(Bloomberg), China’s consumer startup companies are experiencing a dry spell in fundraising.
Preqin Ltd. said that investment by China-focused private equity and venture capital firms in the sector fell by more than 70 percent in the first quarter of 2023 compared to the same period of 2023. This follows a 90 percent decline in 2018, when the firm reported a record $73 billion.
Investors have stopped making new bets, but those who still write checks to entrepreneurs have adopted a new mantra for assessing whether a business can survive the increasing frugality of consumers: great value for money. This is a major selling point for shoppers who have been feeling the pinch from China’s economic downturn and widespread job losses.
Some focus on funding startups that reshape their distribution models in order to offer lower prices than the market — or those who launch innovative products and upgrade the quality of their ingredients in order to convince shoppers to part with money.
This is a big change from the days of fundraising before Covid, when investors poured into startups selling 110 yuan ($110), or 66 yuan (66 yuan) ice cream bars. They did this mostly through slick marketing. Several of these brands ended up pricing their products out of the market after the pandemic.
“A few short years ago, you were able to get funding by simply having a great idea. Now, this very limited capital will go only to founders who have solid skills and backgrounds,” Zhang Ye, founder at Beijing-based Cyanhill Capital. This early stage investment firm focuses on China’s consumers sector.
Efficiency-Oriented
MMHM Group, a discount snack chain, is one of only a few consumer startups to have received funding this year. The brand eliminates middlemen by sourcing its ingredients directly from the producers. This allows it to sell snacks at up to 60% lower prices than traditional supermarkets.
Shanghai-based BA Capital is one of its main backers. In 2023, it led a 150 million yuan fundraising for snack chain Zhao Yiming before it merged into a rival company to form MMHM. This year, BA made a new investment in MMHM which operates mainly in China’s booming low-tier markets.
The BA investment shows the growing trend of venture capitalists to invest in startups that are efficient enough to undercut their competitors, as well as the more traditional focus of the firm on companies that target Chinese consumers who are more willing and able to spend money today, according to David He, the founder and partner of the firm.
He said that when the economy is under pressure, it’s important to focus on firms with high efficiency.
Investors say that although Chinese consumers still shop for quality despite a slowdown in the economy, uncertainty about the future may limit how much they are willing to pay.
“Good value for the money does not mean a reduction in consumption, but rationalism.” It’s no longer effective to charge an unrealistic price as if consumers were fools,” said Cyanhill Zhang.
More stories like this can be found on .com.
2024 Bloomberg L.P.
3.6 Crore Indians visited us in a single session, making us India’s most popular platform for General Election Results. Here you can find the latest updates!
Navigating cyber resilience and security at SecOps Summit 2024: Key Highlights, ET CIO SEA
The cyber resilience market and world are rapidly changing, and the stakes are higher everyday. The faster you move, and the more you innovate, the greater the chance of a mistake, a blind spot, or a vulnerability. Hence, building cyber resilience to effectively manage technology risk is the need of the hour.
We recently held the third edition of SecOps Summit 2024, an exclusive security and risk virtual summit in association with ServiceNow on 27th June. By corroborating unique views and insights of industry experts, thought leaders, practitioners, and senior tech leaders from Asia Pacific, we unravelled various complexities and best practices in cybersecurity and resilience.
Here are some key highlights and excerpts from SecOps Summit 2023.
Cyber Security and Resilience: Protect business growth and productivity through threats, regulations, and change
In the opening panel, Lou Fiorelli, VP & GM, Security & OT Products, ServiceNow shared, “It is impossible to run a secure business with all the silos that exist in most organisations. Cyber risk needs to be actioned by everybody,” said Lou as he started the discussion and mentioned a few important points related to cyber risk management; Unite security, risk, IT, and the business to power growth and resilience, and streamline enterprise security and manage risk at scale.
“Cyber risk management and developing cyber resilience is extremely critical,” said Vasant Balasubramanian, VP & GM, Risk BU, ServiceNow. The two aspects of cyber risk management that Vasant deliberated on included —
Identifying, prioritising, monitoring, and mitigating risk: Infra, apps, physical regulations, and third parties resilience.
Comply with regulations and corporate policies: Policies and controls, attestations, and continuous monitoring issues.
On enterprise security operations, Lou explained that there are only two halves of managing enterprise SecOps, and said, “One half is being proactive, reducing the chance of something bad happening, and managing the attack surface. The other half is about what would you do if something bad does happen, how do you orchestrate case management and drive playbooks in response.”
Secure Tomorrow: Unified strategies for cyber resilience and regulatory compliance
In the next session, Sameel Limbada, Senior Risk Advisory Solution Consultant, ServiceNow, deliberated on the various unified strategies for cyber resilience and regulatory compliance.
Talking about risk, Sameel elaborated that cyber incidents have been rated as the highest risk across FSIs, governments, and commercial sectors. These cyber incidents affect five main areas: experiences, trust, economic growth, reputation, and costs.
He said, “The process of managing a cyber incident is manual in nature, there are large bottlenecks at times, and it results in only some of the required processes being executed. It almost becomes a cherry-pick type exercise.” On how to streamline and orchestrate a process, he deliberated on how the ServiceNow platform can help:
The next speaker Charmaine Valmonte, Chief Information Security Officer at Aboitiz Group, talked about a very pertinent and contemporary topic, navigating the state of security and risk in the age of artificial intelligence.
She elaborated on how businesses maintain cyber resilience given an influx of emerging technologies, why businesses use AI, the development and integration of AI systems, and ethics of using AI in enterprises.
According to Charmaine, the benefits of AI in cybersecurity are:
Automated threat detection and investigations.
Improves defences.
Save on breach remediation costs.
She also mentioned that in the private sector, AI is being used to understand people’s behaviour by social media sites that understand how people browse on the internet. The main use case of AI, to be able to cater from a retail perspective, is understanding quickly based on patterns, and delivering what the client would want in a particular demographic.
On the ethical usage of AI in enterprises, Charmaine stated, “We need to build AI responsibly. Again, privacy and security are the key ingredients that are crucial in those datasets behind your AI capability. It has to be built ethically, and the same defences have to be built insofar ensuring we have data protection, various levels of protection, and strictly controlled access to the data that goes into your system.”
Dissecting network and cloud systems security
Security is starting to change, and the way people use the cloud is becoming much more complex, and the types of data that they store in the cloud is something that we’re seeing big adjustments on. Since organisations have new cloud security challenges, we were joined by Guy Newell, Director of APJ, Office of the CISO, ServiceNow to help understand them better.
Guy deliberated that since increasingly sensitive data is being stored in cloud platforms, organisations need to “protect data, stop supply chain attacks, and increase compliance”.
He explained the state of cybersecurity in the cloud and said, “Unfortunately to go along with the new data going in the cloud, the risks and threats are just growing exponentially. 4,000 new cyber attacks occur every day, every 14 seconds a company falls victim to a ransomware attack, 560,000 new pieces of malware are detected every day, and there’s just a continuous new delivery of bugs and threats out there.”
As Guy talked about in the session, “overall, the security of the cloud needs to be looked at as a cycle”. And the key steps of the cycle include: identify—protect—detect—respond—recover.
On the next panel session, we were joined by Joseph Ong, Chief Information Security Officer, FCM Travel Asia, Pepijn Kok, Head of Cybersecurity, Advanced Info Services Plc, and Virag Thakkar, Global Head – Cyber Security, of Thai Union Group PCL, and the panel was moderated by Gauravkumar Mahendru, Director, Sales – Technology Workflows, India, ServiceNow.
