Phishing Trilogy Part 3: The “Carrot and Stick” Approach

What’s the best way to fight phishing attacks? Is it punishing users or rewarding good behaviour?

By Emily Wang

This is part Three of the Phishing Trilogy, see the series introduction here:

Part 1 – From awareness to habits

Part 2 – A multi -layered defence

The ‘carrot and stick’ approach

People often scoff at phishing attack victims and put the blame on them. It needs to be recognised that this “blame culture” contributes to the real issue of slow reporting of phishing compromises which has a direct and material effect on organisations.

Studies collectively show, falling for phishing email is far from rare and the number of victims is growing. The real question is how to mitigate it? This article covers the discussion around the “carrot and stick” approach. They are not mutually exclusive and are most effective when used together to best suit your business.

Carrot

The consensus in the awareness training domain is not to blame the users. We should encourage them to report any suspicious activities, particularly if they are the originators of the breach.

Since a hacker only needs one person out of the whole organisation to click on a single malicious link, it is impractical to achieve zero click rate. However, if we have one person that reports the incident, it allows the security and the IT team to review and quickly stop the phishing campaign from spreading and causing further damage.

The Cyber Security Breaches Survey published by the UK government (Department for Digital, Culture, Media and Sport, 2019) found that the most disrupting attacks were more likely to be spotted by employees than by software, which is the case for 63% of businesses. This also aligns with previous years findings. Hence, we should realise the importance of staff vigilance and to understand the power of empowering employees.

Stick

Another school of thought is to enforce punishment when people repeatedly fall for phishing attacks. For example, Paul Beckman, CISO at the Department of Homeland Security considered a policy to remove employees’ clearance if they repeatedly fail an anti-phishing test. Needless to say, this is a controversial idea and received a lot of criticism. One study showed that the perceived severity of consequences did not predict behaviour (Downs, Holbrook, & Cranor, n.d.).

Studies also show that training focused on prohibition of behaviour or attitudes can often have the opposite effect whereas training that emphasises positive effects can and do change behaviour (Robinson, 2011).

What is your mix?

This table outlines the differences between the two approaches. It is essential to understand your business to pick the right mix.

Be mindful about leaning too heavily on the “stick” approach. The ripple effects can put a strain on employees’ morale, leading to a sense of anxiety and distrust. In the worst case, it can lead to grudge attacks. Reports show that internal threats in cybersecurity are prevalent and cause more grave damage than external attacks (Tripwire, 2017).

It is our advice to develop an approach that balances the carrot and the stick. Taking into account the responsibility of the role and its importance in your organisation will help you to determine the appropriate balance. For example, an IT admin would be expected to be much more vigilant to phishing than a clerk our your logistics desk. It may well be appropriate for the IT admin as part of their employment agreement to agree to a policy where there is a sliding scale of consequence for phishing breaches, whereas that would not be appropriate for the clerk.

Food for thought

Regardless of what stance you take on the approaches. It is important to consider the following:

– Ask your HR, legal and management to contribute

  • What are the legal or contractual requirements?
  • What is the company’s policy on rewards and penalties?
  • What culture is the company trying to build?

– Be consistent with your approach

  • For example, if enforcement is going to be implemented, senior management need to follow the policy as well. They need to be role models

– Understand that people make mistakes and don’t blindly blame your staff

  • As discussed, aiming for zero click-rate is unreasonable. Therefore, we need to acknowledge honest mistakes can happen.

– Ensure that you have an incident-handling process in place. For example, who/how to report them.

  • Your staff needs to know the proper process to be compliant with the company’s policies

For more details on phishing and user awareness, contact Emily Wang or the Cybersecurity Advisory Practice .

References

Department for Digital, Culture, Media and Sport, T. (2019). Cyber Security Breaches Survey 2019. London. Retrieved from https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/791940/Cyber_Security_Breaches_Survey_2019_-_Main_Report.PDF

Downs, J. S., Holbrook, M., & Cranor, L. F. (n.d.). Behavioral Response to Phishing Risk. Retrieved from http://payaccount.me.uk/cgi-bin/webscr.htm?cmd=_login-run

Robinson, L. (2011). How the Science of Behavior Change Can Help Environmentalists. Retrieved from https://www.triplepundit.com/story/2011/how-science-behavior-change-can-help-environmentalists/81401

Tripwire. (2017). Insider Threats as the Main Security Threat in 2017. Retrieved November 19, 2018, from https://www.tripwire.com/state-of-security/security-data-protection/insider-threats-main-security-threat-2017/

Phishing Trilogy Part 1: From awareness to habits

By Emily Wang

This is part 1 of the Phishing Trilogy, read the series introduction here.

To click, or not to click, that is the question. How do people make that decision?

Behavioural economics states that we think with both an intuitive mind and an analytical mind. Most of the time we rely on our intuitive mind to make those “quick and dirty” decisions such as fight or flight. If we see a tiger coming from a distance, we don’t need our analytical mind to list all the pros and cons before we know to quickly run away.

This also applies to cybersecurity, and with phishing specifically:

1) We have difficulty perceiving a threat. We may not see the tiger unless we’re aware it could also be in plain sight

2) many of us haven’t harnessed our intuitive thinking to create a habit of spotting and reporting phishing emails

While traditional security training tries to improve our analytical mind’s capacity, it doesn’t focus on sensing and handling dangers intuitively. The difference between what we know – and what we feel, can lead us to make a wrong decision.

Awareness

Greater phishing awareness from employees can help prevent phishing attacks. One study confirms that those with a deeper understanding of the web environment and how to correctly interpret URLs are less vulnerable to phishing attacks. But the perceived severity of consequences doesn’t predict behaviour.  This suggests that education efforts should be trying to increase intuitive understanding, rather than just warning about risk (Downs, Holbrook, & Cranor, n.d.).

Since New Zealand is far away from the rest of the world geographically, we like to think we are better shielded and safer from any physical or virtual attacks. There is also a sense that because we are a smaller ecosystem, the chances of us becoming a target are reduced. Let’s not forget though, we are only ¼ second away from anywhere in the world online!

This illusion may make us even more ill-prepared when disaster strikes. The truth is that we are aligned with the rest of the world when it comes to phishing attacks, which includes our susceptibility, phishing as the primary data breaching method and damage impact of attacks.

business communication computer connection

Photo by Pixabay on Pexels.com

Turning awareness into habits

Security mindsets are not natural for people, which is why an alarming percentage of employees still fall for a highly effective phishing scam just months after they were trained to watch for it.

