This week in Breaches!

full frame shot of abstract pattern

Photo by Sabrina Gelbart on Pexels.com

 

This week shows no shortage of targeted attacks designed to extract large datasets from a broad range of consumer sites.  Travel, finance and entertainment sites were targeted, impacting more than 100,000,000 unsuspecting victims.  If anything, this week clearly demonstrates why individuals need to proactively monitor for their compromised data with tools like our SpotLight ID – Personal Identity & Credit Monitoring Solutions.  The events of this week also clearly demonstrate why businesses must monitor for compromised credentials that can be used to exploit internal systems and to compromise or takeover customer accounts.

Highlights:

  • Leaked credentials from a 3rd party data breach used to exploit 45,000 Transamerica customers 
  • No Tickets for You! – TicketFly shuts down to identify and fix the source of leak impacting 26M customers
  • Booking.com shows that phishing attacks never take a vacation
  • Google Groups – taking a page right out of Amazon’s leaky bucket playbook?

In other news…

The City of Atlanta’s losing streak continues thanks to ransomware hacks! This time, the city’s evidence chain of custody breached, allowing police evidence to be destroyed – impacting investigations and prosecutions.
https://cyware.com/news/atlanta-ransomware-attack-destroyed-years-of-police-dashcam-footage-potentially-critical-evidence-9e8134ac

Europol has a new team dedicated to cybercrime on the Dark Web, hoping to monitor and mitigate criminal activity. Multiple law enforcement agencies throughout Europe are participating in this team, in addition to some non-European organizations. Keep fighting the good fight!
https://www.welivesecurity.com/2018/06/01/europol-eu-team-fight-dark-web/

Google Groups can’t get its act together when it comes to privacy settings, resulting in accidental disclosure of users’ private documents. If your business uses Google Groups, make sure to set your group to private!
https://www.securityweek.com/thousands-organizations-expose-sensitive-data-google-groups

It looks like there’s more than just gators to watch out for in the sunshine state… Florida named the worse state in consumer cybersecurity.

https://www.darkreading.com/vulnerabilities—threats/survey-shows-florida-at-the-bottom-for-consumer-cybersecurity/d/d-id/1331983


 What we’re STILL listening to this week!

Security Now – Hosted by Steve Gibson, Leo Laporte

Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)

Small Business, Big Marketing – Australia’s #1 Marketing Show!

TicketFly

Exploit: Database misconfiguration, hacker doxing/ransoming

Risk to Small Business: High: Demonstrates the impact of database misconfiguration and security controls.
Risk to Exploited Individuals: High: Social engineering and identity theft as a large amount of personal information including names, addresses and phone numbers of customers were leaked.
TicketFly: Owned by Eventbrite, TicketFly is a popular site where customers can purchase tickets online for upcoming events and shows.

Date Occurred
Discovered
May 30, 2018
Date Disclosed TicketFly made an official statement on June 6, 2018
Data Compromised Email addresses, Phone Number, Billing Address and Home Addresses
How it was Compromised A hacker attempted to contact the company about a vulnerability, demanding 1 Bitcoin as ransom to reveal the weakness. The hacker claims the emails to the company went unanswered so the cybercriminal vandalized the TicketFly site and leaked some of the information acquired to the press.
Customers Impacted
26 million, and even more if you consider the customers who are unable to buy tickets while the site has been down.
Attribution/Vulnerability Undisclosed at this time.

https://www.marketwatch.com/story/ticketfly-breach-may-have-exposed-data-of-26-million-customers-2018-06-03

MyHeritage

Exploit: Unsecured/misconfigured data store. Poor data at rest encryption. Poor password encryption.
Risk to Small Business: High: Demonstrates the impact of database misconfiguration, security controls and weak encryption.
Risk to Exploited Individuals: Moderate: Email addresses leaked but DNA/family history data supposedly stored separately.
MyHeritage: Users search historical records and create a family tree using this web-based service from Israel.

