tag:www.econsultancy.com,2008:/topics/security Latest Security content from Econsultancy 2018-04-10T11:00:00+01:00 tag:www.econsultancy.com,2008:BlogPost/69935 2018-04-10T11:00:00+01:00 2018-04-10T11:00:00+01:00 Companies should consider embracing the GDPR even where they don't have to Patricio Robles <p>In <a href="http://tacd.org/wp-content/uploads/2018/04/TACD-letter-to-Mark-Zuckerberg_final.pdf">a letter</a> to Mark Zuckerberg, members of the Transatlantic Consumer Dialogue, a coalition of US and EU consumer groups, wrote:</p> <blockquote> <p>The GDPR helps ensure that companies such as yours operate in an accountable and transparent manner, subject to the rule of law and the democratic process. The GDPR provides a solid foundation for data protection, establishing clear responsibilities for companies that collect personal data and clear rights for users whose data is gathered. These are protections that all users should be entitled to no matter where they are located.</p> </blockquote> <p>The letter comes less than a week after Zuckerberg <a href="https://www.reuters.com/article/us-facebook-ceo-privacy-exclusive/exclusive-facebook-ceo-stops-short-of-extending-european-privacy-globally-idUSKCN1HA2M1">stated</a> that he agreed “in spirit” with the GDPR but refused to commit to adopting it worldwide. “We're still nailing down details on this, but it should directionally be, in spirit, the whole thing,” he told Reuters, a statement that is unlikely to satisfy the growing number of critics of his company.</p> <p>While it remains to be seen whether or not Facebook will eventually give in, the situation does raise an interesting questions: should companies adopt the GDPR as a global standard, applying it to users and customers they aren't required to?</p> <p><a style="border: 0px; vertical-align: baseline; color: #3380ff;" href="https://www.econsultancy.com/training/courses/gdpr-data-driven-marketing"><img style="font-weight: inherit; font-style: inherit; vertical-align: baseline; font-variant: inherit;" src="https://assets.econsultancy.com/images/0009/4384/London_F2F_GDPR_course_BOOK.png" alt="gdpr course" width="615" height="214"></a></p> <p>Here are four reasons why they should consider it.</p> <h3>GDPR compliance is no simple task</h3> <p>While many companies with the greatest exposure to GDPR risk are still ill-prepared for its impending implementation, as the risks come into focus and the inevitable initial enforcement actions demonstrate that they're not merely theoretical, expect to see a scramble for compliance. </p> <p>Unfortunately, complying with the GDPR is not exactly a straightforward process. Understanding what the rules are and figuring out what specific actions need to be taken to comply has proven to be quite an undertaking for many companies. Given that, companies should consider that if they're going to make a substantial investment of time and money to comply, it might make a lot of sense to leverage that investment across all their operations. </p> <h3>Global application might be easier</h3> <p>For many companies, trying to treat individuals subject to the protections of the GDPR differently than individuals who aren't might actually prove to be more difficult and costly than simply treating all individuals the same regardless of where they're located. </p> <p>Consider, for example, the fact that a US citizen who moves to an EU country <a href="https://www.itgovernance.eu/blog/en/expert-gdpr-qa-international-transfers-brexit-and-eu-us-privacy-considerations/">would be</a> covered by the GDPR. For many companies, detecting such a move and responding to it might prove more difficult than it would seem it should be.</p> <h3>Similar regulation is likely coming outside of the EU</h3> <p>There's a growing consensus that GDPR-like regulation will be adopted outside of Europe, including in the US. While it's likely that there will be differences between regulations in different parts of the world, expect to see countries like the US look to the GDRP <a href="http://www.thedrum.com/news/2018/03/27/let-s-look-gdpr-global-data-protection-regulation-grapeshot">as a model</a> when they get around to creating their own scheme.</p> <p>This means companies that embrace the GDPR as a global standard will likely be better positioned to comply with similar regulations when and as they're implemented.</p> <h3>The tide has turned on privacy</h3> <p>Perhaps the biggest reason companies should consider applying their GDPR compliance to their global operations is that it's becoming increasingly evident that there is sea shift taking place vis-à-vis data collection, usage and protection.</p> <p>The Cambridge Analytica scandal is no longer just about Cambridge Analytica. Instead, Facebook's practices are being scrutinized in a way they never have been before and while it's still too early to predict what exactly will happen, the actions Facebook has taken to date suggest that even it knows the largely unregulated data Gold Rush is fast coming to an end. </p> <p>Put simply, in the post-GDPR world, data will have the potential to be a huge liability, not just an asset.</p> <p>The implication for companies: it might be wise to accept this and proactively prepare for substantially more rules around how data is collected and used.</p> <p><a href="https://www.econsultancy.com/reports/a-marketer-s-guide-to-the-general-data-protection-regulation-gdpr"><img src="https://assets.econsultancy.com/images/0009/3207/gdpr_report.png" alt="gdpr" width="615" height="243"></a></p> <p><em>Note that this article represents the views of the author solely, and are not intended to constitute legal advice.</em></p> tag:www.econsultancy.com,2008:BlogPost/69883 2018-03-20T14:30:00+00:00 2018-03-20T14:30:00+00:00 How the blockchain can be applied in healthcare Patricio Robles <p>Healthcare is no different and as players in the healthcare space look to embrace digital innovation, there are a number of areas in which blockchain technology could potentially be employed. Here are three of the most promising.</p> <h3>Electronic health records (EHRs)</h3> <p>The healthcare industry has spent considerable time and money adopting electronic health records (EHR) but challenges persist. For example, while EHRs were intended to help address the issue of interoperability, getting all of the systems that need to talk to each other to talk to each other remains an elusive goal.