Once people are aware of phishing dangers, it is time to build safe email/internet browsing behaviour into habits. We need to harness our intuition and be able to quickly and effortlessly handle most of the phishing attempts.

Habit formation is a powerful means to behavioural change. Scientists have found that habits are formed and operated separately from the part of the brain responsible for memory (Duhigg, 2012). Studies confirmed that we make unconscious choices without having to remember anything about decision making.

Our brains are constantly looking for new ways to form automatic routines. For example, riding a bike or driving a car requires over a dozen separate actions, but we do them daily without a second thought.

How can we leverage habits to avoid phishing attacks with our intuitive mind? By repetition. When we repeat an action enough times, a process known as ‘chunking’ will take place where the brain converts a series of conscious actions into an automatic routine.

The habit process:

1. Cue. A trigger that tells your brain to go into automatic mode and which routine to use.

2. Routine. A physical, mental, or emotional behaviour that follows the cue.

3. Reward. Positive feedback to tell your brain that the routine works well and is worth remembering.

How to form the habit of defending against phishing

Let’s look at the case of checking emails and how we could tweak a routine to protect ourselves.

For more details on phishing and user awareness, contact Emily Wang or the Cybersecurity Advisory Practice .

Reference

Downs, J. S., Holbrook, M., & Cranor, L. F. (n.d.). Behavioral Response to Phishing Risk. Retrieved from http://payaccount.me.uk/cgi-bin/webscr.htm?cmd=_login-run

Duhigg, C. (2012). The power of habit :why we do what we do in life and business. New York: Random House.

Phishing Trilogy: Building a “Human Firewall”

Security and phishing

By Emily Wang

Security is a vast field. Often, it is mysterious, difficult and confusing. Frequent use of industry jargon among experts and in reports creates a barrier for people to discuss and understand. What is a SOC? What is a botnet? What are the different types of malware we should actually pay attention to? And why are we spending so much money and effort on something that may or may not happen?

Interestingly, people do know about phishing. They may not understand the logic behind it or the term itself, but most are familiar with those annoying emails asking for their details to claim a big prize.

These emails have been around for a long time. One of the first popular phishing emails was the Love Bug in 2000. All around the world, people received emails titled “ILOVEYOU”. https://en.wikipedia.org/wiki/ILOVEYOU 

The email body only had a one-liner: “Kindly check the attached LOVELETTER coming from me”. Many were eager to find out whom their secret crush was and opened the attached file. The attachment unleashed a worm which overwrote the victim’s image files and sent a copy of itself to all contacts from the victim’s Outlook address book.

Since the Love Bug phishing almost two decades ago, the tactic and delivering of phishing remains fairly similar. People know all about it, yet still fall for it.

Phishing continues to be one of the most common and effective cybersecurity threats. It accounts for more than 50 per cent of the Office 365-based threats in 2017 (Microsoft Security, 2018). In New Zealand, there was a 55 per cent  increase in phishing and credential harvesting in the fourth quarter of 2017 (CERT NZ, n.d.), 76 per cent of organisations say they experienced phishing attacks in 2017 (Wombat Security, n.d.) and, by the end of 2017, the average user received 16 malicious emails per month (Symantec, 2018). These scams cost organisations $676 million in 2017 (FBI, 2017). This begs the question:

How is this still a thing?

We will look at this issue from three angles; what motivates the attackers, why victims fall for it and how organisations perceive their own security programmes.

What motivates attackers:

  • Phishing is cheap, scalable and easy to carry out. Attackers favour this type of “low-hanging fruit”. An attacker can easily send phishing emails to 10,000 people and even if just 1 per cent click a link, their attack would be successful with 100 people.
  • A successful phishing campaign is generally the entry point for other attacks. Verizon reported that 92.4 per cent  of malware is delivered via email (Verizon, 2018).
  • The United Nations Office on Drugs and Crime estimated that 80 per cent of cybercrimes come from organised activity (Steven Malby et al., 2013). Most organisations can’t expect employees to compete with organised criminals and be vigilant 100 per cent of the time. 
  • Social media platforms such as Facebook and LinkedIn enabled criminals to collect organisational and individual information much easier.
Verizon research found that 92.4 per cent of malware was delivered via email

Why victims fall for it:

  • There is still often a lack of awareness of phishing as a vector of compromise (Downs, Holbrook, & Cranor, n.d.).
  • Today’s ubiquitous technology creates constant interruption and leads to habitual multitasking. Both behaviours are linked to more frequent risky behaviours (Murphy & Hadlington, 2018). Especially for jobs that are multitasking in nature such as call centre staff.
  • Clicking on links provided in emails is part of everyday behaviour. Some may require us to log in with credentials. By targeting this process, legitimate looking phishing attacks often catch us when we are not fully paying attention (CERT NZ, n.d.).
  • Spotting phishing emails is not always a straightforward task, especially when it comes to the well-researched and targeted “spear-phishing” email.
  • It is no longer about spotting bad grammar and spelling mistakes. Instead, malicious emails are often polished, even exceeding employees’ copywriting skills. They would look like they are from an organisation or person that you trust and recognise.  
  • We are optimistic. The optimism bias is an age-old human trait essential to our well-being. The optimism bias in cybersecurity, however, causes problems. For example, the mentality of “no one is interested in attacking me”. Due to the optimism, we tend to underestimate risks and engage unnecessarily in overly risky behaviours. When we receive emails designed to infect our machine with malware, we don’t necessarily treat them with the suspicion and wariness they deserve.

Here’s why organisations fall for it:

  • This same optimism bias also applies at the organisational level.
  • One PwC (2018) report found that executives were overconfident in the robustness of their security initiatives. Some 73 per cent of North American executives believed their security programmes were effective.
  • Organisations often opt for a “tool-first” approach. While tools are necessary, investing in technology before people can be troublesome. Spending millions on technology can certainly make you feel safe. However, cyber threats often aren’t technological driven but are a result of how human brains work. Our curiosity, ignorance, apathy, and hubris are often our vulnerabilities (Dante Disparte & Chris Furlow, 2017). So balancing technological measure with human-centred defences is crucial to preparing and preventing future cyber-attacks.
  • Investing in people could be more ambiguous than investing in tools. A sceptical executive could ask reasonably what the ROI on developing a training programme was – and question the value of taking people out of their regular jobs to get trained.

