Tech Bites – Engineering & Product Development
The cost of a data breach in 2019 came out to an average of $3.9 million. The U.S. proved to be the most expensive country, and healthcare was the most costly industry according to the IBM Cost of a Data Breach Report. Protecting company and customer data remains top priority for security professionals and 2020 will be no exception. Here are my predictions for how data privacy will shape the new year.
With Data Privacy Day upon us, it is the perfect time to forecast impending threats and share some security best practices to get professionals on the right track. Millions of people are unaware and uninformed about how their personal information is being used, collected or shared in our digital society. Data Privacy Day aims to spark that dialogue and empower individuals and companies to take action when it comes to their private information.
Data Privacy Day is an international effort to empower individuals and businesses to respect privacy, safeguard data, and enable trust. Unfortunately, the threats are coming, and they will not be any less intense, complex or difficult to manage in 2020. In fact, I would expect the opposite. Your security will truly depend on how your organization takes advantage of the knowledge and expert assistance available to safeguard your critical infrastructure.
Here are 10 predictions on data privacy in 2020:
#1 Wide-Spread Regulations Will Take Hold
In 2018 the General Data Protection Regulations (GDPR) was enacted into EU law. GDPR is a regulation covering data protection and privacy in the European Union and the European Economic Area. It addresses the transfer of personal data outside the EU and EEA areas. Since then, many companies within the United States have updated their policies on data privacy to comply, as well.
In addition to the GDPR regulations, the California Consumer Privacy Act (CCPA) was created in 2018 and went into effect on January 1, 2020. The CCPA is a state statute intended to enhance privacy rights and consumer protection for residents of California.
All companies that serve California residents and have at least $25 million in annual revenue must comply with the CCPA law. In addition, companies of any size that have personal data on at least 50,000 people or that collect more than half of their revenues from the sale of personal data, also fall under this law.
While new regulations may not go into effect in 2020, they will be in the works. In fact, many organizations that are not required to comply with GDPR or CCPA are taking actions to do so regardless. I expect more and more states to jump onto California’s bandwagon and pass state-level consumer privacy acts of their own. In 2020, experts are anticipating that over 10 states will enact similar laws to the CCPA.
Gaining customer trust is a tricky process, but losing it is simple. Leaving the security of customers’ personal data up to chance is not an option. There are many security options available to help protect you against breaches.
Security Recommendation: If you are not currently required to comply with either consumer privacy regulation, get ahead of the game and start the process early. There is no downside to being overly secure, compliant, and safe. Gain the trust of your customers, prospects, and partners by staying in front of the competition and evolving regulations.
#2 Ransomware will Target Cloud
According to a report by EMSISOFT, the combined costs of 2019’s ransomware incidents could be in excess of $7.5 billion. While they believe this overstates the actual costs (a small school district’s recovery expenses are unlikely to run to seven figures), it nonetheless provides an indication of the enormous financial impact of these incidents.
As ransomware continues to benefit cyber criminals, it will continue to evolve in order to maximize profits. In 2020, ransomware will turn its focus on the cloud.
Recently, untargeted ransomware attacks have plateaued, with attackers showing preference for targeted attacks against industries whose businesses cannot function with any downtime. These include healthcare, state and local governments, and industrial control systems.
As these industries and businesses move their important workloads to the cloud, ransomware will follow. It will start to target cloud-based assets including virtual environments.
Security Recommendation: Do not run from the cloud. Rather, find a cloud service provider with the proper security controls in place. Use advanced malware protection to detect evasive malware. Not all cloud services will fit your business needs. Hybrid cloud deployments are growing in popularity, and for good reason. In fact, Gartner Group reported that 90 percent of enterprises will operate some form on hybrid cloud by 2020.
#3 A Shortage of Skilled Workers Worsens
According to the State of Cybersecurity Hiring, cybersecurity jobs account for 13 percent of all information technology jobs. Yet, on average cybersecurity jobs take 20 percent longer to fill than any other IT job, even though they pay well.
The issue? Educational institutions are not producing enough qualified candidates to fill the demand for new information security employees.
Not a day goes by where we do not hear of some new data breach or attack. Meanwhile, consumers are becoming more and more aware of how their personal data privacy contributes to their own security. As a result, the demand for cybersecurity professionals is at an all-time high.
