Archive for November, 2011
PwC Global State of Information Security survey exposes network fragility
November 30th, 2011
The Pricewaterhousecoopers (PwC) ‘2012 Global State of Information Security Survey’ is an astonishing document – a searchlight on the fragile state of network defence.
It reveals telling contradictions between the confidence of organisations in their network security strategies and the actual state-of-play in the rapidly evolving commercial hacker culture.
There is a clear subtext in the survey. Every organisation across the globe is looking for the “silver bullet†that will solve their network security problems. The hard truth is that there is no single, complete solution to the threat of cyber-attack. And, currently, there is only a system of belief.
Network security specialists have been slouching towards Bethlehem for the past 20 years, reactively pinning their strategic and tactical hopes on ever-increasing software layers, with some success. But, to be honest, this is a “deploy and pray†strategy, only as good as the next agile hacker assault seeking to use the network security code to penetrate the system.
We have seen more than enough successful network attacks this year, from the RSA to Lockheed Martin, from Mitsubishi Defence to the Japanese Parliament, and from a US water utility to UK government minister laptop access, to understand that the threat and danger is clear, present and growing at an alarming rate.
The PwC survey, developed with media partners CIO Magazine and CSO Magazine included more than 9,600 CEOs, CFOs, CIOs, CISOs, CSOs and other executives responsible for their organization’s IT and security investments in more than 138 countries.
The survey identifies that the majority of executives across industries and markets worldwide are confident in the effectiveness of their organisation’s information security practices and that they have an effective strategy in place.
There is a lacuna in the executives’ minds. They consider their organisations are proactive in executing network security strategies and their insights into the frequency, type and source of security breaches has leapt dramatically over the past 12 months, according to the survey.
But, significantly, the survey says: “Yet all is not in order.  Some evidence points to a “crisis in leadership†and dangerous deficits in strategy. Capabilities across security domains are degrading. And security-related third-party risks are on the rise.â€
Further, the survey provides the top-line statistic, that 72 per cent of respondents worldwide have confidence in security practices may seem high but it has declined markedly since 2006.
Worryingly, some of the statistics, in the words of the PwC survey, suggest a “reluctance to commit scarce funds to the information security mission, even at the risk of degradation in security-related capabilitiesâ€. This, PwC says “pulls the curtain back on a trend in global information security practices and cyber-crime prevention that has persisted since 2008â€.
The survey highlights one of the most dangerous cyber threats – the Advanced Persistent Threat attack and identifies that few organizations have the capabilities to prevent this.
Only 16 per cent of respondents said their organisation’s security policies addressed APT. More than half of all respondents reported that their organisation did not have core capabilities directly or indirectly relevant to countering the strategic APT threat—such as penetration testing, identity management technology or a centralised security information management process.
The APT is just one of a legion of commercial hacker projects but it is the most significant advance in cyber-attack. If 84 per cent of organisations globally have no deflective security policy in place now, then the global networks are wide open in 2012.
While we know that there will never be a “silver bullet†solution and that the Cyber Wars will define the next decade, we do have a more secure way forward. This starts in the device. We have spent too many years developing software security layers while ignoring the obvious point – that if you secure the device, then you can build trusted and known security.
And the only way to secure the device is to embed security in the hardware. Enter, Trusted Computing. The Trusted Computing Group has developed standards that should be adopted by every organisation because they focus first on the device and then the software.
The standards have led to the production of the Trusted Platform Module (TPM), a chip that is embedded in the motherboard of PCs, laptops, notebooks. This chip holds the security keys that enable network connection and validate the device and the user. What’s more, the TPM cannot be cloned through any software process.
Allied to this robust device security is the Self Encrypting Drive, the most secure method of protecting stored data on PCs and laptops. Computer Weekly chief reporter Warwick Ashford has written the definitive articles about the SED and they are well worth reading, SED1 and SED 2.
If organisations are committed to their vision of data protection and their strategies of network security, then they must adopt the leading standard. And that is Trusted Computing. In this case, ignorance is not bliss.
