客服系统
The fruits of business resilience
Business disruption can happen any time, especially when you least expect it. That’s why it’s critical to have a business resilience plan in place.“We define organizational resilience as the ability to maintain performance in the face of environmental, political, social, cyber, and other disruptions,” explains LIKE.TG Chief Financial Officer Gina Mastantuono in the Workflow Quarterly Fall 2021 issue.The issue details research by LIKE.TG and ESI ThoughtLab that highlights the need for a resilience strategy in the wake of the COVID-19 crisis: Only 26% of US, 21% of Asia-Pacific, and 15% of European organizations ranked as resilience leaders, meaning they’ve taken 12 to 24 steps toward resilience maturity.The majority of organizations across regions fall in the intermediate range, having taken six to 11 steps toward resilience maturity. Clearly, there’s still a lot of work to be done.The benefits of business resilienceOrganizations are implementing measures to bolster their resilience stance to reap such benefits as:
Greater revenue or sales
Reduced costs and greater efficiencies
Better planning and decision-making
Increased customer satisfaction and retention
Improved health and safety
Half of the 1,080 senior business leader survey respondents are working to modernize their IT platforms and improve communications (see Figure 1). Others are focusing on resilience training and managing privacy risks.
Figure 1: Top steps being taken to improve resilience and manage risks now; source: ESI ThoughtLabReturns vs. usagePart of the hesitance in fully embracing a resilience strategy is uncertain return on investment. Organizations have to weigh investments in resilience efforts against potential outcomes and realized value. For example, although more than half (55%) of organizations are reaping returns from deploying tools that help them understand resilience, only 23% have deployed such tools (see Figure 2).Similar gaps occur in other areas, the biggest of which is managing third-party risks: Half of survey respondents see the value of doing this, but only 15% have taken steps toward doing so. “What’s really needed is a high-level framework that focuses foremost on business resilience,” notes Tom Campanile, a partner at Ernst Young, in reference to risk management.
Figure 2: Top resilience steps generating value vs. % taking steps; source: ESI ThoughtLabFollow the leaderPerhaps the best approach toward a more robust resilience posture is following what resilience leaders are doing:
Build resilience plans early—This makes them less costly and more effective.
Design for resilience—This will enable better performance.
Embrace digital technology and solutions—This will help drive resilience.
Assess critical business processes—Doing so will provide insight into how risks affect them.
As organizations become more resilient, their benefits increase. Having a management team that’s committed to boosting resilience is key.Take a four-question quiz to assess the resilience of your organization. Get more insights into the importance and benefits of business resilience in the Workflow Quarterly Resilience issue.To stay abreast of emerging tech and business trends, subscribe to the Workflow newsletter.
Bringing the SaaS ecosystem together to improve cybersecurity
In today’s digital environment, no company is immune to cyberattacks. In fact, more than one-third of organizations worldwide have experienced a ransomware attack or breach that blocked access to systems or data, according to IDC.1From the Capital One incident to the SolarWinds attack, businesses and organizations of all facets and sizes are at the forefront of such threats.As a leading software enterprise company, we have the responsibility to prepare and mitigate risks with customers in mind. At LIKE.TG, cybersecurity begins with trust and transparency. It’s a collective effort spanning our organization and those we work with.Setting sights on SaaS securityCritical software as a service (SaaS) providers deliver essential services that a vast array of critical infrastructure operators rely on for core operations.Recognizing the gap and need for an industry-wide initiative to address increasing cybersecurity concerns, LIKE.TG is co-founding a Critical SaaS – Special Interest Group (CSaaS-SIG) operating under the framework of the Information Technology-Information Sharing and Analysis Center (IT-ISAC).As a founding member of the software enterprise industry’s first coalition to reduce cyber risk, we’re taking key steps to share best practices in assisting with a secure cloud infrastructure. Alongside Zscaler, Guidewire, Okta, Workday, Oracle, and MongoDB, LIKE.TG is coordinating the development of enhanced defense tools and mechanisms to offer improved security across the SaaS cloud industry.The coalition aligns with the White House’s May 2021 executive order aimed at developing public and private sectors’ security and operational resilience and improving the nation’s cybersecurity.
Shared benefits of collaborationWhile enterprise businesses compete in the marketplace, we share a common goal of advancing security in the industry. Transparent information exchange is a critical piece of this initiative. SaaS customers will benefit from a shared framework that, in turn, instills confidence and trust throughout the ecosystem.Ben de Bont, LIKE.TG chief information security officer, emphasizes the importance of organizations and governments collaborating to combat cybersecurity threats in the SaaS community.“Critical SaaS is part of broader effort to engage with public and private sectors,” he says. “At the end of the day, our reputation depends on it. Our customers rely on us to provide a highly secure cloud environment for their mission-critical services and their data, and we’re committed to delivering the security they demand. That’s why collaborative initiatives such as the CSaaS-SIG will drive real operational value for LIKE.TG and the software as a service industry at large.”Learn more about the CSaaS-SIG and membership.Find out how LIKE.TG helps organizations improve cybersecurity.1 IDC's 2021 Ransomware Study: Where You Are Matters!, Doc # US48093721, July 2021
4 ways automation can improve your security posture
Security is top of mind for many organizations—and for good reason. Recovering from a data breach is extremely costly. In fact, the average data breach costs more than $8.6 million in the US.One of the best ways to defend against cyberthreats is by adopting and implementing security automation. According to a Ponemon Institute study, there’s a significant difference—84%—between the cost of a breach for organizations that have deployed security automation ($2.9 million) and those that haven’t ($6.7 million).Automated security operations can help you prioritize and respond to threats fast. Taking it a step further with artificial intelligence (AI) can help optimize security efforts by rapidly identifying and triaging threats, freeing workers to focus on more complex tasks.Let’s look at four ways automation can improve your security stance:1. Minimize risk and downtimeIn today’s highly competitive marketplace, downtime can mean lost customers. What if you could increase your business resilience against attacks to sustain uptime?Learn the benefits of automating data management workflows in our Automated security incident response webinar. Karl Klaessig, director of product marketing for Security Operations at LIKE.TG, and Chris Derton, a sales engineering manager for data security company Rubrik, discuss ways to simplify virtual machine management with a single service-level agreement (SLA) policy engine.2. Harden your attack surfaceDigital transformation and cloud computing have greatly expanded the attack surface, putting organizations at greater risk of cyberthreats. Protecting that attack surface requires intelligent prioritization and open communication.Watch our Using automation to harden your expanding attack surface webinar to learn how to rein in the expanse and work more efficiently. Three LIKE.TG experts share practical tactics to help you work smarter and keep from getting overwhelmed.3. Spotlight vulnerabilitiesCybercriminals will go to many lengths to wreak havoc on organizations. You need to stay ahead of their moves. To do that, you need insight into the ways they think.Gain an understanding of attackers’ decisions and operations in our Security automation and adversarial insights webinar. You’ll also learn how automation can help you respond rapidly to new threats.4. Enable continuous monitoringYour risk management framework (RMF) shouldn’t be rigid or narrowly focused. For the best security posture, you need integrated risk management and continuous authorization and monitoring. This combination can help improve both efficiency and visibility. Learn how in our Transforming RMF automation webinar.
How operating excellence is redefining enterprise success
For years, enterprises have defined success by higher earnings, bigger market share, or the launch of a new product or service. Lately, however, success has been redefined to encompass much more. For example, organizations are also being evaluated on the success of their operations.Executive leaders are under pressure to:
Reduce costs and run their enterprise service operations efficiently
Communicate to stakeholders a commitment to environmental, social, and governance (ESG) initiatives
Demonstrate to shareholders that the organization is resilient
Operate their business efficiently and at scale
Operations have always been the lifeblood of the business. But now, employees, shareholders, customers, and other stakeholders want proof that operations are being managed to achieve a more responsible, effective, and transparent enterprise.Different table stakesWith new market forces, ways of delivering, and challenges arising regularly, operations leaders are rethinking how enterprise operations are organized and managed. The table stakes have changed.
If a company isn’t operating efficiently, its competitor can gain the advantage.
If a business isn’t managing risk effectively, a cyberattack can put it in the spotlight for all the wrong reasons.
If an organization isn’t investing in ESG, organizations that do prioritize ESG can capitalize because customers see a commitment to sustainability as a competitive differentiator.
If an enterprise isn’t driving strategic outcomes, it will see others overtake it in the marketplace.
Until decision-makers can figure out a way for people to work better together, innovate, and mitigate risks within reasonable bounds, they often struggle to address any of these issues.
