Source: Finance Derivative
Chas Moloney, Marketing Director, Ricoh UK & Ireland
With the advent of remote and hybrid working solutions, cloud systems have fast become the norm for the majority – if not all – businesses. The driving need to set up new working structures which allow for greater team agility forced companies to identify ways to transport the office into the employee’s home. The cloud was a perfectly natural fit.
Cloud software offers an incredible level of flexibility, independence and accessibility from everywhere, requiring nothing more than a stable internet connection. For us at Ricoh, the cloud has always represented a vast possibility of growth. We are well accustomed to working in the cloud and, as an integral part of how we do business, this isn’t going to change. We will continue to evolve our cloud technology and study its evolution and crucial role in workplace development. Even in a physical context such as the office, the cloud is an incredible asset to increase productivity and facilitate exchanging and reviewing documents and data.
However, the future of the cloud can’t lie in simply purchasing more memory space – it’s much more than that. Companies need to step forward and develop a distributed system that can allow better management and mitigate any department silos in the business. Cloud, at its most effective, is a collaboration tool. Meaning that the full potentiality of the cloud can only be properly realised if this system is used in the right way by leaders, IT professionals and employees. In fact, in our report Leading Change at Work, we found that across all businesses – public and private – siloed decision making and working practices were the biggest hindrances to productive working.
Therefore, good management of the cloud relies on how it’s managed, distributed, and secured. Distributed cloud environments offer different cloud options, which offers a personalised service so companies can tailor both employee and customer services and outputs. The ability to leverage and scale data across borders by utilising distributed cloud offers businesses an unparalleled opportunity to provide a new form of professional services. Essentially, the cloud can be an incredibly effective tool when it is personalised to the need of the company and the customers.
This isn’t to say the cloud doesn’t have its flaws – like all facets of remote working, the biggest impact on uptime and resilience is a poor network and support from outdated legacy tools. Physical offices are installed with the best high-speed connectivity from the start, but people’s homes are a different matter. A slow internet connection can be frustrating, and it can diminish the tasks completed and cause issues with things like conference calls which will be imperative during this time. Cloud services that are slowed down due to reduced connectivity speeds are not just a nuisance but a cost to a business – it’s effectively a waste of paid licence fees. To prevent this, businesses should create and implement a cloud-based technology platform to create a network environment that can facilitate mobility and increase efficiency. They should also ensure employees have the right hardware to sit alongside their more modern software.
Outdated hardware also poses an incredible threat to cybersecurity, with data security only as strong as your weakest router. The rapid digital transformation towards remote and mobile workstations has exposed private data both of employees and companies to higher risks, making increasingly urgent the need to safeguard personal data and enhance cybersecurity activities.
Today, awareness around cybersecurity and data protection is higher than ever in the past. According to our 2020 report, The Conscious Workplace, 1/5 of managers were worried about the security of their network connections. Investing in these networks will undoubtedly make life easier for your employees, but it will also help prevent security threats. Unfortunately, connecting devices and entire workspaces to the internet can leave you exposed to cyber-attacks, so making sure your network is the best it can be is more critical than ever.
Ultimately, the cloud is a great resource that should be exploited and protected. With hybrid working likely to stick around for longer than anyone originally planned, careful examination and investment must be paid to ensure greater longevity and safety.
Leveraging Technology for Sustainable Logistics and ESG Compliance
by Will Lovatt, General Manager and Vice President, Deposco Europe
A growing number of consumers are demanding packaging that is sustainable and environmentally friendly.. Consultancy, McKinsey, recently launched a survey to explore people’s attitudes to the topic across 11 countries worldwide. In all surveyed countries and across end-use areas, the majority of respondents claim to be willing to pay more for sustainable packaging,
Of course, features and functions remain important, but the sustainability and ESG (Environmental, Social, and Governance) aspects of the logistics process are becoming increasingly significant in consumers’ purchasing decisions. The entire supply chain, including the sourcing of raw materials, manufacturing processes, packaging, delivery methods, return policies, labour practices, and initiatives for regeneration, is under scrutiny. Today’s informed consumers are making deliberate choices, favouring brands and delivery services that align with their values on these fronts. Therefore, it’s essential for brands to not only maintain high standards of service but also to provide a variety of delivery options. This range should cater to immediate needs as well as offer solutions like batched deliveries at convenient pick-up points, catering to the growing demand for flexibility and sustainability in the shopping experience.