Date Occurred
Discovered
October 26, 2017
Date Disclosed June 4, 2018
Data Compromised
All email addresses and hashed passwords of users up to October 26, 2017
How it was Compromised
The CISO of MyHeritage received a message from a researcher that he had found a great deal of MyHeritage’s data on a server not connected with the site. The CISO confirmed that the data originated from their site but exactly how the data was acquired is not clear as of now.
Customers Impacted
92,283,889 Users
Attribution/Vulnerability Unclear, but MyHeritage did not store passwords, instead of storing a one-way hash of each password that has a key unique to each user. All credit card information is located on third party sites and the most sensitive information the website holds such as family tree and DNA data is stored in segregated systems with additional layers of security.

https://blog.myheritage.com/2018/06/myheritage-statement-about-a-cybersecurity-incident/#

https://motherboard.vice.com/en_us/article/vbqyvx/myheritage-hacked-data-breach-92-million

Transamerica
Exploit:  Compromised credentials
Risk to Small Business: High: Demonstrates the need to proactively monitor for compromised credentials from 3rd party data breaches and phishing attack mitigation.
Risk to Exploited IndividualsHigh: Highly sensitive personal information was stolen and could be used to impersonate an employee; or an outside agent could pose as a relative of an employee to phish for information

Transamerica: This company offers mutual funds, retirement strategies, insurance, and annuities.

Date Occurred
Discovered
Between March 2017 and January 2018
Date Disclosed May 2018
Data Compromised
Names, Addresses, Social Security Numbers, DOB, Financial data And Employment Information
How it was Compromised Third party compromised credentials were used to access user’s account data
Attribution/Vulnerability Outside actor

https://cyware.com/news/transamerica-hacked-nearly-45000-retirees-personal-and-sensitive-details-stolen-c2c419f5

https://www.theregister.co.uk/2018/06/05/transamerica_retirement_plan_hack/

Booking. com
Exploit: Phishing

Risk to Small Business Risk: High: Demonstrates how well-crafted phishing attacks can lead to massive data loss even with strong end-user security awareness training program and security tools in place.

Risk to Exploited Individuals: High: Money was stolen from the individuals who responded to the convincing email, and their stolen personal information could be used again.

Booking. com: A popular site for booking hotels, houses, apartments and boats.

Date Occurred
Discovered
June 2018
Date Disclosed June 3, 2018
Data Compromised Names, Addresses, Phone Numbers, Dates, Price of bookings and Reference Numbers
How it was Compromised
Certain properties of Booking.com received a link that detailed a security breach and urged them to change their password. Once the link was clicked the hackers had access to booking information that they used to send highly convincing phishing emails to customers asking for advance payments. The emails contained booking and pricing info for previously booked rooms, making the emails almost indistinguishable from an actual email from the company. The company reported that there was no compromise on their systems and that any customers who lost money due to the incident will be reimbursed.
Attribution/Vulnerability Outside actors, deployed through spam email campaign

https://www.independent.co.uk/travel/news-and-advice/travel-website-hackers-cyber-crime-phishing-holidays-a8382771.html

https://www.thesun.co.uk/money/6437309/hackers-target-booking-steal-thousands/

https://www.scmagazine.com/cybercriminals-phish-bookingcom-customers-after-possibly-breaching-partner-hotels/article/771091/

PageUp
Exploit: Malware
Risk to Small Business Risk: High: Demonstrates that malware exploits are often very difficult to detect and defend against.

Risk to Exploited Individuals: High: It is unclear what information has been compromised and from which customers of PageUp, but given the nature of the company and the information they store, the risk is serious.

PageUp: A large Australian company that provides HR, career, and recruitment service to large and small businesses around the world.

Date Occurred
Discovered
May 23, 2018
Date Disclosed June 6, 2018
Data Compromised Unclear, but passwords were hashed and salted
How it was Compromised
The investigation into the breach is ongoing, but due to the new implementation of GDPR in Europe and Australia’s Notifiable Data Breaches Scheme, PageUp disclosed the breach in compliance with the laws.
Attribution/Vulnerability Malware was found on one of PageUp’s IT systems, but how the malware entered the system is still being investigated

https://www.bleepingcomputer.com/news/security/malware-infection-at-hr-company-triggers-flurry-of-data-breach-notifications/


An important takeaway from this week finds its origin in research done by Dr. Michael McGuire, funded by Bromium and titled ‘The Web of Profit’ : The unfortunate truth is that crime does pay.Cybercrime produces 1.5 Trillion each year, which rivals Russia’s GDP and would place cybercrime at number 13 in a comparison of the world’s highest gross domestic product. $500 Billion of that can be contributed to intellectual property theft and data trading accounts for $160 Billion.