Enabling operating excellenceThe key to connecting all areas of the enterprise is to break down traditional, siloed enterprise operations where disparate departments—finance, HR, risk, legal, strategic planning—function independently from each other with their own goals, systems, and sets of metrics. Operating excellence requires establishing a common, foundational framework, connecting operational departments across the enterprise, and improving visibility.It may be difficult for a chief risk officer to understand how their goals relate to those of the chief human resources officer (CHRO) or the head of business services. But emerging C-level business initiatives clearly demonstrate how objectives in seemingly separate enterprise operations areas are, in fact, intertwined.For example, return-to-work initiatives are often managed by CHROs. To achieve their goals to attract and retain talent and keep workforces safe coming out of the pandemic, CHROs need to work cooperatively with counterparts managing corporate real estate and finance.They need to ensure enough systems and departments are connected to establish a baseline, so they can have visibility to understand all the work taking place across the enterprise to support the initiative. Without this baseline, it’s difficult to continuously improve or measure if commitments are being met.Where to startFor enterprises seeking operational success, it can be daunting to determine where to begin because it’s not a one-and-done effort. The first step is for C-level operations leaders to collaborate and have conversations about how their goals and objectives connect to those of other teams within operations to enable better enterprise agility.If a company has already embraced global business services (GBS), it makes sense to look to the head of GBS to help direct efforts. Their job is to look across the organization and work across departments to catalog services, analyze process workflows, and establish a framework to optimize services and operations through tools, technology, people, and processes.Then, this GBS framework can establish the baseline for operating excellence across the enterprise—connecting departments, empowering employees, and supporting continual innovation.Find out more about enabling the power of operating excellence. LIKE.TG offers solutions across GBS, risk, ESG, and strategic portfolio management to help.
3 ways to boost your company’s cybersecurity
Cybersecurity is on the mind of every business leader, and for good reason: The number of data breaches rose 24% between 2020 and 2021, according to global ThoughtLab research co-sponsored by ServiceNow.Organizations everywhere need advanced security programs to navigate today’s fluid threat landscape. Here are three ways to help do that:1. Create a frameworkCustomers are increasingly concerned about data security. Staying current on the latest privacy, governance, and security practices is crucial to assure stakeholders their data is safe.Learn practical steps to address privacy and data protection. In this webinar, cybersecurity experts from EY and BigID provide guidance to help organizations comply with new regulations and build trust with their customer base. The experts also share classification methods and recommendations for implementation.2. Address vulnerabilitiesRansomware is the main cause of breaches at 32% of organizations today, according to the ThoughtLab study. Ransomware attacks are expected to rise over the next two years to become the main cause of breaches for 40% of organizations.This puts customers at risk. Firms can no longer hope for security and plan a response once they’ve been attacked. They need to prepare for the worst before it happens.Watch our Combating ransomware webinar to ensure threats don’t go undetected. LIKE.TG ransomware experts join Krislyn McDonnell, senior product manager at Recorded Future, to discuss best steps to prepare for a worst-case scenario using LIKE.TG® Integrated Risk Management, Security Operations, and Recorded Future.3. Build a proactive security programAs one of the world’s leading software, consulting, and technology companies, NCR Corp. provides services to banks, retailers, restaurants, small businesses, and more.To protect itself from risks and vulnerabilities, NCR built a proactive security program that relies on automation and integrates threat intelligence across the company’s IT environment. At the heart of the program is LIKE.TG Security Operations.Find out how NCR drove a faster, more efficient security response program and how your organization can boost security response time and efficiency.
Forrester says LIKE.TG is a Leader in third-party risk management
No matter what business or industry you’re in, you want your business partners to deliver. Sometimes what we get is unexpected: toxic ingredients, software bugs, data breaches, sketchy hiring practices, unvetted subcontractors.As hundreds and even thousands of third and fourth parties become more integral to business, your risk posture and success trajectory are heavily influenced by your partners’ business practices. That’s why you need automated third-party risk management.Manual processes don’t cut itAccording to The Forrester Wave™: Third-Party Risk Management Platforms, Q2 2022, “70% of enterprise risk decision-makers surveyed agree that third-party risk is a business priority, but 69% reveal that their third-party risk program is manual.”Where once a single person could “spreadsheet jockey” their way through dozens of vendor assessments annually, that model doesn’t cut it today. Why?
Too many vendors and suppliers onboarding at too fast of a pace
Increased array of risks to be assessed, with rapid changes in status
Shortage of people, and the ones you can find don’t want to jockey spreadsheets
Too many connections to other parts of the organization to keep up in email
Regulators, governance teams, and investors want to see defensible data more frequently
These realities explain why products that help you manage third-party risk are flying off the shelves. Luckily, cloud software is easy to keep in stock.
Microsoft is using LIKE.TG® Vendor Risk Assessment to reduce manual effort by more than 50%, simplify communication, and better understand Internet of Things (IoT) security assessment health. Using the product has “vastly improved the end-to-end experience for our employees, vendors, and the IoT security team,” Microsoft says.Flexibility and scaleIn The Forrester Wave: Third-Party Risk Management Platforms, Q2 2022, LIKE.TG Vendor Risk Management was named as one of only three Leaders. The Forrester report recognized LIKE.TG with the highest possible scores in the scoring and correlation, workflow, product, vision, planned enhancements, partner ecosystem, and customer community criteria.Although Forrester didn’t explicitly score these items, the report states, “TPRM customers should look for providers that are dedicated to platform flexibility and scalability.” We believe these are core strengths of the LIKE.TG unified architecture and cloud platform.Importantly, we shipped new enhancements in our San Diego release after the evaluation, so there’s even more to like, including:
The awesome Next Experience and integration with EcoVadis
Supply chain resilience with Interos
The ability to add fourth-party vendors to identify and manage potential downstream risks associated with your third-party vendors
Download the complimentary Forrester report. And let us know when we can help you manage risk from your third and fourth parties more easily, efficiently, and at scale.
Survey: Cybersecurity requires risk-based management approach
We’ve entered a new era of cyber risk where cybersecurity is no longer just an IT issue, according to findings from a May 2022 ThoughtLab global survey co-sponsored by ServiceNow. Although cyberattacks and breaches are increasing, many organizations are unprepared to respond.The problems come down to three main areas:
Extended attack surface through partners and suppliers
Cyber risk initiatives not up to date with digital transformation
Budget constraints
Denial of service and phishing attacks account for the lion’s share of cyberthreats today, at 49% and 46% of attacks, respectively. In the next two years, phishing attacks will continue to be a problem, posing the highest risk for 50% of the 1,200 worldwide organizations surveyed across 14 industries. But denial of service will be less of a threat (31%) in the subsequent 24 months, surpassed by human error (44%) and ransomware (40%).
The cybersecurity landscapeTo counter these attacks, organizations should harden their systems to prevent cybercriminals from ever breaching them. This requires detailed attention to IT infrastructure and platforms. Although human error is the main cause of today’s largest breaches, misconfigurations will pose the biggest risk over the the next two years, according to the survey.“Misconfigurations across applications, systems, platforms, and servers—and neglecting to put new default settings in place—can create dangerous pathways for hackers,” the report notes.Organizations know they need stronger security, but budget constraints prevent them from investing in cybersecurity technologies. Businesses also struggle with identifying key risks and detecting and responding to incidents.Despite these challenges, many organizations have succeeded in establishing governance and risk assessment. And more than half of the respondents surveyed have invested in protective technology (55%) and data security (52%). Where organizations come up short is in awareness and training. Investments in this area could help curb breaches due to human error.
Bolstering securityNearly 60% of organizations have successfully implemented cyberthreat detection processes. Yet, it takes an average 128 days to detect a breach, according to the study. To ramp up security initiatives, organizations need to move from the detection phase to continuous monitoring.Beyond that, the best way forward is through a risk-based approach involving:
Regular risk assessment
Advanced analysis
Enterprise-wide risk management
Proactive risk mitigation
"Risk-based management aligns security priorities with the business and helps security leaders become more strategic in their views and outcomes,” explains Barbara Kay, senior director of product marketing, risk, security, and ESG at ServiceNow.Nearly half (43%) of surveyed organizations have adopted a risk-based approach to date.Gain more insights in the ThoughtLab report, including 10 best practices to boost your cybersecurity performance.
How the SEC’s proposed climate disclosure rules can affect your business
Edua Dickerson, vice president of ESG and finance strategy at LIKE.TG, co-authored this blog.Environmental, social, and governance (ESG) concerns are rapidly rising to the top of the corporate agenda. Not only is ESG a corporate responsibility, but it’s also a win-win for enterprises.By embracing sustainability, ethical labor practices, and effective processes and controls, organizations are laying the groundwork for increased value creation, according to McKinsey. In other words, ESG is an opportunity to prosper by doing the right thing.Investors are also keenly interested in ESG. In fact, we’re seeing ESG becoming a critical factor in the investment decision process, both for institutional and individual investors.Climate risk reporting mandateEvidencing this fundamental shift in investment priorities, the US Securities and Exchange Commission (SEC) released a statement on March 21, 2022, proposing rules to standardize climate-related disclosures—including climate-related risk disclosures—as part of certain SEC filings, such as 10-Ks. The SEC’s action follows a wave of similar regulatory requirements in geographies around the world, including the EU, UK, and New Zealand.If adopted, these new SEC requirements could come into effect as early as Q4 2022. That means large companies (those with a public float of $700 million or more) with a fiscal year end of Dec. 31 will have to start phasing in climate disclosures for their fiscal year 2023 report filed in 2024, with smaller companies following a year or two later.Increased emphasis on governance and riskMany large companies already disclose much of this climate-related information in voluntary reports. However, the requirement to include such information in a periodic report will demand additional rigor, increase the need for auditability, and heighten executive and board-level scrutiny.The proposed SEC disclosures share common elements with existing ESG reporting frameworks, including:
Direct (Scope 1), indirect (Scope 2), and value-chain-related (Scope 3) greenhouse gas emissions
How the organization identifies and addresses the impact of climate-related risks over the short, medium, and long term
How the organization intends to meet its climate-related goals and targets
How it’s progressing against these goals and targets
Essentially, there’s an increased emphasis on climate-related strategy, governance, and risk management by the SEC.