Mobile years and wallets disappearing
November 30th, 2011
It’s about that time of the year when we start seeing predictions for the year ahead. Top of most predictions lists for the last 5-6 years, if not longer, has been “the year of mobile” and of course that hasn’t quite come to fruition. However, next year…
Joking aside, we are certainly getting closer to the much heralded explosion of mobile, and it’s perhaps supporting services such as ‘digital money‘ that will make it more of a reality than the development of handsets alone.
As you might have seen, PayPal recently predicted that we won’t need cash in its traditional form by 2016, as our mobile will handle the payments for us. In fact, Carl Scheible, managing director of PayPal UK commented in the ‘Money: The digital Tipping Point‘ report that: “Children born today will become the UK’s first ‘cashless generation. It will be completely natural for them to pay by mobile.”
Now of course this is nothing new, mobile payments have been talked about almost as long as the ‘year of the mobile‘ but if anything this timeframe seems a little excessive, after all we can already pay for our food at Pizza Express using an iPhone app, and there are many more examples coming. We’re a long way from abandoning our wallets, but the change can be implemented relatively quickly from here.
Most of us can now swipe our cards over a terminal in a shop to pay for anything up to £15, and from January this will include Oyster card readers, which will accept direct payment. Therefore, bringing contactless card technology and mobile technology together is hardly a major leap, especially as the next generation of mobile phones are being built with near-field communication (NFC) chips, which will also enable contactless payment and offer the advantage of digital loyalty cards, promotional offers and receipts held on phones.
PayPal offers further evidence of the move to leave our wallets at home with stats that show 45m people in the UK use a mobile phone and over a third of mobile users surveyed have used the mobile internet to buy something from a retailer’s website.
The big issue beyond the technology is of course the security, but with advances in device-based, or embedded security, i.e. security built into the device and not sat on top in the form of after sales software, the future is bright. I would estimate that we will be ditching our wallets before 2016, and who knows the year of mobile may have even arrived by then.
A digital vs print publishing milestone
November 23rd, 2011
This week you may have missed a small but important milestone in the move from print to digital publishing.
Initially reported in the New York Times, and later picked up by The Guardian, Atlantic Media a prominent U.S. magazine publisher, and more specifically its key title by the same name, 154-year-old monthly magazine; The Atlantic, has reported that its digital advertising revenue has exceeded print advertising revenue for the first time.
Ad revenue figures for October show The Atlantic’s ad revenue was 51% digital compared to 49% print, which is believed to be a first for a mainstream publisher.
Why all the fuss? Well the difference here from many other titles that are seeing print advertising revenue fall in-line with digital revenue is that The Atlantic say this isn’t the reason for its success. There has not been a decline in the share of print revenue. In fact, The Atlantic sold more ads in the October issue of the magazine than it had in any other issue since 1999, and website traffic has grown to 5.4 million monthly visitors. However, the Guardian confirms that Atlantic does have lower advertising rates than other similar publications.
Even if we take this lower advertising rate into consideration, it’s an impressive result, and shows that digital content does not need to be the poor relation to print content, and in fact is beginning to be favoured, if very slightly.
Although this story alone won’t change the many pre-conceptions about print vs digital publishing, it is the first of many that will follow, and the first for the right reason, i.e putting digital first (as the Guardian would say) and focusing on relevant content rather than just content for the print title.
According to the NY Times: “The Atlantic has been undergoing a gradual evolution from a magazine publisher to a multimedia company with a collection of successful Websites that also happens to put out a magazine once a month.”
The final word goes to The Atlantic’s publisher, Jay Lauf: “When I started in ’08, digital was 9 percent of our total ad revenue. With digital, everybody in the business is always talking about trading print dimes for digital dollars. Well, for the first time we’re actually beating print.”
Apple announce one day shopping event – 25th November
November 22nd, 2011
Do you want an iPad, iPad, iPhone or any other Apple product? This could be you best chance to bag a bargain for Christmas.
