Thinking About : digital service providers should prepare for the NIS Directive
Many organisations are focused on the EU General Data Protection Regulation(GDPR), but this May sees another EU legislation coming into effect: the Directive on security of network and information systems (NIS Directive).
In the UK, the NIS Directive applies to operators of essential services (OES) and digital service providers (DSPs) involved in:
  • Drinking water supply and distribution;
  • Energy;
  • Digital infrastructure;
  • The health sector; and
  • Transport.
There are slight differences in the way OES and DSPs need to prepare for the Directive, but guidance is coming thick and fast.
Last year, the European Commission published a draft implementation regulationfor DSPs, which Elizabeth Denham, the UK’s information commissioner, commented on. She criticised “the overly rigid parameters” of the regulation, which “may be undesirable and may lead to a failure to report incidents which nevertheless have a substantial impact on the users of the service and which should, by the nature of the impact, be considered for regulatory action”.
The European Commission has since approved the final draft, and the UK government has released the findings of a public consultation on how it should implement and regulate the NIS Directive. IT Governance has also published a compliance guide.
Each of these documents will help you understand where the NIS Directive fits into the cyber security landscape. DSPs will have to be particularly organised, as they are expected to define their own information security measures proportionate and appropriate to the potential risks they face. These measures must address:

Information security

  • The systematic management of network and information systems, which will require organisations to map their information systems and set up appropriate policies, covering risk analysis, human resources, security of operations, security architecture, system lifecycle management and, where applicable, encryption.
  • Physical and environmental security, protecting against environmental damage and accidental or malicious actors.
  • Security policies to ensure that service functionality supplies are accessible.
  • Access control measures to ensure that physical and logical access is “authorised and restricted based on business and security requirements”.

Incident management

  • Detection processes and procedures, which should be regularly monitored to ensure that they are up to data and effective.
  • Processes and policies for reporting vulnerabilities and security incidents.
  • Procedures for documenting the response to cyber security incidents.
  • Incident analyses to assess an incident’s severity and collect information for the organisation’s continual improvement process.

Business continuity

  • Contingency plans based on a business impact analysis, ensuring the continuity of services.
  • Disaster recovery plans appropriate to the potential risks.

Monitoring, auditing and testing

  • Planned monitoring to assess whether information systems are working as they should.
  • Auditing and measurements to monitor whether the organisation is complying with relevant standards or guidelines.
  • Processes aimed at revealing flaws in security systems, covering both technology and the people involved in the security system.

Get started with the NIS Directive

Those who want help preparing for the NIS Directive should consider our cyber resilience solutions. An effective cyber resilience strategy can mitigate the risk of cyber incidents and enables you to respond to attacks, containing any damage and allowing you to promptly return to ‘business as usual’.
10 Trends That Will Reshape Digital Marketing in 2018 and Beyond
Today, digital trends seem to be fashionably altering too rapidly to keep pace with. What's not keeping up is an organization's agility to adapt. Social platforms have made it imperative for marketers to be the first or be scrolled out and in the fusillade of messaging, a consumer trolls down any that is not unique or irrelevant.
10 important trends will define the marketing framework of organizations. Five of which are in the organization process framework and five are emerging trends driven by consumer preferences. To be able to ride this hyper-wave, we need to ask ourselves a few questions... everyday!
Transforming a legacy organization to a dynamic one requires a fundamental change in thinking, structure and process evolutions. The more visionary ones that lead the way will be the change makers, large or small in size irrespective.