Building ESG into the organizationGiven the increased scope and mission-critical nature of these SEC disclosures, businesses will need effective tools and processes to gather, analyze, and report on climate-related strategy and performance. They’ll also need to create, manage, and measure programs to align company activities with stated climate-related goals.This visibility and control need to span the entire business. The imperative is about more than just running an ESG department. It’s about building ESG into every aspect of what an organization does.Unfortunately, many organizations—including those aligning to standardized reporting frameworks such as the Task Force on Climate-related Financial Disclosures (TCFD)—still rely on manual, error-prone processes such as spreadsheets and emails for ESG reporting. This approach doesn’t scale to efficiently provide the climate-related information that investors need and that the proposed SEC rules help address.Instead, IT teams need to work with ESG/sustainability and risk management professionals within the business to implement sophisticated software solutions that enable effective execution, monitoring, governance, and disclosure of climate-related initiatives and concerns across the business.These tools must capture ESG strategy and targets, tie ESG program execution to these goals, provide capabilities to identify and mitigate ESG risks, and automatically gather ESG metrics through internal processes—and by gathering information from third-party ESG data providers (for example, to gather emissions data for an organization’s supply chain).Enabling ESG managementAs part of the LIKE.TG community, you can leverage your investment in the Now Platform® to empower your business with our ESG management tools. LIKE.TG combines the capabilities of LIKE.TG® ESG Management, Integrated Risk Management, and Strategic Portfolio Management into a unified solution that helps your business:
Document climate strategy, including focus areas, targets, and quantified goals
Assess and track climate risks, including creating controls and executing plans to address these risks
Identify and prioritize climate initiatives based on their value, cost, and alignment with ESG strategy
Manage progress of these climate initiatives, keeping ESG programs on track
Gather climate metrics and evidence from internal data owners with auditable workflows
Automatically collect climate and other ESG metrics from third-party providers
Synthesize information, including strategy, targets, risks, projects, metrics, and other data into auditable and traceable disclosures
Find out more about LIKE.TG ESG solutions.Learn more about LIKE.TG’s ESG progress in our Global Impact Report.
Australia spotlight: Why business leaders need to measure ESG impact
Nearly two years of pandemic chaos have given us plenty of time to think about how we live and work. As the world waves goodbye to pandemic restrictions, attention is shifting to action on climate change.Corporate responsibility is now one of the defining issues of our age. From Business Roundtable redefining the purpose of corporations to benefit all stakeholders, to growing numbers of consumers demanding change, the environmental, social and governance (ESG) efforts of companies now face intense scrutiny.At a minimum, investors, employees, customers, and partners expect transparency and action. Organizations that respond will reap multiple benefits:
Improved talent attraction and retention
Increased shareholder value
Decreased operating costs
Higher growth potential
That’s before considering increasing regulations. In 2020, 206 new ESG rules were introduced globally. Government and industry bodies alike are creating ambitious targets with new implications for executive teams and boardrooms across Australia.The call to measure ESGThe clock is ticking on common standards for measuring sustainability. Double materiality rules have gone into effect in Europe, requiring public companies and investors to disclose the risk their operations pose to people and the planet, alongside profitability.At the same time, the World Economic Forum’s International Business Council specified 21 core “stakeholder capitalism” metrics to guide executive teams and boards as they embrace these changes.ESG disclosure developments like these are quickly reverberating across corporate Australia. Stakeholder pressure for organizations to do what’s right and reliably report on progress is impacting every industry.
Survey: ESG is a business imperative
Businesses across the globe are under pressure to address environmental, social, and governance (ESG) issues. The pressure is coming from all sides, including the board, senior management, customers, investors, and employees, according to new research from LIKE.TG and ThoughtLab.“ESG has become a business imperative with real impact on stakeholder trust and long-term value creation,” says LIKE.TG Chief Financial Officer Gina Mastantuono, writing in the Spring issue of LIKE.TG’s Workflow Quarterly magazine.Benefits of ESGOf the 1,000 C-level business leaders in the LIKE.TG/ThoughtLab survey, 64% say ESG enables stronger financial performance. In fact, 73% of financial leaders report that a focus on ESG helped them deliver better results. Only 13% said generating profit for shareholders is a higher priority than improving ESG performance.According to the research, strong ESG performance enables a range of business benefits, including:
Increased revenue growth
Greater shareholder value
Better talent attraction and retention
Improved customer satisfaction
Stronger teamwork and corporate culture
How to achieve ESG goalsThe study shows that organizations worldwide are focused on identifying ESG issues, developing an ESG vision and strategy, creating structure and honing skills to advance that strategy, setting and reporting metrics on ESG performance, and more. Digital technology can help with those efforts. In fact, digital innovation is key to achieving ESG goals, according to 61% of survey respondents.Data and security are important with any digital technology. Currently, 52% of organizations represented in the survey are working to improve their data security and privacy. And 65% of companies plan to address this issue within the next two years.Promising techWhich technologies are organizations relying on to advance their ESG goals? According to the LIKE.TG/ThoughtLab study, companies are embracing the cloud, artificial intelligence (AI), advanced data management and analytics, the Internet of Things (IoT), and digital enterprise platforms, among others.Organizations face significant challenges to reaching their ESG goals. Six out of 10 ESG leaders report a lack of ESG skills and talent. Other challenges include keeping up with changing regulations, insufficient technology investment, uncertain business case, and high implementation costs.LIKE.TG® ESG solutions can help you get control of ESG across your organization to realize value and business outcomes.Gain more insights in the ESG issue of Workflow Quarterly.
A comprehensive lifecycle approach to ransomware defense
Ransomware continues to be a costly and growing problem. According to Infosecurity Magazine, the number of ransomware attacks grew 288% between the first and second quarters of 2021. Cybersecurity Ventures estimated a ransomware attack occurs every 11 seconds, Cybercrime Magazine reports.The resulting price tag from ransomware is truly staggering. Cybersecurity Ventures further ransomware damages could cost victims approximately $20 billion globally in 2021, and that ransomware costs would increase to $265 billion by 2031.Why ransomware defense efforts failYour technical and business managers may recognize the threat and high cost of this cybercrime, but ransomware defense strategies are too often haphazard.Many organizations continue to treat ransomware as a technology or IT matter alone, or as a business continuity or cyber compliance controls issue—instead of developing a comprehensive ransomware defense program.Ransomware is often thought of in the context of threat detection and response, but this viewpoint also comes with a host of problems. For example, security operations are often stymied by too many tools, manual processes, and limited security staff and skills.This results in a perfect environment for ransomware adversaries to circumvent controls, encrypt data, extort victims, and demand ransom payments.Countering ransomware: A 4-phase approachTo defend against ransomware, organizations like yours need to change their defense approach. The best way to ensure end-to-end cybersecurity is with a strategic, four-phase lifecycle program:
Planning: Organizations need a specific plan focused on ransomware defense. This plan must be supported at all levels and across all departments—security, IT, compliance, risk, and business management.
Prevention: Although no action will guarantee ransomware immunity, organizations can take pragmatic steps to make ransomware attacks less likely and more costly for cyber adversaries to conduct.
Incident response: You need an incident response plan that’s been tested and fine-tuned.
Continuous improvement: Once a ransomware attack is fully under control, organizations should strive for continuous improvement by taking steps, such as assessing all aspects of a ransomware event, conducting an impact analysis, and identifying an improvement plan.
Integrate security, risk, and IT technologiesRansomware defense should be managed as a closed-loop lifecycle program with each phase influenced by its predecessor and impacting its successor. Because this demands tight coordination across security, risk, and IT technologies, LIKE.TG offers a complete portfolio of IT, security, and risk management tools that spans all four phases of ransomware defense.Learn more in the Enterprise Strategy Group white paper, A prudent approach to ransomware defense.