The current climate demands that organisations shift towards a more proactive risk strategy. On the steps that his organisation has taken towards this shift, Pepijn chimed in and said, “With a lot of attacks and vulnerabilities, we can’t patch quick enough. What we are doing is risk prioritisation, whenever an issue comes up we evaluate if it’s a potential vulnerability. Based on the risk profiles, we decide to do immediate patching which needs to happen quickly, or if we can wait, we wait to monitor it. A lot of it is awareness, risk prioritisation, and gaining a lot of visibility. That visibility and therefore your response, if something occurs, is paramount.”
On dealing with risk prioritisation, Joseph gave insights from his organisations and mentioned, “One of the steps we took was to establish a risk management framework that is aligned with industry standards and requirements, this is very important. Another key measure that we took was to deploy advanced threat detection systems. Threats will come whenever they want to, so regular security testing is also a key step that we took. Testing was done and is still done on our systems, cloud servers, antivirus on desktops and so on. One other thing Pepijn earlier mentioned was patching, to ensure patching is done timely will definitely be important to prevent such attacks. Finally, having a risk register is equally important because it gives the management more visibility and transparency to make informed decisions on risk prioritisation.”
Elaborating on his insightful thoughts on the same, Virag said, “From a non-negotiable point of view, you need to have your principles and standards defined and measured very well. You will have a very proactive and better risk management system in place. Principles and standards are key and non-negotiable elements of risk management. Building a principle-oriented culture is always an ongoing process, which requires promoting a lot of open communication with the employees and management, and helps you in negotiating with the right stakeholders.”
Ultimately, right from governance, building it into principles, its cultural embedding within the organisation, to having visibility and finally moving on to a continuous improvement phase for the organisation, is something that was advocated by the panel when it comes to an ideal proactive risk management strategy.
A cyber resilience guide for 2024
In the last session of the event, the closing note was delivered by Alexis Bernardino, Field Chief Information Security Officer and Head Enterprise Consulting Practices, PLDT Enterprise, who outlined the Cyber Resilience Guide for 2024.
He elaborated on the main proactive steps to build cyber resilience, which include: identify risks, mitigate before attack, better decisions, faster recovery, and business continuity.
Talking about how AI is a double-edged sword in the cybersecurity landscape, Alexis elaborated, “While AI can be a powerful tool for identifying and mitigating hearts before they materialise, it can also be used by an adversary to attack systems. Organisations need to leverage the same AI platforms to fortify their defences to strike a balance, and that is why AI is a double-edged sword.”
The cyber resilience guide for 2024 that he outlined based on a survival kit focused more on the intangibles:
Paradigm-Shift
‘Hacker Mindset’ – Anticipate how they think
Paranoia and Vigilance – Assume breach mode
Technology Adaptation – To outpace threats
Fortify. Enlighten. Secure.
Alexis concluded the closing note and stated beautifully, “In cybersecurity and AI, the unknown is where resilience is forged.”
“,”next_sibling”:[{“msid”:111391528,”title”:”91% of security leaders believe AI set to outpace security teams: Bugcrowd”,”entity_type”:”ARTICLE”,”link”:”/news/security/91-of-security-leaders-believe-ai-set-to-outpace-security-teams-bugcrowd/111391528″,”link_next_mobile”:”/news/security/91-of-security-leaders-believe-ai-set-to-outpace-security-teams-bugcrowd/111391528?next=1″,”category_name”:null,”category_name_seo”:”news/security”}],”related_content”:[],”seoschemas”:false,”social_share”:{“fb”:”/news/security/navigating-cyber-resilience-and-security-at-secops-summit-2024-key-highlights/111401063?utm_source=facebook&utm_medium={{DEVICE_TYPE}}”,”x”:”/news/security/navigating-cyber-resilience-and-security-at-secops-summit-2024-key-highlights/111401063?utm_source=twitter&utm_medium={{DEVICE_TYPE}}”,”whatsapp”:”/news/security/navigating-cyber-resilience-and-security-at-secops-summit-2024-key-highlights/111401063?utm_source=wapp&utm_medium={{DEVICE_TYPE}}”,”linkdin”:”/news/security/navigating-cyber-resilience-and-security-at-secops-summit-2024-key-highlights/111401063?utm_source=linkedin&utm_medium={{DEVICE_TYPE}}”,”telegram”:”/news/security/navigating-cyber-resilience-and-security-at-secops-summit-2024-key-highlights/111401063?utm_source=telegram&utm_medium={{DEVICE_TYPE}}”,”copy”:”/news/security/navigating-cyber-resilience-and-security-at-secops-summit-2024-key-highlights/111401063?utm_source=copy&utm_medium={{DEVICE_TYPE}}”},”msid”:111401063,”entity_type”:”ARTICLE”,”title”:”Navigating cyber resilience and security at SecOps Summit 2024: Key Highlights”,”synopsis”:”By corroborating unique views and insights from industry experts, thought leaders, practitioners, and senior tech leaders from Asia Pacific, we unravelled various complexities and best practices in cybersecurity and resilience at the SecOps Summit 2024. Here are its key highlights.”,”titleseo”:”news/security/navigating-cyber-resilience-and-security-at-secops-summit-2024-key-highlights”,”status”:”ACTIVE”,”authors”:[{“author_name”:”Saachi Gupta Ghosh”,”author_link”:”/author/479258196/saachi-gupta-ghosh”,”author_api_link”:”/author/479258196″,”author_image”:”https://etimg.etb2bimg.com/authorthumb/479258196.cms?width=250&height=250&imgsize=68898″,”author_additional”:{“thumbsize”:true,”msid”:479258196,”author_name”:”Saachi Gupta Ghosh”,”author_seo_name”:”saachi-gupta-ghosh”,”designation”:”Digital Content Producer”,”agency”:false}}],”Alttitle”:{“minfo”:””},”artag”:”ETCIOSEA”,”artdate”:”2024-07-02 05:00:00″,”lastupd”:”2024-07-02 05:00:00″,”breadcrumbTags”:[“SecOps Summit 2024″,”cyber resilience”,”security”,”ServiceNow”,”cyber risk”,”risk management”,”AI”,”cybersecurity”,”secops summit”,”proactive risk management”],”secinfo”:{“seolocation”:”news/security/navigating-cyber-resilience-and-security-at-secops-summit-2024-key-highlights”}}” data-authors=”[” saachi gupta data-category-name=”Security” data-category_id=”832″ data-date=”2024-07-02″ data-index=”article_1″>
By corroborating unique views and insights from industry experts, thought leaders, practitioners, and senior tech leaders from Asia Pacific, we unravelled various complexities and best practices in cybersecurity and resilience at the SecOps Summit 2024. Here are its key highlights.
Published On Jul 2, 2024 at 05:00 AM IST
The cyber resilience market and world are rapidly changing, and the stakes are higher everyday. The faster you move, and the more you innovate, the greater the chance of a mistake, a blind spot, or a vulnerability. Hence, building cyber resilience to effectively manage technology risk is the need of the hour.
We recently held the third edition of SecOps Summit 2024, an exclusive security and risk virtual summit in association with ServiceNow on 27th June. By corroborating unique views and insights of industry experts, thought leaders, practitioners, and senior tech leaders from Asia Pacific, we unravelled various complexities and best practices in cybersecurity and resilience.
Here are some key highlights and excerpts from SecOps Summit 2023.
Cyber Security and Resilience: Protect business growth and productivity through threats, regulations, and change
In the opening panel, Lou Fiorelli, VP & GM, Security & OT Products, ServiceNow shared, “It is impossible to run a secure business with all the silos that exist in most organisations. Cyber risk needs to be actioned by everybody,” said Lou as he started the discussion and mentioned a few important points related to cyber risk management; Unite security, risk, IT, and the business to power growth and resilience, and streamline enterprise security and manage risk at scale.“Cyber risk management and developing cyber resilience is extremely critical,” said Vasant Balasubramanian, VP & GM, Risk BU, ServiceNow. The two aspects of cyber risk management that Vasant deliberated on included —
Identifying, prioritising, monitoring, and mitigating risk: Infra, apps, physical regulations, and third parties resilience.
