Tag Archives: AT&T

The Big Lesson From Amazon-Whole Foods

I doubt that Google and Microsoft ever worried about the prospect that a book retailer, Amazon, would come to lead one of their highest-growth markets: cloud services. And I doubt that Apple ever feared that Amazon’s Alexa would eat Apple’s Siri for lunch.

For that matter, the taxi industry couldn’t have imagined that a Silicon Valley startup would be its greatest threat, and AT&T and Verizon surely didn’t imagine that a social media company, Facebook, could become a dominant player in mobile telecommunications.

But this is the new nature of disruption: Disruptive competition comes out of nowhere. The incumbents aren’t ready for this and, as a result, the vast majority of today’s leading companies will likely become what toast—in a decade or less.

Note the march of Amazon. First it was bookstores, publishing and distribution, then cleaning supplies, electronics and assorted home goods. Now, Amazon is set to dominate all forms of retail as well as cloud services, electronic gadgetry and small-business lending. And the proposed acquisition of Whole Foods sees Amazon literally breaking the barriers between the digital and physical realms.

See also: Huge Opportunity in Today’s Uncertainty  

This is the type of disruption we will see in almost every industry over the next decade, as technologies advance and converge and turn the incumbents into toast. We have experienced the advances in our computing devices, with smartphones having greater computing power than yesterday’s supercomputers. Now, every technology with a computing base is advancing on an exponential curve—including sensors, artificial intelligence, robotics, synthetic biology and 3-D printing. And when technologies converge, they allow industries to encroach on one another.

Uber became a threat to the transportation industry by taking advantage of the advances in smartphones, GPS sensors and networks. Airbnb did the same to hotels by using these advancing technologies to connect people with lodging. Netflix’s ability to use internet connections put Blockbuster out of business. Facebook’s  WhatsApp and Microsoft’s Skype helped decimate the costs of texting and roaming, causing an estimated $386 billion loss to telecommunications companies from 2012 to 2018.

Similarly, having proven the viability of electric vehicles, Tesla is building batteries and solar technologies that could shake up the global energy industry.

Now, tech companies are building sensor devices that monitor health. With artificial intelligence, these will be able to provide better analysis of medical data than doctors can. Apple’s ResearchKit is gathering so much clinical-trial data that it could eventually upend the pharmaceutical industry by correlating the effectiveness and side effects of the medications we take.

As well, Google, Facebook, SpaceX and Oneweb are in a race to provide Wi-Fi internet access everywhere through drones, microsatellites and balloons. At first, they will use the telecom companies to provide their services; then they will turn the telecom companies into toast. The motivation of the technology industry is, after all, to have everyone online all the time. The industry’s business models are to monetize data rather than to charge cell, data or access fees. They will also end up disrupting electronic entertainment—and every other industry that deals with information.

The disruptions don’t happen within an industry, as business executives have been taught by gurus such as Clayton Christensen, author of management bible “The Innovator’s Dilemma”; rather, the disruptions come from where you would least expect them to. Christensen postulated that companies tend to ignore the markets most susceptible to disruptive innovations because these markets usually have very tight profit margins or are too small, leading competitors to start by providing lower-end products and then scale them up, or to go for niches in a market that the incumbent is ignoring. But the competition no longer comes from the lower end of a market; it comes from other, completely different industries.

The problem for incumbents, the market leaders, is that they aren’t ready for this disruption and are often in denial.

Because they have succeeded in the past, companies believe that they can succeed in the future, that old business models can support new products. Large companies are usually organized into divisions and functional silos, each with its own product development, sales, marketing, customer support and finance functions. Each division acts from self-interest and focuses on its own success; within a fortress that protects its ideas, it has its own leadership and culture. And employees focus on the problems of their own divisions or departments—not on those of the company. Too often, the divisions of a company consider their competitors to be the company’s other divisions; they can’t envisage new industries or see the threat from other industries.

This is why the majority of today’s leading companies are likely to go the way of Blockbuster, Motorola, Sears and Kodak, which were at the top of their game until their markets were disrupted, sending them toward oblivion.

See also: How to Respond to Industry Disruption  

Companies now have to be on a war footing. They need to learn about technology advances and see themselves as a technology startup in Silicon Valley would: as a juicy target for disruption. They have to realize that the threat may arise in any industry, with any new technology. Companies need all hands on board — with all divisions working together employing bold new thinking to find ways to reinvent themselves and defend themselves from the onslaught of new competition.

