Defend and protect

Monday, 01 December 2014


    Digital disruption will continue to dominate boardroom discussions in 2015. Matthew Sainsbury explains why directors and organisations cannot afford to rest on their laurels when it comes to safeguarding against risk.

    Disruptive organisations are using technology to challenge incumbents in every industry and sector. Malicious hackers, state-sponsored espionage and organised crime are bringing ever more complex security risks to all organisations. This means the marketing departments of organisations are facing greater challenges than ever before and that Australian company directors are going to need to become a lot more comfortable with technology in 2015, or risk being left behind.

    Ignorance is not bliss
    While there is still a perception in some circles that technology risk is a low priority, looking back at 2014, there were a host of instances where Australian organisations were seen to have exposed themselves to unnecessary levels of technology risk and situations that could easily have been avoided.

    On 8 April, Microsoft formally ceased support for Windows XP, and despite having years to prepare for this, many organisations opted to continue to use the XP software, and as a result, introduced serious security risks into their businesses.

    Similarly, new privacy laws around the retention of customer data came into effect in Australia earlier this year, with penalties of up to $1.7 million should an organisation be found in breach of them. And yet, just days out from the laws coming into effect on 12 March, law firm Holding Redlich was quoted as saying it was “inundated” with calls from organisations who had not even started to prepare for the change despite having 15 months from when the laws were passed in parliament to prepare.

    The last 12 months have turned up plenty more examples of just how significant technology risk can be. The 2013 Christmas period saw Myer’s website crash during the most lucrative shopping period of the year, and it was not back up again until 1 January 2014. While Myer has not traditionally relied on online sales for its business, the outage certainly would not have helped any strategies it has in place to improve its online presence.

    The fact is, every organisation needs to manage technology risk. Even the biggest tech-based companies, such as eBay, PayPal, Facebook, Tumblr, LinkedIn, Apple’s iTunes Store, and App Store, all experienced outages in 2014 and the Commonwealth Bank of Australia, despite being the most advanced of Australia’s banks in terms of its technology investment, still ended up with angry customers who could not access their money when there was an outage.

    “The problem is that there is a lack of understanding among many company directors, and this limits the conversations that are being held at the board level,” says Dr Greg Spencer MAICD, principal consulting partner at Beyond Technology Consulting. “Take the example of the Windows XP support finishing up. Many directors would have asked their IT teams what was going to happen after the support finished and they would have been told that Windows XP will still work. So their response is: ‘so, what’s the problem? It is not ideal but we will just move forward.’ They do not tend to understand that their risk profile will also rise.”

    Spencer argues that 2015 needs to be the year in which company directors ensure they are protected from a technology-led business ending event. Cyber attacks that damage the infrastructure beyond repair, or poorly managed backup systems leading to loss of critical data following an outage, are very real risks that many organisations are currently facing and these are not being addressed because directors simply do not know the right questions to ask, or how to interpret the responses from the chief information officer (CIO).

    “We see these events occur in listed companies in the newspapers all the time, but they have the capacity to survive through that despite the massive costs involved in recovering from an attack,” Spencer says. “For non-listed or smaller companies the damage that struck Virgin when its booking system went down in 2013 or Myer over the Christmas period, would end the business.”

    More than risk management
    However, directors should also be looking at technology as an opportunity, and not a necessity for risk management. With an economy that will continue to demand that organisations find efficiencies within their businesses, 2015 will be a year in which technology is used to cut costs and maintain healthy growth, says Colin Panagakis GAICD, business development manager at software solutions firm BoardPad.

    “We look at the way that technology innovation is changing the financial industry, the retail industry, and every other vertical, and it is clear that directors will need to introduce innovation to prosper and grow,” Panagakis says. “Top level growth can come from efficiencies such as streamlining costs.

    “There are a lot of options around what technology in which to invest. What we find is that there are a lot of organisations utilising multiple systems and databases and there is a lot of expensive duplication of data. In 2015, the priority should be the streamlining of processes in order to have real-time information on one secure database. That way, it achieves efficiency, while also providing the business with a competitive advantage.”

    Panagakis points to the great success that fashion retailer, Burberry, has had in transitioning its business from a traditional bricks-and-mortar operation to a successful
    online operation, as an example of an approach to technology and innovation that we will see more of in 2015.

