2019

PROGRESS REPORT

TECHNOLOGY

Safe and Secure?

Cybersecurity efforts stay in the spotlight as data breaches continue

More and more these days, the security of data—personal or business-related—seems to be front of mind for everybody. Data breaches are happening daily, in too many places at once to keep count. This frequency means that many breaches go under the wire. The general public only tends to hear about the huge ones—from Facebook’s failings earlier this year to Yahoo’s big breach five years ago.

The fact that data breaches continue to be common sparks several questions: Do organizations appreciate the importance of investing in cybersecurity and data protection—not just related to their customers’ data, but also related to information about business operations and products? Are enough organizations taking these attacks seriously and are they able to stay one step ahead of the bad guys? Is there enough investment and planning in averting future attacks? Are individuals doing enough to protect themselves?

"Threats are constantly evolving and the chances of being attacked are increasing significantly as enterprises everywhere integrate new web-facing technology into their day-to-day systems," said Nino Valmonte of IP Converge Data Services Inc. "New types of attack methods are always emerging, and a single employee oversight can make or break a company."1

The research and consulting firm Gartner affirms Valmonte’s assertion: Opportunity for further breaches will only increase in the years to come—especially as the proliferation of Internet of Things (IoT) devices skyrockets. At the end of 2017, 8.4 billon connected devices were in use worldwide. By 2020, that number will reach 20.4 billion.2 As more industries adopt IoT, big data analytics and artificial intelligence technologies, the "attack surface" for hackers grows even larger.

Cyberhackers, too, have been moving to more sophisticated agendas, such as espionage, disinformation, market manipulation and disruption of infrastructure, on top of usual threats, such as data theft, extortion and vandalism.3

Hackers today are not only more sophisticated and advanced, but they also have better technology at their disposal. They’ve stepped up ways to crack passwords, accelerate phishing scams, enhance social engineering efforts and sometimes work with governments to target corporations and other countries.4

More than just IT

So the situation seems pretty bleak, right? Is it best to go back to paper-based systems? Cash transactions only? Not quite. Advances are being made on different fronts to establish safeguards. However, organizations must come to realize they can never again let their guards down.

All in all, cybersecurity can’t just be the responsibility of IT departments or the organizations alone. Developing a cyber-secure environment requires input from governments, leaders, businesses and consumers.5

For organizations wanting to take the first step toward a safer cyber environment, input is needed from all areas of the business to strengthen the preventive strategies against an attack and mitigate major interruption to business operations when the inevitable occurs.6

Cybersecurity must now be considered a risk issue across the organization, not just an IT issue.

"If you want to protect the enterprise, protect the firm, you have to understand your firm," said Don Aliberti, head of information security for financial services group Nomura Holdings America. If something in your organization has any value and exists somewhere on your computer systems, it must be protected. Determining value, Alberti said, requires "understanding what are the main functions that keep the business going and what are the main risks to the business as far as availability, confidentiality, and integrity that potentially could hurt the business."7

In the end, businesses need an approach that integrates cyber protection into all aspects of the organization, from the IT department to employee training to security policies.8

Solutions and safeguards

It appears more organizations are trying to put safeguards in place by using and improving cybersecurity. Last year, research and news site Tech Pro Research surveyed IT professionals about their organizations’ 2018 budgets. Among the key findings from the report were that more than half of the respondents (53%) said improving security will be a top budgetary priority for their organization this year. That’s higher than the 47% who said their organization will be prioritizing hardware purchasing, and 43% who said their organization will place priority on cloud services.9

Organizations with IoT offerings seem to be stepping up security, too. In fact, spending on IoT security will reach $1.5 billion this year.10

Other organizations are enhancing innovation efforts to combat hackers and get ahead of the curve. Blackberry, for instance, unveiled a new cybersecurity tool earlier this year called "BlackBerry Jarvis" for automakers that will scan in real time all software components in an autonomous vehicle to predict and fix vulnerabilities.11

When it comes to government involvement in terms of cybersecurity and regulation, interest and activity seem to be on the uptick—that is, with limited accomplishments so far.