The scope of cybercrime profits and influence points to the conclusion that it is an economy in and of itself, a conclusion that is supported by the growth of platform criminality. Platform criminality is much like the business models of platform businesses such as Google, Uber, or Amazon that trade in data. Data is a profitable business as demonstrated by these famous companies (or at least two of them), and criminals have taken note.

Using the Dark Web as a means of facilitating transactions, cyber criminals are able to buy and sell anything from data to a day-zero exploit. The main takeaway from looking at how cybercrime has evolved is that cyber criminals are selling crime rather than committing it. Much like how Uber is selling a platform where drivers are paired with passengers, criminals are selling the tools and data needed to commit cybercrimes over ‘back alley’ marketplaces.

The research done by Dr. McGuire also highlights the importance of monitoring the Dark Web for personal information, stating:

New kinds of software tools are required for uncovering how cybercriminals are using digital technologies for hiding and laundering revenues. One example would be virtualization tools that can generate safe havens, isolated from the internet, where illicit revenue-generating activity can be diverted and neutralized. Another would be more sophisticated scanning tools capable of better tracking and locating items of value across the net – in particular, personal data”(125).

The Dr. also concluded that while Dark Web monitoring is vital to combatting the economy of cybercrime, it is far from an easy task. The difficult nature of monitoring the Dark Web is not just because it is harder to navigate than the traditional web… explains McGuire, it is “because many of the sites only grant access by word of mouth, or on the basis of ratings status and trust, which may take some time to build up” (57). The Dark Web and the economy surrounding it is nothing to take lightly, and ignoring its existence only adds to the ability for cyber criminals to go about their work unscathed. Dark Web ID by ID Agent fulfills this need for Dark Web monitoring, instead of turning a blind eye to the complex and dynamic reality of the cybercrime economy our services dive right in.

https://learn.bromium.com/rprt-web-of-profit.html

https://www.darkreading.com/cloud/cybercrime-is-skyrocketing-as-the-world-goes-digital/a/d-id/1331905

Advertisements

Prime Telecommunications sponsors a hole at the Action Sertoma Golf Outing!

Prime sponsors a hole

 

The Action Sertoma Club would like to thank all of our supporters of our 2016 Golf Outing Fundraiser which was held on July 13th 2016, at the Odyssey Country Club in Tinley Park, IL.

 The event was a tremendous success, the weather was perfect, over 230 golfers and guests attended the event, and it would not have been such a great success without your support.

 We thank you for being a  Hole Sponsor.

 Each year our club attempts to raise more funds then the previous year. This year was no exception.

 All of the funds raised at this event will be donated to the Sertoma Centre, Inc. The Centre since 1971 has been assisting people with personal challenges, including mental health, developmental, mental and physical disabilities.

 This year over 1,200 people with disabilities are being served daily.

 Again we thank you for your support, without you we would not be able to assist in the donations we make to the Sertoma Centre, Inc.

 

Waazzzup? WaaS – Work Space as a Service!

Prime Telecommunications, Inc., an industry leader in unified communications, announced today the release of their newest technology deployment, which is their WaaS (Workspace-as-a-service) program that is being offered to the SMBs (small to mid-sized businesses). The program is designed to help businesses make the proverbial jump to the cloud. As the number of executives increase, so does the demand for more flexible and secure applications, hardware, software and virtualized components. WaaS takes this a step further, by taking office technology to new heights by running every component through a virtualized network, instead of requiring local device management. Prime Telecommunications is very excited to announce this program and to share the value-adds with their existing client base.

In layman’s terms, WaaS virtualizes every component on a desktop computer. So instead of having a physical component such as servers on-site, which can become obsolete, security-breached or malfunctioning, all components are run through the cloud. For end users, this means that every single component of an employee’s workstation will be available to them, regardless of where they’re located or which device they happen to have with them. Everything resides in the cloud including all software, data, file sharing capabilities, Microsoft programs, and line of business software.