Apple has announced that it will be holding a one day holiday shopping event on Black Friday which is this Friday, November 25th.
“The special one-day Apple shopping event.
This Friday, 25 November.
Mark your calendar now, and come back to the Apple Online Store for the special one-day event. You’ll discover amazing iPad, iPod and Mac gifts for everyone on your list.
Until then, browse the Apple Online Store for great ideas.”
Apple has not yet given any details about exactly what discounts will be available. Last year, Apple held its Black Friday event on November 27th and discounted a number of its products, cutting the prices of its iMacs and Macbook Pro laptops by up to 7.5 per cent
You still might be able to get better deals elsewhere, but if you’re buying direct from Apple you get that added confidence of a respected supplier.
Below is a video of the iPhone 4s to whet your appetite.
Why take the Google+ page plunge?
November 18th, 2011
Google+ launched Google+ pages last week, in direct competition with Facebook, and the evidence shows that many brands have set up a page over the first week of activity, at least according to research by SEO firm BrightEdge, who confirmed ‘61 percent of world’s top 100 brands have already created Google+ pages‘, which is pretty impressive considering the time frame.
The question that keeps coming up is: ‘Why do I need a Facebook page and a Google+ page?’ Many of those brands that have taken the plunge already will have grabbed their Google+ page, simply to secure it, which is reason enough at least in the short term. Some may be surprised to hear though that it’s easy to set up fake pages so look for the verified badge when you visit the site.
So why does a brand need a Google+ page? Well, there are many reasons, 18.5 of which are defined in Gordon MacIntyre-Kemp’s piece on the Drum last week, and as he suggested, the integration of Analytics, YouTube, Adwords, Picassa offers an advantage over Facebook, and perhaps an insight into the longer term strategy.
Obviously Facebook is the prime motivation for the Google+ launch, and many feel Google+ is too far behind to mount an effective challenge, but the issue here is not so much about the stand alone effectiveness of Google+ vs Facebook, but the sheer scale of Google products that Google + already integrates, and will undoubtedly increase in the future. Let’s also not forget Google’s strength, its search engine, which has led to its Google+ pages already out ranking Facebook brand pages, which is reason enough for some brands to get involved.
The BrightEdge analysis showed Google+ pages on average appeared in the top 12 Google search results for the corresponding brand, while the brand’s Facebook pages on average appeared in the top 13 or 14 listed results.
The flexibility in connectedness, and search, gives Google the long term edge in terms of synching with its full range of services. Of course many services also synch with Facebook, but Google’s vision seems to take this to another level. We’re not talking about beating Facebook, Google is simply building around it and making it less relevant.
The reality is we’re a long way away from that today as 94 percent of the Top 100 brands analysed by BrightEdge have a presence on Facebook, and in terms of the big brands, like Coke, McDonalds and Verizon each only has dozens of fans on Google+, but millions of Facebook fans. The review of Facebook and Google+ properties for the top 100 brands showed a collective total of almost 300 million Facebook fans, compared to approximately 148,000 Google+ followers for these same brands.
Looking at the figures today, the task ahead of Google+ seems insurmountable, but i suspect the gulf between Facebook and Google+ will fall as the connected battle gets into second gear, and Google has already announced a pilot program that will allow businesses and brands to manage their Google+ Pages using a number of third-party applications, including Buddy Media, Context Optional, Hearsay Social, HootSuite, Involver, and Vitrue.
The issue is not so much about Google+ catching Facebook, but about offering a viable and useful reason to have a Google+ page as well. We may see different verticals opting for different networks based on reach and audience in the future, but with these options brands have ever more increasing routes to listening and engaging with their communities.
November 15th, 2011
Ten years ago today the XBOX launched in the U.S. to take on Sony’s popular Playstation gaming machine. Since then it has gone from strength-to-strength. Prior to this, Microsoft’s only other real gaming experience was Flight Simulator and Sidewinder joysticks.