Regulation and risk management
Consumers are undoubtedly a driving force in ESG-focused logistics transformation, but businesses must also meet a growing number of regulations that are driving the need for ESG considerations in the logistics sector. For example, the European Union’s Sustainable Products Action Plan includes several requirements for businesses to provide information about the environmental impact of their products. Now, we expect regulators to be closely monitoring final mile delivery and whether zero emissions vehicles are being utilised, at least within urban areas.
From a risk management standpoint, ESG considerations are critical. Neglecting ESG risks exposes businesses to reputational harm, financial penalties, and legal repercussions. Today’s consumer sentiment is such that unsustainable logistics practices can prompt consumer boycotts or lead to regulatory fines, underlining the importance of ESG compliance in modern logistics operations.
The role of technology in greening logistics
So what can businesses do to mitigate ESG challenges? To address ESG challenges, businesses must transition from traditional paper-based systems to advanced technology solutions. These solutions enhance visibility across the entire supply chain, from production to delivery. Distributed order management systems, for instance, offer real-time insight across extended fulfilment networks, enabling the optimised allocation of consumer orders to the most suitable stock sources, balancing cost and speed. In today’s era of stringent ESG and sustainability standards, it’s crucial for organisations to have comprehensive oversight over the movement of goods and the various stakeholders involved, beyond mere timing. This technological shift is essential for meeting the evolving demands of ESG compliance and sustainable logistics.
Actively tracking the credentials and integrity of every checkpoint in the supply chain is now everyone’s problem. Consumers care deeply about the ethical sourcing of raw materials and the labour practices of third-party logistics firms involved in product sourcing. Technology can allow organisations to map the complete movement of a specific customer order, from acquisition to final shipment, and then notify that customer directly.
Organisations then need to implement sustainable practices in the warehouse, leveraging technology to optimise operations. This includes using technology to determine the most efficient customer packaging sizes, reducing waste, and guiding staff on consolidating orders to minimise shipments and cut carbon emissions. Additionally, offering consumers options like click-and-collect can align with their existing plans, promoting sustainability rather than just delivery speed. Providing flexible delivery options is increasingly seen as crucial, as the fastest route is typically not the most eco-friendly.
A sustainable future
As data and computer security threats evolve, we’re now transitioning to increased controls around how our products are made, procured, packaged and shipped to the public. For a variety of reasons, from ethical to legal and public sentiment, ESG considerations and controls are becoming increasingly important in logistics and fulfilment.
Alongside this, the trajectory is for more sales to be made via Direct-to-Consumer channels, the desire for more convenient services and customer willingness to hop brands means that businesses must prioritise sustainable practices. Consumers now expect the ability to customise delivery parameters and choose from transparently-priced options, or they will take their business elsewhere. Brands must manage their order and delivery options effectively to stay competitive.
The key to improving supply chain management lies in adopting sustainable order management and fulfilment technologies. Companies should invest in the latest platforms that support best practices in ESG strategy. These advanced solutions enable compliant processes, cost-efficient operations, increased sales, efficient DTC fulfilment and positive customer experiences.
How AI is turning IoT data into actionable insights in the public sector
By Mark Gannon, Director of Client Solutions at Netcall
The use of IoT devices within the public sector is growing rapidly, presenting opportunities for greater efficiency, cost savings, and vast service improvements among a plethora of other benefits. From transportation, infrastructure and even waste management, the ability to monitor and capture data in a range of critical areas has the power to transform organisations across the sector.
Health and Social Care is one setting where IoT devices can drive real impact by significantly improving the day-to-day lives of vulnerable people. In fact, late last year, it was announced that the Glasgow City Region would receive over £3 million to deliver a Health and Social Care-focused project driven by IoT technologies, as part of wider 5G connectivity funding to make public services better. Remote sensors can be used within social housing to detect and control factors such as damp and mould whilst motion sensors can alert emergency services if a vulnerable resident has fallen – not only helping to provide better care, but enabling care to be delivered more efficiently and rapidly to those that need it.