Five Organizational Trends That Will Impact Digital Marketing Frameworks

Structure on Demand - Legacy organization structures are a bane to its agility. Unless the entire internal eco-system is networked to remove all hurdles and expedite the process from idea to end delivery and service management, the threat of getting disrupted hangs sword on its head. Organizations will be forced to create "structure on demand" teams that emerge and dissolve to needs without the baggage of the old-fashioned matrix reporting hierarchies. Marketing will no longer be the sole ownership of the marketers but will be split into specialized parts being led by experts.
Leader on Demand - A 'Structure on Demand' will also require 'Leaders on Demand'. Leadership too will become more project based than a fixed organization structure based since solutions at any point in time will require a very different set of leadership skills suited to a particular project. The concept of a universal leadership will loose its appeal in the coming years and we are beginning to see this trend in the more progressive marketing organizations.
New Marketing Roles - With the core of marketing shifting from brand-centricity to unique Customer Experience (CX) creation, traditional designations of digital marketing and channel marketing etc will start to disappear. Marketing teams will be led by CX Managers, Omnichannel Managers, Content Marketers & Design Managers. Digital by itself will no longer be a role as it become ubiquitous in the organisation.
The Marketing FlexiForce: The future will be run by young professionals, especially in fast changing markets like India. And these young bees choose flexibility and freedom over fixed pay and formula. Ubiquitous digital makes remote talent leverage possible and allows for speed of innovation and delivery making marketing super agile. Transcending time zones keeps the engine running 24x7, a new expectation that customers are demanding.
Automated Marketing - Automation in marketing platforms and programmatic deliveries will also be complemented with automated CRM processes relieving organizations of its dependence on human timelines and errors. Visionary organizations are building strong capabilities in automating the infrastructure for production and logistics to support this speed-need of marketing teams. Stronger inter-dependencies will be established between departments forcing co-marketing KPIs across functions.
Five Trends That Will Reshape Digital Marketing and the Brand-Customer Equation
No two global markets are in the same level of digital maturity and so reflect trends unique to each. However, they do converge at some level on customer choices of the 3 Vs - video, voice and visual. This is of particular significance in lower literacy geographies and multi-lingual needs that drive new trends in search and social platforms.
Mobile Video on Demand (VoD)
VoD is now a no-brainer. Over a billion hours of video consumption daily by Youtube viewers, over 8 billion videos by Facebookers and with equally staggering numbers on Twitter and Snapchat, it is no surprise that over 87% of online marketers use video content. But the next wave of VoD will be the increase of what I call "RFC Content" I.e. Relevant, Forwardable & Commercializable Content. Much of what we see is a churn out of the old advertising style with tear-shedding emotional messages. The rise of this medium will be in geometric proportions. Especially in the inner markets, over-riding language and literacy barriers propelled by increase in mobile connections will see a rise in Product and Conversational Content; and Commerce embedded social content taking over.
Voice as the Primary Tool for Search and Social Media
Perhaps not fully leveraged all through 2018, but this will clearly become a growing trend in the near future. Human lethargy to type as well as lower literacy levels in inner markets will catalyze this shift. Marketers will be wiser to create voice based interactive modules that can engage users better than verbose text to provide information. So better fine tune that voice of yours as you begin to leave voice-prints all over the net!
Visual Search Over Text
Image search, together with voice search, will ease the tedious task and errors of type search. The Power of Google Lens and its immense application potential will open up great possibilities in sectors such as Travel, Healthcare, Education, Fashion to name a few. Marketers must collaborate with leaders in visual search tools to leverage this for their brands early and even participate in its Beta stage.
Augmented and Interactive Video Group Chats
Still in its nascent stage, this trend will be a definite enhancement of chat platforms that are currently very text restrictive. And as voice and video grow in search and social use, this natural extension will bring like-minded social groups closer together and creating stronger but closed peer to peer influence groups. Marketers will need to create data access points to weave into these micro group chats and use extensive AI to leverage conversations to their advantage.
Customer Becomes the New Big Influencer
Already a trend in the West, the trend of customer-certified products will rise and brand claims will lose relevance on hard sell promotions. Social influencers are already impacting purchase decision amongst the netizens and the credibility they bring steadily peels off the delusive claims of celebrity endorsers. And now, customer influencers are beginning to add a whole new dimension of post purchase review authenticity. Organizations must work on managing long term customer relations to ensure these brand ambassadors are active throughout their product use journey.
AI will play a critical and ever increasing role in 2018 and beyond and marketers must invest and ride these trends effectively. Simply embedding the features to their digital assets will yield little result and ROIs will be under the scanner. Marketers are getting overly swayed by content storytelling. That's great for a few awards if it tugs at the heart but smart digital presence has to bear concrete business results and marketers who seamlessly integrate the organizational fluidity with agile innovative customer solutions will wear the crown and hold the shield with pride.
B2B Marketing Trends Will Override Others in 2018
The rise of the digital era and especially, digital natives has revolutionized the way we communicate with each other and also, the way we do business.
Why would B2B marketing be any different?
With digital, B2B marketing can be more targeted and savvy marketers are improving their ROI on their marketing plans. However, to be successful in this digital age, B2B marketers need to constantly update themselves on the latest trends, technologies and most importantly, hunt for what will make their business grow.