Setting up ESG success: Experts weigh in
Organizations across the globe are recognizing the importance of environmental, social, and governance (ESG) initiatives and what they mean for moving business forward. Many leaders have taken bold steps to advance ESG goals. Others are just beginning to dive into ESG and are considering ways to embed it into the company’s overall strategy.I spoke with business leaders on the Innovation Today podcast to get the lay of the land on why and how organizations should incorporate ESG into their overall strategy and operations to set themselves up for ESG success.Understanding where you areFar beyond meeting compliance, businesses are discovering that the effects they have on the environment, society, and risk management are good for business. According to Trish Beltran, manager of ESG advisory services at RSM, the benefits include better:
Long-term financial performance
Risk management
Employee attraction and retention
Reputation
Investment appeal
Yet ESG is complex, and companies are looking for solutions that can help achieve ESG goals. “Really, the first step is understanding where you are,” Beltran says. “That way, you have a better pulse on what is feasible for your company to do. You probably have current initiatives already, so you just need help bucketing those into the ESG categories.”
Setting actionable goalsThe key is to start in some small way by setting actionable goals. The first question companies need to ask is, “What are our current ESG priorities?” Secondly, “What strategies are we using to achieve our ESG goals?”Although some target dates are in the distant future—2030, 2035, 2040, and later—it doesn’t pay for companies to wait until the last minute to meet compliance standards, according to Carey Blunt, global head of LIKE.TG solutions at Fujitsu.“Some of these targets are quite far off,” he says. “It will be very easy to kick the can down the road and sort of forget about those things for a while because they seem like they're too far away in the future. In order to hit a goal sometime in the future, it's important to have incremental goals and targets on that journey.”He recommends companies start by setting SMART goals, which are specific, measurable, achievable, realistic, and timely. Then they need to think about the data surrounding those initiatives: Is it available, and how often do they need to collect it?Achieving ESG goals starts by gathering data, according to Alexey Klimenko, CEO and co-founder of Emission Box. But the path from data to ESG action is crucial. “Having data alone doesn’t matter,” he says, “but doing something about that data is what matters. You need the right tool to see all the data in one place so you can focus on actions.”Software systems can collect data, predict outcomes, and direct efforts to help companies reach goals.Tracking progress and measuring resultsBreaking down overall ESG goals into measurable milestones allows companies to track progress through systems that collect data on a regular basis. That data provides a visual understanding of where programs and projects stand in relation to goals. As companies meet one target, they move to the next, entrenching ESG into the culture.“If they do that for one goal or two goals and start to measure the data, they iterate and then add more and more over time,” Blunt explains.No matter which ESG segment companies concentrate on, setting a firm foundation for technology solutions is critical in terms of reaching goals. Reassessing and updating digital solutions is vital for companies to measure targets and provide timely ESG updates to stakeholders.
Saurabh Dubey, managing director at Deloitte Consulting, says it’s important to get started because this is a journey. Companies should think about the goals they care about and that will help them be successful—and how they’ll track results.“The what is what they should be doing, and the how is how they enable it using a technology landscape,” Dubey says, “because what we're talking about is not a one-time transformational project you can do and be done with.”A core set of ESG values applies to every company, he explains. The E focuses on environment, maybe conserving water or carbon neutrality. The S concerns social equity, inclusion, and diversity. The G, governance, is largely focused on cybersecurity—protecting privacy and information.“Start by tracking those and automating how you track those so that you can then start focusing on things that are relevant to your business,” Dubey says. “You use your resources the right way by enabling the technology to take care of things that you already have.”Taking a proactive approachSome companies find tracking and achieving ESG goals challenging in the current macro environment. Leaders concerned with belt-tightening and budget stagnation or cuts may place ESG planning on the back burner. But investing in ESG strategies can help differentiate companies from their competition.James Patten, managing director at KPMG, believes it’s the opportune time to focus on putting processes in place to execute ESG targets. Staying in front of value preservation and creation, brand reputation and, ultimately, customer loyalty is critical to creating a competitive edge.Achieving ESG-related goals “is not going to happen overnight,” Patten says. “Prioritizing this now, even through uncertain economic times, versus pushing or delaying to later is going to help meet that stakeholder demand as well as set companies up for what we hope to be accelerated growth when the economy strengthens. So plant those seeds now to be able to accelerate when the economy does strengthen.”Find out more in our ESG partner ebook. It includes perspectives from LIKE.TG thought leaders Edua Dickerson and Maria Hart, and from our visionary partner ecosystem: Deloitte, Emission Box, Fujitsu, KPMG, RSM, and many more.
A 6-step operational excellence strategy
Digital technology investments to spur innovation continue to be a chief goal for organizations. Yet 53% of respondents in the 2023 Gartner CIO and Technology Executive Survey named improving operational excellence as their top objective over the last two years. Forward-thinking business leaders understand that even in times of uncertainty, a sound operational excellence strategy is critical to maintaining competitive advantage.Operational excellence has traditionally focused on managing process and production issues to control things such as defects and downtime—from keeping factory assembly lines in operation to ensuring employees follow proper safety protocols. Today, executive decision-makers recognize the value of looking at operational excellence from a higher level, encompassing end-to-end, enterprisewide operations—everything from planning and executing IT initiatives to boosting employee productivity and satisfaction.It’s not simply about saving money. Achieving operational excellence means transforming the way organizations conduct business so they can deliver on technology investments and provide greater shareholder value, agility, and organizational resilience.It may be challenging to determine where to get started. Here are six steps toward an effective strategy.1. Create fusion teams for better agilityThe pursuit of operational excellence may require rethinking core assumptions about business models and organizational structures. Sometimes it requires dismantling once-sacred silos so IT and business teams can join forces and create new approaches to risks and opportunities.“Overdependence on IT staff for digital delivery reflects a traditional mindset, which can impede agility,” says Daniel Sanchez-Reina, an analyst and vice president at Gartner. “CIOs must embrace democratized digital delivery by design to accelerate time to value. Equipping and empowering those outside of IT—especially business technologists—to build digitalized capabilities, assets, and channels can help achieve business goals faster.”2. Unite your teams through a common languageThe reality is that business and IT don’t always speak the same language. Yet it’s powerful when an organization can bring the two together so that everyone has a shared understanding of how processes and technology align across the enterprise.One way to achieve this goal is to adopt a single, powerful platform with one data model, one architecture, and one technology and business framework to ground the organization in a common language and understanding.
3. Focus on mission-critical enterprise functionsIt's unrealistic to expect to overhaul every aspect of the enterprise to achieve operational excellence. Organizations can start by connecting and automating mission-critical enterprise functions, including:
Managing risk
Boosting environmental, social, and governance (ESG) engagement
Delivering strategic initiatives to improve performance and gain agility
4. Increase visibility into riskDespite the operational challenges all organizations faced during the pandemic, relatively few companies have workable business continuity or disaster recovery plans in place today. It’s essential to be able to manage high levels of existing risk—not to mention those on the horizon. Embedding risk management and compliance into digital workflows can provide new insights for better decision-making, support, and navigating change and external disruptions.5. Ramp up ESGA 2022 Deloitte survey found that more companies are moving from committing to ESG to taking action. In fact, 57% of executives reported they’d implemented a cross-functional ESG working group Why? Because progress on environmental, social and governance (ESG) goals also helps businesses operate more efficiently.Embedding ESG reporting, programs, and practices into core business processes across the enterprise allows IT leaders to eliminate silos and create efficiencies to help mitigate risk, control costs, and innovate.6. Connect investments to strategic outcomesIf leaders lack visibility into investments or what employees are working on, how can they know if their strategies are effective?When these things are visible, it’s possible to see how they align with strategy—and can provide confidence in the data. This enables the organization to pivot quickly in response to change. Using a single platform, with a centralized view, for an entire organization lets IT leaders see and track how strategies are performing across different methodologies.Improving operational excellence depends on business and IT speaking a common language so they can work together to pursue new opportunities. It also means connecting and automating mission-critical enterprise functions to manage risk effectively, ramp up ESG, and connect strategies to business outcomes. Organizations that take these steps will be ahead of competitors that don’t.Find out more in our Operational Excellence Handbook.Gartner Press Release, Gartner Survey of Over 2,000 CIOs Reveals the Need to Accelerate Time to Value from Digital Investments, Oct. 18, 2022GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
How data anonymization can strengthen data privacy
Data Privacy Day is an international event observed on Jan. 28 in the United States, Canada, Nigeria, Israel, and 47 European countries. It’s a time to raise awareness about data protection best practices.At LIKE.TG, one day is not enough to focus on data privacy. We prioritize protecting personally identifiable information (PII) for organizations and individuals every day of the year. One of the best ways to do that is through data anonymization.Assessing the data privacy landscapeAny compromise or breach of sensitive information can have a significant negative impact on an organization—including revenue loss, reputation damage, intellectual property loss, and large fines.PII-related data breaches are on the rise. According to the 2021 Data Breach Report, the most frequently compromised data is people’s names, Social Security numbers, dates of birth, and home addresses.IBM research found the global average cost of a data breach reached an all-time high of $4.35 million in 2022. Data breaches involving PII are the most common and the most expensive, costing $150,000 more than the average data breach, the research adds.Growing data breaches and privacy concerns have led governments worldwide to adopt privacy regulations, such as the European Union’s General Data Protection Regulation (GDPR), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and China’s Personal Information Protection Law (PIPL).According to Gartner®, “By year-end 2024, 75% of the world’s population will have its personal data covered under modern privacy regulations.”1 Failure to comply with these privacy laws could result in steep fines, potentially costing a company up to 4% of its global revenue, according to a CNBC article.Ways to anonymize dataData anonymization offers a reliable way to protect PII. LIKE.TG Data Anonymization, introduced in the Now Platform Tokyo release, helps protect sensitive data through different preserving techniques for production and subproduction instances. It also helps organizations with regulatory compliance.Prior to anonymization, data should be classified according to its sensitivity. After that, PII can be anonymized in two ways.1. PII associated with a specific userAdministrators can choose to anonymize either all or part of the PII associated with a particular user using techniques such as selective replace (format preserving) or replace with a string. These techniques preserve other PII such as business phone or city, and data for other users is not affected.