With public sector spending under constant scrutiny, and wider budget cuts increasingly forcing those operating in the sector to achieve more with less, technology that can easily connect and exchange data from device to system, removing a number of manual workflows and processes, is proving invaluable. Taking that one step further, being able to leverage that data and turn it into actionable insights in the future is fast becoming an exciting reality.
So, what’s holding the public sector back from leveraging IoT devices in this way?
The short answer: Data.
Managing IoT-associated data adds a layer of complexity to those responsible for it. With IoT devices typically uploading data multiple times a day, analysing, and actioning the torrents of data can soon become a mammoth task.
IoT and AI: a winning combination
The application of AI alongside IoT is rapidly being recognised as a key solution to this rising data deluge. Not only can it ease the administrative burden by ensuring the IoT devices and any associated workflows are working effectively, but it can also be used to spot any trends and patterns within the device data. Insights such as these can inform longer-term solutions and decisions whilst also acting as predictive analytics to anticipate the likelihood of certain events occurring in the future.
In the case of Health and Social Care, this could mean predicting the probability of a vulnerable resident having a fall based on previous data gathered and putting preventative measures in place to reduce this. IoT wearables are another rising trend in the healthcare setting and can be used to track vital signs and detect anomalies that may need urgent attention. Meanwhile for social housing, using smart solutions including intelligent automation and IoT can help housing providers significantly reduce their risk management burden. For example, the data gained from IoT sensors in tenant homes can be used to proactively identify damp and mold risks and automate alerts.
Looking at the public sector more broadly, we could also see the combination of AI and IoT optimised services such as traffic management, waste management right through to public safety and even managing air quality. By using AI to analyse and draw insights from IoT devices, the concept of the smart city is much closer than we think. AI can use IoT sensor data alongside cameras already in position to adjust traffic signals, optimise routes and even detect incidents and alert public services. It is also expected to play a key role in managing and reducing public service energy consumption, by monitoring and controlling street lighting and other public infrastructures.
Turning insight into action
Whilst AI can take care of the initial analysis, to truly extract the value from IoT data, public sector organisations must ensure these insights are fed into the right systems and married up with the correct workflows to turn them into action.
Fortunately, with the use of application development tools such as low-code application platforms, organisations can rapidly create processes that utilise IoT and AI-driven data, connecting it to internal as well as third-party systems. These solutions move away from traditional development, which can be costly and time-consuming, and can empower broader teams to rapidly build and develop their own applications using a visual drag-and-drop interface. By doing so, organisations can quickly integrate systems and technologies to access actionable data.
As AI and IoT technology continue to advance, we can expect to see more innovative and impactful use cases in the future. Unlocking the benefits, however, will hinge on having the systems and processes in place to trigger next steps. By leveraging the tools that enable this, public sector organisations can use the data from connected devices to create powerful, proactive and dynamic services that fulfil the growing needs of its customers.
Why baselining security is key to improving cyber hygiene
Phil Robinson, Principal Consultant at Prism Infosec
Poor cyber hygiene remains a major cause of security breaches. The National Cyber Security Centre (NCSC) Annual Review 2023 revealed that the highest proportion of incidents it had dealt with this year were the result of the exploitation of unpatched common vulnerabilities and exposures (CVEs) affecting public-facing applications which could have been prevented through better cyber hygiene.
But what is cyber hygiene? There’s no strict definition, although the general consensus is that it’s a number of simple routine measures adopted to secure sensitive data and minimise risk from cyber threats. As most cyber threats are relatively unsophisticated, adopting these measures can prove highly effective. In the case of the CVEs mentioned above, effective patch management (an integral part of ensuring good cyber hygiene) would have seen critical updates prioritised and applied, potentially reducing the risk of compromise.
The most common measures adopted, according to the Cyber Security Breaches Survey 2023 government report, are keeping malware protection updated (ie anti-virus), backing up to the cloud, password management, restricting administrative access rights, and using network firewalls, with two thirds of businesses having these in place, although staff training should also be included here to mitigate the insider threat.