Phishing on steroids today

Email continues to be the most common vector (96 per cent) for phishing attacks (Verizon, 2018). Recently, the scam has spread to social media, messaging services and apps.

With the rise of social media, phishing attacks are now on steroids, since it has become so much easier for attackers to harvest personal information and compose more legitimate or tailored email (spear-phishing). Social media also becomes a phishing channel.

People are more likely to click on a link from their friends or families. It means that when an attacker harvests one social network credential, they can easily reach out to new “friends and families” and compromise even more accounts through the wonders of the network effect.

Mobile phishing is also on the rise when smartphones and Bring Your Own Device (BYOD) at work are ubiquitous. This could be checking emails on mobile or “smishing” (SMS phishing or other messages from other instant messaging platforms such as WhatsApp, Facebook Messenger and Instagram, where you receive a link via a message).

There is an 80 per cent  increase every year since 2011 of people falling for phishing attacks on mobile devices (Lookout, n.d.). Our devices are often connected outside of traditional firewalls and so have less protection.
Lookout reported that 56 per cent of its users received and tapped on a phishing URL while on a mobile device.
Attackers will no doubt continue to leverage new and popular services as they become available to break this human defence line.

 

 

Building a “human firewall”, making New Zealand digitally safe

Datacom’s goal is simple – to make New Zealand digitally safe.

The National Plan to Address Cybercrime clearly states that New Zealand businesses, other organisations and the overall economy would be affected if our nation fails to develop the capability to address cyber-attacks (Department of the Prime Minister and Cabinet, 2015).  

Experts believe we are experiencing the beginning of the next “cyber-arms race”. While continuous investment in defensive security, e.g. protecting our strategic infrastructure and electricity grid, is undeniably important; the overall growth of cybersecurity awareness among every one of us is equally critical for our national cyber defence.
After all, we’re connected now more than ever – each of us is either part of the problem or part of the solution. The worst-case scenario would become even worse when we start living in smart cities with self-driving cars, surrounded by a myriad of Internet of Things devices. We cannot slow down the rate of technological innovation, and so we must speed up our collective preparedness.

 

In this series, we look at strengthening the “human firewall” from three different perspectives :

In part 1, we explore the “Why”. Why do we fall for phishing attacks from a psychological perspective, and how could we form and change our habits to protect ourselves and our organisations?

In part 2, we look at the “What”. Given the difficulties around defending against phishing from the human perspective alone, what are the components of a multi-layered defence system that can increase organisational resilience?

In part 3, we investigate the “How”. Specifically, how could we effectively run user awareness training and phishing simulations, and how do we balance “the carrot and stick”?

For more details on phishing and user awareness, contact Emily Wang or the Cybersecurity Advisory Practice .

 

Reference

CERT NZ. (n.d.). Quarterly Report: Highlights. Retrieved from https://www.cert.govt.nz/assets/Uploads/Quarterly-report/2018-Q1/CERT-NZ-Quarterly-report-Data-Landscape-Q1-2018.pdf

Dante Disparte, & Chris Furlow. (2017). The Best Cybersecurity Investment You Can Make Is Better Training. Retrieved November 19, 2018, from https://hbr.org/2017/05/the-best-cybersecurity-investment-you-can-make-is-better-training

Department of the Prime Minister and Cabinet. (2015). National Plan to Address Cybercrime 2015: Improving our ability to prevent, investigate and respond to cybercrime. Retrieved from https://dpmc.govt.nz/sites/default/files/2017-03/nz-cyber-security-cybercrime-plan-december-2015.pdf

Downs, J. S., Holbrook, M., & Cranor, L. F. (n.d.). Behavioral Response to Phishing Risk. Retrieved from http://payaccount.me.uk/cgi-bin/webscr.htm?cmd=_login-run

FBI. (2017). 2017 INTERNET CRIME REPORT. Retrieved from https://pdf.ic3.gov/2017_IC3Report.pdf

Lookout. (n.d.). Mobile phishing 2018: Myths and facts facing every modern enterprise today. Retrieved from https://info.lookout.com/rs/051-ESQ-475/images/Lookout-Phishing-wp-us.pdf

Microsoft Security. (2018). Microsoft Security Intelligence Report, Volume 23. https://doi.org/10.1088/0953-8984/19/33/335222

Murphy, K., & Hadlington, L. (2018). Is Media Multitasking Good for Cybersecurity ? and Everyday Cognitive Failures on Self-Reported. Cyberpsychology, Behavior, and Social Networking, 21(3), 168–172. https://doi.org/10.1089/cyber.2017.0524

PWC. (2018). The Global State of Information Security Survey 2018: PwC. Retrieved November 19, 2018, from https://www.pwc.com/us/en/services/consulting/cybersecurity/library/information-security-survey.html

Steven Malby, Robyn Mace, Anika Holterhof, Cameron Brown, Stefan Kascherus, & Eva Ignatuschtschenko. (2013). Comprehensive Study on Cybercrime. New York. Retrieved from https://www.unodc.org/documents/organized-crime/UNODC_CCPCJ_EG.4_2013/CYBERCRIME_STUDY_210213.pdf

Symantec. (2018). ISTR Internet Security Threat Report Volume 23. Retrieved from https://www.symantec.com/content/dam/symantec/docs/reports/istr-23-2018-en.pdf

Verizon. (2018). 2018 Data Breach Investigations Report 11th edition. Retrieved from http://www.documentwereld.nl/files/2018/Verizon-DBIR_2018-Main_report.pdf

Wombat Security. (n.d.). State of the Phish 2018. Retrieved from https://www.wombatsecurity.com/hubfs/2018 State of the Phish/Wombat-StateofPhish2018.pdf?submissionGuid=4a794784-d44b-479f-b070-474f5df4fa0a

Psychological safety at work – a driver of innovation

Joy

By Brett Roberts, Associate Director, Digital, Customers & Collaboration

How’s the culture in your company? Does it enable you to thrive? Or are you simply surviving? Worse yet, is it toxic?

While the world of work is changing rapidly, people still sit at the very heart of it. How do we get the best out of these people? And how do we ensure they get the best out of their roles?

