Home About Blog Report & Survey Highlights Case Studies Q&A Interviews Services

Laura DiDio on…

Microsoft Azure Sphere chip for end-to-end IoT security from the Cloud to Network Edge

“MediaTek is a good partner [for Microsoft] to have for its Azure Sphere secure IoT chip,” said Laura DiDio, principal analyst with ITIC. “They will provide a Wi-Fi controller, the processor will run Microsoft’s Linux-based IoT OS and you’ve now got a highly secure, connected device at a decent price point.”

Channel Futures, April 17, 2018

Microsoft Reorganization:

“Microsoft has actually been moving away from Windows and more towards the cloud, analytics and AI for the past ten years,” explained Laura DiDio, an analyst at ITIC. “This did not happen overnight.” DiDio pointed out that Nadella has made major changes quickly during his tenure. “That’s the way you have to move,” to stay relevant, she said. “You’ve got to be agile to stay ahead of the game.”

The changes don’t mean that Microsoft is totally giving up on Windows, DiDio said. But they do mean that Nadella is focusing the company’s energies around stronger assets.

“They’re de-emphasizing Windows,” she said, in order to become a stronger “player in cloud and artificial intelligence, because that’s where the money is.”

CNN Money, March 29, 2018

Failure to deliver reliability and uptime:

“Time is money,” DiDio says. “Systems, networks and connectivity devices are subject to failure. If the downtime persists for any significant length of time, it can be expensive in terms of monetary losses. It can disrupt operations, decrease worker productivity and negatively impact the organization’s business partners, customers and suppliers.

“A security outage of any significant duration can also be a PR nightmare and damage the company’s reputation, causing lost business,” DiDio says. “Reliability and uptime go hand in hand with a comprehensive, detailed backup and disaster recovery plan that also includes an internal operational level agreement that designates a chain of command in the event of any type of service disruption.”

Every organization should have a disaster recovery plan that includes an itemized list of who to contact at vendor organizations, cloud and third-party service providers, DiDio says. “The CISO should also know what the company’s contracts stipulate as the response time from vendors, cloud, and third-party service providers to respond to and thwart security incidents and track down the hackers,” she says.

CSO Online, November 21, 2017

Cal State University and Hartnell College Launching Cohort Program:

“Since 2013, the two institutions have promoted this program as a way to attract minorities, women and students who are the first in their families to attend college to Computer Science and STEM subjects. The Cohort program nurtures these students by having them take their CS classes as a group.” DiDio says. It also helps them adjust more quickly to college life by providing them with group study and life skills classes to help them stick with CS as a major and graduate.

“So far, so good. A 75% majority of students enrolled in the CSUMB/Hartnell CS Cohort program graduate. This is well above the national average of about 30%,” DiDio notes.

ITIC Corp, November 17, 2017

Burger King Ad Creates Whopper of a Mess:

“In the Internet of Things environment, where you can have “an ecosystem or ecosystems of ecosystems interconnected, the attack vector universe is potentially limitless,” noted Laura DiDio, research director for IoT at 451 Research.

The risks are “everywhere, and what you can do is mitigate risk to an acceptable level,” she told the E-Commerce Times — but that requires vendors to make secure products.

E-Commerce Times, April 13, 2017

United Airlines Customer Service Snafus:

United’s behavior was “cavalier and callous,” said Laura DiDio, research director for IoT at 451 Research.

“The deck is stacked against passengers these days,” she told CRM Buyer.

However, this situation “is a PR nightmare for United Airlines,” DiDio added, “and it’s not going away.”

CRMBuyer, April 11, 2017

An overwhelming 80% of companies say that “end user carelessness” constitutes the biggest security threat to their organizations, surpassing the ever-present peril posed by malware or organized hacker attacks .

Additionally, 65% of businesses do not calculate the cost or business impact of security-related downtime and over 30% of firms are unable to detect or defend against a security breach in a timely manner when one does occur.