2. Data class/columnA column containing sensitive information can be anonymized before using the data for testing or before sharing it with any third-party entity. Anonymizing a column can be scheduled as part of the clone process of a data anonymization policy. This eliminates the need to make manual changes or run a separate script in the subproduction environment.For example, all records under a credit card column can be anonymized using a customized technique that keeps the first digit and last four digits of the credit card number intact for processing requirements
Once anonymized, user data is no longer considered regulated private information, as it can’t be associated with an individual.Advancing data securityLIKE.TG Data Anonymization is a key component of LIKE.TG Vault, a set of advanced security and privacy controls that help organizations protect data, increase compliance, and boost their security posture.Privacy regulations will continue to emerge and evolve. Having and enforcing robust data privacy policies and practices can help avoid data breaches, potential lawsuits, government-imposed fines, and regulatory investigations.Find out more about how LIKE.TG helps organizations protect PII and stay compliant.1 Gartner Press Release, Gartner Identifies Top Five Trends in Privacy Through 2024, May 2022GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Prevent long IT security workdays through collaboration
From surprise zero-day vulnerabilities to new exploits surfacing in the wild, few things ruin an IT security analyst’s after-hours or vacation plans faster than having to work overtime because of a cyberattack.Here’s a glimpse into how the story usually goes at most companies:A horribly bad cybersecurity dayThe first cup of morning coffee or tea is on your desk. Your fingers are crossed that no critical, urgent incident will surface toward the end of your workday so you can make it to your spouse’s birthday dinner at 6 pm.All of a sudden at 4 pm, you get a notification about a vulnerability in software that you know is running somewhere on your network. First, you realize it has to be patched right away. Software as a service (SaaS) vulnerabilities account for 43% of all cybersecurity incidents, according to The Hacker News. A patch or configuration change could probably help you avoid most security breaches.Second, you grasp that your day is about to go haywire because your company has multiple, disconnected systems. It also lacks a way to track its device and software inventory. With an average of 40% of IT spending going to shadow IT, according to Jamf, there’s a decent chance a rogue app wouldn’t show up on any official list anyway.Because you can’t remediate what you can’t find—and you don’t know how the threat is affecting your users or critical systems—you have to pull in teams from other areas, such as risk management, IT asset management (ITAM), and IT operations management (ITOM). You’ll need their help to sift through siloed systems and track down where the application is installed.Better call your spouse. It looks like an hourslong, cross-functional firefighting event is about to get underway—and you might be late for dinner.
Could modern IT security solutions help?If this situation sounds familiar, you’re not alone. Few security teams consistently collaborate on risk reporting. Could all this chaos be avoided with better coordination? Is there a way for these separate teams to work together as one, in real time?There definitely is. Moving to modern, integrated, and automated IT security solutions housed on a single platform can bring together multiple IT workflows. That can give teams comprehensive visibility to identify, react to, and resolve issues fast, within the workday—without disrupting their evening plans.Automation to the rescueWith dashboards for automating security management, ITAM, ITOM, and other business-critical services on one platform, you can seamlessly shift your cyberthreat response from obfuscated to orchestrated. In addition to centralizing communications for all your event conversations in an instant messenger such as Microsoft Teams, imagine that you can:
See your entire IT estate: A robust configuration management database means you can search which devices are running which software, even down to the patch version.
Find software anywhere in your organization: A combination of agent-based and agentless discovery can help you monitor your network from the cloud or an endpoint device.
View devices and software together: Discovered software and purchasing data are combined and updated as assets.
Monitor for changes continuously: An AI-driven risk assessment tool constantly monitors for modifications.
Rank vulnerabilities by impact: A security operations tool collects and prioritizes vulnerability data based on potential consequences.
Manage software without intervention: Automated workflows detect, track, and trigger software patching actions for devices that connect to the network, and update asset data for their related software lifecycles.
Track risk levels in real time: With just a few mouse clicks, you can prioritize emerging threats as they evolve.
Keep key players updated: Risk analysts can stay apprised of changes and remediations on their tailored dashboards.
Leave a digital trail: The platform captures a history of every action to show data and verify the issues were managed properly for compliance audits.
Orchestrated vulnerability responseModern, connected solutions give this story a happy ending. Instead of chaotic, manual, and time-consuming processes, IT teams get an integrated, automated, single-platform approach that makes problems manageable within the workday.When risk management, ITAM, IT security, and ITOM are natively integrated and orchestrated, organizations benefit from visibility, cyberthreat remediation, and governance to reduce risk. More efficient work means less firefighting—and more time for after-hours celebrations.Find out more about managing vulnerabilities on a single platform in our ebook, Same cyberthreat, different story.
Moving the Needle on ESG Reporting
The world of environmental, social, and governance (ESG) is all about moving from intent to impact while creating long-term value for businesses. Many companies are struggling to keep up with the overwhelming demands of ESG reporting, implementation, and initiatives.I recently had the pleasure of attending and speaking at two ESG-focused events: Hannover Messe and ESG Europe. Of the many topics and issues discussed, one thing was clear across the board: The highly fragmented reporting landscape in Europe and around the world is hindering progress in the ESG space.Assessing the current environmentThis shifting landscape puts pressure on the already-overtaxed small teams responsible for operationalizing ESG at scale. The European Union’s (EU’s) Corporate Sustainability Reporting Directive (CSRD) and growing recognition that ESG considerations offer both risk mitigation and value creation opportunities to companies that take it seriously over the long term are good examples.Many factors are at play: lack of a unified global standard, confusion around mandatory versus voluntary disclosure, and varying requirements at the local, national, and global levels. For multinational corporations, this becomes an even greater challenge as they struggle to meet changing requirements across borders.The introduction of the EU CSRD, on top of other confusing regulatory frameworks, is burdensome—and we haven’t even seen how localization will affect the regions.According to future-facing law firm CMS, “The reporting standards comprise 82 disclosures with phasing-in periods for several areas. There are 1,144 data points that may need to be reported on, dependent on how material they are assessed to be.”
Embracing technology for ESG efficiencyWhen ESG teams spend all their time reporting and telling the story of the past, it’s hard for even the most dedicated teams to write the future. And there’s never been a more important time to prioritize ESG. Strong ESG propositions have been linked to cost reduction, regulatory and legal interventions, productivity enhancement, investment and asset optimization, and value creation across top-line growth.Now more than ever, as we wait for harmony in the regulatory space, we need a more efficient way to showcase progress in ESG. That’s where technology comes in. Technology-enabled solutions, such as LIKE.TG ESG Management, can help ESG teams manage and measure risk and master the challenge of reporting. Tech can help overtaxed teams keep pace with the ever-changing regulatory landscape.Beyond regulations, technology can enable companies to create real solutions to climate change. It has the power to address climate change goals, carbon sequestration, and net-new energy sources—and enable just corporate transition.It also holds the power to remove friction and create greater efficiencies in these programs and reporting. Technology can help teams move from reporting on the past to achieving their missions for the future.I was struck by something Markus Müller, chief investment officer at Deutsche Bank, said: “This entire thing is about resources—environment, society, labor, policy, governance. These are indicators we need to transform our society. We have limited resources, and we'd be naive to say we are not dependent on the things we are embedded in."Everything in our world is dependent on the planet we inhabit—and we’re breaking the machine that sustains us. The first step toward creating positive change and a better future is embracing tech-enabled solutions to ease the strain of reporting and inspire others with stories about the endless possibilities.Find out how LIKE.TG helps organizations manage ESG to create value.