The only major U.S. legislation was proposed earlier this year by Senators Elizabeth Warren (D-MA) and Mark Warner (D-VA). It would hold large credit card organizations accountable for data breaches of consumer information. They propose that the organizations would face "a base penalty of $100 for each consumer who had one piece of personal identifying information (PII) compromised and another $50 for each additional PII compromised per consumer," according to their press release.12

Internationally, the European Union’s (EU) General Data Protection Regulation (GDPR) took effect last month. The GDPR is meant to force organizations to take EU citizens’ privacy and security concerns more seriously. Organizations face significant financial penalties for violating GDPR regulations—for example, not reporting a data breach within 72 hours of its discovery. Fines can range up to 4% of annual global revenue or $27 million (whichever is greater). That seems to have gotten the attention of everyone doing business in the EU, including U.S. tech organizations.13

Whether the GDPR will persuade U.S. corporations to take cybersecurity more seriously (or the U.S. government to start enforcing the legislation already on the books) remains to be seen.14

Personal protection

While it’s not possible for the regular consumer to control how corporations secure your personal data, there are steps to better protect yourself:

  • Be mindful of what information you share with social media sites and online stores.
  • Be careful when connecting to free Wi-Fi in places such as cafes or airports to avoid accidentally sharing personal information with nearby hackers.
  • Move beyond simple, easy-to-crack passwords (forget about using "123456") and embrace multi-factor authentication, including using biometrics (for example, fingerprints or voice recognition), to optimize security.15 Instead of only using a password, for instance, you become the password, adding an additional layer of security to online accounts.

For personal IoT devices, expect the pendulum to swing to put more focus on device identification and authentication, and data protection from the point of collection all the way through intermediate and final points of collection.16

Businesses, too, must get better at conducting training to instill the right skills, awareness and the "cybersecurity culture" required in workers to fight against new and evolving threats, Valmonte said.17 For instance:

  • Keep your computer clean, including sensibly limiting the programs, apps and data that can be downloaded and installed, and alerting the right people whenever a computer exhibits strange behavior.
  • Use long, strong passwords that have a combination of uppercase and lowercase letters, symbols and numbers, and change them routinely.
  • Recognize and delete email messages with suspicious subject lines and links.
  • Constantly and consistently back up files and applications.

"By starting with these steps," Valmonte said, "a company can already drastically reduce the installation of malicious programs within their network."18

—compiled by Mark Edmund, associate editor

References

  1. BusinessWorld, "Human Error the Leading Cause of Cybersecurity Breaches—Study," May 3, 2018, https://tinyurl.com/biz-world-cyber-study.
  2. John Grimm, "The Proliferation of IoT Devices Will Lead to More Data Breaches," Information Management, Jan. 31, 2018, https://tinyurl.com/grimm-iot-breaches.
  3. Neil Campbell, "Cybersecurity Is a Business Risk, Not Just an IT Problem," Forbes, Oct. 11, 2017, https://tinyurl.com/forbes-cyber-biz-risk.
  4. Sue Marquette Poremba, "Four Reasons Why Data Breaches Continue," IT BusinessEdge.com, April 3, 2018, https://tinyurl.com/it-biz-edge-4-reasons.
  5. Campbell, "Cybersecurity Is a Business Risk, Not Just an IT Problem," see reference 3.
  6. Ibid.
  7. Terena Bell, "What Is Cyber Resilience? Building Cybersecurity Shock Absorbers for the Enterprise," CSO Magazine, May 7, 2018, https://tinyurl.com/cso-cyber-resilience.
  8. Campbell, "Cybersecurity Is a Business Risk, Not Just an IT Problem," see reference 3.
  9. Razvan Muresan, "Here’s Some Good News: Investments in Cybersecurity Technology Continues to Rise," Business Insights, Oct. 19, 2017, https://tinyurl.com/biz-insight-cyber-tech-rise.
  10. David Ndichu, "IoT Security Spending to Rise Sharply in 2018, Gartner Says," ITP.net, March 26, 2018, https://tinyurl.com/gartner-iot-spending-more.
  11. Tech2, "Blackberry Unveils a Cybersecurity Software Tool That Predicts Software Vulnerabilities in Autonomous Vehicles," Jan. 16, 2018, https://tinyurl.com/tech2-software-tool.
  12. Robert N. Charette, "Will U.S. Corporations Ever Take Cybersecurity Seriously?" Institute of Electrical and Electronics Engineers (IEEE) Spectrum, Jan. 17, 2018, https://tinyurl.com/spectrum-cybersecurity-serious.
  13. Ibid.
  14. Ibid.
  15. Poremba, "Four Reasons Why Data Breaches Continue," see reference 4.
  16. Grimm, "The Proliferation of IoT Devices Will Lead to More Data Breaches," see reference 2.
  17. BusinessWorld, "Human Error the Leading Cause of Cybersecurity Breaches—Study," see reference 1.
  18. Ibid.