“We’re so excited to offer our WaaS program to SMBs,” stated Vic Levinson, President at Prime Telecommunications. “The majority of businesses will be transitioning the bulk of their IT infrastructure to the cloud and our WaaS solution enables them to do it in a secure manner without compromising their need for flexible access to all of their software tools and programs. Most businesspeople don’t have access to all of their technology at any point in time and WaaS eliminates this problem forever. Furthermore, the complete virtualization of the IT network into the cloud bolsters security. For example, in a WaaS environment, employees can BYOD (Bring Your Own Device) onto the network without any hassle and if that employee leaves the company, their access to the cloud can simply be deactivated, drastically reducing the risk of data loss, systems-breach or malicious use. The case for WaaS is quite clear, because it increases employee flexibility and company security. Over time, these combine to drive productivity and boost the bottom line, which is the core reason for any technology to reach popularity in the business community.”

Only 10% of Hospitals & Clinics Keep Their Patients’ Data Safe

According to privacy researchers at the Ponemon Institute, “Recent numbers show 90% of health care organizations have exposed their patients’ data — or had it stolen — in 2012 and 2013.” The implications of this research are far-reaching and unsettling for most consumers.

Most attacks are caused by hackers who want to acquire medical records due to their extreme value. The information in medical records (name, birthdate, addresses, phone numbers, medical history and social security numbers), can be easily used for identity theft, fraudulent medical billing or acquiring prescriptions to resell on the street. Hackers can use the medical information to accomplish just about anything once acquired. This flaw in IT security is not a series of isolated incidents but an incredibly widespread problem now affecting millions of people across the nation.

In August, Community Health Systems reported that Chinese hackers had allegedly stolen a staggering 4.5 million patient records in what could be the largest breach of patient data to date. The company is treating the breach as a violation of HIPPA, even though the hackers didn’t gain access to medical records (only names, addresses, birth dates, phone numbers, and Social Security numbers were stolen). The breach happened between April and June this year, and was discovered in July. According to cyber-security firm Mandiant, which helped investigate the breach, the group responsible for the attack is known as “APT 18,” and may have links to the Chinese government.

The majority of hospitals and health organizations are using outdated technology on a single network making the job of hacking into networks even easier for criminals. IT security is often a large oversight for healthcare organizations because their objective is to save lives. Unfortunately, lack of internal IT expertise and outdated technology plagues the healthcare industry making it an easy target.

The challenge here is that doctors are inherently more interested in saving lives, instead of upgrading their IT security. This a great thing for society and we believe that’s exactly what doctors should be focused on! The only thing is that IT security must be addressed too. Over the years, we’ve learned exactly what it takes to protect health organizations and we love being a part of the solution to this problem. It’s unfortunate when something like this happens but it brings much needed education to the issues at hand. We consider it our duty to educate our market and provide doctors with the technology tools they need to do their jobs, protect their  patients and spend their time focused on saving lives, instead of firewalls. That’s our job.

What lessons can business learn from the Healthcare.gov roll out?

healthcare gov

Regardless of whether you are for or against the Affordable Care Act (a.k.a Obamacare), there are still important lessons to be learned for business in the roll out of the website Healthcare.gov.

Government has a long history of spending money unnecessarily. But in an age when the U.S is home to the world’s largest, most successful Internet companies, how is it possible that we can’t even manage to build a functional website without blowing through hundreds of millions of dollars?

1.       Political Interests Trump Operational Interests

The federal  government has too many political interests involved in the acquisition process. The biggest takeaway though, is that the way that the federal government bids out software is fundamentally broken. According to reports in the NY Times, the managers at the Centers for Medicare and Medicaid Services  (CMS) were tasked with the oversight.  They did not have experience in integrating a project of this complexity

2.       There is no substitute for Experience

There are clearly companies in the industry who understand exactly the kind of problems that healthcare.gov needed to address. Intuit’s online TurboTax is much more complicated than the sign-up process for healthcare, and it works under heavy load. Amazon and Google both handle crushing loads gracefully as well. Why can’t the government draw on this kind of expertise when designing a site as critical to the public as healthcare.gov, rather than farming it out to the lowest bidder?

3.       Test extensively before roll out

Load testing is your friend. If there’s a positive message that we can glean from the collapse of the portal, it is that there are a LOT of people interested in getting healthcare via the government. Unfortunately, that has led to what is effectively a DDoS attack. It has become abundantly clear that the site was never stress-tested under anything like the type of load it is encountering. The solution so far has been to put people into a queue, something that would get a site like Amazon laughed out of the marketplace. “I’m sorry, we’re a little busy right now, try shopping later?!!”