</p> <p>The blockchain, which essentially provides for a distributed ledger, offers a potential solution to interoperability challenges. Already, the MIT Media Lab and Beth Israel Deaconess Medical Center have experimented with the application of blockchain to medical records. </p> <p>In an article in the <em>Harvard Business Review</em>, John D. Halamka, MDAndrew Lippman and Ariel Ekblaw, three of the researchers involved in the experiment, <a href="https://hbr.org/2017/03/the-potential-for-blockchain-to-transform-electronic-health-records">explained</a>: </p> <blockquote> <p>Imagine that every EHR sent updates about medications, problems, and allergy lists to an open-source, community-wide trusted ledger, so additions and subtractions to the medical record were well understood and auditable across organizations. Instead of just displaying data from a single database, the EHR could display data from every database referenced in the ledger. The end result would be perfectly reconciled community-wide information about you, with guaranteed integrity from the point of data generation to the point of use, without manual human intervention.</p> </blockquote> <p>One of the greatest advantages of this approach is that the patient is ultimately in control of his or her data, which could aid in allowing patients to opt to share their health data with researchers and third parties.</p> <p>Interestingly, last year, IBM <a href="https://www.computerworld.com/article/3156504/healthcare-it/ibm-watson-fda-to-explore-blockchain-for-secure-patient-data-exchange.html">forged a development agreement</a> with the U.S. Food and Drug Administration (FDA) to explore the blockchain-powered exchange of patient-level oncology-related data from a number of sources, including EHRs. </p> <h3>Pharma supply chain</h3> <p>The integrity of the pharma supply chain has never been more important. This supply chain is under growing threats such as drug shortages and counterfeits. Counterfeits alone are estimated to cost pharma companies $200bn annually. It's one of the reasons why, by 2023, pharma companies will be required to adhere to the Drug Supply Chain Security Act (DSCSA), which calls for the complete tracking of drugs from raw materials to production to dispensing.</p> <p>The blockchain could offer a solution to address these threats and comply with the DSCSA. As Maria Palombini of the IEEE Standards Association <a href="https://www.pharmaceuticalonline.com/doc/blockchain-the-pharma-supply-chain-beyond-dscsa-compliance-0001">explained</a>, “Two specific use cases for blockchain in the pharmaceutical supply chain make sense. One is securing the supply chain – the answer to the massive, widespread growth in counterfeit drugs and their associated costs. The other is optimization of the supply chain, which offers efficiencies, cost removals, and visibility into inventory as well as speed and accuracy in the event of a drug recall.”</p> <p>Trials are already under way to see if the blockchain's potential to help the pharma supply chain can be realized. For example, supply chain consulting group The Link Lab has teamed up with blockchain startup Chronicled to build a system <a href="https://medcitynews.com/2017/03/two-california-startups-preparing-pharma-companies-blockchain/">to track</a> the movement of prescription drugs. The duo is working with an unnamed “global pharmaceutical company” to create a blockchain-based solution to verify prescription drugs.</p> <p>They're not alone. DHL and Accenture <a href="http://www.supplychaindigital.com/technology/dhl-and-accenture-working-blockchain-based-pharma-supply-chain-project">have also developed a blockchain prototype</a> to tracks drugs from their point of origin to the consumer.</p> <h3>Clinical trials</h3> <p>The distributed ledger of blockchain also offers promise for clinical trials, which pharma companies spend billions of dollars a year on. Clinical trials by their very nature produce significant data. That data is shared within pharma organizations as well as third parties such as clinical research organizations and regulators like the FDA.</p> <p>Proponents of the application of blockchain technology to clinical trials <a href="https://trialsjournal.biomedcentral.com/articles/10.1186/s13063-017-2035-z">suggest</a> that it could ensure the integrity of data generated by clinical trials while still maintaining privacy. They even suggest it could store trial metadata, such as the trial protocols and statistical analysis plans, collect and track participant consent, and manage phase control using smart contracts.</p> <p>One of the most promising potential applications of the blockchain to clinical trials relates to its ability to facilitate data sharing. <a href="https://www.forbes.com/sites/reenitadas/2017/05/08/does-blockchain-have-a-place-in-healthcare/">Estimates indicate</a> that approximately half of clinical trials go unreported and nearly 90% of trials on ClinicalTrials.gov don't have results. If blockchain could help ensure that data generated by clinical trials doesn't go to waste and is instead made available for future use, it could be a boon to healthcare industry.</p> <p><em>To learn more about digital transformation in Pharma, join us at ePharma in New York on March 21-23. Our VP of Research Stefan Tornquist will be discussing the future of digital and marketing with Anthony Lambrou, Director of Corporate Strategy and Innovation at Pfizer, as well as hosting a roundtable for you to learn, share and connect with fellow pharma marketers. Find out more and secure your spot:</em></p> <ul> <li><a href="https://lifesciences.knect365.com/epharma/agenda/3#epharma-roundtable-digital-transformation-to-future-proof-your-marketing"><em>ePharma Roundtable: Digital Transformation to Future-Proof Your Marketing</em></a></li> <li><a href="https://lifesciences.knect365.com/epharma/agenda/3#main-stage-keynotes_the-future-of-digital-and-marketing"><em>The Future of Digital and Marketing</em></a></li> </ul> tag:www.econsultancy.com,2008:BlogPost/69529 2017-11-07T15:24:00+00:00 2017-11-07T15:24:00+00:00 Could cryptojacking go legit and disrupt digital advertising? Patricio Robles <p>In cryptojacking, an attacker inserts malicious JavaScript code into a website. When a user visits the website, this code works to mine cryptocurrency like Bitcoin in the background without users ever knowing that their computers' processing power is being used to do so.</p> <p>Because processing power and the energy that fuels it are the biggest costs associated with cryptocurrency mining, cryptojacking is an increasingly attractive activity for cybercriminals. Since September, cryptojacking scripts have been found on a number of high-profile sites, <a href="https://www.theregister.co.uk/2017/10/10/cryptojacking/">including those operated by cable network Showtime and football star Ronaldo</a>.</p> <p>But while cryptojacking is almost wholly a criminal activity today, a growing number of observers are starting to ask whether cryptocurrency mining has the potential to solve two of the biggest challenges to the internet economy: consumer distaste of advertising and the rise of ad blockers.