The choice that leaders face is to disrupt themselves—or to be disrupted.

3 Things on Cyber All Firms Must Know

Managed security services providers, or MSSPs, continue to rise in presence and impact—by giving companies a cost-effective alternative to having to dedicate in-house staff to network defense.

In the thick of this emerging market is Rook Security. I spoke with Tom Gorup, Rook’s director of security operations, about this at RSA 2017. A few takeaways:

Outsourced SOCs. MSSPs essentially function as a contracted Security Operations Center, or SOC. Most giant corporations, especially in the financial and tech sectors, have long maintained full-blown SOCs, manned 24/7/365. And so the top MSSP vendors, which include the likes of AT&T, Dell SecureWorks, Symantec, Trustwave and Verizon, are aggressively marketing MSSP services to midsize companies, those with 1,000 to 10,000 employees.

See also: 7 Key Changes for Insurers’ Cybersecurity  

At the other end of the spectrum—catering to very small businesses—you have consulting technicians, operating in effect as local and regional MSSPs. These service providers may have one or two employees. They make their living by assembling and integrating security products developed by others, working with suppliers such as SolarWinds MSP, which packages and white labels cloud-based security solutions for very small businesses.

So what about the companies in between, those with, say, 50 to 999 employees? Security vendors recognize this to be a vastly underserved market, one that probably has pent-up demand for MSSP services.

What MSSPs provide. For midsize and large enterprises, MSSPs deliver an added layer of expertise that can help bigger organizations actually derive actionable intelligence from multiple security systems already in place, such as firewalls, intrusion detection systems, sandboxing and SIEMs. The top MSSPs tap into all existing systems and provide deeper threat intelligence services, such as device management, breach monitoring, data loss prevention, insider threat detection and incident response.

For small businesses, local MSSPs focus on doing the basics to protect endpoints and servers. This relieves the small business operator from duties such as staying current on anti-virus updates, as well as security patches for Microsoft, Apple, Adobe and Linux operating systems and business applications that are continually probed and exploited.

 Who needs one? Every business today is starkly exposed to network breaches. So who could use an MSSP? The calculation for midsize and large organizations is straightforward. The goal is to provide more data protection at less cost, based on thoughtful, risk-based assessments. The most successful MSSPs will help company decision-makers build a strong case for their services.

See also: Quest for Reliable Cyber Security  

At smaller companies, the first question to ask is this: How mature is my security posture to begin with?

Gorup observes: “Is security even on the radar right now? In smaller organizations, you might have just one person, part-time, working IT. Security is kind of secondary. I’d recommend seeking more advisory services to help detect phishing attacks, help build some processes, help understand what technologies you should invest in. This will allow growth to occur. And then you can make a natural transition into building an SOC or seeking SOC services.”

Thought Leader in Action: Chris Mandel

Back in the ’70s, Chris Mandel quite literally stumbled into insurance, as a result of a racketball injury at Virginia Polytech Institute when he suffered a detached retina. After two months of lying flat in a hospital bed, he had to forego his post-graduate job in retail management and start looking for employment in D.C. — he began an unexpected career in managing claims at Liberty Mutual.

Mandel excelled in his job but realized a career in claims management wasn’t what he wanted. So, in the early ’80s, he moved to Marsh brokerage for five years and set up a risk management program for an AT&T spinoff that evolved into what is now Verizon. He then left Marsh to be Verizon’s first risk manager — building its program from scratch.

By the ’90s, he landed in several top corporate risk management positions at the American Red Cross, Pepsico/KFC and Triton Global Restaurants (YUM Brands). Mandel also began his six-year volunteer stint as the president of RIMS (1998-2004), after serving in many different key RIMS leadership roles. He earned an MBA in finance from George Mason University along the way.

By 2001, Mandel was on several advisory boards (i.e. Zurich, AIG, FM Global and Liberty Mutual), before making a career and geographic move to the USAA Group in San Antonio. There, he built an enterprise risk management (ERM) program because he saw a “broken traditional approach” to risk management. After nearly 10 years of developing an ERM program lauded in the industry (including by AM Best, Moody’s and S&P), Mandel was promoted at USAA to head of enterprise risk management, as well as president and vice chair of Enterprise Indemnity, a USAA commercial insurance subsidiary. While at USAA, he was recognized as Business Insurance’s Risk Manager of the Year (2004).

