Cybersecurity Awareness Month Is Underway

Executives consider cyberattacks the second leading global risk to doing business, per the World Economic Forum’s 2019 Global Risks Report. The US Senate passed a law to help firms suffering from ransomware attacks, and the NSA launched a new Cybersecurity Directorate. With a flurry of activity already underway, it’s going to be a busy month. Use the attention that cybersecurity topics will receive this October as an opportunity to energize your entire company on the importance of cybersecurity with a fresh approach featuring new messages. This year, Forrester security and risk analysts will post a number of blogs on topics to help business and security leaders make cybersecurity an awareness, behavior, and culture topic throughout their firm. Extend your conversations beyond phishing and end user security awareness training. Help your stakeholders understand that an abiding commitment to security and privacy as one of your firms’ values will ensure that you stay competitive in the future.

Are Federal Workers Normalizing Whistleblowing?

Whistleblowers are in the news. Whistleblowers were first enshrined in federal law in 1778 when the Continental Congress voted unanimously to protect Navy officers who reported on war crimes during the American Revolution. Despite their act of good work, today’s whistleblowers struggle after blowing the whistle. The reason huge financial payouts are provided to those who expose corporate malfeasance is because they most likely will never be able to work again. Corporations also suffer with financial penalties and reputational damage. Corporate risk managers can mitigate the risk that employees will feel compelled to look to whistleblower protections to report wrongdoing to the organization. Strong internal whistleblower programs that allow for anonymous reporting and transparent investigations can minimize the impact of the incident. Cultures that reward transparency have built-in resilience.

Weaponization Of Data Classification?

This week, we saw the weaponization of the least appreciated foundational process in information technology: data classification. Data classification is foundational to data management, enables digital transformation, and builds the foundation for Zero Trust and other strategies to secure data. When we leverage the process with no controls, we leave it open to manipulation. Risk platforms, audit platforms, and other data sources can be weaponized to hide corporate problems or risks. Imagine if Enron conducted adequate risk management such that in their risk platform, the risk of getting caught cooking the books was low with zero residual risk. No one would ever look at it again — until it all blew up. Thanks to the weaponization of classification systems in the federal government, now is the time for boards and executive management to demand a review of their low-risk/low-impact ratings everywhere in the environment to ensure that high risks are not being buried in the data sets. Trust is not a control, and luck is not a strategy. It seems that we have been lucky so far . . .

Walt Disney’s StudioLAB Goes Cloud-Centric For Its Tech-Driven Innovations

Walt Disney Studios’ StudioLAB, its technology hub designed to create and advance the future of storytelling with cutting-edge tools and methods, recently announced that it is shifting its focus to cloud-based solutions to help accelerate innovation. Its focus is on a portfolio of innovations in production and postproduction, from “scene to screen.” Jamie Voris, CTO at Walt Disney Studios, shared that “through this innovation partnership with Microsoft, we’re able to streamline many of our processes so our talented filmmakers can focus on what they do best.” As analyst James Staten noted in his recent PowerPoint-based report, building out your tech-driven innovations on the megaclouds provides a foundation for helping transform content creation and content management to overcome today’s operational pressures, as well as pave the way for ongoing innovation agility and cost efficiency.

AWS’s New Certified Expert Recommendation Engine — Nice Service Or Dangerous Control Point?

The future of services is as much defined by the capabilities of cloud and software providers as it is by the service providers themselves. Much of the innovation comes from what the technology vendors offer. So when one of those technology providers — Amazon, in this case — starts recommending the expert you should be working with, you have to ask yourself why. Amazon’s new AWS IQ purports to streamline your ability to identify and start working with an expert. Sounds good, but what if Amazon starts seeing this feature as a way to shape and control how those companies find service work? This is one of the themes we want to explore in our new research on the future of services — when platform owners start offering, referring, and perhaps controlling the services on the platform, is that good? Or perhaps limiting or risky? We’re interested in your thoughts.