Bibliography

Armeerding, Taylor, "The 17 Biggest Data Breaches of the 21st Century," CSO Magazine, Jan. 26, 2018, https://tinyurl.com/17-big-breaches.

Sharma, Neeta Chandra, "AI, Cybersecurity, Data Analytics Used Most by Healthcare Companies," Mint, March 6, 2018, https://tinyurl.com/mint-healthcare-cos.

Sheridan, Kelly, "Breaches Drive Customer Stress Over Cybersecurity," DARKreading, May 2, 2018, https://tinyurl.com/dark-reading-breaches.

Skroupa, Christopher P., "Today’s Cybersecurity ‘Can’t Be Successful With a Static Solution,’" Forbes, April 30, 2018, https://tinyurl.com/forbes-static-solution.

Titcomb, James, "Facebook Was Warned of Data Risks 7 Years Ago," Sunday Telegraph (London), March 26, 2018.


Getting to know…

Gary K. Griffith

Current position: Author and consultant in quality and engineering

Education: Associate’s degree in industrial technology from El Camino College in Torrance, CA

What was your introduction to quality? The first month I worked as an inspector, I realized that quality begins in design, is created by manufacturing processes, and can’t be inspected into the product.

Do you have a mentor who has made a difference in your career? There are two: Harry Romig for quality and Lowell Foster for engineering.

What teacher influenced you the most? Glen Hayes, who constantly strived to simplify complex subjects for his students.

What’s the best career advice you’ve received? My father said, "Make sure you do what you love to do and be very good at it."

Are you active in ASQ? Past involvement as an ASQ senior member. Also taught quality courses for the ASQ Los Angeles section and have been published in QP. Past recipient of ASQ’s Golden Quill Awards for my book Statistical Process Control Methods for Long and Short Runs, first and second editions (ASQ Quality Press, 1989 and 1995).

What noteworthy activities or achievements outside of ASQ do you participate in? I’m a fellow of the Institute for Advancement of Engineering. I’ve focused on training designers to improve designed quality and training manufacturers to develop and control processes.

Have you had anything published? I have had several books published, including Geometric Dimensioning and Tolerancing (Pearson, 2001) and The Quality Technician’s Handbook (Pearson, 2012). I’ve also written several articles for Quality magazine.

Any recent honors or awards? Recipient of this year’s Hromi Medal.

What was the last movie you saw? "Lara Croft: Tomb Raider."

Personal: Married, four children and four grandchildren.

What are your favorite ways to relax? Horses, billiards and movies.

Quality quote: Quality begins in design and is achieved by manufacturing.


ASQ

New Online Community Debuts

ASQ recently launched a new centralized online community—called myASQ—which provides timely, relevant and customizable engagement for ASQ members and quality professionals around the globe.

myASQ allows quality professionals to interact, network and discuss popular topics facing the quality community. The new platform includes discussion boards, blogs, news and events listings. Users can initiate and contribute to discussions about quality topics they are interested in and access communities based on geographic location and industry.

myASQ replaces ASQ’s previous community platform and builds on existing strengths, such as communication, collaboration and social sharing, while enhancing the ability to serve audience segments through personalization and the development of communities.

The new community platform also allows ASQ to offer greater member value through functionality and access to member-only areas and content, said Jim Templin, an ASQ executive.

"myASQ will offer ASQ members the best opportunities to network and make connections in the global quality community, enhancing member value," Templin said. "The launch of myASQ will provide members with community-driven content through an improved online platform. Through sharing and networking, myASQ will help quality professionals succeed."

Visit the new platform at my.asq.org.


CAREERS

Survey: Students Expect Technology Will Boost, Not Threaten, Their Careers

In the face of fears that technology could diminish or eliminate job opportunities, top university business students said they expect technology to have a significant and positive impact on their careers, according to a recent survey.

More than half of the nearly 100 students surveyed by KPMG at its International Case Competition last month said they anticipate technology will radically change the work they do, and none expects the impact to be negative.