Comply with regulations and corporate policies: Policies and controls, attestations, and continuous monitoring issues.
On enterprise security operations, Lou explained that there are only two halves of managing enterprise SecOps, and said, “One half is being proactive, reducing the chance of something bad happening, and managing the attack surface. The other half is about what would you do if something bad does happen, how do you orchestrate case management and drive playbooks in response.”Secure Tomorrow: Unified strategies for cyber resilience and regulatory compliance
In the next session, Sameel Limbada, Senior Risk Advisory Solution Consultant, ServiceNow, deliberated on the various unified strategies for cyber resilience and regulatory compliance.
Talking about risk, Sameel elaborated that cyber incidents have been rated as the highest risk across FSIs, governments, and commercial sectors. These cyber incidents affect five main areas: experiences, trust, economic growth, reputation, and costs.
He said, “The process of managing a cyber incident is manual in nature, there are large bottlenecks at times, and it results in only some of the required processes being executed. It almost becomes a cherry-pick type exercise.” On how to streamline and orchestrate a process, he deliberated on how the ServiceNow platform can help:
The next speaker Charmaine Valmonte, Chief Information Security Officer at Aboitiz Group, talked about a very pertinent and contemporary topic, navigating the state of security and risk in the age of artificial intelligence.
She elaborated on how businesses maintain cyber resilience given an influx of emerging technologies, why businesses use AI, the development and integration of AI systems, and ethics of using AI in enterprises.
According to Charmaine, the benefits of AI in cybersecurity are:
Automated threat detection and investigations.
Improves defences.
Save on breach remediation costs.
She also mentioned that in the private sector, AI is being used to understand people’s behaviour by social media sites that understand how people browse on the internet. The main use case of AI, to be able to cater from a retail perspective, is understanding quickly based on patterns, and delivering what the client would want in a particular demographic.
On the ethical usage of AI in enterprises, Charmaine stated, “We need to build AI responsibly. Again, privacy and security are the key ingredients that are crucial in those datasets behind your AI capability. It has to be built ethically, and the same defences have to be built insofar ensuring we have data protection, various levels of protection, and strictly controlled access to the data that goes into your system.”
Dissecting network and cloud systems security
Security is starting to change, and the way people use the cloud is becoming much more complex, and the types of data that they store in the cloud is something that we’re seeing big adjustments on. Since organisations have new cloud security challenges, we were joined by Guy Newell, Director of APJ, Office of the CISO, ServiceNow to help understand them better.
Guy deliberated that since increasingly sensitive data is being stored in cloud platforms, organisations need to “protect data, stop supply chain attacks, and increase compliance”.
He explained the state of cybersecurity in the cloud and said, “Unfortunately to go along with the new data going in the cloud, the risks and threats are just growing exponentially. 4,000 new cyber attacks occur every day, every 14 seconds a company falls victim to a ransomware attack, 560,000 new pieces of malware are detected every day, and there’s just a continuous new delivery of bugs and threats out there.”
As Guy talked about in the session, “overall, the security of the cloud needs to be looked at as a cycle”. And the key steps of the cycle include: identify—protect—detect—respond—recover.
On the next panel session, we were joined by Joseph Ong, Chief Information Security Officer, FCM Travel Asia, Pepijn Kok, Head of Cybersecurity, Advanced Info Services Plc, and Virag Thakkar, Global Head – Cyber Security, of Thai Union Group PCL, and the panel was moderated by Gauravkumar Mahendru, Director, Sales – Technology Workflows, India, ServiceNow.
The current climate demands that organisations shift towards a more proactive risk strategy. On the steps that his organisation has taken towards this shift, Pepijn chimed in and said, “With a lot of attacks and vulnerabilities, we can’t patch quick enough. What we are doing is risk prioritisation, whenever an issue comes up we evaluate if it’s a potential vulnerability. Based on the risk profiles, we decide to do immediate patching which needs to happen quickly, or if we can wait, we wait to monitor it. A lot of it is awareness, risk prioritisation, and gaining a lot of visibility. That visibility and therefore your response, if something occurs, is paramount.”
On dealing with risk prioritisation, Joseph gave insights from his organisations and mentioned, “One of the steps we took was to establish a risk management framework that is aligned with industry standards and requirements, this is very important. Another key measure that we took was to deploy advanced threat detection systems. Threats will come whenever they want to, so regular security testing is also a key step that we took. Testing was done and is still done on our systems, cloud servers, antivirus on desktops and so on. One other thing Pepijn earlier mentioned was patching, to ensure patching is done timely will definitely be important to prevent such attacks. Finally, having a risk register is equally important because it gives the management more visibility and transparency to make informed decisions on risk prioritisation.”
Elaborating on his insightful thoughts on the same, Virag said, “From a non-negotiable point of view, you need to have your principles and standards defined and measured very well. You will have a very proactive and better risk management system in place. Principles and standards are key and non-negotiable elements of risk management. Building a principle-oriented culture is always an ongoing process, which requires promoting a lot of open communication with the employees and management, and helps you in negotiating with the right stakeholders.”
Ultimately, right from governance, building it into principles, its cultural embedding within the organisation, to having visibility and finally moving on to a continuous improvement phase for the organisation, is something that was advocated by the panel when it comes to an ideal proactive risk management strategy.
A cyber resilience guide for 2024
In the last session of the event, the closing note was delivered by Alexis Bernardino, Field Chief Information Security Officer and Head Enterprise Consulting Practices, PLDT Enterprise, who outlined the Cyber Resilience Guide for 2024.
He elaborated on the main proactive steps to build cyber resilience, which include: identify risks, mitigate before attack, better decisions, faster recovery, and business continuity.
Talking about how AI is a double-edged sword in the cybersecurity landscape, Alexis elaborated, “While AI can be a powerful tool for identifying and mitigating hearts before they materialise, it can also be used by an adversary to attack systems. Organisations need to leverage the same AI platforms to fortify their defences to strike a balance, and that is why AI is a double-edged sword.”
The cyber resilience guide for 2024 that he outlined based on a survival kit focused more on the intangibles:
Paradigm-Shift
‘Hacker Mindset’ – Anticipate how they think
Paranoia and Vigilance – Assume breach mode
Technology Adaptation – To outpace threats
Fortify. Enlighten. Secure.
Alexis concluded the closing note and stated beautifully, “In cybersecurity and AI, the unknown is where resilience is forged.”
Published On Jul 2, 2024 at 05:00 AM IST
Join the largest community of IT industry professionals in Southeast Asia
Subscribe to our newsletter to get latest insights & analysis.
Get updates on your preferred social platform
Follow us for the latest news, insider access to events and more.
The cyber resilience market and world are rapidly changing, and the stakes are higher everyday. The faster you move, and the more you innovate, the greater the chance of a mistake, a blind spot, or a vulnerability. Hence, building cyber resilience to effectively manage technology risk is the need of the hour.
We recently held the third edition of SecOps Summit 2024, an exclusive security and risk virtual summit in association with ServiceNow on 27th June. By corroborating unique views and insights of industry experts, thought leaders, practitioners, and senior tech leaders from Asia Pacific, we unravelled various complexities and best practices in cybersecurity and resilience.
Here are some key highlights and excerpts from SecOps Summit 2023.
Cyber Security and Resilience: Protect business growth and productivity through threats, regulations, and change
In the opening panel, Lou Fiorelli, VP & GM, Security & OT Products, ServiceNow shared, “It is impossible to run a secure business with all the silos that exist in most organisations. Cyber risk needs to be actioned by everybody,” said Lou as he started the discussion and mentioned a few important points related to cyber risk management; Unite security, risk, IT, and the business to power growth and resilience, and streamline enterprise security and manage risk at scale.