Unfortunately, according to the latest studies, almost three million cybersecurity jobs remained unfilled during 2018. I do not see the skill gap lessening in 2020. In fact, as attacks get more advanced, I foresee that skill gap widening.
Cybersecurity is a specialty, but most of the workers who practice it are not specialists. In many organizations, cybersecurity is a task built into other IT jobs, like network administrators. Overall, these “cyber-enabled” jobs form the majority (56 percent) of all cybersecurity-related openings, reported the State of Cybersecurity Hiring.
Security Recommendation: While certifications are crucial, there are too many jobs open and not enough certified workers. Employers may benefit from removing the upfront certification requirements. Instead of finding the perfect professional right out of the gate, make a commitment to ongoing education and training to foster growth with a good candidate.
Help newer professionals master the basics, then provide them with opportunities for advanced certification programs. Offer incentives for those working learners who present a strong possibility of bringing new energy into the IT security workforce.
#4. Multi-Factor Authentication Becomes the Standard
Multi-factor authentication has evolved to become one of the single most effective controls to insulate an organization against remote attacks. When implemented correctly, it can prevent most threat actors from easily gaining an initial foothold into an organization, even if credentials become compromised.
In the past, many organizations opted out of multi-factor authentication because it was cumbersome, but recently multi-factor authentication programs have simplified with cloud-only options. I believe that app-based multi-factor authentication is here to stay.
The ease of use both for the end user and the IT administrator managing these MFA tools will finally enable organizations of all sizes to recognize the security benefits of additional authentication factors.
Security Recommendation: If you have not already implemented multi-factor authentication throughout your organization, do so immediately. Everything from logging into a computer to accessing resources from the cloud should have some sort of multi-factor authentication tied to it.
#5 More Breaches will Happen Outside the Corporate Network
While many offices are allowing their employees to work remotely when it comes to increasing productivity and reducing burnout. With that comes a set of security risks to address before letting staff go completely mobile.
Mobile device usage for work and remote employees has been on the rise for several years now. A recent survey by WatchGuard and CITE Research found 90 percent of mid-market businesses have employees working half their week outside the office.
Many times, when employees work outside the corporate network, they lack network security, missing out on an important part of a layered security defense. I predict that we will see a rise in data breaches that involve remote workers, mobile devices, and off-premises assets.
Security Recommendations: Before implementing a remote workplace, create diligent off-network protections for your employees. Any work device that leaves the office needs a full suite of security services, including a local firewall, advanced malware protection, DNS filtering, disk encryption, and multi-factor authentication (among other protections).
#6 IoT Device Vulnerability
Securing IoT networks from an attack is essential but is full of significant challenges. Many IoT devices are online 24/7 and have significant bandwidth available, making them attractive targets for Distributed Denial of Service (DDoS) botnets. Hackers can also use them as stepping-stones to compromise an enterprise or home networks utilizing their backend connectivity.
As 5G becomes a reality, billions of humans and trillions of machines can take advantage of enhanced mobile broadband. Everyone from businesses to individuals will face technical challenges when it comes to keeping their data secure and managing their IoT devices.
Security Recommendation: Most mobile devices do not allow the users to disable cellular to Wi-Fi handover, or Hotspot 2.0. Windows 10 currently does, however. If unsure, individuals should use a VPN on their cellular devices so that attackers would not be able to access your data. For businesses looking to enable Hotspot 2.0, make sure your Wi-Fi access points (APs) have been tested independently to stop the six known Wi-Fi threat categories detailed at http://trustedwirelessenvironment.com.
#7 Security Budgets Will Increase
In the new year, businesses will significantly increase spending on cybersecurity. The big challenge is ensuring that the spending focuses on the right areas. Despite the record amount of money spent on cyber defenses worldwide, we will continue to see an uptick in data attacks and breaches. If funding is spent strategically, risk will be dramatically reduced. Unfortunately, the past as shown us that budgets are rarely spent in a beneficial way.
Security Recommendation: Rather than increasing a security budget for the sake of throwing money at an issue, get strategic on how your organization specifically needs security. Map out vulnerabilities that you face and vet out the appropriate vendors that have the security and compliance certifications and capabilities to reduce risk on your behalf.
