EY releases 6-step response to cyber-attacks following shock NHS hack

17 May 2017 Consultancy.uk

On Friday the 12th of May, the UK’s National Health Service was one of the most high-profile victims of a global cyber-attack, seeing Accident & Emergency among other key services crippled by WannaCry ransomware. The incident was the largest ever coordinated cyber-attack of its kind, impacting numerous organisations including several of the world’s most critical healthcare and telecommunications systems, across more than 100 countries. While further forecast attacks on Monday failed to materialise however, Big Four professional services firm EY have warned that this will not be the last time this happens unless measures are taken to learn from mistakes made this time.

In the fallout of the unprecedented WannaCry hack – which encrypted files on computers world-wide before demanding payment from users – UK-headquartered consulting giant EY issued a six-point plan organisations could use to protect themselves and reduce the impact of future ransomware attacks.

The firm – who published a report two years prior to this global incident entitled “Cyber-security and the Internet of Things”, prophesising cyber-attacks as “set to increase as hackers become more experienced and traditional tools to mitigate risks become less effective” – released a further warning after this latest episode. 

Stating that the risk of being attacked “increases exponentially when preventative measures are not taken”, along with an inability to plan a response for such an incident may well “be the difference between hours and days versus weeks and months of system compromise and outage.”

EY releases 6-step response to cyber-attacks following shock NHS hack

Six Step Solution

The six steps companies can take immediately range from common sense solutions to complex crisis planning, but the list begins with disconnecting infected machines from the network removing all backups offline to prevent them from being encrypted.

Companies should then activate their incident response plan – ensuring there is cross-functional representation in the investigation team, including legal, compliance, information security, business, public relations, human resources and other departments.

EY also used the opportunity to encourage preventative measures to organisations. Beginning by identifying and addressing vulnerabilities in a connected business chain, firms should then prioritise installing security updates, malware detection and anti-virus detection to complicate attackers’ efforts, while enhancing detection and response capabilities for future attacks.

Systems should also be patched before powering up PCs, while systems should be kept up to date with robust enterprise-level patches and the installation of a vulnerability management program – which should be continuously evaluated as risks evolve.

EY also stated businesses should activate continuity plans, preparing data based on varying requirements for regulatory reporting, insurance claim and dispute, litigation, threat intelligence and/or customer notification.

Finally, the consultancy used the list to call on companies to collect and preserve evidence in a forensically sound manner, conducive to investigation and reliable and usable in civil or regulatory matters.

EY Global Advisory’s Cyber-security Leader Paul van Kessel urged people to take immediate steps to keep critical systems and data safe, stating that “a cyber-criminal’s greatest ally is complacency. Whether you are a Fortune 500 company or a family-owned business, if you don’t take cyber-security seriously, you are at significant risk of being attacked.”

Paul van Kessel, Cyber-security Leader

Adding to the stark warning, David Remnitz, Leader of Global Forensic Technology and Discovery Services at EY’s Fraud Investigation and Dispute Service, commenting that even after malware outbreaks are fought off and normal service is resumed “companies sometimes face allegations that sensitive personnel-related or other business information had been compromised in the ransomware attack. Third parties and other stakeholders may require the company to demonstrate forensically that, even if the data was accessed, it was not stolen.”

UK government

The UK government meanwhile has come under increasing scrutiny for its approach to cyber-security, after it emerged the WannaCry ransomware made use of a known weakness in outdated Windows software. This follows reports made as early as December 2016, that 90% of NHS trusts still used the obsolete Windows XP, for which Microsoft had stopped providing security updates in April 2014.

Conservative Prime Minister Theresa May and NHS Digital stated they were not aware of any compromise in patient records resulting from the attack, however Home Secretary Amber Rudd later refused to confirm concretely if patient data had been backed up, in a statement confirming the NHS would finally upgrade its software in the wake of WannaCry.

Before the latest attack, 6% of internet users globally had already been personally affected by ransomware, while the online populace remains generally unprepared for such attacks; according to the recent 'Global Survey on Internet Security and Trust'. The research, conducted by global research company Ipsos, in partnership with the Global Commission on Internet Governance, recorded a startling 24% of respondents stating they would have “no idea” what to do in the event of being hit by ransomware. Unfortunately once programmes like WannaCry encrypt user data, it is extraordinarily difficult to retrieve without either paying the ransom or restoring the files from a backup, leaving preparation and prevention essential in the absence of a reliable cure.



Four ways digitalisation is transforming car brands and dealers

16 April 2019 Consultancy.uk

From changing expectations from the customer to new stakeholders entering the industry, the digital transformation of global automotive industry means it is facing the wholesale transformation of its business model. In a new white paper, global consulting partnership Cordence Worldwide has highlighted four major digital trends that are transforming the relationships between car brands and dealers with consumers.

With digital transformation drives booming across the industrial spectrum, automotive groups are no different in having commenced large digital transformation programmes to improve productivity, efficiency, and ultimately profitability. Falling sales figures mean the automotive sector is facing an increasingly difficult road ahead, something which means companies in the market are even more hard pressed to find new ways to improve their bottom lines.

While it offers major opportunities, the industry’s move to digitalise is not without complications. It has triggered a series of major internal changes, which have presented automotive entities with the challenge of becoming a “customer-oriented” industry. A new report from Cordence Worldwide – a global management consulting partnership present in more than 20 countries – has explored how automotive companies are navigating the rapidly changing nature of digital business.