“Cyber risk management and developing cyber resilience is extremely critical,” said Vasant Balasubramanian, VP & GM, Risk BU, ServiceNow. The two aspects of cyber risk management that Vasant deliberated on included —
Identifying, prioritising, monitoring, and mitigating risk: Infra, apps, physical regulations, and third parties resilience.
Comply with regulations and corporate policies: Policies and controls, attestations, and continuous monitoring issues.
On enterprise security operations, Lou explained that there are only two halves of managing enterprise SecOps, and said, “One half is being proactive, reducing the chance of something bad happening, and managing the attack surface. The other half is about what would you do if something bad does happen, how do you orchestrate case management and drive playbooks in response.”
Secure Tomorrow: Unified strategies for cyber resilience and regulatory compliance
In the next session, Sameel Limbada, Senior Risk Advisory Solution Consultant, ServiceNow, deliberated on the various unified strategies for cyber resilience and regulatory compliance.
Talking about risk, Sameel elaborated that cyber incidents have been rated as the highest risk across FSIs, governments, and commercial sectors. These cyber incidents affect five main areas: experiences, trust, economic growth, reputation, and costs.
He said, “The process of managing a cyber incident is manual in nature, there are large bottlenecks at times, and it results in only some of the required processes being executed. It almost becomes a cherry-pick type exercise.” On how to streamline and orchestrate a process, he deliberated on how the ServiceNow platform can help:
The next speaker Charmaine Valmonte, Chief Information Security Officer at Aboitiz Group, talked about a very pertinent and contemporary topic, navigating the state of security and risk in the age of artificial intelligence.
She elaborated on how businesses maintain cyber resilience given an influx of emerging technologies, why businesses use AI, the development and integration of AI systems, and ethics of using AI in enterprises.
According to Charmaine, the benefits of AI in cybersecurity are:
Automated threat detection and investigations.
Improves defences.
Save on breach remediation costs.
She also mentioned that in the private sector, AI is being used to understand people’s behaviour by social media sites that understand how people browse on the internet. The main use case of AI, to be able to cater from a retail perspective, is understanding quickly based on patterns, and delivering what the client would want in a particular demographic.
On the ethical usage of AI in enterprises, Charmaine stated, “We need to build AI responsibly. Again, privacy and security are the key ingredients that are crucial in those datasets behind your AI capability. It has to be built ethically, and the same defences have to be built insofar ensuring we have data protection, various levels of protection, and strictly controlled access to the data that goes into your system.”
Dissecting network and cloud systems security
Security is starting to change, and the way people use the cloud is becoming much more complex, and the types of data that they store in the cloud is something that we’re seeing big adjustments on. Since organisations have new cloud security challenges, we were joined by Guy Newell, Director of APJ, Office of the CISO, ServiceNow to help understand them better.
Guy deliberated that since increasingly sensitive data is being stored in cloud platforms, organisations need to “protect data, stop supply chain attacks, and increase compliance”.
He explained the state of cybersecurity in the cloud and said, “Unfortunately to go along with the new data going in the cloud, the risks and threats are just growing exponentially. 4,000 new cyber attacks occur every day, every 14 seconds a company falls victim to a ransomware attack, 560,000 new pieces of malware are detected every day, and there’s just a continuous new delivery of bugs and threats out there.”
As Guy talked about in the session, “overall, the security of the cloud needs to be looked at as a cycle”. And the key steps of the cycle include: identify—protect—detect—respond—recover.
On the next panel session, we were joined by Joseph Ong, Chief Information Security Officer, FCM Travel Asia, Pepijn Kok, Head of Cybersecurity, Advanced Info Services Plc, and Virag Thakkar, Global Head – Cyber Security, of Thai Union Group PCL, and the panel was moderated by Gauravkumar Mahendru, Director, Sales – Technology Workflows, India, ServiceNow.
The current climate demands that organisations shift towards a more proactive risk strategy. On the steps that his organisation has taken towards this shift, Pepijn chimed in and said, “With a lot of attacks and vulnerabilities, we can’t patch quick enough. What we are doing is risk prioritisation, whenever an issue comes up we evaluate if it’s a potential vulnerability. Based on the risk profiles, we decide to do immediate patching which needs to happen quickly, or if we can wait, we wait to monitor it. A lot of it is awareness, risk prioritisation, and gaining a lot of visibility. That visibility and therefore your response, if something occurs, is paramount.”
On dealing with risk prioritisation, Joseph gave insights from his organisations and mentioned, “One of the steps we took was to establish a risk management framework that is aligned with industry standards and requirements, this is very important. Another key measure that we took was to deploy advanced threat detection systems. Threats will come whenever they want to, so regular security testing is also a key step that we took. Testing was done and is still done on our systems, cloud servers, antivirus on desktops and so on. One other thing Pepijn earlier mentioned was patching, to ensure patching is done timely will definitely be important to prevent such attacks. Finally, having a risk register is equally important because it gives the management more visibility and transparency to make informed decisions on risk prioritisation.”
Elaborating on his insightful thoughts on the same, Virag said, “From a non-negotiable point of view, you need to have your principles and standards defined and measured very well. You will have a very proactive and better risk management system in place. Principles and standards are key and non-negotiable elements of risk management. Building a principle-oriented culture is always an ongoing process, which requires promoting a lot of open communication with the employees and management, and helps you in negotiating with the right stakeholders.”
Ultimately, right from governance, building it into principles, its cultural embedding within the organisation, to having visibility and finally moving on to a continuous improvement phase for the organisation, is something that was advocated by the panel when it comes to an ideal proactive risk management strategy.
A cyber resilience guide for 2024
In the last session of the event, the closing note was delivered by Alexis Bernardino, Field Chief Information Security Officer and Head Enterprise Consulting Practices, PLDT Enterprise, who outlined the Cyber Resilience Guide for 2024.
He elaborated on the main proactive steps to build cyber resilience, which include: identify risks, mitigate before attack, better decisions, faster recovery, and business continuity.
Talking about how AI is a double-edged sword in the cybersecurity landscape, Alexis elaborated, “While AI can be a powerful tool for identifying and mitigating hearts before they materialise, it can also be used by an adversary to attack systems. Organisations need to leverage the same AI platforms to fortify their defences to strike a balance, and that is why AI is a double-edged sword.”
The cyber resilience guide for 2024 that he outlined based on a survival kit focused more on the intangibles:
Paradigm-Shift
‘Hacker Mindset’ – Anticipate how they think
Paranoia and Vigilance – Assume breach mode
Technology Adaptation – To outpace threats
Fortify. Enlighten. Secure.