#8 Enterprises Will Enforce Employee Security Training
Security training allows organizations to influence behavior, mitigate risk, and ensure compliance. There are countless benefits of initiating security awareness training within a company. In 2020 there will be an increased effort to enforce regular employee security awareness training to combat phishing and social engineering attempts.
Willis Towers Watson found that about 90 percent of cyber claims stemmed from some sort of human behavior or error. If a program is implemented to teach them about common scams, such as email attachments that contain malware or phishing emails that steal personal information, they are much less likely to accidentally click links or open files.
Security Recommendation: If your organization does not already, implement ongoing security awareness training. By providing mandatory education, employees are far less likely to click on a malicious link or share intellectual property with a cybercriminal using social engineering to gain access to confidential information.
#9 Malware Attacks on Medical Devices will Threaten Healthcare Security
There is an emerging trend of ransomware attacks on medical devices, creating serious vulnerabilities in healthcare security. While these attacks have mostly been under the radar, and are few and far between to date, we can expect an uptick in these highly targeted attacks in 2020.
Within the next five years, 44 percent of medical technology companies surveyed by Deloitte predict that all their devices will connect through IoT. This shift is creating a dangerous new attack surface. Despite the growing threat to medical devices, most U.S. healthcare providers still lack a documented strategy for protecting them. This lack of planning ensures that this will be a trending cyber threat in 2020.
Security Recommendation: HIPAA regulations especially the HIPAA Security Rule, provides cybersecurity guidance but does not constitute a set of comprehensive standards or IoT device rules. Start by auditing existing IoT policies for medical devices with a wide cybersecurity lens. In addition to a formalized policy, create processes and invest in solutions to improve compliance and overall security. You can learn more about protecting your IoT and Bring Your Own Devices (BYOD) here.
#10 Business Email Compromise (BEC) will Be a Top Threat Actor
Bad actors have used BEC for a considerable amount of time. Based on what we have seen in 2019 this has taken a step up in terms of complexity and profitability. According to Forrester estimated exposed losses due to business email compromise between 2016 and 2019 totaled $26 billion. We should expect that BEC will become even more profitable than ransomware.
Historically BEC has been aimed at getting users to unknowingly install malware to allow bad actors to gain access to networks to gather data. More recently it has been about creating plausible changes to payments.
Security Recommendation: To combat against these attacks, implement ongoing security training for your staff. Like security recommendation number eight, it is important that your staff is aware of the different types of malicious events they may receive. Warning them against what to open and what to send to security is top priority.
Get Ahead of the Risk with LightEdge
From secure and always on colocation to the compliance, control, and flexibility of cloud, LightEdge has you covered.
With over 20 years in business, LightEdge offers a full stack of best-in-class IT services to provide flexibility, security, and control for any stage of a customer’s technology roadmap. Our solutions include premier colocation across seven purpose-built data centers, industry-leading private Infrastructure as a Service (IaaS) and cloud platforms, and the top global security and compliance measures.
Our owned and operated facilities, integrated disaster recovery solutions, and premium cloud choices make up a true Hybrid Solution Center model. LightEdge’s highly-interconnected data center facilities now span Des Moines, IA, Kansas City, MO, Omaha, NE, Austin, TX and Raleigh, NC.
This article outlines the most important technical and design factors to be aware of when building custom software for use in a B2B context.
Building custom software for B2B companies is often vastly different from building digital products meant to assist B2C companies or be sold directly to the consumer. That’s because B2B companies build complex business procedures around the unique ways they serve their customers.
While B2C companies generally serve a mass market with relatively standardized, transactional products and services, B2B companies serve a much smaller number of customers. This means that each customer a B2B company serves represents a greater share of total revenue than the individual customers served by B2C companies.
This difference in relative market power forces B2B companies to compete for clients by offering greater customization and tailored service. For example, a building supply chain may give each contractor it serves bulk pricing and credit terms while expecting its DIY clients to routinely pay full price in cash. That’s because each contractor provides more revenue for the building supply chain than do the DIY-ers.
By catering to contractors, the building supply chain can make more money, but at a cost. Their business operations will become more complex due to the customized attention offered to their B2B customers.