</p> <p>In simplest terms, here's how it would work: instead of seeing ads, users would pay publishers by allowing them to mine cryptocurrency through their browsers as they consume content on their sites.</p> <h3>The ultimate micropayment solution?</h3> <p>In effect, browser-based cryptocurrency mining could facilitate a no-touch micropayment model that functions entirely in the background and doesn't require any explicit action on the part of users. The more time they spend on a site, the more processing power they supply to a publisher for cryptocurrency mining, ensuring that their usage is correlated with their contribution.</p> <p>Obviously, there are numerous issues that would need to be addressed, including how to ensure that the mining scripts don't degrade performance.</p> <p>There's also the issue of whether or not cryptocurrency mining can be an adequate replacement for ad revenue. While Bitcoin and other cryptocurrencies have skyrocketed in value this year, they are still highly volatile and there's much debate about their long-term viability. If the value of cryptocurrencies plummets, it could kill the viability of the model.</p> <p>But after years of unrealized hype around micropayments, it's intriguing that cryptocurrency mining looks far more promising than the long list of <a href="https://econsultancy.com/blog/6765-can-paypal-crack-the-micropayment-mobile-payment-nuts">past micropayment attempts</a>.</p> <h3>The Google threat</h3> <p>Perhaps the biggest impediment to cryptocurrency mining as advertising alternative is the fact that the online advertising ecosystem is filled with powerful companies that have no interest in alternative revenue models that could diminish digital ads. These include major advertisers as well as dominant ad players like Google.</p> <p>In fact, Google <a href="https://www.bleepingcomputer.com/news/google/google-chrome-may-add-a-permission-to-stop-in-browser-cryptocurrency-miners/">is already exploring</a> adding a special browser permission to Google Chrome to deal with scripts that mine cryptocurrencies. While there's no reason to believe that this is motivated by anything other than a desire to protect users from cryptojacking, it nonetheless highlights the fact that Google, as the maker of one of the most popular browsers, theoretically could use its browser to defend its advertising business, something that <a href="https://econsultancy.com/blog/69150-google-contributor-what-you-need-to-know">some are already suggesting</a> it is doing as it prepares to roll out a built-in Chrome ad blocker.</p> <p>While one can only speculate about the potential for cryptocurrency mining to help support the digital content economy and provide an alternative to advertising, given the meteroic rise of cryptocurrencies in the face of years of skepticism, it seems appropriate to conclude that it's far too early to rule the possibility out.</p> tag:www.econsultancy.com,2008:BlogPost/69344 2017-09-28T10:00:00+01:00 2017-09-28T10:00:00+01:00 How to keep your brand safe in a programmatic world: A practical guide Ray Jenkin <p>Thought pieces and tips on tackling brand safety are often highly technical or go deep into the weeds on specific areas of brand safety technology, leaving those looking to make their first move a bit bewildered.</p> <p>This post provides advertisers and agencies with broad actionable steps they can take to start to define, implement and adjust protective measures, in light of both brand and business requirements.</p> <h3>1. Define your programmatic brand safety policy</h3> <p>A clear, unambiguous policy helps your vendor and agency partners execute brand safety measures more accurately and effectively. It is key to align your programmatic brand safety policy with your business goals, marketing goals, brand values and industry/sector considerations and then translate these into practical scenarios.</p> <p><img src="https://assets.econsultancy.com/images/0008/9236/safe.jpg" alt="" width="600"></p> <p>For example, having an airline appear alongside or in content linked to an aeroplane accident, terrorist attack or delay would not engender trust in the brand, but instead risk the brand's reputation through association and miscommunication.</p> <p>Understanding the tradeoffs of enforcing these policies and their impact on your marketing goals is vital. You’ve got to ask yourself if they are at odds, or if there is a compromise you are willing and able to make.</p> <p>When formulating and documenting your policy, ensure there is someone present with a good understanding of the programmatic buying landscape to provide input on the likely implications of enforcing a policy, on implementation, pricing and delivery of media.</p> <p>Don’t be scared to tweak it, learning as you go along; capturing updates will only reinforce your commitment. But be careful not to forget to share your policy with all your media delivery partners, especially with any amendments you may make – you and your partners should remain accountable.</p> <p>Additionally, strong communication, i.e. keeping your media delivery partners up-to-date, may prevent any costly misunderstandings.</p> <p>Lastly, in order to fully understand where success lies: when your brand is safe, find the right metrics to measure your policy. Calibrate the measurements with any historic data you may have, and be ready and willing to adjust based on guidance from agencies and vendors on industry benchmarks. For example, you may measure the percentage of blocked ads that fell into brand-sensitive categories.</p> <h3>2. Tips to help shape and enforce your policy</h3> <p>When shaping and enforcing your policy, consider your agency and/or vendor’s best practice and trade body memberships. Ask yourself, have the adtech vendors, programmatic trading partners and media owners you work with defined their own policies and frameworks to protect your brand? And are they audited and accredited by trade bodies such as JICWEBS in the UK and the Media Ratings Council (MRC) in the US?</p> <p>Additionally, to strengthen the implementation and enforcement of your policies, ensure any media partners are able to show how they will implement and enforce them, as well as comply with your metrics, measuring well against your standards. Having a holistic implementation and enforcement across a much wider audience will act as a testimony to your policy’s strength.</p> <p>It important to keep in mind what technology is being used by your vendors and agencies to ensure brand safety as well. A plethora of brand safety technology is now available to provide you with transparency on where your ads are being seen.