The XBOX introduced Halo, which is also ten years old today. Other launch games included Dead or Alive 3, Amped, Fuzion Frenzy, Project Gotham Racing and Jet Set Radio Future.
Since its launch in 2002, XBOX Live has pulled in 35 million members. The XBOX was discontinued in late 2006, following the launch of the XBOX 360 in 2005, and now there is an estimated 57 million XBOX 360s out there and growing.
Video of the XBOX 1 Launch at NY Timesquare
The remembrance poppy – some brands are sacrosanct
November 11th, 2011
It was said in jest this week but the idea that the remembrance poppy is ripe for a re-brand has been doing the rounds in the UK.
On the face of it, the idea of a re-brand makes commercial sense. People bought 38 million remembrance poppies in 2010 and that raised £36 million. The organisers are hoping to raise £40 million with this year’s appeal. Looking at those statistics, the return on investment is not perfect.
The radio joke this week was that the poppy charity should “colour and shame†people with a range of poppy colours showing how much people had paid for the remembrance badge. We would have a true blue colour for those spending around £100, an orange poppy for the £50 supporters, green for £25 donations, and red for the scrooges. There would also be an exclusive Platinum Poppy for those with a few million pounds to spare.
Would this marketing strategy work in the real world? I think not. An iconic brand is eternal, and Teflon-coated. The red poppy is an example of this rare beast.
Sometimes, the best intentions of marketing philosophy and practice come up against the eternal  iconic – and at this point these ideas dissolve.
There are other, less worthy iconic examples – but we should be careful also in the way we view these. Change is not necessarily a positive.
61% of Britons do not want to engage with brands on social networks
November 10th, 2011
The findings of TNS’s Digital Life study, A global survey that is billed as the most comprehensive view of how more than 72,000 consumers in 60 countries behave online and why they do what they do, were revealed today.
The full details on the research can be seen here and in brief the survey found that 57 per cent of people in developed markets* do not want to engage with brands via social media – rising to 60 per cent in the US and 61 per cent in the UK. Of the 72,000 surveyed between June and September 2011, 2,093 were Britons.
However, the research also shows 47 per cent of digital consumers now comment about brands online, and 54 per cent of people admit social networks are a good place to learn about products, which shows a willingness to get involved where there is relevancy or a reward for doing so, proved by the following stat: 61 per cent of consumers are driven to engage with brands online by a promotion or special offer.
The figures are a little more encouraging in Fast growth markets** , which were found to be far more open to brands on social networks. Just 33 per cent of Colombians and 37 per cent of Mexicans said they don’t want to be bothered by brands online, while 59 per cent of people across fast-growing countries see social networks as a good place to learn about brands.
Interestingly, the findings showed that more people like to praise than complain online (13 per cent vs. 10 per cent), which goes against the old understanding that people are more likely to complain, if only just.
So does this mean that brands are wasting their time and money by developing social campaigns? Well, if they are doing it just to tick a box, or simply to say to the MD ‘we have a Facebook profile’, then yes, they are. This is not a new learning, bad social campaigns do more harm than good, and taking a broadcast methodology online will only serve to highlight the lack of understanding of the brand, and return little in the way of results.
Although there are many social commentators banging on about the importance of the theory of social communications and the importance of listening to a community, understanding its needs and holding a two-way conversation, none of which is new or exciting, the message doesn’t seem to be getting through.
There are many more bad examples of social brand campaigns than good ones, and research such as this only goes to prove that education isn’t getting through to those that hold the budgets, and perhaps also a reflection to those that the brands trust to carry out social campaigns.
There is no doubt that individuals as a whole do not particularly wish to engage with a brand online for no reason, unless of course they have an offer or reward, why would they?
However, if a brand, individual or charity is truly engaged with its community, offers relevant and useful content, understands the platform on which they are communicating and actually listens to its audience, the likelihood of engagement will be higher. Not because it’s a brand, but because the individual believes the engagement is worthwhile.