Leverage these cutting-edge trends, shed old wasteful practices and ride these trends for growth in your B2B business.  Have you incorporated these trends in your marketing arsenal?
B2B Researchers are Millennials
While the traditional B2B model was about targeting the B2B buyers and purchase managers, the reality is that today any B2B prospect employs younger managers who research online. Typically millennials, they are digital savvy and they look up the vendor’s digital assets to develop a clear picture of the vendor’s offering.
Hence, you as B2B Marketer, if you are talking the researcher’s digital language and making it easier for them to search and give value upfront, then you will rank high in the consideration list of the B2B buyer.
As a B2B marketer, you know that the one who provides the value most has the highest likelihood of getting the sale. Provide the value upfront to the B2B researcher and you have got your foot in the door.
To give this value, you need to go where the millennial researcher is always present: Mobile.
Mobile First
Today everyone is on the mobile. You get up in the morning and the first thing you check is the mobile for mails and social media.
Why should your B2B buyer be in any different?
B2B researchers, which we saw, earlier are mobile natives and the chances of them checking your digital assets on mobile are exceptionally high. Over 42% of B2B prospects use a mobile device at some point during their mobile journey. 84% of millennial B2B buyers believe mobile devices are essential to work. What impression would you give of your website and business if the site is not responsive and hence takes forever to load and then has very poor UX?
Making your website responsive is the first step. Having “mobile first” as your thinking is the critical shift in thinking. E.g. Are your videos in vertical format? Do they have subtitles?
These are basic but fundamental items you need to check in your marketing. Being mobile also means being savvy in social media.
Social Media
You may say “Facebook is for vacation pictures and LinkedIn is for job search, which I am not.”
That is an accurate description of 2016.
A study reveals that 53% of B2B prospects say that social media played a role in their buying decision. Facebook is the leading tool for marketers while LinkedIn is the number one social media of choice for top B2B marketers.
Why Facebook? Because your B2B buyer and researcher are on this platform every day. It's like meeting them at their home vs. their office. If you can meet them as a “friend” (no, don’t send a friend request as yet) you will build trust over a period.
LinkedIn especially with its exploding video usage helps you position your business as someone who offers value upfront. 66% of the Top B2B marketers find LinkedIn very effective.
What will leverage the power of social media is the right, targeted content.
Content Marketing
Wait, isn’t Content Marketing what B2C marketers do? Yes but here are stats for B2B.
According to the 2018 B2B Content Marketing Benchmarks, Budgets and Trends, 90% of B2B organizations use content marketing, and 38% of those companies are planning to increase their budget in 2018.
Content marketing is embraced by more and more B2B marketers and why not?
Going back to the first trend, B2B researchers are searching the net for information which makes their decision better. By providing relevant content which helps them make an informed decision, you position yourself as a “trusted partner” Wouldn’t you want that?
What is important is to have a written content marketing plan and not a fly by the seat of pants approach. 62% of content marketers who document their content marketing strategy outperforms 16% of those who do not. While Social media posts (94%) are the dominant form of content marketing, case studies and white papers (71%) are a close third. Third? What happened to the second? That’s the next trend
Video Explosion
Yup, video!
72% of B2B Marketers use video as their content marketing tool. Still not convinced? Check these stats-
The Web Video Marketing Council research shows that 96% of B2B respondents are engaged in video content marketing and 73% confirm that video has positively impacted marketing results.  Video is one of the dominant reasons why LinkedIn is also growing fast right now – LinkedIn is the number one social media of choice for B2B marketers Video on your website is the least you can do. Then, understand how you can bring video to every content page that you have.
Embrace these trends and emerge as a winner in the keenly fought battleground of B2B marketing.
First Order information security
It’s May the fourth, which for Star Wars fans means yet another excuse to re-watchThe Force Awakens and try to come up with more outlandish theories about Rey’s parentage, where Maz Kanata got Luke’s lightsaber from, and why Han had to die. (Oh yes – spoiler alert. Sorry.) In all the thousands of words written about the new film, however, there’s one area that has been unfairly neglected, or so we think: the implications of the First Order’s poor information security and management system processes. May the fourth be with you…
In case you’ve forgotten (or muddled it with Episode IV, whose plot it mirrors), Episode VII relates the tale of a former sanitation operative on the dark side’s new big gun planet, Starkiller Base, who didn’t really enjoy the violence inherent in his new job role and quit on his first day as a Stormtrooper, having failed to fire a single shot. Like many a disgruntled employee, he left a certain amount of destruction in his wake: he helped an important prisoner escape, nicked a TIE fighter, crashed on a nearby planet, befriended a girl and a droid with whom he nicked another, bigger, ship, met a walking carpet and a wisecracking smuggler who took him to a bar where had a fight with some ex-colleagues he ran into, and then remembered that he had a lot of information about his former employers with which he could help his new friends blow up his old workplace. Or something like that.
But what would it have been like if Supreme Leader Snoke had insisted that General Hux implement a risk-based information security management system at the First Order’s base?
For starters, privileged access management policies would have prevented a former cleaner from having vital security information about the organisation’s most important assets in the first place, and a formal leaver’s policy would have ensured that the moment FN-2187 lay down his blaster and became Finn, all access to First Order security systems would have been revoked.
More important than this, a proper attitude to patch management and software updates would have ensured that the legacy systems left over from the Death Star would have been retired and replaced by suitable modern alternatives. Furthermore, a business continuity management system (BCMS) would have enabled the First Order to prepare for unforeseen incidents and return to normal operations as soon as possible after a disaster.