Creating realistic load testing of a site as complicated as healthcare.gov isn’t easy, but just having a thousand bots load the home page isn’t going to give you a realistic load test, especially of database transactions. You need to really bang on the core functionality of the site, and tune the heck out of it.

4.       When you’re wrong, promptly admit it

Companies such as Google, Amazon.com, Twitter, and Facebook all think in terms of platforms talking to applications. They deploy lots of small teams that are expected to ship new features and fixes all the time—sometimes daily. Like anything that involves human beings, shipping code can devolve into squabbling, missed deadlines, and flawed releases. The programming community’s key realization is that the solution to these problems is to create more transparency, not less: code reviews, tons of “unit tests” to automatically find flaws, scheduled stand-up meetings, and the constant pushing of new code into the open, where it’s used by real people. To cite just one example, developers at the giant online marketplace Etsy are encouraged to release code to the world on their first day of work. Of course it is going to have bugs- deal with them and fix them.

5.        Don’t reinvent the wheel. Use open source.

Government IT can’t work in such a transparent way. Or could it? There’s a whole set of tools, methods, and processes already set up and ready to use, all embodied in the culture of open-source software development. The U.S. federal government, led by the executive branch, should make all taxpayer-funded software development open-sourced by default. In the short run, this would help to prevent the recurrence of problems like those that plague healthcare.gov. Longer term, it will lead to better, more secure software and could allow the government to deliver a range of services more effectively. And it would enrich democracy to boot.

The basic goal of the free software movement is to make useful software code available to anyone who wants it. Thirty years ago this sounded like communism, because code was seen as a kind of property. But in recent decades many people have come to believe that software code is more like a conversation. (As one famous programming textbook put it, “Programs must be written for people to read, and only incidentally for machines to execute.”) That’s why people say that free software is free as in free speech, not as in beer.

Want to open-source code? Choose a free software license and release your code online with the text of that license attached. That’s all it takes. History shows, however, that just licensing code and making it available isn’t enough. You need to create a culture around your project and engage with other people doing related work. If you do a good job of it, you and your collaborators can create great, first-class, highly secure software. Web browsers such as Mozilla Firefox and Google Chrome were built this way.

The government has an advantage over typical open-source projects. People, including programmers, are intrinsically interested in what it’s doing, often because their lives are affected directly. If it wanted to, the U.S. could tap an army of interested coders ready to support official efforts

Read more:  I used the following articles in preparing this post.

http://programming.oreilly.com/2013/10/what-developers-can-learn-from-healthcare-gov.html

http://www.businessweek.com/articles/2013-10-16/open-source-everything-the-moral-of-the-healthcare-dot-gov-debacle

http://www.digitaltrends.com/opinion/obamacare-healthcare-gov-website-cost/#ixzz2kSlTevvq

Web Experience: What the HealthCare.gov Fiasco Teaches Us

To start this off, I am biased. I am for affordable healthcare, I am for the affordable heathcare act, I own and run my own small business. I understand technology. I have worked on small governtment IT projects through the GSA. Therefore, I am an interested party with some experience. I do not have a political agenda or a party affiliation. I vote- but I do not contribute to political campaigns.

Now that you know what my bias is, let’s just say I am really upset.

“For the first time in history, a president has had to stand in the Rose Garden to apologize for a broken Web site,” Clay Johnson writes for the New York Times. That is extraordinary. Think back even 10 years. Would any government website have got that sort of attention then?

So, the Web has become truly critical to society. And this is really positive. Because the Web is the interface between humans and technology. When there is a focus on the Web there is a focus on how things work, how easy it is to do things.

The web exposes giant technological investments that are hidden behind the scenes. And as anybody who works in the technology world knows, a huge number of these systems are massively expensive and grossly inefficient.

What went wrong?

Integration – Inept chain of command

CMS serves the important role of systems integrator or “quarterback” on this project and is the ultimate responsible party for the end-to-end performance of the overall Federal Exchange. Basically, the Centers for Medicare and Medicaid Services were not the right choice to integrate all of the different vendors. They may know how to acquire lots of products and services- but they don’t know how to build a high-traffic transactional website.

Integration- Acquisition Process

CMS had to play by the governments own way for acquiring products and services. They may know how to acquire lots of products and services- but they don’t know how to build a high-traffic transactional website.