New business models

The level of change likely to be wrought on the automotive industry by digitalisation is hard to overstate. Automation could well lead to significant reductions in the number of accidents, higher vehicle utilisation and lower pollution levels, while leading to a $2.1 trillion change in traditional revenues, with up to $4.3 trillion in new revenue openings arising by 2030.

As a result of this colossal opportunity, it is easy to see why almost all automotive groups now have digital departments, with generally strong communication within the digital transformation and the customer approach. The changes to society which this may have are potentially distracting automotive firms from the change it is leading to in its own companies though, according to Cordence’s paper.

The automotive market is dead, long live the mobility market

Because of this, the sector’s business model is set to transform over the coming decades. With digitalisation speeding up the appearance of concepts such as car-sharing, a subscription package model will likely become more palatable. At the same time, car and ride-sharing models will cater to the sustainability criteria of millennials, who will rapidly become one of the automotive market’s leading consumer demographics in the coming years.

Antoine Glutron – a Managing Consultant with Cordence member Oresys, and the report’s author – said of the situation, “These ‘old school industries’ are now working on creating new opportunities, but in so-doing are facing challenges and threats: new jobs, new technologies, new ecosystem of partners, necessary reorganisation, different relationship with customers, and even new businesses. The customer approach topic is in fact a real challenge for car companies as it implies changing their business model and adjusting their mind-set to address the customer 4.0: from product-centric to customer-centric, from car manufacturer to service provider.”

Digital customer experience

In the hyper-competitive age of the internet, even top companies face an uphill challenge when it comes to holding onto customers through brand loyalty. Digital disruption has resulted in changes to consumer behaviour, which is forcing a range of marketing strategists to reconsider their old, possibly out-dated strategies. As modern customers wield an increasingly impressive array of digital tools and online databases, they and are now able to quickly and conveniently compare prices, check availability and read product reviews.

The automotive sector is no exception to this trend, according to the study. In order to adapt to the needs of the so-called ‘customer 4.0’, car companies will increasingly need to change their business model and move away from product-centric companies to customer-centric ones, from car manufacturers to service providers.

Glutron explained, “As an automotive company, you can no longer expect customer loyalty simply with good products; you must conquer and re-conquer a customer that “consumes” your service. The offer now has to be global, digital and personalised. Your offer has to be adapted to this customer’s needs at any given moment. A key issue related to data control is to build customer loyalty by creating a customer experience 'tailored' throughout the cycle of use of the 'car product': purchase, driving, maintenance and trade-in of the vehicle.”

One way in which the sector may be able to benefit from this desire for a tailored experience is via connectivity. Consumers are generally positive about new connective features for automobiles, and many are even willing to pay upfront for infotainment, emergency and maintenance services. Chinese consumers, where the connected car market is set to hit $216 billion, are already particularly interested in paying a little more for navigation and diagnostic features in their future new car. This can also enable automotive companies to exploit a rich vein of customer data, enabling them to rapidly tailor their offerings to consumer behaviour.

New automotive segments

Digital transformation has also brought with it the rise of completely new application areas. As mentioned earlier, the most well-known example is the autonomous or self-driving car, where the last steps forward were not taken by major automotive groups but by technology companies such as Tesla. While this may have given such firms the edge in the market briefly, a number of keystone automotive names will soon be set to take the plunge into the market themselves, leveraging their car manufacturing prowess and huge production capacities to their advantage.

Before companies rush to invest in this market, however, it is worth their while to remember that the readiness and uptake for such vehicles differs greatly geographically. For example, following a study published in 2018, 92% of Chinese would be ready to buy an autonomous car, compared with only around 35% of drivers in France, Germany and US. Meanwhile, the infrastructure of different nations will also be significantly less accommodating of the new technology.

Use digital for steering thr activity

Elsewhere, Cordence’s analysis has suggested that hooking the cars of tomorrow into the Internet of Things is also likely to see a rapid change in the business model for car maintenance, providing real-time diagnostics for problems. This presents chances for partnerships to improve the connectivity of cars, especially with tech companies; for example, PSA partnered with IBM for a global agreement on services in their vehicle. Meanwhile, data could also be sold to other parties with an interest in this data, such as the government, which could use it to manage traffic levels, or ensure that only adequately maintained vehicles take to the road.

Glutron added, “With the increase in the amount of client data and connected opportunities, the recommendation is to set up data-centric approaches. The value is now in the customer data. The general prerequisites are to rework the data model and the Enterprise Architecture and generally build up a data lake including data from all sources (internal and external, structured and unstructured).”

From automotive to mobility

Relating further to the idea of connectivity, the report claimed that automotive firms must now adjust their models in line with the provision of end-to-end mobility, rather than treating the sale of a car as an end point in their relationship with the customer. In order to realise this transformation, transformations are likely to become more and more important.

A network of partner companies means automotive firms can provide a global mobility experience. As the vehicle is increasingly connected to its environment, new partners can also be cities, governments, and other service providers within the global mobility services industry in which the car brands want to take part.

According to the study, the target is clear. Companies must look to a holistic transport service, offering to move customers from A to B in a unique and pleasant way – otherwise they might as well take public transport. At the same time, they should extend the services reachable “on-board” (especially the enhancement of the connectivity between the car and smartphones or other connected devices), and reach high standards in terms of user experience (online sales, online payment, customised experience during and after the use of the car).

Concluding the report, Glutron stated, “These mobility market transformations could be considered a threat for the car manufacturers. Quite the opposite: if they take up the challenge and review their business model so that they become the service provider – communicating no longer to a driver but to a ‘mobility customer’ – they can then take advantage of their expertise and their position as a historical player. The most convenient means of transport are cars, and building a car is highly-skilled work.”