Archive for September, 2011|Monthly archive page
A recent article in Foreign Policy magazine is a wake up call for companies who are unaware of a cyberwar being waged right under their noses. According to the author Joel Brenner, a retired intelligence official from the U.S. National Security Agency, criminals, hackers and terrorist groups are using the internet to target a variety of industries including IT, financial services, defence and electronics. These attacks are launched for a variety of reasons including financial gain, IP theft, political disruption or merely just for kicks. Cyber risks are rising so managers will need to understand and accept this reality and better prepare their organizations for inevitable disruptions.
So far, cyberwar has claimed many victims, some public but many private. Most risks fall into two general areas: information & IP security threats and operational risks
Information & IP security threats
Most weeks features disclosures of electronic fraud and massive data heists. For example, Sony’s PlayStation Network was hacked (apparently through its Amazon Cloud infrastructure), compromising the personal information of more than 100M customers. In another case, cyber thieves stole $9M in just a few hours by breaking into an international bank, creating counterfeit credit balances and looting ATMs across 4 countries. There is nowhere to hide from these threats. According to Brenner, “international gangs spread malicious code that conscripts unwitting computers into zombie armies of hundreds of thousands of similarly enslaved machines.”
Cyberwar pays. It is often cheaper and easier to steal IP than it is to painstakingly develop it. Brenner sees corporate espionage by both competitors and foreign intelligence services (or their surrogates) increasing. For understandable reasons around maintaining confidence and not admitting vulnerabilities, government officials are reluctant to speak openly on specifics while victims will rarely admit they have been targeted. Yet, two companies have gone public. Google acknowledged that a 2009 Chinese government cyber attack was about stealing their market-leading source code. Brenner asserts that thousands of other U.S. and Western firms were targeted by the same Chinese attack. In another case, Oracle publicly admitted and successfully sued SAP for stealing some of its software.
Virtually every company’s operations are susceptible to national infrastructure and supply chains disruptions. Operational vulnerability has been illuminated by the impact of the Stuxnet computer virus on the Iranian nuclear program. Having been introduced remotely or embedded in the firmware of the industrial control systems, Stuxnet caused the uranium centrifuges to go haywire, resulting in a major setback to the program. While good news for world peace, this case exposed the harsh reality that operational espionage is a major threat to highly automated and capital intensive operations. While it is believed only a top-notch intelligence agency could have developed the virus, the code itself is now public increasing the possibility of copy cat attacks. For every Western organizations, the national and trans-national infrastructure is the nexus of vulnerability. Attackers have numerous soft targets including the electricity grid, air traffic control, energy pipelines, water and sewage systems and railroad switches. These systems are mostly electronically controlled and networked. If an intruder can break into the right server electronically, he/she can remotely shut down production, redirect goods to the wrong location, and even unlock shipping doors – while leaving no record of ever having been there.
Western companies face a wide variety of cyber threats from all corners of the globe and within their own societies. According to Brenner, seized al Qaeda computers have contained details of U.S. industrial control systems. A variety of terrorist groups have plotted attacks on the Australian and British electricity grids over the past 8 years. Countless numbers of individual hackers and small gangs regularly look to penetrate poorly defended IT infrastructures. In fact, criminals can easily rent cyber weapons online, called “botnets,” to attack web sites.
How can managers deal with the onset of cyberwar?
- Acknowledge that their firms face serious operational vulnerability in an inter-dependent and wired world. Organizations need an objective and realistic assessment of which assets, data and IP can and should be protected. Moreover, managers must look back through their supply chains and equipment suppliers to understand the full impact of cyber disruption.
- Accept that risks cannot be eliminated, only managed. As operators of over 80% of the IT infrastructure, it is the private sector who owns this vulnerability; they can’t depend on a distracted, heavily indebted government to save them. Furthermore, companies must reconsider their primary focus on efficiency and invest more in operational redundancies in key areas such as business continuity measures, IT & communications support and data storage.
- Understand that technology is only one, albeit the most obvious, aspect of the cyberwar challenge. Unless technology risk mitigation is integrated with people, process and operational elements, firms run the risk of not closing every window of vulnerability.
For more information on our services and work, please visit the Quanta Consulting Inc. web site.
When considering self-reporting forms, the assumption is that individuals are generally ethical in their reporting behaviour. Yet even when people care about morality and want to be seen as ethical by others, they sometimes (or often) are dishonest in their statements when it is beneficial to their own self-interest. The accuracy of millions of these written assertions has a major financial impact on a variety of industries including insurance, professional services and health care. New research out of the Harvard Business School looked at how organization can reduce unethical behaviours. The conclusion was that signing a form up front – versus at the end – can appreciably reduced cheating. Simply put, improving ethical behaviour will significantly reduce costs and increase revenues.
In accordance with legal requirements, individuals are typically asked to sign at the end of a self-reporting document to certify the truthfulness of their statements. Most organizations rely solely on a person’s honesty, using the possibility of punishment to deter dishonesty. Not surprisingly, considerable amounts of cheating occur given the potential payoffs, the high cost of compliance and the low probability of getting caught within an honour-based system.