Is cyber hygiene getting worse?
However, the report notes that there has been a consistent decline in some areas of cyber hygiene across the last three waves of the survey. The use of password policies fell from 79% in 2021 to 70% in 2023, deployment of network firewalls from 78% to 66% (although this in practice could be due to an increased prevalence of cloud computing and deployment of Zero Trust Network Architecture), restricting administrative rights from 75% to 67%, and policies to apply software security updates within 14 days fell from an already low 43% to 31% (this was even more marked among the retail and wholesale sector where the rate fell from 41% to 29%). In addition, only 18% of businesses had instructed staff in the form of security awareness training over the course of the year.
The shift has occurred in the micro and SME sectors, although among medium businesses the number placing security controls on their devices dropped sharply (from 91% to 79%) as did agreed processes for phishing emails (from 86% to 78%). When adding to this the economic pressures which have seen these businesses cut back resources, it is clear that the downward spiral may well be set to continue, leaving these smaller businesses particularly vulnerable to attack. So, what can they do to improve security practices and reduce the likelihood of compromise?
One of the easiest ways to improve cyber hygiene is to implement an approach based on compiance with an existingbaseline cyber security standard. There are a number of particular standards and guidance that can be used, such as: Cyber Essentials (CE and CE+), ISO 27001 (and more wider the ISO27000 series) as well as the NIST Cybersecurity Framework (CSF).
Awareness of these standards is still relatively low, with only 14% saying they had heard of CE, 9% adhering to ISO27001 and 3% to working with the NIST standard but uptake is increasing. The NCSC report found 30% of micro and SME businesses became compliant with CE for the first time this year, with 4% of micro organisations signing up to CE and 17% to CE+.
The Cyber Security Longitudinal Survey Wave 2, which only covers medium, large and very large companies, reports a higher uptake, with 25% adhering to CE, 11% to CE+ and 17% to ISO 27001. It did find that organisations were more likely to adhere to one of the standards if they had experienced a cyber incident in the last twelve months and this is worrying as it suggests even those companies with access to more resources are not acting until after they’ve been breached.
Why standards are the perfect way to increase cyber hygiene
The tide is turning, however, with 35% of businesses being motivated to get CE compliant to generally improve security, compared to 22% pursuing compliance to bid on government contracts and 15% for commercial contracts. Several initiatives have also sought to spread the word and in January 2023 the NCSC launched its Funded CE Programme offering financial assistance for those seeking accreditation.
From a cyber hygiene perspective, CE provides a comprehensive basis with five technical controls covering boundary firewalls and internet gateways, secure configurations, user access controls, malware protection and patch management. Today, however, only a fifth of businesses currently comply with all five, according to the Breaches Survey. Of those that do fully comply, 66% had experienced an incident according to the Longitudinal Survey, which meant they only went ‘all in’ after the event, at which point they realised the value of the controls in enabling them to identify and manage incidents.
In contrast to CE, which is driven by the UK Government, ISO 27001 is an international standard and demonstrates an organisational commitment to managing information security. Last year it was consolidated down from 14 to four areas: Organisational, People, Physical and Technological. The list of controls was cut from 114 to 93, with 11 new ones added, while 57 have been merged and some removed, and five new attributes have been introduced to align with digital security. All changes which make it much more relevant to SMEs.
ISO27001 can take some time to achieve but is valid for three years while CE and CE+ are renewed annually. CE is a self-assessment while CE+, an extension of CE, requires third party involvement with an assessor carrying out a technical audit and vulnerability scans.
What is clear is that poor cyber hygiene can leave the business open to attack but that putting in place a minimum level of security can significantly reduce the chance of being compromised. These baseline standards all provide a route for organisations that are short on time and resources to improve their cyber hygiene. In fact, the NCSC states that 80% fewer cyber insurance claims are made with CE in place, revealing just how effective making these small changes can be when it comes to mitigating attacks. So rather than viewing such compliance as an outlay, organisations need to view these standards as a vital investment in protecting their processes and assets.