Meanwhile, on Earth…

Picking over plot details is obviously silly – it’s just a film – but the implications of poor information security are damaging enough in the real world. Fail to keep on top of your security systems, and you leave yourself vulnerable to attack. Subscribe to our Daily Sentinel email for the latest information security stories and to see how you can protect your organisation.
The cost of a cyber attack
With the risk of a cyber attack now being classed as the top threat to organisations, it’s vital to have the right cyber security measures in place to protect your organisation from an attack. It’s not just an organisation’s reputation that can be damaged by a data breach – the financial costs can often have a more severe effect.
Lloyd’s of London has estimated the global cost of a serious cyber attack to be more than $120 billion (£92 billion). It believes the most likely scenario to lead to this sort of cost is a criminal hacker targeting a Cloud service provider, taking it down in the process.
PwC’s Global State of Information Security Survey 2018 found that “the average total financial cost of incidents [was] £857,000”. However, this figure is based on only 14% of respondents that reported their direct financial losses.
Ponemon’s 2017 Cost of Cyber Crime Study revealed alarming figures with regard to the costs of a cyber attack and how much these have risen. Over the last five years, the average cost has risen by 62% and in the past year alone, this figure was 27.4%.
One of the main factors behind the rise in the cost of a cyber attack is the number of days it can take to resolve it – the longer it takes, the more expensive it gets.
On average, the cost for the UK and the number of days it takes to resolve a cyber attack per type are as follows:
Malware: £1.57 million – 6.4 days
Web-based attacks: £1.52 million – 22.4 days
Denial-of-service (DoS) attacks: £1.31 million – 16.8 days
Malicious insiders: £960,000 – 50 days
Malicious code: £960,000 – 55.2 days
Phishing and social engineering: £960,000 – 20 days
Stolen devices: £700,000 – 14.6 days
Ransomware: £520,000 – 23.1 days
Botnets: £260,000 – 2.5 days
The severity and cost of a cyber attack is increasing with detrimental effects on organisations. It’s crucial that an organisation has strong cyber security defences in place to ensure its protection.

Cyber Incident Response Management

Cyber Incident response management can help reduce the risk of a cyber attack. An incident response framework will enable your organisation to identify breaches, prevent unauthorised access to data stores, prevent malware infection, remediate threats, and control your risk and exposure during an attack.
With an incident response planning strategy from IT Governance, you will gain access to an experienced, dedicated technical group of people that can carry out sophisticated cyber security incident investigations quickly and effectively, helping you to identify, detect and contain incidents faster.