</p> <p>Consider owning this adtech vendor relationship yourself so you can control and monitor your brand safety with more standardisation across your media plan. And for companies undertaking the programmatic media buying on your behalf, ask for their internal human processes on areas such as inventory selection, black and whitelisting, audit processes and peer review.</p> <p>Don’t underestimate the human element in the implementation of technology – when used efficiently it will do nothing but benefit you.</p> <p>Whether you own the demand side platform (DSP) relationship or your vendor or agency does, be sure to understand what that company does to filter the inventory before it becomes available for buying. Question how they categorise their inventory and what measures are built into their buying platforms to ensure your policy can be implemented – consistency amongst all operations, inside and outside of your company, is key!</p> <p>You should therefore also ensure your vendors are able to provide you with ongoing reporting and data to help you evaluate implementation – this will allow you to make adjustments and benchmark your policies on all fronts.</p> <h3>3. Implement internal and external measures to enforce your brand safety</h3> <p>Appoint someone to be accountable for programmatic brand safety.</p> <p>This person should lead on the distribution, implementation and adjustment of your policy, keep up-to-date with industry best practice and technological developments, measure vendors and agencies on their ability to adhere to your policy and respond in a timely and efficient manner when there is an extraordinary event such as negative press, a world event or controversial issue.</p> <p>Having someone accountable for programmatic brand safety will provide clearer lines of communication on a day-to-day basis, allowing for speed-to-market on brand related issues and acting as an incentive for said person to be an advocate for best practice inside and outside of your company.  </p> <h3>In conclusion... </h3> <p>The devil is in the detail, but building a clear framework of what your brand stands for, what your goals are and in turn what your brand safety policy should reflect means you can find the right partner fit across all areas of your media activity.</p> <p>Furthermore, these partners will then have a clearer idea of how they need to be prepared to work with you both through process and technology.</p> <p><em>For more on this topic, see:</em></p> <ul> <li><a href="https://econsultancy.com/admin/blog_posts/69344-how-to-keep-your-brand-safe-in-a-programmatic-world-a-practical-guide/edit/"><em>The CMO's Guide to Programmatic</em></a></li> <li><a href="https://econsultancy.com/blog/65677-a-super-accessible-beginner-s-guide-to-programmatic-buying-and-rtb"><em>A super accessible beginner’s guide to programmatic buying and RTB</em></a></li> <li><a href="https://econsultancy.com/blog/68650-the-future-of-programmatic-2017-and-beyond"><em>The future of programmatic: 2017 and beyond</em></a></li> </ul> tag:www.econsultancy.com,2008:BlogPost/69254 2017-07-20T09:44:00+01:00 2017-07-20T09:44:00+01:00 Four key digital challenges for IT leaders in 2017 Nikki Gilliland <p>Based on a sample of more than 500 IT leaders, here are a few key charts from the research, highlighting the biggest hurdles IT professionals currently face.  </p> <h3>1. Threat of security breaches</h3> <p>While technical skill is still a given, the role of senior executive within IT departments has evolved into something much broader, requiring a deeper understanding of business objectives. This also means creating a bridge between technology and other areas of the business such as HR, finance, and marketing. </p> <p>This focus on the wider customer experience has also led to the concept of the ‘chief integration officer’ – someone who is able to influence the overall strategic vision of a business. Following on from this, it is clear that the challenges faced by IT leaders are much more complex than they once were.</p> <p>Now, the threat of security breaches and cyber-attacks is cited as a key concern by 41% of respondents – higher than any other area.</p> <p>Perhaps unsurprisingly, executives at organisations with annual revenues exceeding £150m are more likely than their peers at smaller organisations to reference security as a major challenge.</p> <p><img src="https://assets.econsultancy.com/images/0008/7501/Security_attacks.JPG" alt="" width="780" height="535"></p> <h3>2. Finding the right mix of skills</h3> <p>Interestingly, it is larger organisations that cite lower levels of confidence in their digital skills mix, with just 58% agreeing that they are well-positioned in this area compared to 61% of smaller organisations. </p> <p>Similarly, European organisations seem less confident than their American and APAC counterparts. Talent availability is seen as more of a challenge than in other regions, with availability of individuals with the right mix of skills being cited as a top-three internal problem by more than 34% of European respondents.</p> <p>This is also the case when it comes to culture, with 61% of European respondents describing their company culture as "innovative, adaptable and undertaking a ‘fail fast’ approach". When compared with 68% of respondents saying the same for North America and 75% in APAC, it’s clear that Europe is still playing catch up.</p> <p><img src="https://assets.econsultancy.com/images/0008/7504/Skills_and_culture.JPG" alt="" width="739" height="618"></p> <h3>3. Escaping silos</h3> <p>In terms of internal barriers, it appears the age-old problem of organisational structure remains the biggest. 42% of executives cited frustration with departmental silos and bureaucratic processes, while 41% expressed frustration over integrating legacy systems with new tools and technologies.</p> <p>This is even more the case for larger organisations in Europe, with 52% of European respondents citing bureaucracy as a top internal barrier.</p> <p>Interestingly, while support from senior management is less of a concern, a lack of shared vision relating to the meaning of digital transformation appears to be sustaining conflict. Again, this challenge is slightly more evident in Europe, tying in with the aforementioned struggles of skills and culture.</p> <p><img src="https://assets.econsultancy.com/images/0008/7506/Silos.JPG" alt="" width="780" height="541"></p> <h3>4. Keeping abreast of innovation</h3> <p>With IT executives now expected to help drive marketing strategy, keeping ahead of major technologies connected to innovation is another growing challenge – especially for larger organisations.</p> <p>46% of executives at larger companies are more inclined to feel pressure regarding tracking technology and innovation trends compared to 36% of smaller company peers. Interestingly, IT executives appear to be looking outside of their organisations to keep abreast of technological innovation. More than half of respondents say they exploit technology content sites and webcasts and webinars.