Alexis concluded the closing note and stated beautifully, “In cybersecurity and AI, the unknown is where resilience is forged.” “,”next_sibling”:[{“msid”:111391528,”title”:”91% of security leaders believe AI set to outpace security teams: Bugcrowd”,”entity_type”:”ARTICLE”,”link”:”/news/security/91-of-security-leaders-believe-ai-set-to-outpace-security-teams-bugcrowd/111391528″,”link_next_mobile”:”/news/security/91-of-security-leaders-believe-ai-set-to-outpace-security-teams-bugcrowd/111391528?next=1″,”category_name”:null,”category_name_seo”:”news/security”}],”related_content”:[],”seoschemas”:false,”social_share”:{“fb”:”/news/security/navigating-cyber-resilience-and-security-at-secops-summit-2024-key-highlights/111401063?utm_source=facebook&utm_medium={{DEVICE_TYPE}}”,”x”:”/news/security/navigating-cyber-resilience-and-security-at-secops-summit-2024-key-highlights/111401063?utm_source=twitter&utm_medium={{DEVICE_TYPE}}”,”whatsapp”:”/news/security/navigating-cyber-resilience-and-security-at-secops-summit-2024-key-highlights/111401063?utm_source=wapp&utm_medium={{DEVICE_TYPE}}”,”linkdin”:”/news/security/navigating-cyber-resilience-and-security-at-secops-summit-2024-key-highlights/111401063?utm_source=linkedin&utm_medium={{DEVICE_TYPE}}”,”telegram”:”/news/security/navigating-cyber-resilience-and-security-at-secops-summit-2024-key-highlights/111401063?utm_source=telegram&utm_medium={{DEVICE_TYPE}}”,”copy”:”/news/security/navigating-cyber-resilience-and-security-at-secops-summit-2024-key-highlights/111401063?utm_source=copy&utm_medium={{DEVICE_TYPE}}”},”msid”:111401063,”entity_type”:”ARTICLE”,”title”:”Navigating cyber resilience and security at SecOps Summit 2024: Key Highlights”,”synopsis”:”By corroborating unique views and insights from industry experts, thought leaders, practitioners, and senior tech leaders from Asia Pacific, we unravelled various complexities and best practices in cybersecurity and resilience at the SecOps Summit 2024. Here are its key highlights.”,”titleseo”:”news/security/navigating-cyber-resilience-and-security-at-secops-summit-2024-key-highlights”,”status”:”ACTIVE”,”authors”:[{“author_name”:”Saachi Gupta Ghosh”,”author_link”:”/author/479258196/saachi-gupta-ghosh”,”author_api_link”:”/author/479258196″,”author_image”:”https://etimg.etb2bimg.com/authorthumb/479258196.cms?width=250&height=250&imgsize=68898″,”author_additional”:{“thumbsize”:true,”msid”:479258196,”author_name”:”Saachi Gupta Ghosh”,”author_seo_name”:”saachi-gupta-ghosh”,”designation”:”Digital Content Producer”,”agency”:false}}],”Alttitle”:{“minfo”:””},”artag”:”ETCIOSEA”,”artdate”:”2024-07-02 05:00:00″,”lastupd”:”2024-07-02 05:00:00″,”breadcrumbTags”:[“SecOps Summit 2024″,”cyber resilience”,”security”,”ServiceNow”,”cyber risk”,”risk management”,”AI”,”cybersecurity”,”secops summit”,”proactive risk management”],”secinfo”:{“seolocation”:”news/security/navigating-cyber-resilience-and-security-at-secops-summit-2024-key-highlights”}}” data-news_link=”https://ciosea.economictimes.indiatimes.com/news/security/navigating-cyber-resilience-and-security-at-secops-summit-2024-key-highlights/111401063″>
Leadership styles play an important role in shaping a team’s dynamics and helping an organization achieve its goals. Each style comes with its own pros and cons, influencing how leaders interact with their teams and how teams respond to their leadership. Here are five examples of leadership styles that, depending on the situation and audience, could help improve your effectiveness.
AUTOCRATIC LEADERSHIP
The autocratic leadership style can be effective when a situation calls for quick decision-making and clear direction. However, it can lead to a lack of employee engagement and creativity, as team members may feel disempowered, undervalued, and without a sense of ownership.
DEMOCRATIC LEADERSHIP
A democratic leadership style fosters teamwork, leading to higher levels of motivation and innovation. However, it can also result in slower decision-making processes and a lack of direction if consensus cannot be reached.
TRANSFORMATIONAL LEADERSHIP
Transformation leadership focuses on inspiring and motivating teams to achieve their best. Leaders who adopt this style can create a vision that resonates with team members, leading to higher levels of commitment and performance. However, transformational leaders may also be seen as overly idealistic, leading to disappointment if expectations are unmet.
“Each [leadership] style comes with its own pros and cons, influencing how leaders interact with their teams and how teams respond to their leadership.”
SERVANT LEADERSHIP
A servant leader prioritizes the needs and development of team members. This leadership style can create a positive and supportive work environment where the leader can build strong, trusting relationships with their teams. However, this style can also be challenging, as it requires leaders to balance individual needs with the organization’s goals.
LAISSEZ-FAIRE LEADERSHIP
The French phrase “laissez faire” means “allow to do.” This type of leadership style focuses on empowering team members to take ownership of their work and make decisions independently, which can boost creativity and innovation. However, it can also result in a lack of accountability and direction, as team members may feel uncertain about their roles and responsibilities.
As you can see, each leadership style has advantages and disadvantages. The most effective leaders are often able to adopt one style, if not more than one style, to any given situation. Consider this as you look to balance the needs of your teams and bring out the best in them.
Note: These lists are not intended to be all-inclusive.
CALL TO ACTION
Practice incorporating each leadership style into your daily activities.
The information in this article is provided as a courtesy of Great West Casualty Company and is part of the Value-Driven® Company program. Value-Driven Company was created to help educate and inform insureds so they can make better decisions, build a culture that values safety, and manage risk more effectively. To see what additional resources Great West Casualty Company can provide for its insureds, please contact your safety representative, or click below to find an agent.
This material is intended to be a broad overview of the subject matter and is provided for informational purposes only. Great West Casualty Company does not provide legal advice to its insureds, nor does it advise insureds on employment-related issues. Therefore, the subject matter is not intended to serve as legal or employment advice for any issue(s) that may arise in the operations of its insureds. Legal advice should always be sought from the insured’s legal counsel. Great West Casualty Company shall have neither liability nor responsibility to any person or entity with respect to any loss, action, or inaction alleged to be caused directly or indirectly as a result of the information contained herein.
Owner-operator Norman Camamile was moored at a Columbus truck stop with his reefer trailer on the weekend of 6-8-9 when he saw a tempting prospect for a local haul posted by someone claiming to be from Prestigious Logistics a Memphis broker that has been in business since 2020. He said that the load was a 100-mile haul, powered only, and paid well. He could have easily dropped his reefer, done the work and returned with a profit.
He did so, and communicated with the person on the other side of the gmail address who used the surname “Iluminati”. It wasn’t the first load he had seen posted using this email, or another variant with the same iluminati name. If this sounds familiar, Readers, you will know about the series of phishing attacks on brokers DAT accounts, which resulted in hundreds of what appeared to Amazon loads being posted to the DAT boards. This was reported last week by Alex Lockie.
He said that in retrospect, the whole thing should have raised the spidey-senses of owner-operator Camamile. It was as suspicious as anyone claiming to be Illuminati could be, and yet, this all happened a week or more before Lockie reported it. Camamile was enticed to take the risk by the opportunity to make a little more money during a slow weekend in reefer freight. As he noted along with spot rates reports late last week rates have been “abysmal” for him in recent times.
Norman Camamile
The first power-only trip was only 15 miles away from his location. It was a move from one Amazon warehouse into another.
“I did that,” he said. His Iluminati Contact noted, “I have more.”
Camamile agreed. “The second batch started out of the same warehouse in Columbus, but it went to another Amazon warehouse about 20 miles away”, and paid $1,000.
Do the math. Camamile agreed to a rate that was far higher than the $20/mile loads ST Freight had seen posted after its DAT was hacked.
Camamile, operating under his Cherry Tree Park Transportation authority then booked another run with the email contact, still claiming to be with Prestigious Logistics.
Prestigious COO Tyler Ward said that by then, the company had already made significant progress in shutting down the hacker’s ability to upload loads to DAT using its account. Ward said he was woken up at 7 a.m. on Saturday, June 8, by his “phone exploding.” My team and I began answering the calls, most of which were owner-operator calls to verify details of load posts that they had seen on DAT.
Owner-operator Camamile had not done this.
Ward said, “This person clearly had gotten into our DAT Account.” “I told at least 100 carriers that it wasn’t us.”