Australian cyber resilience: How to keep your customers from leaving
The increasing frequency and cost of hacks across industries in Australia has made cyber resilience a top priority for businesses and governments. It’s also made consumers more aware of risks to their data: The 2022 LIKE.TG customer experience (CX) survey found 64% of respondents trust organizations less than they did a year ago to keep their data secure.Cybersecurity can directly affect your bottom line. Australia’s telecommunications sector is a good example. After one of Australia’s largest firms was hacked, 10% of its customers walked away, according to news.com.au. Another 56% indicated they were considering leaving.Similarly, the LIKE.TG CX survey found 59% of Australians will stop doing business with a company if it gets hacked and loses their data. Nearly half (47%) of survey respondents view organizations keeping their personal information safe as a critical factor in good customer service.Organizations must maintain a strong security posture to keep all their digital assets and IT systems protected. Those that don’t will likely see customers take their business elsewhere.The changing cybersecurity landscapeHacks are on the rise for many reasons. The threat surface—the number of potential entry points or vulnerabilities that can be targeted—has increased as new technologies and digital business models have become more widespread. The rise of remote working, cloud computing, and the internet of things (IoT) means security measures must extend far beyond office walls.The IBM Security Cost of a Data Breach Report 2022 found a cyberattack costs an Australian business on average AU$4.29 million, with the largest expense associated with detection and escalation.1 It took 70 days on average to resolve a hack.Meanwhile, a 2022 cybersecurity study from ThoughtLab, co-sponsored by LIKE.TG, found more than 40% of businesses fear their cybersecurity efforts aren’t keeping pace with digital transformation. Remote work has only increased the risks.
3 ways leaders can prioritize cybersecurityCustomer service is uniquely vulnerable to a data breach, as it’s where most customer data flows into a business. Every employee, regardless of their role, should think about security, but good cybersecurity practices need to be a leadership priority. CX leaders should be especially alert.Here are three ways organizations can help ensure their leadership prioritizes cybersecurity:1. Create a steering committee for cybercrime, gathering stakeholders from different parts of the organization. The members of the committee can include the chief operating officer, chief information officer, general counsel, and division leaders, as well as board members.This committee should conduct planning exercises and bring together cross-functional teams to map business functions and the threat landscape.2. Think like an attacker. Make plans around likely incidents that are relevant to your sector and business. Look at what assets or teams would be most affected and how much your business, staff, and customers would be damaged if the worst happens.3. Plan your response to a hack. If it takes 70 days to resolve an attack, that’s 70 days your business won’t function properly and customers won’t be served. Practice your action plan and rehearse restoring your systems and data from backups.The customer reward from secure systemsThe recent Australian hacks have put cybersecurity front and center. They’ve also led to a mindset shift for customers. Investing in cyber resilience preserves future revenue by helping to ensure customers don’t walk if a breach happens.Breaches will become more common. Concepts such as privacy by design that build security into every stage of your products and services can be competitive differentiators.Find out how LIKE.TG helps organizations improve cyber resilience and vulnerability management while speeding response times.1 IBM Security, Cost of a Data Breach Report 2022, July 2022
Prioritizing ESG across the enterprise
The last three years have cemented environmental, social, and governance (ESG) as a business imperative. According to a LIKE.TG and ThoughtLab survey of 1,000 international business leaders, 57% report ESG is a top strategic priority for their C-suite and board. As organizations battle the many external challenges they face, prioritizing ESG efforts is a must.Simply put, ESG management helps operationalize and govern your goals across the enterprise. It’s the solution to effectively balance purpose and profit. Let’s explore four ways businesses can improve their ESG stance.A proactive approachThis macro environment is filled with risk, from climate change to supply chain issues to reputational forces that may impact a business’s license to operate. Implementing a proactive risk management strategy can help you be prepared for problems that may arise. Embedding ESG into your risk and resilience plans is crucial to stay ahead of coming challenges.Watch our ESG and climate risks and resilience webinar to get tips on turning your ESG goals into action. Jessica Pransky, principal analyst for ESG and sustainability at research firm Verdantix, sheds light on developing an effective ESG strategy.ESG and risk management integrationAt LIKE.TG, we say governance is our superpower. The best way to manage ESG risks and operationalize solutions is through integration. Organizations are under pressure from stakeholders to create a solid system of action to address the world’s most pressing challenges. Combining ESG management and risk management can help you increase transparency and build resilience without putting too much strain on your business.LIKE.TG integrated risk management (IRM) can help you stay in control of ESG and climate risks. Learn more in Gain control of your climate and ESG risks.E-waste eliminationAn often-overlooked area of ESG that’s a major problem worldwide is e-waste. Sustainability should extend to electronic assets. Organizations have a responsibility to ensure the consumption of their assets is optimized and that they’re properly disposed of.A single system of record can help you track your assets and see how your ESG initiatives in this and other areas provide long-term value. Find out more in Drive ESG outcomes with ITAM.ESG progressIncorporating ESG on a wide scale is essential for modernizing and future-proofing your organization. Since ESG spans a breadth of topics and people, addressing it through a siloed approach will not give you the results you want or need.Watch Understanding the ESG Maturity Model to find out where your organization stands in ESG maturity. You’ll also learn more about how to create a unified and integrated approach to ESG.
Mitigate cyberthreats automatically with AIOps
The majority (83%) of employees across industries want their jobs to remain hybrid, Accenture reports. Yet nearly 50% of CIOs feel their cybersecurity initiatives aren’t keeping pace with their digital transformation efforts, according to research by LIKE.TG and ThoughtLab. Neither are their cybersecurity budgets.Combining artificial intelligence (AI) and machine learning (ML) for IT operations (AIOps) can help.Smart automation can head off threatsWith 3.4 million unfilled security jobs worldwide, according to Fortune, perpetually understaffed IT teams are having to pick up the slack. Hybrid work and new business opportunities are increasing the demand for technology services. This leaves IT stuck trying to deliver and secure new groundbreaking applications while using the same old manual, disconnected tools and techniques.To overcome these challenges and mitigate cyberthreats, IT and security operations teams need to join efforts and apply a common, automated approach to connect workflows across the enterprise. That's what AIOps offers.AI-based automation empowers 24/7 unstaffed monitoring, real-time alerts, and actions based on defined policies and risk tolerance. Moving from manual processes to AIOps enables security and operations teams to:
Take a predictable, proactive approach to incident response
Automate responses to reduce threat vulnerability
Promote collaboration to respond to problems fast
A unified automation platform makes it possible to share data and workspaces across otherwise fragmented teams and integrate and enrich data and analytics from different tool sets. This can help improve findings, actions, and outcomes.Strategic automation can speed response timesAmong IT departments that have adopted automation to improve their operations, 47% use it to escalate security incidents, and 37% rely on it to create and route tickets, according to IDC.Strategic automation builds confidence among IT teams: 47% believe it increases efficiency across the organization, and 32% say it increases compliance, IDC adds. AIOps is a game changer for security teams, IT teams, and the entire business.Using AIOps to create end-to-end, proactive workflows across operations, security, and service management can accelerate response times by:
Automating and orchestrating processes
Assigning ownership
Tracking incident status in real time
Centralizing data and reporting
Enabling shared data and operational excellence
Helping IT come to terms with hybrid workHybrid work is here to stay. Your IT teams shouldn’t be put in the position of pitting corporate security against employee and customer satisfaction—or dreading having to support your increasingly digital business because they don’t have the tools and platform to do it efficiently.Connecting traditionally siloed IT and security operations teams and workflows across the enterprise makes it easier to thwart threats, even with fewer staff. With AIOps, you can automatically reduce risk while keeping hybrid workers happy—and IT headaches away.Find out more in our ebook: Thwart cyberthreats fast with security operations.
3 key ingredients for operational excellence
The definition of operational excellence is undergoing profound change. Instead of an enterprise consisting of multiple islands of expertise and efficiency, operational excellence now means breaking down the operational barriers to improve collaboration across departmental lines.This more holistic approach unites the complementary expertise of different teams to create a whole that’s greater than the sum of its parts. It delivers fresh thinking and creative solutions to many of the long-standing challenges that have kept businesses from operating at their best.In the current business climate, enterprises face challenges that span multiple teams and departments. To manage risk effectively, organizations must identify vulnerabilities, be proactive, and coordinate efforts and resources. Previously disparate teams must work together to keep the business running. Every business function must identify its contribution to customer success and its interdependencies with other teams.In other words, operational excellence now means a lot more than simply cutting costs. It requires three key ingredients:1. Achieving strategic outcomesIn an ideal world, projects and programs seamlessly align with organizational goals. But decision-makers don’t always have visibility into budgets and resources to properly gauge their impact and verify their strategic value.By increasing visibility and transparency and improving access to project data, companies can better prioritize, plan, and execute the work that best supports overall goals. Organizations can see where people are working—and how that work contributes to strategic direction. They can also gain flexibility to pivot quickly when strategy evolves.