Testing.

Not enough tests were performed on the HealthCare.gov website by the government and its contractors before the site was launched Oct. 1, a Department of Health and Human Services official said Thursday.

“The system just wasn’t tested enough,” said Julie Bataille, communications director for the Centers for Medicare and Medicaid Services, which is in charge of the site. “We all know we were working under a compressed time frame to launch this on Oct. 1.”

Timing

They did not make the project fit into a realistic time frame. They had three years to work on this and they came out with a camel (e.g. a horse designed by a comittee). It reminds me of a paper written the night before a deadline- okay to learn from for sophomores in highschool. Unacceptible anywhere else.

Architecture- USE THE CLOUD

This was built trailblazing new paths backwards. Use of the cloud- setting up applications, testing them, virutalizing servers and adding capacity would have been the way to go. Trying to reinvent the wheel and building everything from scratch is prone to difficulties as we have found out.

Cheryl Campbell

 

optum

 

In the course of the past twenty years,if  things went horribly wrong, we got called out to our client to account for our actions. In some cases, we actually made the clients whole by compensating them. It was the right thing go do. I expect no less of our elected officials, bureaucrats and government contractors. It’s called leadership.

Prime is Coming out of the (Phone) Closet- Cloud Computing, Cloud Phones, Cloud Business Management

We went to a seminar this past week. We followed up with some pretty intensive vendor training from our partners- and there will be more on their offerings in the coming weeks. We learned a lot- and would love to share it with you.

Here are some reasons to give serious consideration to cloud-based business services.

BYOD

The “bring your own device” (BYOD) movement is rapidly altering the business landscape. Employees want to use the power and convenience of their smartphones to access data, sales reports, and other tools to enhance efficiency. Likewise, enterprises appreciate what improved productivity generated by the BYOD movement can do for the bottom line.

Immunity From Disaster

Another major benefit of the cloud is disaster management. Cloud-based communications systems include automatic redundancy. Voice, data, and all digital information are typically routed to multiple data centers. The days of a business losing business hour-by-hour when its phone system goes down is a thing of the past. Fires, super storms, equipment failures, and even cyber-attacks are no match for the built-in redundancy of IP-based telecommunications.

Those that had embraced VoIP phones and cloud-based computing on the East Coast prior to Superstorm Sandy were often able to continue operations when others with traditional systems were down for days.

Business Management “To Go”

For business managers and executives, cloud-based operations allow them to, in fact, be “two places at once.” One can head out to an impromptu but vital sales call without worrying about what will be missed while you’re gone. The advantages of a fully integrated system go well beyond the mere ability to stay in touch via smartphones. Full, seamless integration of all company operations is possible in the cloud, and it can be done securely.

OfficeSuite is one such platform that can integrate your office phones, mobile devices, and data networks into a single system. Over 100,000 business professionals nationwide already enjoy the ease and efficiency of cloud-based communications and business management. Companies like Broadview Networks has already helped many clients to realize productivity gains through OfficeSuite’s business phone systems.

No longer want to be tethered to your office phone? Move your operations to the cloud and you will feel liberated as you can conduct essential business from anywhere at any time – and on any device.

Scalability

Phones that work over the Internet can be set up without the need for telephone installers at your premises. Better yet, as soon as you add staff or new locations, the system is readily scalable. Grow as you need to without having to spend precious capital for new equipment. As you grow, simply add new licenses for your new employees and set them up on the system in minutes.

The number of businesses around the world that will be using Internet-based phone systems is expected to double in 2013, to over 100 million. There’s a reason for this communications revolution, so see how your productivity can soar with cloud phones and cloud-based business management.

Video conferencing is booming. Here are 7 reasons why.

Video conferencing has been around for almost three decades, but in 2013, it is rapidly becoming an everyday part of doing business. As consumer offerings have grown, business interest has also expanded to meet the desire for a richer form of communication.

In our new Trend Advisor, “Video Solutions in theEnterprise,” we explore the seven reasons why corporate video conferencing is booming and why businesses of all sizes can’t afford to be left out.

One trend is how the proliferation of smart mobile devices is driving the desire for life like, affordable and easy-to-use video conferencing in the workplace.

To read the other six trends that are fueling corporate interest in adopting video conferencing, download the free Avaya Trend Advisor here: http://bit.ly/WZgzve.    