    “The customer can log onto their iPad and place an order and because of their account login, the system already knows the dimensions to send to the customer. They are making it really easy to shop online and are innovating on what the traditional business can offer in order to increase their sales.”

    Panagakis also recommends that Australian directors, regardless of the industry in which the company operates, ensure that they keep an eye on global rather than local trends in 2015. This is because, as innovative as Australian organisations and start-ups can be, it is the potential for new organisations from around the world entering the local market that could be the most disruptive force in the new year.

    Both Tesla Motors and internet television network Netflix are expected to enter the Australian market in 2015, and these businesses are heavily disrupting the automotive and broadcast media industries respectively. The good news for Australian businesses is that when it comes to technology adoption, directors are already active from a consumer point of view. This means that the Australian business culture in general understands the value of technology, says Panagakis.

    “Company directors in Australia, the ones I have met at least, are already using iPads and online banking, and they are very efficient in terms of the way they use documents, make annotations and use additional apps to help them make informed decisions about their business,” he says. “I think Australian directors are very fortunate because they are on top of a lot of technology as consumers.”

    The challenge will be in converting that understanding of the value of innovative technology adoption as a consumer into a willingness to do the same as a director. “The disruption is everywhere, and directors need to embrace it,” Panagakis says. “In 2015, they need to get the CIOs involved in discussions about how they can use technology innovation to bring consumer empowerment into their business.”

    10 Key Technology Trends For 2015

    Greg Spencer, principal consulting partner at Beyond Technology

    Next Gen security concerns – Information security experts are now advising organisations that they should prepare not only a strong defence of their IT networks, but also a strategy to handle breaches through that defence. In 2014 we saw zero-day malware attacks increasing to 70 per cent of reported attacks. This requires an entirely new approach to network security and a change of cultural acceptance of user impacts.

    New focus on IT governance – Boards will continue to ask questions of an organisation’s executive team on IT strategy, risk and benefits realisation which will spur on the deployment of more formal IT governance frameworks.

    The new wireless carrier wars – 2015 sees the introduction of the 700Mhz mobile spectrum into the Optus and Telstra network which will increase competitiveness and reliability within metropolitan areas. Telstra has leveraged the technical superiority of its 850Mhz 3G spectrum without mercy, leaving its competitors floundering. With both the iPhone 6 and Samsung S5 already supporting the APT700 band, the typical wait for devices will be avoided and all carriers are spending big on expanding their 4G coverage and capabilities.

    The beginning of the end for the desk phone – Although many organisations have been questioning the need for a desk phone for some time, they have proved difficult to remove. Our prediction is that the combination of improvements in mobile and softphone technologies (where you can make telephone calls over the internet) will provide a level of reliability and functionality to match the humble desk phone, which will start its final decline.

    Data considered a corporate asset – Big data and self-service business intelligence tools have driven the technical capability, however the cultural change within the business is only just beginning. As the organisation starts to recognise data as a corporate asset, the IT team will be expected more than ever to focus their energies on protecting and exploiting that data for the business’s advantage.

    More external advisory – The only thing increasing faster than the opportunity for IT to improve business productivity and competitive advantage is the number of things that can go wrong. Organisations are seeking access to experience and insights from independent advisers to cut through the complexity and protect them from potential catastrophes.

    Changing desktop – The new year promises several areas on innovation in the way knowledge workers interact with their PC. From wireless docking stations (including wireless power), 4K monitors and improved hybrid PC form factors, we will start to see changing expectations of users within the workplace where mobility and desk-based productivity is no longer seen as a trade-off.

    New Privacy Act considerations – The new Australian Privacy Principles (APP) came into force in March 2014. Many organisations have deferred technical privacy audits until 2015, and will need to undertake them shortly from a risk-management perspective.

    Ongoing digital disruption – All organisations cannot hide from competitive innovation led by technology. The form that disruption will take will change depending on the industry, however the increased reliance on technology-driven innovation will be constant and ongoing.

    Technology will drive even greater efficiencies – As was seen in 2014, IT is being asked to do more with less. In 2015 we will continue to see boards focusing on understanding how they can deliver organisational capacity for more sustainable growth through productivity improvements.

    Latest news

    This is of of your complimentary pieces of content

    This is exclusive content.

    You have reached your limit for guest contents. The content you are trying to access is exclusive for AICD members. Please become a member for unlimited access.