His dream was to be a corporate chief risk officer, but he saw that title more often going to “quants,” (like actuaries), rather than risk professionals. So, as a well-known and sought-out industry spokesperson and visionary, Mandel moved on from USAA in 2010 to found a Nashville-based risk management consulting group, then-called rPM3 Solutions, which holds a patent on a game-changing enterprise risk measurement methodology. Then, in 2013, he moved to Sedgwick as a senior vice president. He is responsible for conducting scholarly research, driving innovation, managing industry relations and forging new business partnerships.

In early 2016, he was appointed director of the newly formed Sedgwick Institute, which is an extension of the firm’s commitment to delivering innovative business solutions to Sedgwick’s clients and business partners — as well as the whole insurance industry. In 2016, Mandel was awarded RIMS’ distinguished Goodell Award (see video below).

When asked what he sees as critical strengths for someone entering risk management, Mandel said: “I try to hire managers who can think strategically and who can convince C-suiters and boards of the value of being resilient in addressing a company’s risk profile. Progressive leaders understand the strategy to leverage risk for value.”

A holistic approach, as he describes it, “seeks a vantage point that can assess both the upside and downside of all foreseeable risks.” He believes true innovation evolves from a company’s risk-taking. “It’s not so much identifying what or when adversity is going to happen, it’s how a company responds to risk in order to minimize disruption,” he said.

In assessing his personal strengths and accomplishments, Mandel feels that a person needs to be “emotionally intelligent” — able to adapt to different people in organizations. He doesn’t consider himself a people person but says he learned to be one the hard way. He advises: “Team spirit is putting other people first and helping them succeed. … Admit your failures and build trustworthiness from your mistakes.”

Besides writing, teaching, speaking and (still) playing racketball, he serves an active role as an advisory board member of Insurance Thought Leadership. He and his wife also serve in church ministries, where he often plays guitar alongside his grown children, who are ordained ministers. Mandel said, “I’m blessed by a Creator who’s had my back.”

IoT Is Game Changer for Insurers

The Internet is now an integral part of our daily lives, and we would struggle to imagine life without it. However, to date, growth has largely been driven by access to content and by speed.

We are now moving into the new phase of growth where the everyday “things” around us will be connected to the Internet. This is the Internet of Things (IoT) – it will have a profound impact on our daily lives and change the way we interact with our environment. It will also have a big impact on how industries operate and relate with their customers. This is particularly true for insurance companies, where there is an opportunity to move from being passive and reacting to losses, to being proactive and helping prevent them.

In short, the IoT will be a game changer for insurers.

In the commercial sector, we are familiar with the benefits of connectivity in smart buildings. When we go to a hotel, door locks are controlled with smart cards, and there are links to lighting and air conditioning to save energy and improve security. Fire systems are networked to sprinklers. Indeed, I’m not sure I’d book a hotel that gave me a metal key. More significantly, most modern commercial buildings would struggle to get insurance coverage without new technology.

The IoT will bring this same level of intelligence to the home.

Standard devices such as light switches, thermostats and door locks are being networked. Smartphones allow us to monitor and control air conditioning, as well as access and monitor security and lighting, with alerts if there is a problem. The first wave of connected appliances is now starting to roll out. Just as with commercial buildings, “interoperability” will become standard in homes because it makes them safer, more energy-efficient and easier to manage.

The smart home is already going mainstream. Big-box stores like Lowe’s, Home Depot, Best Buy, Target and Sears have started to offer their own DIY smart home solutions. They are competing with the major service providers such as AT&T, Comcast, TWC and others that have developed their own consumer offerings. The entry of Apple, Google and Microsoft into the space with different consumer strategies is a clear sign that the market has arrived.

Many of these new entrants have recognized that data will be key to their future success in a connected world where devices will generate as much as we can handle and the ability to refine and exploit it will decide the winners and losers in many industries. This data is going to be particularly important to insurers, which have traditionally based their pricing on risk assessment. If a competitor has better data on which to base judgments, it will have the edge.

The IoT and access to data will reshape industry boundaries and create opportunities.

The IoT will allow insurance companies to move from the traditional passive role of underwriting risk to take a more active position by supplying smart home products and services. Other industries have already adopted this type of strategy. For example, the major cable companies and telcos now offer smart home products over the top of their broadband. These provide new revenue streams, leverage their core competencies, increase customer loyalty and provide a platform for growing new value-added services. Insurance companies could take a page out of the service providers’ playbook and offer their own solutions to realize similar benefits.