The objective of the study was to develop and test an efficient and simple measure to reduce or eliminate unethical actions — particularly behaviours that rely on self-monitoring in lieu of societal restraints. Examples of self reported, unethical deeds includes over-claiming expenses, inflating business results, over-stating billable hours and under-reporting taxes.
Cheating is really costly…
In one of the study’s field experiments with insurance firms, asking customers to sign at the start of the form led to a 10.25% increase or an additional 2,428 reported miles driven per car (i.e. they cheated less) versus the current practice of asking for a signature at the end of the form. After assuming a per-mile-cost of automobile insurance of between 4-10 cents, the study estimated that annual insurance premium per car would have been $97 higher with the more truthful reporting. One key consequence of false reporting is that the costs extend beyond the insurer to its entire customer base, including the honest policy-holders. In the case of tax avoidance, the economic cost of tax cheating is estimated to be a staggering $150B every year in the United States alone.
…but it can be reduced
The research found that signing at the beginning of a report – before having the opportunity to cheat – rather than at the end of the document leads to significant reductions in the likelihood and magnitude of cheating.
Why do people become more honest?
According to the research, simply moving the signature line to the beginning of a form can bring a person’s moral and ethical standards into focus, right before it is most needed – the reporting. The amplified importance of moral standards may trigger increased truthfulness in the subsequent statements. Conversely, when signing at the end of a form, the unethical behaviour has already taken place. In turn, the individual maintains their positive self-image by engaging in various justifications and delusions.
In the real world…
Every organization can easily take advantage of these insights by redesigning their standard forms to move the signing position to the beginning of the document. Specific sectors like insurance, government, health care and professional services that depend on self-reporting will benefit from more truthful assertions, reduced performance inflation, less over-claiming of credits, and fewer deduction claims.
For more information on our services and work, please visit the Quanta Consulting Inc. web site.
It’s been over 15 years since the likes of Amazon, Expedia and eBay stormed the business world with their new ways of transacting business and startling growth. Ever since then, conventional wisdom has said that online success was best achieved by reaching operational scale and mass market appeal as quickly as possible. In other words, an “if you build it online, they will come from everywhere” approach.
Yet, recent developments belie this approach. Booz & Co., a consultancy, studied online successes and failures. They found that firms such as Webvan, Pets.com and Value America that focused exclusively on scale and mass marketing were unable to convert this strategy into market leadership. In fact, there are only 3 non-traditional retailers (Amazon, Newegg and Netflix) among the top 25 internet retailers, with Amazon coming in the highest at #4. Furthermore, a scale based strategy has fared no better in the B2B space. Specifically, Booz cites the failures of online auctions like FreeMarkets, Business.com and Covisint to transform B2B commerce.
There is much to learn from the above failures as well as from the new internet stars such as Zappos and Groupon. Two key success factors stand out. Firstly, they build distinct yet market-beating capabilities that support their mission. Secondly, they target these capabilities against local markets. Online winners achieve scale but realize it in different ways than their predecessors. Simply put, scale follows focus and capabilities.
Narrow the focus
Given the challenges around satisfying fickle consumer needs and achieving technological integration, it is difficult for online firms to design and maintain a full spectrum of powerful operational capabilities. Like traditional businesses, online firms often struggle to be all things to all people. The successful Internet firms are picking narrow business strategies and then developing supporting capabilities that provide a superior value proposition and service offering.
Zappos, the leading online shoe retailer, was one of the first Internet firms to follow a focused strategic approach. Before being purchased by Amazon in 2009, Zappos had bested their online foe by achieving superior client service and call center productivity through targeting one crowded and unpredictable market, shoes. Specifically, the company has been recognized as having the best trained and motivated customer service workforce. Interestingly, Zappos’s success came without enjoying Amazon’s mass scale advantages such as being a low-cost seller or having the largest selection of merchandise.
In its early days, the online mantra was to sell everywhere at any time. While this still rings true in many instances, some of the latest internet success stories have pursued scale by deploying platform-level capabilities and expertise at a local level.
Groupon is an excellent example of this approach. The company – recently rebuffing a December 2010 $6B acquisition offer from Google – has gained scale by launching their “daily deals” coupon promotions in 500 global markets, tapping the marketing spend of local businesses. Groupon’s key metric is not the number of subscribers (though they have over 50 million) but rather the number of local subscribers – the ones of greatest interest to the revenue-paying merchants. In essence, Groupon is following the marketing truism of going where the money is. To support their strategy, Groupon has developed significant capabilities for identifying and vetting local merchants and managing promotional programs around them. Finally, their mass-local approach also generates scale from its inherent network effects (more consumers entice more sellers which in turn attract more consumers).
Of course, the narrowly focused and locally oriented online companies must continue to execute with excellence if they are to ward off competitors with similar models and continue to serve fickle customers well. Failure to do so will consign firms like Zappos and Groupon to the same fate as previous Internet stars Webvan, Pets.com, Friendster and Napster.
For more information on our services or work, please visit the Quanta Consulting Inc. web site.