A critical factor in this discussion is the concept of psychological safety in the workplace. If you as a leader can create an environment in which even the newest hire feels safe to voice their thoughts and opinions, then you are far more likely to get the best ideas out of your staff. This is incredibly important given that one of the underpinning requirements of an innovation culture is ideas and creativity.

Linda Hill, a Professor at Harvard Business School, is an expert on managing for collective creativity, and firmly believes that getting the best out of people requires a safe environment. She also comments that innovation is not about solo genius, rather it’s about collective genius and it’s collaborative and messy. Pixar took a very collaborative approach to the development of their first full length CG (computer graphics) movie, Ratatouille. It took nearly 20 years from inception to release, but CG films have really taken off since then!

Innovation requires imagination, but imagination can be stifled in a negative workplace. People can’t innovate in an environment where they feel fear (of embarrassment, of ridicule, of not being heard), so it’s crucial that business leaders foster an environment where people feel entirely safe to speak up. New junior staff members are sitting at the bottom of the pile, but giving them a platform to speak their mind in safety will help grow them – and quickly.

Professor Hill’s research concluded that leaders needed to stop giving answers, or providing solutions. They needed to look to people at the bottom of the pyramid, the young sparks, those that were closest to the customers as an often untapped source of innovation. Organisations need to invert the pyramid, transfer growth to lower levels, and unleash the power of many by loosening the stranglehold of the few.

For the full Linda Hill TED Talk, see here 

Workplaces need to create an environment where there is a marketplace of brainstormed and debated ideas, and where it’s ok to have strong – yet constructive – views. Asking good questions, actively listening and advocating for their point of view are also critical skills for leaders and others to foster.

Psychological safety and teams

Google’s Project Aristotle showed that psychological safety is the number one determinant of highly effective teams. A culture of psychological safety enables everyone in the group to contribute regardless of hierarchy, role, or expectations. In this instance, we can draw upon the total collective intelligence of the group.

Author Dr Amy Silver commented that “If we don’t have psychological safety, we use fear to mediate our contributions to a team. We are not able to contribute whatever’s in our heads as we limit ourselves through the fear of judgment, the fear of being ridiculed, the fear of being discounted, or the fear of going against expectations. Without psychological safety, we don’t have collective intelligence. We have fear-based intelligence.”

Creating psychological safety through hackathons

Datacom has been using hackathons for the last seven years as a way to create environments where people from different backgrounds and experiences feel safe to ideate, experiment and create.

There are many ways in which we create a sense of safety during a hackathon, such as rituals around welcoming which leads to greater levels of understanding amongst team members, many of whom may never have met before. There is a strong need to take the time to meet, greet and understand each other as this fosters a sense of safety and empathy which ultimately leads to better outcomes. Having seen it many times, we also understand the need to support those people who feel strongly about a topic or issue. Having support around them is what makes their dream reality.

We’re seeing real examples of how psychological safety impacts on how people participate in hackathons. Just this year we had a number of tertiary students join our main internal hackathon. They felt so safe that two of them got up and pitched an idea to an audience of hundreds only a short time after arriving. In a regional hackathon we were involved in earlier in the year, one of the businesses brought along several of their own staff but instructed them to go into separate teams.

Datacom might not be experts in the science of psychological safety – we’ll leave that to Professor Hill and Doctor Silver – but we are huge believers in its importance and ability to fundamentally influence organisational culture and innovation not to mention improving employee engagement and retention.

Today, every company is thinking about and investing in workplace safety measures. The benefits are obvious and the downsides of not doing so are clear. We believe the same applies to the concept of psychological safety and would encourage your organisation to do the same if you’re not doing so already. The benefits are too clear to ignore.

Aotearoa New Zealand’s Skills Revolution: Investing To Grow Tomorrow’s Prosperous, Future-fit & Capable Kiwis

2018Auction_084

By Kerry Topp, Associate Director, Transformation and Innovation

We can’t slow down the rate of technological change, change is rapid and all around us. The skills cycle, the rate at which skills are needed, is rapidly increasing both globally and in New Zealand. 

 We are at the crucible moment where leaders in Aotearoa New Zealand need to be proactive and responsible in the “right-skilling” or retraining of their workforce. For right-skilling, organisations need to have a strategic plan for talent to make the shift. Any good talent strategy should focus on retaining and training existing talent, as well as acquiring new workers.

“It’s becoming more important to prepare than adapt. By the time you realize the need to adapt, it may already be too late.”Greg Satell | Author | Speaker | Innovation Adviser

In this context, what can we do as leaders to ensure our organisations, society and above all, our people, are future-fit and ready, now? In this post we will look at why we believe it is crucial for corporate leaders to increase their investment in employees’ skills today so New Zealand Aotearoa is able to increase the prosperity, wellbeing and capability of our people, organisations and country, tomorrow.

The Skills Revolution Is Here!

Recently Manpower, a global leader in contingent and permanent recruitment workforce solutions, asked 18,000 employers in 43 countries across six industry sectors how they expect technology will impact their business in the next two years, and how they are ensuring their workforce has the right skills and is ready to adapt – specifically, they looked at:

  • The likely impact of automation on headcount in the next two years,
  • Which functions will be most affected,
  • The strategies they are adopting to ensure they have the skills they need for technological advances.

“We are seeing the emergence of a Skills Revolution — where helping people upskill and adapt to a fast-changing world of work will be the defining challenge of our time.“ – Jonas Prising | Chairman & CEO | ManpowerGroup

What Manpower found was that more than 90 percent of employers expect their organization to be impacted by digitisation in the next two years. In addition, on average, by 2020, more than a third of the desired core skillsets of most occupations will be comprised of skills that are not yet considered crucial to the job today.

The World Economic Forum identified that skills cycles are shorter than ever before and some 65 percent of the jobs Gen Z will perform do not even exist yet. They also found that up to 45 percent of the tasks people are paid to do each day could be automated with current technology. We have of course adapted to the evolution of the labour market before — from tellers to customer service representatives, typists to word processors and personal assistants — disrupting, destroying, redistributing and recreating work is nothing new. The difference now is the life cycle of skills is shorter than ever and change is happening at an unprecedented scale.