The building supply chain is just one example of how intensive B2B services can translate into unique demands on a business. It can be difficult for a B2B business to scale when each client requires individualized attention. That’s where technology comes in. When designed with these customer needs in mind, custom software can help B2B companies deepen their capacity to serve more clients without having to add to their sales and support staff.
>> To win as a B2B service-based business, you’ve got to move faster and know more. What’s stopping you? Discover breakthrough with custom software development.
Unless a software product is customized to fit the real needs of a B2B business, it may end up making problems, rather than solving problems for the company. With that in mind, here are six technical and design factors product designers and developers should take into account when building custom software for the B2B context:
- Include Power Features
People using B2B software will often be completing more complex tasks than B2C app users. So, when building custom software for the B2B context, find ways to simplify user involvement. Think through power features such as keyboard-driven access (versus tap or click) for data entry, multiple selection processing, customized dashboard views, advanced search and filter options, and robust data import and export options.
These advanced features may be overkill, even detrimental, in a B2C context, like when a user checks their bank statements online. But in a B2B context — for example, a corporate accountant managing a complex set of books — power features are essential.
- Study Context of Use
People occasionally use B2C applications in abnormal contexts, such as using a fitness tracker while exercising. In comparison, B2B applications are routinely used in a wide variety of unexpected, high-pressure contexts. For B2B end users, money and reputation are at risk as they engage with a software product. Ensuring a design works in the context of daily activity is non-negotiable for a B2B application.
At Praxent, we’ve built custom software applications for a variety of B2B businesses. Many of them were designed for on-the-job use outside the traditional office setting. For instance, one application we designed was for use by medical staff as they rushed between hospital rooms. Another app we designed was meant to assist workers inspecting dark, above-ground oil tanks. We designed an app for consultants who spend a lot of time working on cramped airplanes, and we even built one for veterinarians who often use the app as they stand in a cow pasture in the middle of the night. Each of these extreme contexts of use had incredibly important implications for the design and functionality of the software we created.
Context of use affects every aspect of user demand on your software application, from what types of technology should support the app, to how the user interface should appear. It’s impossible to successfully design software for B2B circumstances in an air-conditioned conference room. Get out of the office and observe end users in their work environments. Then design based on what will make their lives easier.
>> How to Conduct Practical User Research (Without Spending Thousands)
- Ease Access to Human Support
B2B customers expect more individualized attention from their technology providers. While completely self-service technology may be a valid goal for B2C products, that is not the case for B2B. While B2B customers do expect to be able to conduct business after hours without needing to call for help, they also expect to get help immediately if the technology fails to deliver.
Plan in advance for B2B end users to contact customer support or their assigned account manager if they get stuck using a software product. Consider embedding chat, text, call, or help desk functionality directly within the product to save end users the time of switching contexts to reach technical support.
- Plan for Heightened Security and Privacy
While security and privacy are essential for any technology product, expect B2B customers to be more concerned with how their data is protected than the average consumer. In practice, this could mean offering on-premise hosting, ensuring all data is encrypted in motion and at rest, conducting regular security audits and penetration testing, and implementing strict access control and disaster recovery procedures.
- Invest in Software Engineering Best Practices
It would be silly to apply the same structural engineering practices when building a dog house as you would when building a skyscraper. Similarly, the amount of care taken to enforce software engineering best practices when building a new digital product should be commensurate with the corresponding complexity and size of the product investment.
B2B products tend to be an order of magnitude more complex than B2C products; therefore, they require more rigorous attention to best practice. To ensure smooth delivery to your client, consider investing developer time into creating:
- Repeatable DevOps processes
- Robust automated test frameworks
- Redundant, horizontally-scalable hosting environments
- Clean-up sprints to optimize code and pay down technical debt as it accumulates
- Design for Multiple Roles and Complex Workflows
B2B applications tend to have a range of user types. Multiple employees with various responsibilities and very different levels of authority will be accessing the same custom software application.
Custom software for B2B companies needs to allow for complex, configurable workflows and differing levels of data access. Consider the following features when designing for multiple roles and complex workflows:
- Single Sign-On capabilities
- Configurable role-based access control
- Hierarchical data access that mirrors a customer’s organizational structure
- Queue-based system for task management (This type of system emulates the physical inboxes that enabled corporate collaboration before the rise of computers.)