Ward noted that company reps immediately contacted factoring companies as well as DAT and then filed reports with both the FBI and Federal Trade Commission. They also communicated with Amazon to “let them” know the facilities they at least knew about that seemed to be involved in the loads. Not that they had any great contacts with Amazon.
Ward stated that as a freight broker “we don’t work at all with Amazon”. Instead, Ward focused on a core of shipper clients with van freight and a core of partner carriers. Ward was confident Prestigious had stopped the hacker from doing any more damage, and knocked them out of Prestigious DAT. Amazon reps were asked about this story and pointed to a blog post which outlines the reality that anyone seeing an Amazon load on a DAT or other public load board should take into consideration. The blog post focuses on double-brokering and explains that Amazon only works with select third-party brokers.
Amazon does not tender loads via any third-party load board. Amazon loads posted to third-party loadboards will only be offered directly to approved and registered carriers via Relay’s web portal or mobile app.
Camamile’s next load, which he had to move around Columbus on the weekend of June 8-9 cost him more than his two previous empty-Amazon trailer moves. This was a trailer loaded with Amazon carts for the warehouse operations of Amazon, which originated at a repair facility for those carts. The owner-operator drove the load all the way from Columbus to Mt. Juliet, Tennessee near Nashville, then scheduled two more short runs within the Middle Tennessee area, all to and fro Amazon facilities.
He would run four loads in total, all of which took place during the weekend of June 8-9. “My factoring company was closed and it was hard to reach people,” he explained. This company is his go-to source for credit checks, etc. “On Monday, i quickly submitted all of the work I had done to my factoring firm. They called the brokerage firm [Prestigious]… a real, good company. But [ Illuminati, of course] had never worked there. The broker had never heard of them. They said that their system was also hacked over the weekend.”
Camamile knew what was happening and had no intention of following through with the move. He showed up to the pickup location, but “asked the gateperson that greeted him at the Amazon facility: ‘Who is really assigned to this job?'” Camamile related the story. “He looked at his list – it was a different company than mine.”
Before Camamile asked, no one in any of the facilities questioned why he picked up the load, when it had been assigned to a completely different carrier. This type of on-site confirmation is highly recommended in today’s world, and was an important part of the “Supply Chain Protocol”, which Overdrive has covered in depth in recent years.
Overdrivethen spoke to CDM Jewels of Winnsboro in South Carolina. They have two owner-operators who are leased by them and have been in business since 2011. Devetta Myles of CDM, who handles IFTA and IRP, as well as other compliance and tax issues for other independents, was surprised to be assigned an Amazon load. She noted that none of the truckers with whom she works are based or regularly run on the lane connecting Columbus, Ohio and Nashville, Tennessee where Camamile was assigned an Amazon load.
She also knew that she was not yet fully set up on Amazon’s Relay System for spot loads.
Myles said, “I tried to get an Amazon Relay account but they denied me” earlier this year. She received an invitation to apply on May 20. “I checked the email, and everything looked legitimate down to the verification system – they even had two step verification.”
She had not heard anything else since the second attempt to set up a Relay account.
The email from May 20 to Myles contains an intro text that also borrows from Amazon and Relay brand images.
We are delighted to invite you to become a valued member of the Amazon Relay trucking operations team. We at Amazon Relay understand the importance of reliable transport in today’s society. Your reputation as a reliable carrier partner perfectly matches Amazon Relay’s commitment to set new standards in logistics and transportation. We are excited to have you as a part of our team, as we continue to innovate in the industry and provide exceptional customer service. Please proceed to complete the onboarding process by visiting http://carrier-ats.com or simply click the button below.
The email was sent to dozens of contacts, including Myles and CDM Jewels, and presumably carriers. At least one had a name Overdrive that was recognized from previous contacts and coverage.
“This is a very broad reach,” Camamile said about what appears to be phishing attacks on both carrier and broker account of commonly used load platforms.
Sam Stephenson, an Amazon spokesperson, did not confirm or deny any of the details. He also refused to answer questions regarding the extent of scammers infiltrating Relay’s onboarding procedure. He said that “our teams are dedicated to protecting drivers from bad acts, and we actively combat phishing attacks made by Relay impersonators.” Stephenson also referred to the company’s efforts to “educate our customers on how they can identify fake email schemes, so that they are better able protect themselves through public sharing of information like blogs, email alerts, and FAQs posted on our website.”
Owner-operator Camamile stated that he hoped Amazon would pay at least one other carrier for his work to establish a trail of money for these loads. It’s likely that the money trail will lead outside of the jurisdiction of U.S. Law Enforcement, but “there is the money trail that the FBI can follow up on,” said Camamile. This could also lead to additional lessons for carriers in order to avoid being fooled by such schemes. “At the very least, they could learn how to stop this scam and find out what it was.”
Camamile said that he lost $400-$500 on fuel and two days of legitimate work, which is equivalent to about $2,000 in revenue. Amazon reps contacted for this article declined to answer whether owner-operators such as Camamile could take a specific route to claim payment for actual work performed. The responsibility for payment ultimately lies with the shipper.
It is safe to say for now that if you receive an unexpected email from a source unknown that ends with the invitation to GET START, hyperlinked places unknown, you should give it a thorough examination before you begin the process of stealing your business’s identity.
The Japanese Bank for International Cooperation (JBIC) will co-finance the Resilience Venture Capital Fund (Recovery Equity Fund or REF) in Romania through one of its subsidiaries in Poland, Romanian authorities announced, quoted by Economica.net.
“The representatives of JBIC stated that they are interested in the co-financing of [REF], an instrument for financing startups worth EUR 400 million managed by the government of Romania together with the European Investment Fund,” said the president of the Agency for the Monitoring and Evaluation of the Performance of Public Enterprises (AMEPIP), Mihai Precup, during a visit paid to Tokyo.
This source of financing addresses several categories of funds, Precup said, outlining among the potential targets infrastructure funds, development capital funds (private equity), risk capital funds (venture capital), and crowdfunding platforms.
In December 2021, the government of Romania and the European Investment Fund signed a contract for the establishment of the Fund of Venture Capital Funds for Recovery, an investment financed by a contribution of EUR 400 million from Component 9 of the National Resilience Facility (PNRR) – “Support for the private sector, research, development and innovation.”
By 2026, approximately twenty investment funds are anticipated to obtain resources to invest in Romanian companies.
Diesel prices have been on a rollercoaster ride in recent years, with prices soaring in 2022 and slowly falling to a more palatable national average of late. All told, diesel averaged $4.21 a gallon across the U.S. in 2023, and has averaged $3.91 a gallon so far through 2024.
You can make the wisest business decisions about fuel when you know your fuel economy, expressed in miles per gallon, and your fuel cost per mile (CPM).
Calculate your mpg simply by tracking your mileage between fill-ups and dividing the total by the number of gallons you burned. Do this for all trips. Fuel economy constantly changes, affected by weather, loads, routes, traffic, terrain, road surfaces and other factors. It’s helpful to know mpg per month, per week and even per load. That occasional haul of steel across the Appalachians may be costing you more in fuel than it’s worth. If your numbers look bad, don’t give up; the worse your fuel economy, the more you have to gain by improving it.
Armed with your mpg, calculating your CPM is easy. Suppose your truck gets 6 mpg, and you ran 6,000 miles in a month, meaning you burned 1,000 gallons (6,000 divided by 6). If diesel averaged $4 per gallon that month, your total cost was 1,000 x $4, or $4,000. Your fuel CPM was $4,000 divided by 6,000, or 67 cents — likely the largest single chunk of your total CPM. It will pay you huge dividends to consider strategies for cutting your fuel bill.
For good fuel economy, your truck has to overcome three things: rolling resistance, air resistance and gravity. Fortunately, your driving technique and other choices you make can address each of these.