"These students recognize the incredible opportunity that technology and digitization, such as artificial intelligence (AI), blockchain, and robotics, offer them. Harnessing that pioneering, entrepreneurial spirit is essential for growth in our markets," said Susan Ferrier of KPMG International. "Their ability to be early adopters and masters of new technologies will make them even more valuable in solving difficult problems in the world—whether that be in business or society at large."

When asked what the single biggest impact new technologies will have on their career experience, more than 35% expect it to enable them to do work that adds value or has a greater impact, while 21% see it providing the opportunity to focus on more interesting work. Close to 20% of students said it will enable them to constantly develop their skills and capabilities.

For more from the survey, visit https://tinyurl.com/KPMG-student-survey.

News Brief

Registration is open for this year’s American Production and Inventory Control Society (APICS) conference, taking place Sept. 30-Oct. 2 in Chicago. Keynote speakers for the event include Netflix co-founder Marc Randolph and Connie Podesta, a change management expert. For more details, visit https://tinyurl.com/APICS-conf.


HEALTHCARE

Urban Hospitals Score Low on Patient Safety Report Cards

The majority of urban hospitals don’t perform well on patient safety measures, according to the Leapfrog Group’s latest report card.

Of the 11 hospitals in New York City included in the spring 2018 Hospital Safety Grade report, only one—NYC Health & Hospitals/Metropolitan—received an "A" grade, while the rest received a "C" or "D." Additionally, just three of Los Angeles’ 12 hospitals in the report earned an "A," while six of them got a "C" or lower. One-third of Chicago’s 18 hospitals received an "A" grade, while 11 were rated "C" or lower.

Even though hospitals in large cities treat patients with an array of social risk factors, the location of a hospital is no excuse for poor performance on safety, said Leah Binder, CEO of the Leapfrog Group. "Patient safety doesn’t depend on the patient population."

While groups like Leapfrog continue to advocate for greater transparency in quality and safety metrics, there are discrepancies when comparing ratings. Some of the hospitals that received low grades from Leapfrog have been recognized for strong quality performance by other organizations. For example, Cedars-Sinai Medical Center in Los Angeles and Mount Sinai Hospital in New York City both received "C" grades from Leapfrog even though they were recently recognized by U.S. News & World Report as "Best Hospitals."

For more on the rankings, visit www.leapfroggroup.org/ratings-reports.


QUALITY HEADLINES

Quality-Related News From Around the World

-powered by Lexis Nexis

"To Create a Great Customer Experience, Sweat the Small Stuff." There’s a famous book called "Don’t Sweat the Small Stuff" that teaches people how focusing on the little things in life is a recipe for unhappiness. For organizations seeking to create the best customer experiences in their industry, however, sweating the small stuff and focusing on details can help them create a better customer experience. Read more at https://tinyurl.com/sweat-the-small-stuff.

"Feds Investigate Whether Ford Should Recall a Million Sedans Over Brake Failures." Citing more than 700 complaints about brake failures, federal safety regulators are intensifying an investigation into whether Ford should recall 1 million of its midsize sedans, including the Fusion and Lincoln MKZ. The failures resulted in 26 crashes and three injuries, according to a National Highway Traffic Safety Administration report. For more information, visit https://tinyurl.com/ford-recall-investigation.

"Is Southwest’s Low-Cost Business Model Putting Passengers at Risk?" Southwest Airlines runs its planes hard. They make many short hops and more trips per day than other U.S. airliners, which adds to wear and tear on parts, including the engines. As the investigation into Southwest’s deadly engine failure continues, Southwest CEO Gary Kelly could face questions about whether the company’s low-cost business model—which puts its planes through frequent takeoffs and landings—is putting passengers at risk. Read the full story at https://tinyurl.com/southwest-business-model.

To get a roundup of the week’s most noteworthy stories delivered to your inbox every Friday, subscribe to the QNT Weekly e-newsletter at asq.org/newsletters.


New @ ASQ

What's on our minds

The ASQ Inspection Division is hosting its annual conference Oct. 18-19 in Memphis, TN. The theme of the conference is "Quality—A Bridge to the Future." For more information, visit https://asq.org/conferences/inspection-division.


Average Rating

Rating

Out of 0 Ratings
Rate this article

Add Comments

View comments
Comments FAQ


Featured advertisers