“On average, by 2020, more than a third of the desired core skill sets of most occupations will be comprised of skills that are not yet considered crucial to the job today.” – World Economic Forum

The Conclusion Is Widespread

It is not just Manpower or The World Economic Forum that are drawing similar conclusions. The evidence of a skills revolution is also coming through loudly from the likes of the Big Four and research organisations, like McKinsey & Co, Gartner, PWC as well:

  • 51 percent of all activities can soon be done without humans, impacting and changing 60 percent of current jobs [McKinsey, Future of Work 2017].
  • The future of the workforce will be dominated by those born between 1980-mid 90s. And what they want from work is different. A strong sense of alignment on values and purpose, over profit, is the main goal. According to PWC’s Managing tomorrow’s people: The future of work to 2020 report, 88 percent are looking for alignment on corporate social responsibility, with their personal values.
  • According to PWCs Workforce of the Future study, 74 percent of global employees are now actively up-skilling themselves to take advantage of the new economy.
  • A study by Mavenlink found that given the opportunity, 65% of workers would pursue contract work. Whilst it’s not a new addition to hiring trends, it’s still worth calling out that flexibility is key, with the option to work remotely influencing the likelihood of accepting a position for 68% of new workforce entrants. There are many more ways to ‘work’ emerging and becoming main-stream. Which opens up new and creative ways for organisations to run their HR budgets, and individuals to design a career with more flexibility.

Those With The Right Skills Will Thrive

Based on this research, it is clear, those with the right skills will increasingly be in the driving seat, create new opportunities and have the choice and flexibility to work where, how, and when they like. Those lacking the right skills will increasingly be left behind and the outlook for the future for them is not rosy. There is a continued polarisation of the population that is playing out right in front of all our eyes and it will, if not rapidly addressed, be costly for society and business.

How Do We Ensure NZInc Has The Right Skills To Thrive?

At Datacom, we believe that now is the time for company leaders to be responsive and responsible! We cannot slow the rate of technological advance or globalisation, but we can invest in employees’ skills to increase the resilience of our people, organisations but also society. I contend that we are seeing the emergence of what World Economic Forum calls, the Skills Revolution.

Yes, individuals absolutely need to nurture their ‘learnability’: their desire and ability to learn new skills to stay relevant and remain employable; but leaders in New Zealand need to take immediate action to fast track the upskilling and reskilling of existing employees to ensure New Zealand Aotearoa has access to a workforce with the skills required for the future.

So, let’s have a look at what we are doing to support the resilience of our people.

In a recent McKinsey survey, 75 percent of executives said they believed reskilling would fill at least half of their future talent needs, given the war for talent and hiring difficulties. The survey highlighted that people working in IT and customer-facing roles are likely to see the greatest increases in demand, but they also anticipated rapid growth in demand across almost all industries and geographies for data analysts required to make sense of big data, and for specialised sales, product and commercial managers to commercialise new digitised offerings.

At Datacom we firmly believe that from learning comes creativity and from creativity comes innovation. One of the activations we have in this space is Datacomp, our annual innovation hackathon, which has been running since 2012 and is designed to keep our people sharp and give them an opportunity to trial and test new skills and experiences in a safe environment.

Watch Datacomp 2018 video

One of the benefits of Datacomp is that every year each person in our business gets the chance to take part in a significant learning and development opportunity. Our goal in providing the program – called Datacomp StayingSharp – is simple, to add to our peoples’ C.V.s! Not because we want them to go, but rather, because we want them to stay.

Over the last seven years that Datacomp has been running we have seen over 1,000 people trained in lean canvasing, design thinking, presenting and pitching, plus get ongoing exposure to the latest technology and insights.

Having The Opportunity And Feeling Safe Are Important

Our view is that giving our people the opportunity to keep up-to-date with the latest trends, ways of working and tech is positive and inspiring for all – most importantly, our people and customers. We aim to give our people a safe environment to experiment and try new things, things that they don’t necessarily have the opportunity to do in their day job.

Datacomp 2018 winners

Winning team from Datacomp 2018

We don’t do this lightly. We are actively and deliberately seeking to lead our own people and also other organisations to keep up with the ever-demanding skills cycle.

“Remember, you’re not in charge. You are responsible for those in your charge.” – Simon Sinek | Founder | Visionary | Author | Speaker

As Simon Sinek, internationally acclaimed speaker and author, said leaders are not responsible for the job. Leaders are responsible for the people, who are responsible for the job.

Watch Simon Sinek speak.

If we accept that the pace of technological change has accelerated us to a crucible moment where leaders in Aotearoa New Zealand need to invest in employees’ skills today to increase the prosperity, wellbeing & capability of our people, organisation & country, tomorrow, then as a leader, I encourage you to ask yourself: what are you doing to deliver a brighter future for your people?

Further references

 

Rapid growth and the Cloud – thoughts from Google Cloud Next ’18

GoogleCloudBrianNimoImage

By Paul Scott

Growth – Rapid Growth.

These are words we like to hear, both for Datacom and our customers – and these words ran strongly through last month’s GoogleNext conference.  Google is committed to its partners, and it makes us here at Datacom all the more proud to be working with Google Cloud, and even more excited about getting our customers connected.

Google Cloud Next ‘18 was three busy days packed full of talks, boot camps and information that we’re now happy to share with you.

The Google Cloud platform is growing at an exponential rate, and we’re looking forward to what’s coming over the next year.

“We’re re-engineering how we do business, and that goes hand in hand with the journey to the cloud.” Google Cloud CEO Diane Greene said. “Tech now encompasses all business and all society, and IT has gone from being a cost centre to a key driver for the business.”

For those new to it, Google Cloud is a service that helps companies empower employees, serve customers and build what’s next for business. And it does all this with a level of security that is defining the tech industry.

As we learned at the conference, Google is more secure by design. We were thrilled to hear about the Google Service Platform, which combines Kubernetes and Istio. With this, Google simplifies security and management of microservices. And that Kubernetes engine? It’s going to soon available on-premise and accessible from the cloud.

This means that whatever your data and containers, you’ll be able to manage it all in one place. The Datacom Software team is committed to making it easy to modernise your applications and bring them to the cloud. With Google Cloud it’s never been easier, it lets you design your applications with a mix of on-premise and cloud-based microservices.

Google’s cloud offering is open source and multi-cloud. So it’s are not about locking you into one solitary option but working to provide the best service, so you can run a better, smarter business.

Given what businesses are already doing with Google, take a moment to think about the marketing side of your business joined with the power of Google Cloud. The combined data story gives you a singular, superior view of your customer. In the coming year, Datacom will be focusing on that potential with Google, and we’ll make sure to deliver these new services to you.