The typical argument against driving slower is that you can make better time by driving faster and therefore make more money. But compare one driver running at 70 mph getting 5.5 mpg and another running at 60 mph getting 6.5 mpg. Driver A is 10 miles farther down the road than driver B after an hour, but at $4 per gallon, he’s spent $13.99 more to go those 10 miles in the same amount of time.
That might not seem like much money, but the impact over an entire year is stark. If you drive 130,000 miles per year and average 5.5 mpg vs. 6.5 mpg because you drive faster, you will spend $14,545 more on fuel.
Most owner-operators net about 60-70 cents per mile. If you divide the extra $14,545 fuel expense that driving faster costs by a net per mile of 60 cents, you would have to drive 24,242 miles more per year just to pay for the extra fuel.
Limit idle time
Idling requires about a gallon of fuel per hour, which can cost you about $160 per week at $4 per gallon if your truck idles eight hours a day.
According to the U.S. Environmental Protection Agency, line-haul trucks not equipped with auxiliary power units (APUs) might idle about 20% to 40% of the time the engine is running to power climate-control devices and sleeper compartment accessories and to prevent startup problems in cold weather.
Just because idling is common doesn’t make it smart. Idling easily can cost you a few thousand more in fuel alone per year, not including the added engine maintenance expense that results from excessive idling, harder on your truck’s engine than highway driving. In addition to operating costs, many governments impose no-idling laws with fines as high as $25,000.
Instead, there are many alternatives. An extra blanket for cold temperatures and window screens for when the weather is warm make it easier to turn off the engine. For very little expense, you can buy a remote starter with a temperature sensor that will start the truck at a specified temperature.
APUs can pay for themselves in a reasonable amount of time. A mobile generator costing as little as $200 will burn less fuel and provide heating and cooling.
Choosing idle-reduction technology. This can be a difficult decision. Systems and costs vary widely. Diesel-fired heaters are near the bottom of the cost range for purchase and annual maintenance (about $1,000 with purchase and a year’s worth of maintenance). Full-function diesel APUs/gensets are at the top, up to $8,000 or more, and battery-powered systems have become common at similar or lesser price points.
Evaluate your idle-reduction needs by keeping a detailed idle log. Write down every time you idle and why. Keep track of hours idled, and sort them by reason, such as air-conditioning, heat, AC power, warming the engine, etc. Try this for a year, accounting for all seasons. That may not be practical, but if you keep this log for three months and are disciplined in your records, you will be able to make good estimates for the other seasons.
Idling solutions have pros and cons, and most revolve around the reason for idling; if you idle only because you need heat, then a full-blown APU is overkill. A better solution is a small diesel-fired heater — easy and inexpensive to use.
If you idle to produce AC power for a computer, TV, coffee maker, microwave, etc., you also can find inexpensive alternatives to a diesel-powered APU. Inverters and high-capacity battery systems will keep small appliances running for days. Add a small solar panel, and you can keep the batteries conditioned and extend that time as well, perhaps using electrified parking installations if you need to park for an extended period.
Once you have a clear understanding of how often you idle and why, research the options in today’s market. Then calculate the break-even point and return on investment for each solution.
If you’re driving with an advanced driver-assist system like those present in many newer trucks today, there are ways to blend old-school ways with those new-school tools to help save on fuel.
Don’t think about driving with an advanced assist system as old-school v. new technology. It is old-school enhanced by technology. Merging old-school ways with new-school tools maximizes both safety and efficiency — that’s key for profitability.
As you always have, watch what is going on ahead of you in order to keep your momentum. Losing momentum means you have to get back up to speed, which uses more fuel.
Increase your following distance by seven seconds to give yourself time to adjust your speed to a situation and allow the truck to slow itself down. This gives you more time to move over, often without hitting the brakes, and helps you react before the vehicle does it automatically.
Think ahead of your safety system. The typical collision-mitigation system, with automatic braking, reacts when you are within 3.6 seconds of the vehicle ahead. Most interactions with the collision mitigation systems are minor braking events.
Learn to coast into reduced-speed zones and curves. The less you use your brakes, the less fuel you use. Brake if you need to, but try not to put yourself in the position where you need to, unless you’re stopping.
A motto in much of the shipping industry is “sail fast, then wait” – which can be an expensive and wasteful way of travelling. Some ships are making the bold move of slowing down to save money and emissions.
A giant containership traffic jam was swelling in the waters off California. In late 2021, demand for goods had exploded as Covid-19 restrictions eased and the world began – slowly – to return to normal. The ports of Long Beach and Los Angeles couldn’t cope with the sudden influx of vessels from Asia.
By 9 November 2021, there were around 100 ships waiting to dock. Some had been stuck in the queue for more than a month. But then port officials had an idea. If vessels departing Asia knew their place in the queue, they might be able to time their arrival to coincide with when a berth was actually ready for them – rather than steaming head-first into a traffic jam. So, the ports started giving incoming ships a queue number.
What happened next was extraordinary. Vessels began sailing roughly three or four knots slower on average across the Pacific Ocean, easing the congestion problem – and incidentally saving around 460,000 tonnes of carbon dioxide equivalent (tCO2e) of emissions, according to Xeneta, an ocean and air freight analytics service.
“It was a particular situation,” says Emily Stausbøll, an analyst at the company. “It was looking increasingly stupid to have hundreds of ships waiting outside Los Angeles.”
What if the shipping industry could implement slower sailing like this more widely, by default – as a climate measure, not just an emergency measure?
“By reducing the speed by 10%, maybe by a mile an hour, you can reduce the emissions by around 20%,” says Grant Hunter, director for standards, innovation and research at Bimco, a shipping industry association.
But slowing down comes with logistical and economic challenges. One maritime technology is now looking to solve these, helping ships save fuel and money without delaying shipping times.
It was a presentation at an industry conference that first introduced Pia van Wyngaard to a concept called Blue Visby Solution. The head of chartering for CBH, a grain growers’ cooperative in Australia, listened intently as the speaker described how the system could help ships time their arrival to busy ports instead of racing there and having to wait at anchor for hours or even days before docking. This behaviour is so widespread in shipping that it has earned a nickname: “sail fast, then wait”.
If ship operators and cargo owners can be reassured that their ship will have immediate access to a place for loading or unloading upon arrival, then there is no real need for haste. “I thought to myself that it was a great idea,” recalls van Wyngaard. It wasn’t long before her company had partnered with Blue Visby Solution in an effort to set up a real-world trial of the system.
“Sail fast, then wait” has become common largely because of the economic incentives it offers to big companies, explains Hunter. In short, it helps shippers guarantee their ship will be in place when needed. If the journey takes longer than expected and a coal exporter is left waiting for a late-arriving cargo vessel, for example, that can be expensive. “They don’t want to have to shut down production at a coal mine, which would cost huge sums of money. It’s much cheaper to have ships waiting at anchor,” he says.
The same principle applies to all kinds of cargo. Electric vehicle components, say. If a cargo ship misses its slot to unload at port and the components arrive late at the factory, then cars don’t get built on time and customers are left waiting. That could have negative consequences for multiple businesses, not just one.
Arctic fuel
One of the dirtiest forms of shipping fossil fuel, heavy fuel oil (HFO) is being banned in Arctic waters.
The International Maritime Organization’s ban comes into force on 1 July 2024, but it will be several years before all ships in the area are prevented from using the fuel due to regulatory loopholes, environmental campaigners say.
Burning HFO releases large quantities of pollutants including black carbon, which accelerates sea ice melting.
The smooth running of supply chains tends to dictate how a wide range of companies and systems function, especially in the transport sector. Avoiding delays is so desirable that the mantra of “sail fast, then wait” is actually specified in some of the legal agreements signed by ship operators.