2. Driving efficienciesGlobal business services (GBS) organizations don’t have unlimited budgets—but the demand for services keeps growing. Business leaders want the digital foundation that will help them standardize and automate service processes while keeping costs in check.By streamlining processes that cross organization boundaries, companies can deliver simpler and more consistent employee experiences, improve visibility into service budgets, and scale service delivery.3. Managing risk and resilience in real timeEvery day, the scope and severity of risk seems to grow. New technologies and business models open the door to business transformation—but they also introduce the unknown. Virtually every business on the planet witnessed the disruption that a black swan event such as a pandemic can cause.In this more volatile and unpredictable climate, business continuity and disaster recovery plans are table stakes. Today’s risk teams need wider and more accurate visibility into risk to stay on top of a quickly evolving competitive landscape.Businesses must embed risk management and compliance into their digital workflows and provide familiar user experiences that deliver efficient performance, promote resilience, and reduce third-party vendor and supply chain risk.Discover the advantages of a single, holistic platform to drive operational excellence in our Book Of Knowledge: Operating Excellence.
Survey says ESG technology drives results
Organizations worldwide are taking bold and transformative steps to achieve environmental, social, and governance (ESG) goals. A global LIKE.TG and ThoughtLab survey of 1,000 C-suite executives found that the vast majority (95%) of self-proclaimed ESG leaders are implementing ESG technology to drive results.“Digital technology gives companies the tools to understand their impact and help them achieve their ESG goals,” explains Edua Dickerson, LIKE.TG vice president for ESG and finance strategy, and guest editor of the Spring 2023 issue of Workflow Quarterly. “To be sure, technology isn’t enough. Success also requires strategic acumen and committed and passionate people.”
Adapting to advance ESG goalsBusiness leaders recognize that a holistic approach to ESG that includes operational and cultural objectives, as well as financial targets, offers advantages. Among those surveyed, 48% say ESG programs are a top priority with the C-suite and board. Four out of 10 leaders are working to hire and retain employees who can help them achieve ESG goals.Organizations are adapting their business models across individual areas and operations to align with those goals. The report shows that 53% are incorporating ESG into their digital transformation plans and 56% are using advanced technology to reach their targets.Short-term profits vs. long-term objectivesWhile 48% of respondents agree ESG drives better financial results in the long term, more than one-third (35%) say the current economic environment hinders their efforts. Concerns include rising interest rates and energy costs, as well as supply chain problems and geopolitical tensions.Some executive teams, feeling pressure to produce profits, are placing their ESG goals on the back burner. Nearly one-quarter (24%) report that it’s difficult to achieve both advanced ESG initiatives and shareholder expectations in the current macro environment.However, our research shows that this is a false choice. “It’s never been clearer that the right ESG strategy can help a company boost productivity, control costs, and manage risk,” Dickerson says. “In today’s unsettled economic environment, ESG champions are positioned to come out on top.”Digital technology drives ESG outcomesOne way they’re doing that is by embracing technology. While 63% of executives currently use the cloud as a tool for ESG initiatives, 74% plan to do so in the next two years. Companies are also adopting AI, advanced data management, cybersecurity technology, the internet of things (IoT), robotic process automation (RPA), and workflow automation to support their ESG efforts.
In addition to enabling transparency and reducing costs, adopting digital technology can help organizations reduce pollution, increase governance, and improve social sustainability.Technology also improves visibility. Leaders understand they can’t know where they’re going unless they know where they’ve been. Data collection to track ESG progress and results determines how initiatives and outcomes affect operations. Tracking enables decision-makers to assess effectiveness, manage risk, and inform employees and stakeholders.The leaders in our survey expect progress in ESG to yield financial, operational, and strategic benefits over the next few years. Although numerous challenges remain, ESG technology allows companies to advance their ESG commitments, linking profits and purpose.Gain more insights in the Workflow Quarterly Spring 2023 issue.
Survey: Risk-readiness leads to organizational resilience
Organizations worldwide face growing risks from rapidly changing technology, sustainability pressures, macroeconomic turmoil, and geopolitical disruptions. Risk-ready, resilient organizations can detect and respond to all these pressures more quickly, according to a global survey of 1,000 C-suite executives conducted by LIKE.TG and ThoughtLab.“In recent years, it’s become increasingly clear that building resilience against risk is a strategic investment that can help companies outperform,” says Ben De Bont, chief information security officer for LIKE.TG and guest editor of the Summer 2023 issue of Workflow Quarterly.Organizational resilience mitigates riskWith a rise in the frequency and sophistication of cyberattacks, many survey respondents don’t believe they have effective systems in place to detect and respond to cyberthreats. Just under half (49%) of risk-ready organizations—those that feel prepared to address technical, operational, and strategic risks—feel secure. And only 14% of other respondents say they can detect a cyberattack.Although digital transformation can create new risks, it's also a key tool for risk mitigation. As evidence, 76% of respondents believe digital technology drives resilience. Additionally, 65% of risk-ready organizations say digitization will improve their detection of threats, as well as their ability to track risk across the enterprise.
Resilience yields rewardsIntegrating risk management offers numerous benefits, including fewer breaches and faster resolution times. That translates to positive financial results across the business.Organizations that haven’t prioritized risk-readiness take a more pessimistic view, with 27% struggling to find a balance between innovation and risk management.According to risk-ready organizations, the top three results of improved risk management are:
Greater customer satisfaction
Reduced costs
Higher profitability
Other key benefits include market share, improved employee engagement, and increased sales.The road to risk-readinessCompanies are harnessing cloud computing, AI, data management, cybersecurity technology, and the internet of things, among other technologies, to manage risk. As tech and market conditions evolve, so does risk.
Our research shows that risk-ready organizations tend to build risk-aware cultures. In fact, 59% of all CEO survey respondents agree that breaking down silos within the organization is essential to managing risk and fostering resilience, and 73% of CEOs believe technology is a key driver of resilience.Those percentages are higher for other C-suite executives, especially chief information officers and chief risk officers, who play key roles in managing organizational risk. Additionally, 76% of leaders in the survey expect to hire outside consultants and risk experts in the next two years to assess risk and optimize organizational resilience.Looking ahead, it's crucial for leaders to understand their unique business risks and put processes in place to ensure their organization’s future security.Gain more insights in the Workflow Quarterly Summer 2023 issue.
The financial upside of investing in great customer service
With today’s customers wielding more and more power, businesses need to transform their customer experience and invest in technologies that improve and speed the journey. Customer service is a critical point of contact where dollars and loyalty can be easily won or lost. Organizations today must retool customer support to resolve complex customer issues end-to-end, intelligently fix problems before customers know about them, and instantly take care of common customer requests.Providing an exceptional experience is not just a way to win the hearts and minds of customers, it’s an economic imperative critical to a company’s financial success. Standardizing on a customer service management solution can help dramatically speed issue resolution time, improve agent productivity, and ultimately impact the bottom line through repeat business and customer loyalty.Register now for a LIKE.TG webinar on June 12th, featuring a guest from Forrester, and hear details from the Total Economic Impact™ commissioned study* covering how LIKE.TG customers doubled agent productivity, achieved $7.8M in Net Present Value, realized a 12-point increase in Net Promoter Score, and more, after implementing LIKE.TG Customer Service Management solution.Check out key take-aways from the study:
* Business Value of LIKE.TG Customer Service Management, Total Economic Impact Study – Commissioned study conducted by Forrester Consulting on behalf of LIKE.TG, April 2019.
How to Turn Raging Customers into Raving Fans
Think about the last time you contacted a company—were you calling to offer a compliment or thank the company for their excellent service? Chances are that wasn’t your motivation. More likely you called customer service to complain about something that was wrong.Customers typically pick up the phone when they need to resolve an issue. And frequently, that’s after they’ve tried to find the answer on their own with no success. Depending on how long they have spent searching, you can imagine patience may be running low by the time they call, making that engagement especially challenging.In fact, two-thirds of customers who encounter customer service problems experience feelings of rage, according to a 2017 survey by Customer Care Measurement and Consulting. Rage seems to be on the rise in other ways: Some customers will even go to “rage rooms” where they can blow off steam by demolishing breakable items, electronics, or objects of their choice.While no one can break or throw anything on a negative customer-service call, the outcome of a bad experience can be far more detrimental than broken glass. It can do serious damage to customer loyalty and brand perception if customers tell others about their experience.Staying ahead of the game with a proactive strategy for combating customer rage will help you turn customers into raving fans. Here are a few useful rules of thumb:
Be proactive. The best problem to have is one that’s already solved. Improve your customer experience by addressing issues before your customers are even aware of them. Monitor the health of customers’ products and services. Act on trend data, or real-time data from connected devices, to better anticipate needs or spot problems as they’re happening. If you find an issue and fix it before your customer even knows they have it, they’ll never need to pick up the phone.Another strategy is to take steps to anticipate customer needs so when they do reach out, you’re already a step ahead. If you sell or manufacture consumer products, you can also take stock of your onboarding content for first-time users. Is it complete? Is it easy to find on the web? Can you push it to them proactively when they buy? Proper planning ensures customers can find exactly what they need, when they need it. And that makes everyone happy.