</p> <p>Lastly, the challenge to keep on top of innovation also extends to finding talent, with increasing importance in striking a balance between traditional technical knowledge and softer skills such as communication, co-operation and strategic thinking.</p> <p><img src="https://assets.econsultancy.com/images/0008/7508/Innovation.JPG" alt="" width="780" height="550"></p> <p><em><strong>Subscribers can download the full <a href="https://econsultancy.com/reports/2017-digital-trends-in-it/">2017 Digital Trends in IT Report</a>.</strong></em></p> tag:www.econsultancy.com,2008:BlogPost/69217 2017-06-29T17:14:00+01:00 2017-06-29T17:14:00+01:00 As WPP hit by cyberattack, brands need to pay more attention to agency security Patricio Robles <p>Like WannaCry, <a href="https://www.theguardian.com/technology/2017/jun/27/petya-ransomware-cyber-attack-who-what-why-how">Petya</a> appears to be ransomware, as it encrypts files on infected computers and demands payment for access to be restored.</p> <h3>A very high-profile victim</h3> <p>One of the companies hit by Petya was the world's largest ad holding firm, WPP. In a statement, the company revealed that on June 27, "a number of WPP companies were affected by the ransomware attack that hit organisations around the world."</p> <p>WPP assured clients that it was working with its IT partners and law enforcement "to take all appropriate precautionary measures, restore services where they have been disrupted, and keep the impact on clients, partners and our people to a minimum."</p> <p><a href="http://www.adweek.com/agencies/wpp-cyberattack-serves-as-a-wake-up-call-to-agencies-and-cmos-alike/">According to</a> AdWeek, "staff at various offices left work early yesterday due to an inability to access their networks."</p> <p>In an internal memo, WPP chairman Sir Martin Sorrell tried to reassure staff that the cyberattack wasn't hurting the firm's business. "Many of you will have experienced significant disruption to your work. However, contrary to some press reports, WPP and its companies are still very much open for business," he told staff, adding that there was "no indication that either employee or client data has been compromised."</p> <h3>A new agency risk</h3> <p>Even if WPP emerges from this cyberattack with little more than a few nicks and scratches, the fact that it was affected at all by Petya should be of concern to brands that count agencies as some of their most important partners. After all, if a brand's agency is knocked offline, loses data or is otherwise compromised, it could affect clients in any number of ways, such as disruption to or delays of campaigns. </p> <p>As Michael Connolly, CEO of adtech firm Sonobi, <a href="http://adage.com/article/digital/wpp-ransomware-attack-smoke-screen/309614/">told AdAge</a>, "Any impact to an organization's infrastructure or operational ability...can have an impact on the ability to execute, particularly when data is involved." Data, of course, has become the lifeblood of digital advertising thanks in large part to the rise of programmatic.</p> <p>And there are a number of worst-case scenarios that could expose clients to even costlier crimes. For example, because agencies are privy to some of the most sensitive information of their clients, it's not inconceivable that agencies could be specifically targeted by groups who are aiming to extort or otherwise inflict damage on their clients by stealing, modifying or deleting client data.</p> <p>Seem far-fetched? Consider that this <a href="http://www.latimes.com/business/hollywood/la-fi-ct-hacking-disney-netflix-20170523-story.html">is exactly what is happening to Hollywood studios</a> on a now disturbingly frequent basis. Like brands, Hollywood studios rely heavily on third-parties, which out of necessity often have access to some of their most sensitive and valuable assets.</p> <h3>Agencies are ill-prepared</h3> <p>Unfortunately for brands, according to experts who spoke to AdWeek and AdAge, agencies are largely unprepared to deal with cyber threats like Petya. </p> <p>According to Tom Pageler, chief risk officer and chief information security officer at global information services provider Neustar, agencies are "probably doing the minimum versus other, more heavily regulated industries like financial services that deal with critical data."</p> <p>The news isn't all bad, however. "The industry realizes that they’re really not where they need to be," he stated, and in the the wake of the Petya attack, Pageler is already seeing signs that companies are trying to catch up. He predicts WPP specifically will soon announce the hiring of a big security vendor.</p> <p>But while agencies have a lot of work to do, brands must also recognize that they share with their partners responsibility for cybersecurity. They can't just demand that their agencies own the cybersecurity challenge. Instead, they need to better educate themselves, take an active role in establishing and enforcing data security policies that their agencies are required to adhere to, and take steps to ensure that they're not creating vulnerabilites themselves.</p> tag:www.econsultancy.com,2008:BlogPost/68867 2017-03-06T11:49:00+00:00 2017-03-06T11:49:00+00:00 Q&A: Direct Line’s MD on the marketing team of the future Nikki Gilliland <p><img src="https://assets.econsultancy.com/images/0008/4369/Mark_Evans.png" alt="" width="380" height="248"></p> <p>Here’s what he had to say.</p> <h4><strong><em>Econsultancy:</em> What are the main challenges you are facing today in regards to team structure? What keeps you up at night?</strong></h4> <p><em>Mark Evans:</em> The biggest challenge most marketing teams currently face in a fast-changing world is how to structure for success. At Direct Line Group we have very deliberately re-shaped the team in recent years to maintain our edge. The result is a cohesive team of specialists that fully understand the benefits of integration and embrace working across silos.</p> <p>Today more than ever, it’s crucial to have a shared sense of purpose and accountability in order to address marketing challenges. At Direct Line we have fused together teams to bridge typical divides: propositions and communications, customer management and customer experience, social and PR, insight and marketing effectiveness.</p> <p>As a consequence, the heads of each of these four broadened teams have really big strategic roles, which ensures that we can move at greater pace where we previously faced mobilisation and prioritisation issues, ultimately leading to a more dynamic and effective function overall.</p> <h4><strong><em>E:</em> How have you developed your marketing team to make it ready for the changing digital landscape?