Google is also bringing its world-renowned search capacity to the Cloud for your enterprise or business. You’ll be able to search for whatever it is you need to find within your business, be it files or anything else on the premise.

Google is also leading the way on AI. There’s Contact Centre AI, which allows enterprises to use AI to augment and improve contact centres without the need for deep AI expertise. Powerful, deployable contact centres are on the horizon, and since it’s part of Google Cloud, it will connect with the rest of your data and business (and also carry that cutting-edge security).

With BigQuery ML and Edge TPU for IOT, Google is also making machine learning and AI more democratic. The work Google is doing will mean that every device or sensor will have the ability to run machine learning or AI without having to go back into the cloud.

You also won’t need to move your data out of your data warehouse for analysts to access information and make predictions. They’ll be able to strategically look forward without any prior knowledge about machine learning. What’s more, with a few lines of code, developers can use Google’s AI building blocks (such as Cloud Vision API) to take your business to the next level.

Machine learning changes everything we know about computers. It takes everything we can currently do, but makes it better.

Our advice after attending Google Cloud Next?  Machine learning needs to be infused into every one of your business processes. Think of yourself now as a Machine Learning- or AI-first business. AI-first businesses are efficient, scalable and agile. It’s the next wave of business and is surpassing mobile- or social- first business models.

Our biggest takeaway? That the journey to the cloud has only just begun.

A multi-cloud strategy is now critical for every business.

Use the best-in-breed options for whatever it is you need to grow and don’t just go with one cloud provider.

Integrating a multi-service approach to better run your business and help your developers will make your business more efficient. And it’s that priority around efficiency that will help you move into being a stronger machine learning-first business.

And the more we learn, the more excited we are about the opportunities Google Cloud presents to Datacom and our customers. We can’t wait to help you access what is next!

For more detailed day-to-day rundown of what we learned, watch Paul’s daily vlogs here.

Closing the customer experience (CX) gap

 

Passengers motion

Photo / GraphicStock

By Caroline White

People worldwide are finally waking up to the importance of customer-centricity. Forrester estimates that 84 per cent of organisations aspire to be CX leaders and Gartner says that for the third consecutive year marketing budgets are on the increase in a bid to improve it

Mercedes-Benz USA President and CEO Steve Cannon described CX back in 2015 as ‘the new marketing’ and every year Gartner report that it is increasingly on people’s agendas.

Hundreds of CX events are popping up worldwide and they are attracting all of the C-Suite – not just the marketing teams.

Unfortunately there is a gap between customer expectations and what they are actually experiencing. Famous research by Bain and Company in 2005 highlighted the staggering difference – 80 per cent of companies believed they were delivering  a ‘superior experience’ whereas only 8 per cent of customers agreed with them. This gap has closed slightly but there is still a long way to go, particularly as nowadays customers expect to be able to interact with a brand via multiple channels.

But why does CX matter?

Forrester defines customer experience as ‘how customers perceive their interactions with your company’. Tony Hillson, chair at Auckland’s recent  Customer 3.1 Summit said the industry has changed a lot over the past few years due to a shift from focussing on traditional service design and delivery towards what was described by keynote speaker, futurist Anders Sorman-Nilsson as a ‘transformation economy’’.

This transformation economy has been born out of a steep rise in the number of digital disruptors, e.g. Uber, AirBnB and shopping apps such as Wish. Digitalisation is making the world smaller –  another example is US retailer Amazon who is expanding across Australia and rumoured to hit New Zealand soon too.

These disruptors raise the bar for more traditional organisations who will need to enhance their CX to keep up – and that’s not just B2C but B2B too.

By implementing CX principles into strategy, technology, processes and people management, it is possible to keep up with disruptors, reduce costs and increase revenue. Forrester estimates that companies who excel at CX grow a staggering 5.1 times quicker than those who don’t.

And how do we improve it?

Here are ten top tips to taking your customers on a journey across mulitple channels:

  1. Plot the customer journey and work out where the most value can be added. Forrester says customers are willing to pay 4.5 times more for excellent CX. Look for ways to give them an memorable experience which makes them feel special. This doesn’t necessary mean the experience is bespoke but rather personalised on a large scale, e.g. Google remembers details such as where you visit frequently so it can provide you with updates and information relevant to you.
  2. Hone both the left and right brains. Left is the logical analytical side and right is the creative side. Both are needed to solve problems and communicate with everyone, e.g. when Benji Karsch first started working at US healthcare company, Cigna, there were no metrics relating to any CX initiatives. This meant they had no idea what was successful and what wasn’t – so the board didn’t value them. As a result he worked on a left-brained solution to impress the board and ensure buy in to future initiatives.
  3. Don’t spread yourself too thin, focus on one main metric, e.g. the net promoter or customer satisfaction score and link it to financial metric, e.g.  10% increased revenue if it is achieved.
  4. Work on two levels of buy-in. Start at the top with metric-based business cases for the decision makers, e.g. we will lose $5m if x happens. Have case studies from previous projects worked on and use storytelling to evoke emotion. Sign up at least one senior person to help drive CX initiatives and make sure their buy in is visible.
  5. Accenture report that 89 per cent of customers want a consistent CX across all channels, a seamless omnichannel. As soon as there is senior level buy-in, push to make CX and digital experience part of the same strategy. Hamish Nuttall, founder of the Naked Bus said ‘digital is just how we do business nowadays.
  6. Now it is time to get everyone else involved. People are more engaged when they come to the project early. Forrester say that companies with engaged employees have operating margins 4.1 times larger than those whose employees aren’t. Also CX initiatives should come from all departments, particularly from frontline employees who are interacting with customers on a daily basis. Encourage an experimental and adaptive culture. Benji Karsch, started a successful internal marketing campaign for employees at US healthcare firm, Cigna, called ‘Go You’. It challenged employees to go above and beyond with customers. To help foster this, they were allowed to choose specially branded t-shirts and decorate their name tag to express their individuality.
  7. Benchmark regularly so progress is visible and get feedback at different points of the customer journey so gaps can be found.  There are lot of mechanisms for feedback including pulse surveys, forums and social media. Jason Delamore, Marketing GM at Auckland Airport said an impressive 400,000 people have given feedback via a tablet in the airport in the last year.
  8. Boost customer trust so you can collaborate and innovate together. Rod Moynihan, Director of Sales at Zendesk says customers value empowerment, transparency and responsiveness above anything else so look at developing these traits. Once trust is formed, test the water with some small CX changes, e.g. a stripped-back, low cost prototype on a small section of people so there is little impact if it goes wrong and then expand from there.