Improve self-service outcomes. Customers prefer self-service, but only when it works. To improve outcomes, offer connected experiences to your website that manage processes end to end. Simplify routine inquiries with automation, machine learning, and virtual agents. If customers can’t find the answers they’re looking for, reduce their frustration by letting them escalate to a live agent with a simple click or tap.Intelligent workflow technology can also work in the background to open a new case, route the question to the person with the right skill set to solve the problem, create additional workflow tasks as needed, and manage tasks to completion. You can also make sure the customer feels like they’re in complete control by letting them view and respond to open cases, check service notices, or get updates on product or service status anytime, anywhere, on any device. Giving customers control positively impacts their perception of your company and brand.
Personalize, personalize, personalize. When stress is high and time is short, customers have zero patience for slogging through irrelevant information to answer questions or resolve issues. Personalized self-serve portals are a great way to make sure your customers keep their cool.Start by making it easy for them to view and track their orders, products or subscriptions, history, or account details online. Shortcut their search for answers by proactively recommending articles based on the products or services they own, how recently they were purchased, or whether those products currently have service issues. Up your game by highlighting recent community postings related to their products or areas of interest.The faster your customers find the answers they’re looking for, the happier they will be. The happier they are, the more likely they are to share that with others. In fact 72% of customers will share a positive experience with 6 or more people.
Solve the problem. Unsolved problems are one of the key reasons for customer dissatisfaction. In the same Customer Care Measurement and Consulting study, only 17 percent of the customers who experienced rage were satisfied with the actions taken to solve their most serious problems. Bouncing from one agent to another and being asked to re-explain things was a key stressor. Lack of issue resolution was the other.Modern technology can help you reduce this type of frustration dramatically by intelligently routing and categorizing cases and then tracking them to completion. You can also automate the prioritization and assignment of incoming customer service requests to quickly connect customers with the right agent to solve their problem. When further work is needed to resolve the issue, experts are engaged from across the whole organization, ensuring a positive outcome.
By applying modern customer service technology, companies can eliminate customer rage and turn every customer experience instead into one that builds raving fans. By providing end-to-end service, delivering quick and easy answers for routine issues, personalizing the delivery of timely, relevant information to your customers, and connecting them more quickly to the right agents and answers, you can ensure a seamless experience for customers that genuinely turns them into raving fans.To learn more, download The Road to Transforming the Customer Service Experience ebook, which details how to remove roadblocks and transform the customer journey into an exceptional customer experience.
Expert viewpoint: Prioritizing business continuity
Every business decision holds risk, but are companies prepared? With accelerated digitalization in the wake of the pandemic, companies must plan for a range of risk management scenarios, from operations and strategic risk to business continuity, brand, and security.To stay on top of the fast-changing risk management landscape, businesses must proactively invest in the right tools, infrastructure, and workflows to swiftly act in the course of an event. They must also educate and empower their teams to take control and make smart decisions.My colleagues explored all of this and more with risk experts on the Innovation Today podcast. Here are some ways risk management professionals are driving change for their companies and clients.Focusing on resilienceAs companies embrace modern strategies for risk and resilience, there’s been a noted change in the overall risk management discussion. Risk has become something more than one initiative or function; forward-thinking companies increasingly refer to it as “operational resilience.” It’s about encouraging people to do the right thing and to make intelligent, informed decisions—not about control, rules, and punishment.It’s also high stakes. “There’s a lot of pressure for the Institutions to make sure that they have adequate controls in place, not only for business as usual, but also [to confront] regulatory challenges,” says Dan Prior, partner at the EY consulting practice. This has produced “an environment that is very cumbersome from a control and technical debt perspective.”These sweeping changes in approach to risk must start at the top—with the CEO. The CEO has the authority and the vision to encourage a culture by which silos are broken down and collaboration and accountability across the company are encouraged.Setting a foundation for strong risk managementMelissa Cohoe, global director of security, risk, and resiliency at NewRocket, a business advisory firm and a LIKE.TG partner, has seen risk management evolve over the last decade to encompass more consistent and holistic strategies. “The organizations that are most successful are the ones that realize the results they want to achieve,” she explains.Although companies of different sizes and stages may vary in their maturity and approach to risk, one area she says every company must think about is the end result. Cohoe recommends companies ask themselves questions such as:
What is our board or senior executive team asking us to accomplish?
What results do we need to solve for?
What business problems are we specifically addressing?
Once you determine your goal, she adds, it’s important to empower your teams with the why. The more knowledgeable they are about controls and the deeper reasoning behind any new risk management protocols, the more likely the organization is to succeed. To execute, she recommends working with an experienced partner that can guide you in the right solution.Hunter Freeman, senior manager at Edgile, a cyber risk and regulatory compliance company, points to getting the company aligned as a way to begin.“It starts with having a consistent definition of risks,” he says. “We should have a good idea of what are the common risks facing the business, the assets, and then take it from there.” This requires having the discipline for consistency—to compare risks in an apples-to-apples manner, across the enterprise. “We need to be consistent about what risks we apply to what items.”Understanding risk is a journey“Risk is a journey,” Cohoe adds. “You're going to mature over time. Your potential attack surface is going to change over time...You need to be prepared to constantly examine your risk management program: How successful is it? What has changed? What's emerging that you now need to respond to?”The idea is to approach risk with a sense of malleability. Simply put, avoid strict structures and rules. Instead, lean into being flexible and open to changes as your program evolves.Every organization will have its own priorities and challenges, but one must-have, Cohoe says, is response planning. “Make sure you’re prepared so that you’ve got plans in place for business continuity and disaster recovery. Make sure you’ve got your playbooks for security incident response.”Moving fast to implement software is key to avoiding “analysis paralysis,” she adds. Change requires preparation, planning, and cultural change—the faster you can implement, the easier overcoming these hurdles will be.Investing in modern tools and frameworksResilient companies know spreadsheets no longer cut it. They place too much burden on humans to manually keep data up to date, including the tedious effort of pulling metrics and forming reports for senior leaders and boards.Like Cohoe and NewRocket, EY is seeing a transition to a more holistic approach. “A lot of what we’re seeing in our clients is this focus on not only automation and the risk and compliance space to get out of doing things on paper or spreadsheets, but a transition to technology as well as thinking about what we call a unified experience,” says Chris Lucado, a partner at EY.“We’re also seeing a lot of clients who enabled governance, risk, and compliance technology years and years ago,” adds Angie Leggett, managing director of cybersecurity services at KPMG. “These tools are very old in nature and have a lot of inaccurate and stale data. We’re seeing the need for a shift in identifying modern-day technologies that can improve productivity, reduce overall costs, and bring stakeholders together.”These modern tools and approaches include:
Humans in the loop, with care: Companies must be aware of when to expose (or not expose) humans to potential risks. Exposures may lead to a faulty sense of judgment, bias, or indecision. In parallel, technologies must “speak up” and flag risks so that the right people can jump in and address them.
Integrated risk management: “Integrated risk management is bringing together the worlds of risk and compliance,” Freeman notes. “I think in many organizations these are separate-but-related functions, but historically they've been a little more siloed. We're operating in email, we're operating in spreadsheets, and all of that kind of hinders the free flow of information between those two functions.” When those are integrated together, businesses can expand their risk conversations to broader compliance objectives, he adds.
Third-party risk management: An IBM report found that 17% of critical infrastructure breaches were due to a business partner. Third-party risk management is a must-have in every strategy. Companies must constantly ask themselves, “Who has my most sensitive information?”
AI: AI is proving beneficial in aggregating data and identifying trends and issues. It sets the foundation for fast reporting, eliminating rote, manual tasks.
Automation: Streamlining processes will be essential for companies that want to stay ahead of changing regulations. This requires tools and systems that can address regulations quickly and remediate issues as they arise.
Advanced reporting: Traditionally, risk has been reported quarterly. Yet today, leaders expect an always-on approach, with a continuous audit of data. Agility will determine the winners with new compliance and regulations. A common set of controls will also be critical in supporting risk management frameworks across the organization.
A common solution for successFor integrated risk management programs to truly take off, access to data is critical. “Where we see clients being successful is when we can get these programs operating on a common solution like LIKE.TG so that we can leverage and have all that data in one place,” Freeman notes.“The name of the game is data,” Lucado agrees. “[Companies] need to not only figure out how to harness their own risk data, but also connect that to other types of data within the organization...It’s about a breadth of capabilities,” he explains.It goes beyond the data. It’s also the ability for your team to have controls, reporting, and continuous monitoring, all in real time. This means clear insights into real-time risk vulnerabilities and the capability to update the risk rating immediately, view trends, and get proactive—before it leads to a breach.“That's really what's unique about LIKE.TG and how we're working with LIKE.TG with our clients,” Lucado continues. “It provides the risk capabilities as well as the broader platform capabilities to provide that unified experience...as well as workflow across functions.”Find out more about how LIKE.TG helps with modern approaches to integrated risk management.