Custom Software that Becomes a Competitive Advantage
The software B2B companies use to run their businesses must facilitate financial growth by making the most of their customized business offerings. Digital product designers and developers can offer B2B companies the tools to not only do business faster, but entirely disrupt the way their industries operate.
That being said, B2B custom software is a huge investment. Building a digital product that not only serves your client’s business goals, but is also delivered on budget and on time requires strong development process, hands-on user research, personal and consistent communication, and expert designers and engineers who excel at creative problem-solving.
About Kevin Hurwitz
With more than fifteen years of experience delivering business software solutions for more than 150 organizations, Kevin carries the responsibility of delivering innovative web and mobile-based software solutions at Praxent. He provides strategic and technical oversight to all client engagements to ensure quality development and exemplary client experiences.
Praxent is a digital innovation agency. Our team of US-based digital strategists, UX designers, and software developers works nationwide, converging at our home base in Austin, Texas. Our passion is to transform processes, enhance experiences, and empower people for B2B businesses who want to win. We help our clients unlock potential and fuel growth with effortless user experiences and strategic technology tools.
Picture this: Doctors performing surgeries from miles away. Augmented reality devices providing employee training at a job site in real-time when a crisis occurs. Self-driving vehicles cutting down travel time by 40 percent. Twenty billion Internet of Things (IoT) devices communicating across the globe. Wireless connectivity that helps save lives and cuts healthcare costs by billions of dollars each year.
This is not the far-off future; this is happening now. Smarter devices, faster data, and new technologies have led to a dramatic shift in the way people consume information and how businesses apply it, leading to a significant increase in data demand and usage.
We live in a world where connectivity is no longer a luxury, it’s an absolute necessity to how we function and grow as a society.
5G technology is the solution that can deliver this type of connectivity. But implementing 5G doesn’t just happen with the flip of a switch. It requires an intricately connected web of communications infrastructure with many partners working together. The end-product, which we know as networks, are the result of cell towers, small cells, and fiber working in concert to ensure users have the coverage and access they need.
Source: Crown Castle
Small Cells: Making the Future of 5G a Reality
Small cells increase network coverage and capacity by bringing wireless networks closer to end users through a series of small cell “nodes.” These small cell nodes, connected by fiber, are smaller and more discreet than traditional towers and are typically deployed on existing infrastructure like streetlights, utility poles, and traffic lights.
Here in Austin, Crown Castle has also been working with the city to build the foundation for the fast-approaching 5G revolution, deploying miles of fiber, constructing 17 small cell nodes, and investing millions in Downtown Austin with this work.
5G and Manufacturing
5G’s impact will be seen across nearly every industry, particularly manufacturing. Smart factories are the future of the manufacturing industry, and the low latency and high reliability that 5G brings will support critical applications and advancement.
5G will enable greater agility on the factory floor, improved safety management, real-time data collection and analysis, and increased awareness of manufacturing processes through enhanced communications and feedback. The coming technology will also enable the automation and control of robots and smart logistics systems and make factories more efficient.
Companies are recognizing these benefits and investing in 5G. Here in Texas, Ericsson recently announced a new 5G smart factory in Lewisville. This facility will produce 5G radios and advanced antenna systems and utilize innovative 5G-powered solutions for on-the-floor processes including connected logistics, automated assembly, packing and product handling, and autonomous carts.
Crown Castle and the City of Austin
Austin has a global reputation as an innovation hub. The city prides itself on being commerce-friendly and promoting economic development.
Communications infrastructure and 5G technology play a leading role in fostering a competitive local business climate, and wireless bandwidth is essential for Austin to realize its potential as both a smart city and future global tech hub. From autonomous vehicles to smart manufacturing, the evolution of new technology and innovation relies on a robust, local communications infrastructure.
Full 5G coverage will take years and will depend, in part, on city leaders collaborating with the private sector to reduce regulatory barriers and streamline an expedited permitting process for small cells and fiber. Crown Castle looks forward to continued collaboration with the City of Austin and key stakeholders to prepare the region for the ever-increasing demand for data and information.
Malcolm Eve is a public affairs manager for the South region at Crown Castle, the largest provider of shared communications infrastructure in the U.S.