</strong></h4> <p><em>ME:</em> With the majority of our business happening on digital channels, we continue to invest heavily in ensuring everyone in our team (and the wider business) is digitally savvy. Within the marketing team, we’ve already made some significant changes to ensure digital runs through the heart of everything that we do.</p> <p>Consequently, we now run every campaign in a fully integrated way from the outset. An example of this was our recent Emergency Plumber campaign which stretched from traditional TV all the way through to a number of digital firsts.</p> <p><iframe src="https://www.youtube.com/embed/8MMYuGrROao?wmode=transparent" width="560" height="315"></iframe></p> <h4><strong><em>E:</em> How much as has your org chart changed in the past three years?</strong></h4> <p><em>ME:</em> The evolution of the Direct Line marketing team has been extensive over the past three years. We have grown organically into a "full-service" marketing function incorporating accountability for social, PR, customer experience, and proposition development. Digital has also grown in prominence, not least as we have in-sourced some aspects of the model.</p> <p>More broadly though, we have invested in a progressive culture whereby the structure of the team itself becomes less relevant as we form more liquid cross-functional teams to attack specific challenges. For example, the creation, build and launch of the Shotgun brand which aims to save young drivers' lives was run as an agile process from the outset. </p> <h4><strong><em>E:</em> What skills do you look for when hiring senior team members and why?</strong></h4> <p><em>ME:</em> We are passionate about developing talent from within so the majority of our senior team members come up through promotion rather than being brought in from elsewhere. However, regardless of where our senior talent comes from, the core qualities that we look for are curiosity, collaboration and a desire to take personal accountability.</p> <p>Broadly, this translates into an ability to spot the gap, the conviction to go for it, and the emotional intelligence to do so in the right way.</p> <h4><strong><em>E:</em> Similarly, what skills do you think grads and young marketers should look to acquire?</strong></h4> <p><em>ME:</em> From my perspective, the key for graduates and young marketers is to be voracious to learn. At Direct Line we look to fast track learning by putting our grads through rotations to give them the broadest base of business knowledge.</p> <p>This was the process that I benefited from at Mars, moving through different functions, different operating units, and even different countries in the early years in order to maintain the steepest possible learning curve. It was a rude awakening working on a pet food production line for my second rotation but gave me a huge insight into leadership at a very early stage.</p> <p>To state the obvious, having exposure to several areas of the business provides perspective that translates into impact and gravitas. Ultimately if you aspire to move into bigger leadership roles, then you need to build the broadest possible foundations in order to survive inevitable personal earthquakes.</p> <h4><strong><em>E:</em> What is Direct Line’s approach to training and development? How does your team learn new skills and innovate?</strong></h4> <p><em>ME:</em> Training and development is a massive focus for us, again a legacy from spending a decade at Mars where personal development was very highly valued. We are committed to long-term development and so are constantly looking for new approaches.</p> <p>An example of this is that for the last three years every employee has had their own personal training budget (total training spend for the team divided by total FTE) to use as they see fit to improve themselves.</p> <p>This empowerment leads to greater personal ownership and as long as the money is spent in a way that is coherent with the individual's personal development plan then it leads to a better outcome for the individual and therefore also for the organisation.</p> <p><em><strong>Don't forget to sign up for <a href="http://www.marketingweeklive.co.uk/">Marketing Week Live</a> on March 8-9 in London.</strong></em></p> tag:www.econsultancy.com,2008:BlogPost/68693 2017-01-11T14:46:00+00:00 2017-01-11T14:46:00+00:00 The importance of the blockchain: The second generation of the internet Nick Hammond <p>The profile of bitcoin (powered by a blockchain network) has often masked the <a href="https://www.businessesgrow.com/2016/07/20/blockchain-101/">rising importance and relevance of the underlying blockchain technology</a>, but this is changing rapidly.</p> <p>One perspective is that the blockchain is the ‘second generation of the internet’.</p> <p>According to an article <a href="http://raconteur.net/business/the-future-of-blockchain-in-8-charts">published on Raconteur</a>, ‘The first generation brought us the internet of information. The second generation, powered by blockchain, is bringing us the internet of value; a new, distributed platform that can help us reshape the world of business and transform the old order of human affairs for the better. But like the internet in the late-1980s and early-1990s, this is still early days.’<a href="http://raconteur.net/business/the-future-of-blockchain-in-8-charts?utm_source=pardot&amp;utm_campaign=wed50117&amp;utm_medium=email"><br></a></p> <p>The initial paper regarding bitcoin (and blockchain) entitled <a href="https://bitcoin.org/bitcoin.pdf">Bitcoin: A Peer-to-Peer Electronic Cash System (2008)</a> was authored by a mysterious individual, likely a pseudonym, going under the name of Satoshi Nakamoto.</p> <p>While the original paper was written with financial transactions in mind, blockchain has far wider potential. Time will tell, but it may be that Nakamoto’s paper will have ramifications on a par with Tim Berners-Lee’s innocuously titled 1989 paper <a href="http://info.cern.ch/Proposal.html">Information Management: A Proposal</a>.</p> <p><iframe src="https://www.youtube.com/embed/Gc2en3nHxA4?wmode=transparent" width="560" height="315"></iframe></p> <p>In December 2015, the UK government’s Chief Scientific Adviser, Sir Mark Waldport, stated in his report <a href="https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/492972/gs-16-1-distributed-ledger-technology.pdf">Distributed Ledger Technology: beyond blockchain</a>, that: ‘The technology [blockchain] offers the potential, according to the circumstances, for individual consumers to control access to personal records and to know who has accessed them.’  </p> <p>Canadian writers and researchers, Alex and Don Tapscott, authors of the recent book <a href="https://www.amazon.co.uk/d/Books/Blockchain-Revolution-Technology-Behind-Bitcoin-Changing-Business/1101980133">Blockchain Revolution</a>, believe that the blockchain goes way beyond the second coming of the internet. The pair, like so many others, stumbled across blockchain via the bitcoin association, quickly realising the genie is out of the bottle. </p> <p>Alex Tapscott observes, ‘With blockchain technology, a world of possibilities has opened and we now have a true peer-to-peer platform that enables personal economic empowerment. We can own our identities and our personal data; we can do transactions, creating and exchanging value without powerful intermediaries acting as the arbiters of money and information.’</p> <p>The blockchain, essentially a database and a giant network, known as a distributed ledger, records ownership and value, and allows anyone with access to view and take part. The asset database can be shared across a network of multiple sites, geographies or institutions. All participants within a network can have their own identical copy of the ledger. Any changes to the ledger are reflected in all copies, like a Google doc. </p> <p>The blockchain is currently having its biggest impact in financial services, with the largest changes caused by infrastructures using blockchain APIs, which are delivering in the areas of speed in data processing, transparency (amongst the right people) and security. </p> <p>But what does the blockchain mean for businesses outside of the financial sector? The answer lies in the areas of - privacy/information control, disintermediation, and business processes. </p> <p>As mentioned above, the blockchain offers consumers opportunity to achieve greater control over their information. This will impact on most organisations, as they increasingly rely on the acquisition and application of customer data.</p> <p>The importance of privacy is obviously a sensitive issue. One current solution for consumers is the selection of ephemeral applications like Snapchat and encrypted messaging, but the future might lie in the anonymity of blockchain technologies. </p> <p>Another change will affect business sectors where there are many intermediaries, for example travel and tourism. Here, the blockchain’s ability to simplify and speed up interactions, will likely lead to a process of dis-intermediation.</p> <p>Current examples of businesses and categories active in the blockchain include: Peer-to-peer payments (Abra, BTC Jam), <a href="https://econsultancy.com/blog/68612-how-the-internet-of-things-will-fundamentally-change-marketing/">internet of things</a> (Chimera-Inc, Filament), collaborative transport (La’Zooz, Arcade City) and online gaming (Auckur, SatoshiDice).</p> <p>As the number of applications that utilize blockchain technology increases, so will its relevance. Not only will we be selling products through the blockchain, but marketing companies that run off it as well.</p> tag:www.econsultancy.com,2008:BlogPost/68500 2016-11-08T14:39:57+00:00 2016-11-08T14:39:57+00:00 Will the Tesco Bank attack dent trust in startup banks? Patricio Robles <p>Like many banking upstarts, Tesco Bank is competing on experience, a largely digital focus and rates. Unlike most upstarts, it has the power of a huge non-banking brand behind it.</p> <p>While Tesco Bank is far from a banking behemoth, it has managed to build a profitable business with its customer base exceeding 7m.</p> <p>But now, all of its gains are threatened by "a systematic, sophisticated attack" that affected 40,000 of the banks 136,000 current accounts and led to money being taken from more than 20,000 of them.</p> <p>The Evening Standard called it "the most serious hack on the UK banking sector in recent history." </p> <p>In response, Tesco Bank has blocked online debit card payments and says that it will reimburse any losses from the apparent hack. "Customers are not at financial risk," Higgins has reassured customers.</p> <h3>A game-changer</h3> <p>While cybercrime targeting financial accounts has become commonplace, the Tesco Bank attack is noteworthy for a couple of reasons.</p> <p>First, while Tesco Bank is pointing out that relatively small amounts of money were taken from most accounts, the means by which a large number of accounts were apparently compromised is concerning. As the BBC <a href="http://www.bbc.com/news/business-37891742">explained</a>...</p> <blockquote> <p>...what is different is that it involves tens of thousands falling victim in a 24-hour period to what appears to be an automated process, rather than individuals clicking on links in phishing emails or having their details stolen after downloading malicious software.</p> <p>That could involve the attackers exploiting a vulnerability in the bank's website - or even gaining physical access to a branch and then the central systems.</p> </blockquote> <p>Second, customers are not happy with Tesco Bank's response. Affected customers reported difficulties in reaching customer service, and some who were able to reach customer service agents were apparently told that they would have to wait days for a resolution. </p> <blockquote class="twitter-tweet"> <p lang="en" dir="ltr"><a href="https://twitter.com/tescobankhelp">@tescobankhelp</a> <a href="https://twitter.com/TescoBankNews">@tescobanknews</a> My available balance has gone down by £700 without making a tx. I cannot get through by phone!!!</p> — Christopher Mills (@chrismi1) <a href="https://twitter.com/chrismi1/status/795222803628883968">November 6, 2016</a> </blockquote> <p>Even though branchless banks like Tesco Bank pride themselves on the 24/7 access they provide customers via phone, web and mobile apps, this incident highlights the fact that otherwise sufficient support networks might not be adequate when crisis strikes.</p> <h3>A possible setback for upstart banks, but what about fintech?</h3> <p>Already, observers <a href="https://www.ft.com/content/5e5e6778-a4d1-11e6-8b69-02899e8bd9d1">like The Financial Times's Claer Barrett</a> are questioning whether the Tesco Bank attack will bolster trust in high street banks at the expense of startups.</p> <p>While she points out that major high street banks are also vulnerable to security breaches, and big banks are <a href="https://econsultancy.com/blog/68334-wells-fargo-scandal-shows-why-banks-are-vulnerable-to-fintech-startups">not immune to reputation-threatening scandals of their own</a>, this incident could create a perception problem for the Tesco Banks of the world.</p> <p>Given that <a href="https://econsultancy.com/blog/68240-78-of-mobile-banking-customers-are-satisfied-with-the-service-stats/">78% of mobile banking customers are satisfied with the service</a>, if big banks can convince consumers that they're more secure, or let the failures of their startup competitors do that for them, it could make it much more difficult for Tesco Bank and others to lure consumers with promises of better experiences, lower fees and/or higher rates.