The IoT and smart home can give insurers a more direct relationship with the consumer through daily interaction using touch points in apps and messaging. Insurers could also become more competitive by adopting pricing strategies that include direct sourcing and bundling with policies. Contrast this to consumers’ traditional negative experience of bill paying on an annual or semi-annual basis for something they most likely didn’t use.

Consumers would see insurance companies as a logical source for products and services that protect people and their property. Smart home systems can be DIY, offering protection for security, fire and flood. Moreover, they bring new levels of protection with innovation. For example, low-cost leak detectors and temperature sensors can automatically shut off the water supply when triggered.

The IoT is a real growth opportunity, and any business can scale as new connected devices come along. This can be done by offering devices and sensors that improve in-home healthcare and appliances that can be remotely monitored to reduce warranty support costs. These products and value-added services can drive new revenue streams, improve customer retention and reinvent the way consumers perceive their insurance provider. More importantly, the IoT secures access to the data from the things in the home that would help insurance companies manage risk.

If there is a nervousness to step outside the traditional industry boundaries, the alternative is to forge new partnerships with the companies that are deploying smart home solutions.

These companies have access to the data that will help insurance companies manage risk. For example, Lowe’s has partnered with a number of leading insurance companies to trade data from the Iris smart home system. Clearly, data privacy is a major issue, so customers have to approve sharing. This can be achieved by offering a benefit on the policy, usually in the form of a discount.

Clearly, the IoT market is moving extremely fast, and it will challenge conventional wisdom. Just five years ago, the only connected device in home improvement retail was a smart door lock, and now there are hundreds – even dog bowls and toothbrush are becoming connected. If the IoT grows as predicted, every powered device will be IP addressable in the next 10 years. Ignoring this market is not a smart move.

While competing in the smart home space by offering consumers new products and services may seem daunting, the IoT will disrupt traditional industry boundaries, and attack is sometimes the best form of defense. Moreover, actively entering the market has the biggest upside. At a minimum, there is a need to find ways to partner to protect your position and get access to data to remain competitive. The leading insurance providers will be those that embrace the IoT and its impact.

The Dangers Lurking in Public WiFi

Free WiFi access points (APs) are a great convenience for consumers and can be a productivity booster for business travelers. But they also present ripe opportunities for hackers. ThirdCertainty asked Corey Nachreiner, WatchGuard Technologies’ director of security strategy, to outline this exposure.

3C: What risks do consumers and business travelers take when using WiFi services in public venues such as airports, hotels and coffee shops?

Nachreiner: The exposure is potentially huge. It’s natural for people to congregate and wait in places like airports and hotels and use public WiFi access. So these are ideal locations for attackers to set up faked WiFi APs.

This is possible because SSIDs (wireless networks) used in these locations are widely trusted; names like AT&T Wi-Fi, XFINITY WiFi, Boingo Wi-Fi and Free WiFi. It is easy for an attacker to broadcast a faked AP using these familiar names to entice victims to connect via the attacker’s AP. Furthermore, if your computer has connected to the legit access point in the past, it may automatically connect to the faked one.

Best practices: 4 steps to using public-access WiFi safely

3C: If I connect to the Internet via a faked WiFi connection, do I still get on the web?

Nachreiner: Yes, but now the attacker can see what you’re doing, infect your computer and set up man-in-the-middle attacks that can steal your account credentials and work files.

3C: Does part of this have to do with the venues – the hotels and book shops – not bothering to lock down the free WiFi access?

Nachreiner: Yes. 80% of hospitality WiFi networks don’t require a unique password, and 50% do not secure or monitor their networks. I can share many stories about how easy it is to set up a faked AP in public areas and watch people join.

3C: This exposure has been out there since WiFi started going public more than a decade ago. So how intensively have the bad guys been exploiting this?

Nachreiner: Bad guys are definitely exploiting this. I’m a fairly regular business traveler. I’ve found suspicious and very likely malicious APs on two out of 10 trips. l’ve been on hotel networks where my security tools show other guests on the network trying to connect to my shares.

Whether they were just curious guests or malicious attackers is hard to say. But hotel networks are the perfect place for attackers to find victims.

3C: Right, that’s what happened in the so-called DarkHotel attack.

Nachreiner: Exactly, one of our partners, Kaspersky, discovered attackers targeting the third-party WiFi vendor of a specific hotel. They were seeking intelligence on certain guests they knew would be staying at the hotel. They used the compromised wireless network to infect the computers of their targeted victims.

This was a very sophisticated attack and not the norm. That said, it’s more common to find basic criminals putting up faked hotel network connections to steal information from guests opportunistically.