Consumerization of IT, BYOD and the Cloud

When the first personal computers appeared nearly 40 years ago, it was a revolutionary moment. The ability to set up a spreadsheet on the screen of a computer and instantly recalculate when any variable changed was such a huge advance that workers would secretly slip PCs (i.e., the Apple II) into the workplace under their coats. And so consumerization and the first Bring Your Own Device (BYOD) assault on the IT department were underway.  Eventually, of course, IT reasserted control, thanks to the ascendancy of MS-DOS and later Windows.

Fast forward to 2012. Instead of slipping PCs in under their arms, workers armed with tablets, smartphones, ultrathin laptops and more are once again manning the ramparts. It’s déjà vu all over again, but this time it’s here to stay. Unlike the first PCs, today’s devices are cheaper, smaller and far more versatile.

At the end of 2011, there were 6 billion mobile subscriptions, according to The International Telecommunication Union (2011), equivalent to 87 percent of the world population. Some 300,000+ applications were downloaded 10.9 billion times. On average US feature-phone users have 10 apps on board.

Given the scale of the change, more and more consultants like Forrester are warning of major disruptions if businesses do not implement a thorough mobile strategy across the enterprise. These disruptions include problems in coordinating data, network access and applications across multiple channels; servers and infrastructure that are unable to handle the surge in activity; applications poorly constructed for user engagement; and business processes that are misaligned with mobile requirements.

Forrester recommends that companies start to get a grip on the new era of mobility by establishing the office of the chief mobility officer with a focus on crafting an approach to the company’s mobile architecture and mobile engagement practices, including the adoption of Cloud solutions, which are being driven by the mobile shift.

BYOD, consumerization, the Cloud and more are all here to stay. Waiting to see how they evolve is likely to leave you feeling overwhelmed.

Adding the Human Touch to Mobile Engagement

A power shift is taking place in the dynamics of customer engagement. And it impacts every company—large and small.

The shift began well over a decade ago with the Internet. This made it possible for customers to go online 24/7 to do research, browse solutions and make buying decisions.  Now the mobile revolution is taking this powershift to a new level.  As Forrester researchers Ted Schadler and John C. McCarthy note in their recent report, Mobile Is The New Face of Engagement; ‘by 2016, more than a billion people will be using mobile devices to engage with brands, information, and each other.”

Using these mobile apps, people can act “in the moment” to check a status, find an expert, receive an alert, make a purchase, answer a question, share an opinion, send a message, etc. This shifts more power from institutions to individuals. It takes the revolution that was started by the PC and the Web, bringing it to an entirely new level.

But this powershift isn’t all one-way. Companies can also take advantage of the powershift to differentiate themselves and maintain the connection with their customer base that is critical to long-term success. In fact, it’s a business imperative for companies doing business on those terms to find  ways to add the human touch to mobile engagement.

Avaya has provided a fascinating analysis of this in a whitepaper that focuses on how this dynamic is playing itself out right now in the insurance industry. (To see the full whitepaper, go to http://www.avaya.com/uk/resource/assets/whitepapers/SVC7067%20Claims%20Processing%20WP.pdf

According to the consulting firm Accenture, nearly half of all insurance policies today are renewed or bought online rather than through agents. As a result, many consumers only interact with their insurance provider when they need to file a claim. When that moment comes, consumers want the convenience of a mobile app, but research shows they also value “concern” from their insurer. They want timeliness, courtesy, promptness and knowledge, but they also want the understanding, empathy and willingness to listen that only another human being can offer.

For insurance companies, this means that personalizing the new mobile interaction channels (e.g. smartphones and tablet PCs) will be imperative. Click-to-call, click-to-chat, co-browsing, one-touch video and other techniques can merge aspects of online self-service with personal live interaction, capitalizing on the best of both worlds.

In words that apply to many industries, the Avaya whitepaper notes that “Today, when alternative insurance options are at every consumer’s fingertips, brand loyalty is of utmost importance… responsiveness and personal interaction at each step of the claims process and at each touch point with policyholders can capture an important opportunity to solidify brand loyalty and, as a consequence, grow their business.”

To read the full whitepaper, go to http://www.avaya.com/uk/resource/assets/whitepapers/SVC7067%20Claims%20Processing%20WP.pdf