</p> <p>Whether the Tesco Bank attack has an impact beyond the banking sector remains to be seen. Some <a href="https://www.bloomberg.com/gadfly/articles/2016-11-07/tesco-bank-hack-will-be-warning-to-fintech-s-upstarts">suggest that</a> "the fallout will be felt across the wider fintech industry," but while security is an issue for all financial service providers, there's arguably less risk in other sectors that have been targeted by fintech startups.</p> <p>For example, fintech players focused exclusively on markets like lending face very different risks, and few markets are arguably as sensitive to security as banking.</p> <p>So while it's possible that the Tesco Bank incident will cause consumers to think twice about doing business with a young fintech company, the effects will probably remain most pronounced in the market for bank challengers.</p> tag:www.econsultancy.com,2008:BlogPost/67911 2016-06-14T14:22:59+01:00 2016-06-14T14:22:59+01:00 How often your website needs a security audit & what you need to check Bart Mroz <p>In fact, President Obama recently stated that <a href="https://www.whitehouse.gov/blog/2015/04/01/our-latest-tool-combat-cyber-attacks-what-you-need-know">hacking of U.S. businesses</a> is an increasing threat and provided information on how to better protect against attacks.</p> <p>Still, most companies conduct a security audit and backup only when they absolutely have to.</p> <p>Little do they know that hacking today is more present and sophisticated than ever, so website security testing is no longer an option, it is a necessity.</p> <p>The question of how often you should conduct a website security audit is vague.</p> <p>Ideally, you should download a security system that manages this for you and verifies your site’s safety automatically so that you do not have to worry about upkeep.</p> <p><em>Security</em></p> <p><img src="https://assets.econsultancy.com/images/0007/5873/security.jpg" alt="" width="558" height="458"></p> <p>Additionally, there are various security-related tasks you should keep in mind when taking preventive action to secure your website against malicious attacks.</p> <p>Here are a few ways to stay ahead:</p> <h3><strong>Regular scanning</strong></h3> <p>Check your website regularly and test all links to ensure identity thieves and hackers have not introduced malware into advertisements, graphics or other content provided by third parties.</p> <p>Unique pieces of malware were <a href="http://www.cnbc.com/2016/04/11/three-fourths-of-websites-are-at-risk-of-malware-study.html">up 36% last year</a> so you need to schedule monthly or even weekly scans.</p> <p>If a link has been compromised then your customers can be the target of bait links which lead to major problems that you do not want to be accountable for.</p> <h3><strong>Penetration testing</strong></h3> <p>If you store any type of valuable information such as customer contact information, transactional data or proprietary information, these are all high-value targets for hackers.</p> <p>Consider hiring cybersecurity consultants or ethical hackers to identify vulnerabilities in the code that basic software security programs alone cannot discover.</p> <p>Companies that did this in a study by WhiteHat Security saw a <a href="https://info.whitehatsec.com/rs/whitehatsecurity/images/2015-Stats-Report.pdf">decrease of 65% in vulnerabilities</a>. In today’s increasingly connected world, it is important to preemptively find weaknesses before hackers do.</p> <h3><strong>Integrating advanced security apps</strong></h3> <p>While you should never keep unnecessary customer data on the backend of your site, it is smart to utilize the right application scanning tools to help you identify vulnerabilities in your system.</p> <p>These should identify everything from <a href="https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29">Cross-Site Scripting (XSS)</a> to vulnerabilities inside debug code and leftover source code that could put your data and your customers’ confidential data at risk.</p> <p>There are advanced threat protection apps from security companies such as Symantec that you can use to check your website’s security; it runs through every aspect of your website without disrupting service so your users are still able to navigate smoothly.</p> <p>While running in the background, these programs periodically check to make sure that your site remains functional and intact.</p> <p>Some common security threats that your security app should be checking include:</p> <ul> <li>SQL Injection</li> <li>XSS (Cross-Site Scripting)</li> <li>File Disclosure</li> <li>Remote File Inclusion</li> <li>PHP/ASP Code Injection</li> <li>Directory Traversal</li> </ul> <h3><strong>Why go secure?</strong></h3> <p>Having a secure website can help you in many ways. Other than just giving you peace of mind, it will also make your customers feel much safer during their visits – which is especially true for ecommerce sites that are high risk. </p> <p>According to TNS Research, common customer concerns include:</p> <ul> <li>87% of online shoppers are concerned about credit card fraud</li> <li>85% of shoppers are concerned about identity theft</li> <li>83% are concerned about sharing personal information</li> <li>77% are concerned about spyware</li> </ul> <h3><strong>Don’t underestimate the dangers</strong></h3> <p>Many site owners believe that viruses usually hit personal computers so securing their websites is not a priority.</p> <p>However, having a site taken down by malicious activity can cost you thousands of dollars and large quantities of important data, not to mention lost sales and customer confidence.</p> <p>About <a href="http://www.scmagazine.com/whitehat-security-release-website-security-statistics-report/article/416402/">55% of retail sites</a> are “always vulnerable”, meaning that they are at serious risk of getting hacked by criminals. Maintaining normal and reasonable security is not expensive but getting hacked is.</p> <p>Regularly checking the security of your website with an audit is an essential part of operating a successful website that is safe from malicious threats.</p> <p>The dangers are interminable and the downfalls that can come from getting attacked can be very costly. If you haven’t already taken steps to increase your website’s security, now is the time.</p> <p>If done correctly, it will help protect both you and your customers from attacks.</p> <p>The time you save from preemptive measures is worth far more than the amount of time that you’ll invest to resolve a security threat when it occurs.</p> <p>Most importantly, you’ll be able to sleep well at night knowing that your website is as secure as can be.</p>