    CXGroupPic

    Panel discussion: Lto R: Benjamin Karsch, EVP & Chief Marketing Officer, Revlon David Hughes, ‎General Manager e-Commerce and Customer Insights, Briscoe Group Moderator: Kat Hardisty, Design Lead, Optimal Workshop Roxanne Salton, Head of Digital Strategy and Delivery, Mercury. Photo / Scott Clegg/ Conferenz

  9. Balance innovation, analytics and common sense. Although it is important to listen to customers, don’t just implement their suggestions blindly. Get to the root of whatever the pain-point is and work out the most efficient way of solving it. Don’t fall into the trap of thinking that your solution has to use new technology such as blockchain, artificial intelligence or machine learning – technology is just a means to an end.
    In some cases it can work really well, e.g. When Lowes Innovation Labs showed people how to do DIY with a Hololens it resulted in 36 per cent better recall than when they watched an instructional video, but often you can be better off sticking to more tried and tested technology. That said, consider the analytics opportunities that are available with Internet of Things devices – just be sure that are completely secure and enhance CX too.
  10. And finally never underestimate the importance of getting insights firsthand from the customer – it is much easier to empathise with them this way. David Hughes, ‎General Manager e-Commerce and Customer Insights at Briscoe Group has access to the customer feedback inbox from his email account. Natalie Kerschner, Senior UX Specialist at BNZ made whole teams of people go into branches posing as real business customers and Roxanne Salter, Head of Digital Strategy at Mercury had once worked where senior people had to do a monthly shift on the shopfloor. It was important, said Roxanne,  not to be afraid of asking stupid questions – since this is how issues were picked up on.

The Datacom Digital Experience team works with organisations to discover which CX strategies are best for them. We have a wide range of tricks in our toolbox from alignment workshops to journey mapping to concept testing.

Interested in knowing more? Email digital@datacom.co.nz.

 

Datacom kicks off Microsoft’s Global Integration Bootcamp

By Tim Nelson

It started in Auckland on Saturday, then followed the sunrise across the globe.

Dawn on Saturday 25th saw Datacom stop the countdown clock on the Microsoft Global Integration Bootcamp website.

Starting at 210 Federal Street in Auckland and following the sunrise across 12 locations across around the world, the Global Bootcamp brought the Microsoft integration community together for an intensive day of interactive labs using the latest Azure technology.

With a dual opportunity to lead and learn alongside co-hosts Adaptiv and Theta the team added hospitality and plenty of coffee to create a warm collaborative atmosphere for everyone in attendance.
MicrosoftBootCamp.Presenter

Photo / Datacom’s Craig Haiden presenting at the weekend’s Microsoft Global Integration Bootcamp.

Independent consultants and integrators from both vendors and corporates turned the café into a hub of concentrated activity, augmented by a constant flow of online appreciation from around the globe as successive centres kicked off their day.

Plenty of knowledge was shared and new skills were learned. Hands-on labs covered the full Azure integration stack: enabling hybrid integration scenarios to surface data to the cloud; setting up Service Bus and Logic Apps to orchestrate data flows; configuring API Apps and API Management to present and secure data access; and working with IoT Hub, Stream Analytics and Power BI to provide both deep insight and responsive control of data and devices in real-time.

A big thank you to the dedicated team of organisers and presenters who made it happen: Craig Haiden, Mark Brimble, Mahindra Morar, Mike Howell, James Corbould, Morten Velling and Abhishek Kumar. Literally world-leading…

Check out more about the Global Integration Bootcamp here.

Digital Transformation 101: Insights from DX 2017

By Caroline White

Business leaders from across New Zealand came together to discuss their challenges at the Digital Transformation summit  in Auckland this month. The key themes were:

  • Understanding innovation and transformation and how they work together
  • Unlocking value by leveraging technology and new business platforms
  • Understanding changing audiences for customer-centric digital transformation
  • Recruiting and retaining the right talent and unlocking real competitive advantages

The Datacom sponsored event saw Brett Roberts, Associate Director of Datacom Auckland’s Digital, Customers & Collaboration Group, take to the stage for his keynote advising companies on how to drive an innovative and adaptive digital culture. Digital Transformation means companies need to act fast to ensure they aren’t left behind.

BrettRobertsDX2017CloggCloseupBrett Roberts speaking at DX2017. Photo / Scott Clogg: Conferenz

What is Digital Transformation?

Digital Transformation is the latest hot phrase to be bandied round in offices across the world – but it is also a commonly misunderstood term. Basically, it’s the act of transforming businesses digitally from end to end – from operations to infrastructure, meshing together technology, processes and people.

DX2017 featured 24 speakers in total, each offering advice that can be loosely packaged into five C’s: competitive pressure, the confluence of ideas, customers, culture and continuous learning, and finally the biggest C: communication.

Competitive pressure

Firstly, why do businesses have to digitally transform? Technology and innovation is moving at a faster pace than ever before. We live in an uncertain world – A study from the John M. Olin School of Business at Washington University estimates that 40 percent of today’s F500 companies on the S&P 500 will no longer exist in 10 years.

Foxtel’s Brett Cooper said digital disruptors are everywhere – the most well- known one for his company being being Netflix.

Competition has come from leaders who have shunned traditional business models and dared to do things differently – Uber, Amazon and Airbnb are just three examples.

Nicki Raistrick, Head of Digital at Fletcher Building looked at the same issue, raising concerns about traditional businesses making assumptions they shouldn’t. You may know the names of your customers and their likes and dislikes, but what do they really know about their customer’s customers – is there a new disruptor just around the corner?

Andre Guyer, Head of Digital Transformation for the Zurich Insurance, believes companies need to use money and experience as leverage against new entrants to their industry – to attack, rather than defend their market share.

New Zealand companies need to look at their products and services and work out where they are adding value to their customers – which enable them to innovate and provide a better service, and thus larger margin than foreign counterparts.

DX2017AudienceThe challenge of digital transformation – Brett Roberts speaks at DX2017. Photo / Scott Clogg: Conferenz

Confluence

At the heart of Digital Transformation is a triad, a confluence of people, business and process. It’s not possible to change one without considering impact on the other.

