersecurity needs to constantly expand its resources because technology increasing with new devices released every year. Countries around the world have acknowledged this need and have played their part in making the cyber world a safer place.

In part 2 of our series on Worldwide Cybersecurity Best Practices, learn about more cybersecurity initiatives across the globe. 

Canada   

The Canadian Government is investing $80 million over four years (2021-2022 to 2023-2024) to create the Cyber Security Innovation Network, a national network composed of multiple centers of cybersecurity expertise. This includes post-secondary institutions (colleges, universities, research centers, polytechnics), partners in the private sector, not-for-profits, and governments (provincial, territorial, municipal) to enhance research and development and grow cyber security talent across Canada.   

Ntirety Director of Governance Risk and Compliance Wing Lau works in the Vancouver office and will firsthand experience this expansion of cybersecurity resources.    

“With the digital economy continuing to grow rapidly, accelerated by the Covid-19 pandemic, cyber security is an ever-increasing concern for Canadians and businesses,” Lau said.   

Ghana   

Ghana’s Cybersecurity Act , enacted in December 2020, regulates cybersecurity activities, promotes the development of cybersecurity, and provides for related matters. Under this act, the National Computer Emergency Response Team was established and functions to:   

  • Be responsible for responding to cybersecurity incidents
  • Co-ordinate responses to cybersecurity incidents amongst public institutions, private institutions, and international bodies
  • Oversee the Sectoral Computer Emergency Response Team established under section 44

Under Section 60 of the act, the document states that education and awareness programs on cybersecurity will be carried out. As stated under section 61, research and development programs will be designed. This includes actions such as collaborating with academic research centers and developing a framework for cybersecurity training programs.   

Japan   

Japan released their Cybersecurity Strategy in September 2021 that included a plan that would stretch over the next three years to ensure a “free, fair and secure cyberspace.” In order to do this, the government plans on:   

  • Advancing digital transformation (DX) and cybersecurity simultaneously  
  • Ensuring the overall safety and security of cyberspace as it becomes increasingly public, interconnected, and interrelated
  • Enhancing initiatives from the perspective of Japan’s national security

The Cybersecurity Strategy acknowledged, for the first time, China, Russia, and North Korea as cyberattack threats.   

Spain 

In April 2021, the Spanish government committed to investing over €450 million over the course of three years to increase the country’s cybersecurity sector. Carme Artigas, Spain’s state secretary for digitalization and artificial intelligence announced that an online “Hacker Academy” would be available for the country’s residents ages 14 and older as a part of the cybersecurity expansion initiatives.   

This training attracted hundreds of participants. The National Cybersecurity Institute (INCIBE) oversees this strategic plan for spending relating to cybersecurity. Key components of increasing the business ecosystem of the sector and attracting talent include:  

  • Strengthening the cybersecurity of individuals   
  • Strengthening the cybersecurity of Small to Medium Enterprises (SMEs) and professionals   
  • Consolidating Spain as an international cybersecurity hub  

United States   

While the states within the U.S. have passed laws governing cybersecurity, federally nothing has been constructed as far as cybersecurity enforcement specifically. There are, however, national laws in place that protect individuals’ information considered “private.”   

An example of this would be the Health Insurance Portability and Accountability Act (HIPAA) that guards “individually identifiable health information” including data that relates to:   

  • The individual’s past, present, or future physical or mental health or condition 
  • The provision of health care to the individual 
  • The past, present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe can be used to identify the individual   

Individually identifiable health information includes identifiers such as name, address, birth date, and Social Security Number.   

The cyber-world can be accessed from almost anywhere on earth; this means that as individuals we must all use caution and do everything that we can to make a safe cyberspace for all. A seemingly harmless action such as clicking on a link can lead to your personal data being stolen and potentially the private data of others.    

The personal data of others is on the line when using a social media account, email, or other places where personal data such as name and birth date is shared online. Being a member of the cyber world means holding yourself and others accountable. Hackers will always be around as long as there is cyberspace, but as global cybersecurity efforts continue to increase, we can be more prepared and respond with greater speed and efficiency.   

Worldwide Cybersecurity Best Practices Part 1

Information Technology has created the ability to connect people from virtually (no pun intended) anywhere in the world. With new internet-connected devices being released every year, safety must only continue to increase along with it. Countries all across the globe have acknowledged the importance of enforcing cybersecurity and creating a safer cyber world for everyone.  

 In this two-part series, we will take a look at how eight countries from across the world implemented cybersecurity initiatives in the past few years, including Ntirety’s global offices in Bulgaria, Canada, and the United States.  

 Australia 

In May 2021, the Critical Infrastructure Uplift Program (CI-UP) was presented by the Australian government to aid in identifying and repairing vulnerabilities in critical infrastructure. This program was set in place to help providers evaluate their current security program and implement recommended strategies to reduce risk.  

 This program is available to critical infrastructure businesses that are Australian Cyber Security Centre (ACSC) partners. According to ACSC, this program was created to:  

  • Deliver prioritized vulnerability and risk mitigation strategies  
  • Assist partners to implement the recommended risk mitigation strategies  

 Brazil 

In Feb. 2020, Brazil introduced its first national cybersecurity strategy. The country that ranked 70th in the Global Cybersecurity Index, moved its way up to number 18 on the list in 2020. While the bones were set in place with the passing of the National Policy on Information Security in Dec. 2018, there were still more steps needed to create a strategy to secure the biggest economy in Latin America.  

 The National Cyber Security Strategy, E-Ciber, details a four-year plan (2020-2023) to improve the “security and resilience of critical infrastructure and national public services.”  

 Strategic Objectives include:  

  1. Make Brazil more prosperous and reliable in the digital environment;  
  2. Increase Brazil’s resilience to cyber threats; and  
  3. Strengthen the Brazilian action in cybersecurity in the international scenario.  

Strategic Actions involve:  

  1. Strengthen cyber governance actions 
  2. Establish a centralized governance model at the national level  
  3. Promote participatory, collaborative, reliable and secure environment, between the public sector, the private sector and society  
  4. Raise the government’s level of protection  
  5. Raise the level of protection of National Critical Infrastructures  
  6. Improve the legal framework on cybersecurity  
  7. Encourage the design of innovative cybersecurity solutions  
  8. Expand Brazil’s international cooperation in Cybersecurity  
  9. Expand the partnership, in cybersecurity, between the public sector, the private sector, academia and society  
  10. Raising society’s maturity in cybersecurity   

 Bulgaria 

The strategy, Cyber Resilient Bulgaria 2020, was established to create a framework to ensure a safe cyber environment. The strategy was released in 2016 and the plans were carried through the year 2020 with the hopes of increasing growth in cybersecurity resources and leadership.  

 The strategy was broken into 3 phases:  

  1. Between 2016-2017 the goal was to achieve the minimum required information and cybersecurity and capability for responding to cyber incidents and attacks at organizations and networks.  
  2. When it came to cyber incidents, crises and systematic prevention activities, 2018-2019 was dedicated to bringing the work of individual systems to coordinated responses.  
  3. 2020 achieved a level of maturity which would provide cyber resilience at the national level and effective interaction and integration at international level (An example being the North Atlantic Treaty Organization (NATO)).  

 This strategy aims to provide better protection for citizens, businesses, governments and critical infrastructure,” Security Operations Analyst Teodora Mincheva said. 

 The cyberworld can be accessed from almost anywhere on earth; this means that as individuals we must all use caution and do everything that we can to make a safe cyber space for all. Stay tuned for the second part of Worldwide Cybersecurity Best Practices!