So, should we all go away and give up on social communications, or should we just start being social in our communications?
*TNS defines developed markets as: Australia, Austria, Belgium, Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Hong Kong, Ireland, Israel, Italy, Japan, Luxembourg, Netherlands, New Zealand, Norway, Portugal, Republic of Korea, Singapore, Slovak Republic, Spain, Switzerland, Sweden, Taiwan, United Arab Emirates, United Kingdom, United States.
** Fast growth markets: Argentina, Brazil, Chile, China, Columbia, Egypt, Estonia, Ghana, Hungary, India, Indonesia, Kenya, Malaysia, Mexico, Morocco, Nigeria, Pakistan, Peru, Philippines, Poland, Romania, Russia, Saudi Arabia, South Africa, Tanzania, Thailand, Turkey, Uganda, Ukraine, Vietnam.
November 9th, 2011
Here is a neat little trick I happened to come across today. Do you want to customise a QR code to fit your company style or even insert your logo into it, making it stand out even further?
Well now you can, by either viewing the video below or by referring to this simple to follow guide.
Here are a few QR design ideas via Mashable
The young will lead war on cyber-crime if we deliver the trusted tools and knowledge
November 3rd, 2011
My take-away from the London Conference on Cyberspace was the recognition that young people are just as concerned as business and government about hackers and cyber-crime.
The two-day conference (November 1-2 2011) ran in binary form – a neat format given the context. A youth conference rolled at the same time as government leaders were discussing what “cyberspace†means, what commercial benefits it can bring, how states can co-operate online, and how to secure this space.
The youth conference gave a platform to voices and ideas from our young people who, as the organisers say “are driving the digital revolutionâ€.
The London Cyber Youth sessions underlined that, for young people, the online and offline worlds are one place. The guiding principle is that what is unacceptable offline is also unacceptable online.
Whether this is just a slight nod in the direction of young people by the current leaders or whether their ideas will be embraced with a matching passion is moot.
Their hopes and concerns are writ large in their submission and conclusions. Worth a read, scroll down to the bottom (I couldn’t find the Annex B doc. Let me know if you find it).
Meanwhile, in the main conference delegates present and those commenting online were clear that government and industry had a shared responsibility to do more to prevent cyber-crime. The commercial sector has to deploy more secure devices, systems and services and is a core part of a solution on prevention.
At the same time, there is a strong energy to give people and organisations more help to identify those products that can deliver good security. Delegates are encouraging the private sector to lead development of improved internet security products, systems, services and standards.
But there’s a way to go before everybody is synchronised. Fear, mistrust, self-interest and possibly a scintilla of greed, all are playing out in this “cyberspace†discussion.
That said, many delegates showed strong support for practical collaboration and capacity development on cross-border law enforcement. The thinking is that we have to move real quick because the networked world moves fast – extremely fast..
Global contact points –  the “24/7 Network†– are being promoted as the best means to make sure that when urgent assistance is required, partner countries are able to obtain it. Delegates called on all countries to join the 24/7 Network and to redouble efforts and commitment to make it a success.
William Hague. UK Foreign Secretary used his position as chair to advise: “The London Conference on Cyberspace began this more focussed dialogue on principles and set out an agenda for further work. The success of this agenda will be founded on the set of partnerships we have explored at this Conference.
“Our starting point must build on existing work, including the Geneva and Tunis World Summits on the Information Society.
“Our partnerships must remain inclusive, co-operative and collaborative to make certain we can build a secure, resilient and trusted global digital environment. This work will now go forward over the next 24 months with conferences in 2012 and 2013, graciously hosted by Hungary and South Korea respectively, to take stock.â€
While the diplomatic fissures were clear at the conference, delegates agreed that having the right legislation in place is essential, supported by a willingness to act. Countries need to ensure they have the forensic resources, processes and willingness to co-operate as necessary.
We do need to act, and quickly. The current network security system is not really fully prepared for the battles ahead – and they will be very fierce, beyond our imagination- but maybe not those of our youth.