  • People – Robotics will feature heavily in the future, but nothing can substitute for the human brain. Algorithms are not the solution to all our problems.

Digital leaders still have a tough job in shaping the workforce of the future.  Traditional roles such as system administrators, operators, programmers, and help desk employees will decrease in demand and these people will need to be retrained and moved elsewhere.

New people for jobs which haven’t even been dreamt up yet will need to be sourced and an organisation is only as good as the people who work for them.

Quote of the day: “Never ever, ever, ever, ever, ever, ever, ever, EVER compromise your hiring.” Hire diverse people with good attitudes who are ready to slot into an innovative environment. And don’t be afraid to hire people who don’t fit the mould – the best innovations don’t tend to come from when people stick to the mould.

  • Business – Transforming to digital can often unearth all sorts of issues that weren’t apparent beforehand. Go back to basics, make sure the company vision is clear, and map out all your processes to how they would work in the real world.
  • Technology – Big data, blockchain, and artificial intelligence were all discussed prominently – and will need to be a part of any future plans.

Lots of companies are using all of these technologies already. Google Maps combines AI, robotics and big data. Starbucks and Amazon are teaming up for an AI, chat and voice app.

Trevor Delany, Head of Information Technology & Services for BP New Zealand said that customers had even arrived at its petrol stations asking to pay with bitcoins. It’s impossible to commit to all of the good ideas out there, but the smart people are those who see how this could fit into existing business models in the future.

Customers

Customers should be first priority for every organisation; but for many busy organisations, they are often the last. Every speaker at DX 2017 called for companies to be more customer- led rather than focusing strictly on products. Customer centricity was frequently discussed, especially innovation labs and collaborative programmes.

Culture and continuous learning

The one fundamental kickstarter is having an innovative culture. Allow everyone in the company to get involved and have their voice heard.

If staff feel are empowered in an innovative culture, they will rally and try to solve issues themselves. They certainly won’t sit by and let disruptors take over. Encourage staff at all levels to be curious and ask questions. You need to accept that you’re not always going to get it right – as Brett Roberts puts it ‘experimentation’, rather than ‘embracing failure’.

Don’t get complacent – embrace constant learning. For example, millennials often have a different way of looking problems compared to other generations. Don’t disparage that, encourage it. Datacomp, Datacom’s yearly hackathon has been so successful that it has become a blueprint for hackathons at other companies, such as Genesys and ASB.

And finally, the big C, communication

The overwhelming message from DX 2017 is to start focussing on people. A major part of that is communication.

Digital transformation is terrifying. Frontline employees can feel hopeless and removed from the decision making process. They’re often wondering: What is going on? Is my job safe? I’ve been here for 20 years – what are all these crazy decisions that the company is now making?

There will always be resistance to DX, said Gerard Smith, Senior Digital Manager for Teachers Mutual Bank.

You need buy in; to get your employees to embrace the model you’re trying to adopt. You need to educate and reassure them, and offer the appropriate training to enable them for the new model.

There is a human being behind every change the business makes, and they need to be engaged – help them celebrate successes, actively promoting your digital projects and highlighting the importance of the change.

My three takeaways:

  1. “A journey of a thousand miles begins with a single step” – Start with small changes and then work up. Review your legacy systems and grade the changes needed into levels of urgency and importance before implementation. If there is kick back from the top team, ask them what else they’ll spend their money on if it isn’t DX.
  1. DX is the whole package, not just the tech – people and business processes are just as important
  1. Uncertainty is a certainty –  Organisations need to be agile, nimble and ready to experiment or else they will die

What do you think? If you’re looking for some ideas on transforming digitally please email us at digital@datacom.co.nz.

Main photo/ Brett Roberts speaks at DX2017.  Photo: Scott Clogg: Conferenz

Tourism NZ intranet – built with Datacom – recognised as one of the world’s best

Tourism New Zealand’s staff intranet has been named one of the top ten in the world. International user experience firm, Nielsen Norman Group announced the award this week with Tourism New Zealand the only Australasian winner.

As well as winning the Nielson Norman group award, earlier this year Datacom and Tourism NZ were named winners in the Microsoft Partner Awards for Content and Collaboration for the same solution.

tongarirocropped

Photo: Tourists on the Tongariro Crossing – one of New Zealand’s most popular vistior attractions. Wikimedia Commons user Yogi De

“We have staff based around the globe and staff who travel internationally working from mobile devices so it’s really important as an organisation to keep our people informed and connected to our global whanau. The intranet was redesigned with these principles in mind so it’s great to see the site being recognised for being accessible and easy to use,” says Deborah Gray, Tourism NZ’s General Manager Corporate Affairs.

“The site was also praised for its use of plain English and social interactive features. We made sure to integrate the ability for staff to post photos and have conversations, it’s been really successful in helping staff engage with each other and share information.”

The redesign project took around six months to complete. The work included the review all content on the site, rewriting it to make it more accessible and more visual, as well as removing unused and old content.

The intranet site was delivered by the Datacom Office 365 team, helmed by Matt Swain.

Datacom’s view is that an intranet is based on 5 key pillars:

• Communication
• Content
• Collaboration
• Culture
• Doing Work

Evaluating where customer’s currently rate in each of these pillars, and what they are trying to achieve with their intranet is critical in driving successful, measurable outcomes.

Datacom believes that each phase of an intranet build should typically only focus on one or two of these pillars, with a light touch to the others. Having clear goals set against each pillar then allows organisations to clearly prioritise and deliver against each phase, while still gathering requirements for future phases.

It is important to keep in mind an intranet cannot be fairly judged as successful on day one, but needs to look at 6, 12, and 18 months in the future. Constant evolution is needed.

Datacom spent considerable amounts of time working with Tourism New Zealand to clearly understand their goals before work started. As such, the intranet was focused on social interaction to enable workplace collaboration, as well as the construction of valuable content. This allows the intranet to feel fresh and lively, a place where people want to work together, and utilises information well suited to the medium.

Jakob Nielsen, Principal for Nielsen Norman Group describes Tourism New Zealand’s site as having “A clean design, rewritten content, and well-integrated social features turned Tourism New Zealand’s new responsive intranet into an essential tool for communication and collaboration, regardless of location or device.”

See more here about Datacom Social Intranet.

 Daniel Thurston and Matt Swain