Those are among the top findings of the ITIC/KnowBe4 “2013 – 2014 Security Deployment Trends Survey.” The joint independent Web-based survey polled 500 organizations during October/November 2013 on the leading security threats and challenges facing their firms and their top priorities over the next 12 to 18 months. In order to maintain objectivity, ITIC and KnowBe4 accepted NO vendor sponsorship and none of the respondents received any remuneration for participating.

The data indicates that IT departments are hard pressed to stay abreast of myriad security issues which represent just one portion of their overall job responsibilities. Some 44% of survey respondents said their IT departments and security professionals spend less than 20% of their time on daily operational security. Another 32% said they devote 20% to 40% of their time on security. Only 20% of participants dedicate a significant portion of their daily and weekly administrative activities to securing their systems and networks.

The ITIC and KnowBe4 survey also went beyond statistics to delve into companies’ most pressing security issues and challenges via essay comments and first person interviews with C-level executives IT and security administrators. Those conversations revealed that organizations, particularly small and midsized businesses (SMBs), are especially anxious about the dearth of resources to secure their environments at a time when hacks are becoming more pernicious and the hackers more proficient.

The anecdotal data also suggests that IT and security administrators find themselves in unenviable and frustrating position of being caught in the middle between upper management and end users. They have difficulty convincing upper management to allocate the necessary monies and resources to secure the network. At the same time IT and security managers find it increasingly challenging to safeguard the network against end users. Many users unwittingly make the network vulnerable to malware, viruses and phishing threats via the “bring your own device” (BYOD) trend by falling for scams or clicking on bad links.

Without the appropriate level of security controls, the adoption of security awareness training and the implementation and enforcement of strong computer security policies and procedures organizations’ data is at increased risk of malware invasions, cyber attacks and litigation.

To reiterate, the biggest survey revelation is that organizations view their end users as a bigger threat than malware, phishing scams or deliberate internal or organized external hackers! The 80% of survey participants that said the“carelessness of end users” poses the biggest threat to organizational security far outpaces the 57% who cited malware infections as the largest potential security problem. Among the other survey highlights:

  • Top security priorities: 55% of users cite “Ensuring adequate and robust security for the business’ needs;” 44% cited the need to provide security awareness training.
  • Some 65% or a two-thirds majority of businesses do NOT calculate hourly security downtime costs compared to 21% of participants that said they did estimate the cost/impact of security downtime.
  • Of the 21% of organizations that claim to track downtime costs only 38% of respondents were able to provide specific cost estimates of hourly losses due to security breaches. In reality, only 5% to 8% of the total number of 500 respondent businesses is able to provide specific cost estimates related to security breaches/hacks.
  • Some 35% of firms expressed fear/concern about the threat posed by external, organized hackers.
  • Malware & viruses remain the most common type of security breach according to 56% of survey participants.
  • A seven percent minority of IT departments spend a 60% to 100% majority of their time on security-related endeavors.
  • Just three percent of firms indicated they had experienced more than 10 security breaches during the last 12 to 18 months.

Corporations do realize strong security is essential. When asked about their organization’s top security priorities in the immediate and intermediate future, a 55% majority indicated “ensuring robust and adequate security” followed by 44% who cited the need to obtain security training for “IT staff and end users” while 43% of respondents said their companies must “update and enforce security policies.”

There is no such thing as a 100% secure environment, security is a process and an ongoing work in progress. Organizations must be ever-vigilant and assume responsibility for their system and network security.

The joint ITIC/KnowBe4 2013 -2014 Security Deployment Trends Survey findings emphasize the need for corporations, C-level executives, IT and security administrators and end users to be aware of, proactively identify and thwart the innumerable potential existing security risks.

Share This Content:
1 Discussion
No Comments

Be the first to comment!

Post a Comment:

Laura DiDio on Facebook
Laura DiDio on LinkedIn
Laura DiDio on Skype
Laura DiDio on Twitter