And yet there are other ways of doing things. “We aim to slow down the ships when there is congestion at the port,” says Pekka Pakkanen, executive vice president for shipping solutions at Napa, one of the maritime industry firms behind Blue Visby Solution.
The system tracks shipping traffic in and out of a port in order to forecast the ideal arrival time and sailing speed, Pakkanen explains. Weather conditions that could affect the ships’ movement are factored into these calculations. The method is currently most applicable to bulk vessels, which move large consignments of things like grain, stone and coal, since these ships are especially prone to the “sail fast, then wait” approach. Conversely, container ships tend to operate a bit like buses – sailing on predefined routes with ports of call set to a reasonably tight schedule, says Pakkanen: “When things are working normally, it is already close to optimal.”
He and his colleagues have run computer simulations using data from thousands of bulk vessel voyages, to test whether slight reductions in speed really would cut emissions. The results have been promising, but the team only performed a real-world trial for the first time in March and April 2024, when two grain ships chartered by CBH sailed under directions from the Blue Visby Solution system.
Based on comparisons with computer models of the ships sailing the same routes but at slightly faster speeds, CO2 emissions from the real-world voyages were between 7.9% and 28.2% lower. The exact number can be affected by the size and type of ship in question, and the weather conditions encountered en route, among other factors, according to Blue Visby Solution. The calculation for emissions reductions also depended on how fast the digital versions of the vessels were set to sail in the simulation, which ran concurrently to the real-world voyages.
“I think it’s quite incredible and it shows the opportunities that are out there through efficient operating of vessels,” says van Wyngaard. The slower sailing saved money as well, as less fuel was burnt. However, a cost was incurred by prolonging the sailing slightly, resulting in an approximate “net balance”.
The only slight hiccup occurred when one of the masters on one of the trial voyages was “a little bit surprised” when orders to sail slower came through, says Pakkanen. According to Blue Visby Solution, the master in question required instructions from another party in the trial, delaying execution of the order. (CBH denied that such a communication hiccup had happened.) Communication is key for getting this system to work as intended, explains Pakkanen, but overall he says the trial was a success.
“We’ve got to share these good news stories to demonstrate things can be done like this,” says Hunter, who wasn’t involved in the trial.
Getty Images
The concept of sailing slower is not new and there are other ways of implementing it. But Pakkanen points out that the premise of Blue Visby Solution is to ensure the operational availability of ships. If you were to simply put a speed limit on all vessels, yes, they would slow down – but that would also constrain the amount of cargo they could transport within a given time period. Blue Visby Solution tries to be more precise by converting waiting time into sailing time so that the transportation process doesn’t actually take longer overall. The ship just sails at exactly the right speed to glide into port when a berth is ready.
There are challenges to ensuring wide adoption of this approach, however. “There will always be somebody who would deviate and profit by going faster than the others,” suggests Dagmar Nelissen, senior researcher and manager of shipping at CE Delft, an environmental consultancy in The Netherlands. She notes that new regulatory pressures to reduce emissions might have a broader effect on the industry in terms of encouraging slower sailing.
Michelle Wiese Bockmann, principal analyst at the shipping data firm Lloyd’s List Intelligence, says ship operators will have to be convinced of the economic advantages of any voluntary scheme to reduce speeds. “If it costs anyone money, it won’t happen. That’s how shipping works,” she says.
The bigger picture in shipping right now, though, is that there are some pretty hefty barriers to slow sailing. Because of Houthi attacks on vessels in the Red Sea, hundreds of commercial ships are choosing to sail thousands of miles further than usual when transiting between Asia and Europe. Currently, for example, many are navigating around the entire continent of Africa, rather than heading through the Suez Canal, which connects the Red Sea to the Mediterranean. Given the extra distances involved, ships are sailing faster than usual in order to make up the time. That means a significant increase in emissions, perhaps around 38% per voyage, according to industry analysis.
The longer journeys also mean that there is less capacity available across the world’s commercial shipping fleet, since vessels are so busy getting to their destinations. That pushes freight rates up – which in turn encourages ships to sail faster still, not slower, says Stausbøll.
These big economic forces have a giant impact on shipping. It takes a lot of ingenuity to carve a way through and insist that efficiency should always be the priority.
For more Future stories from the BBC, follow us on Facebook and X.
The Good | International Joint Operation Takes Down Over 600 IP Addresses Abusing Cobalt Strike Tool
Hundreds of IP addresses abusing Cobalt Strike have been shut down in a joint effort involving law enforcement across several nations. Codenamed “Morpheus”, the joint operation resulted in flagging 690 IP addresses and domains used to infiltrate victim networks. So far, 593 of them have been taken offline.
The servers flagged in Operation Morpheus used old, unlicensed versions of Cobalt Strike – a popular penetration testing tool used by red teams to simulate cyberattacks in order to evaluate the security posture of a network. Over the years, cracked, stolen, or reverse-engineered versions of the tool have made their way into the hands of malicious actors, enabling them to carry out a host of complex and damaging attacks.
Although the tool is legitimate and designed for threat emulation exercises and supporting offensive security operations, Cobalt Strike continues to be a double-edged sword being widely exploited and gaining a reputation on the dark web as a ‘go-to’ network intrusion tool. Illicit versions of Cobalt Strike, often accompanied by free training guides and tutorial videos, have lowered the barrier for entry into cybercrime, allowing criminals with limited funds or technical expertise to launch sophisticated attacks.
The success of Operation Morpheus is the result of collaboration between the United Kingdom’s National Crime Agency, authorities from Australia, Canada, Germany, the Netherlands, Poland, the United States, and various industry partners providing analytical and forensic support.
While acting as a virtual command post for the three-year-long operation, Europol confirmed that over 730 pieces of cyber threat intelligence and close to 1.2 million IoCs were shared between all participating parties. International disruptions like Operation Morpheus are critically effective in removing the tools and services that underpin cybercriminal infrastructure online.
— Silas Cutler // p1nk (@silascutler) July 3, 2024
The Bad | Novel Ransomware Operator ‘Brain Cipher’ Disrupts Indonesian Data Centers
A new ransomware operation called Brain Cipher is gaining notoriety after targeting Indonesia’s temporary National Data Center (PDNS), designed to securely store government servers for online services and host sensitive data. In the recent attack, core services such as immigration, passport control, and event permitting were disrupted in over 200 government agencies. After encrypting the servers, Brain Cipher was reported to have demanded $8 million in Monero cryptocurrency for a decryptor and to prevent stolen data from being made public.
Brain Cipher was launched in early June and is being observed in attacks on critical industries and organizations worldwide. Since its debut onto the ransomware scene, the ransomware has been uploaded to malware-sharing sites, which show the payloads being based on LockBit 3.0. Threat actors behind Brain Cipher operations have also begun linking a data leak site to their ransom demands, indicating that exfiltrated data will likely be used in double and triple extortion attacks going forward.
Brain Cipher ransom note example
While technical functionality of Brain Cipher payloads is identical to those observed across all output from the leaked LockBit 3.0/LockBit Black builders, the operators have made minor changes such as adding an extension to encrypted files and also encrypting the file name itself. The ransomware also creates ransom notes in the format of [extension].README.txt, briefly describing the attack, making threats, and linking to Tor negotiation and data leak sites. Each victim has a unique encryption ID for the negotiation site, which includes a chat system for communication with the attackers.
SentinelOne customers are automatically protected from malicious activities associated with Brain Cipher. See how the Singularity Platform detects and protects against this novel ransomware.
The Ugly | Transparent Tribe Updates CapraRAT Spyware to Target Modern Android OS Users
A months-long campaign spreading malware-laden apps continues to embed spyware into popular video browsing platforms. In a new report by SentinelLabs, researchers detail Pakistani state-backed threat actor Transparent Tribe’s recent efforts to update its spyware to better suit the modern Android devices of their victims.
Transparent Tribe has been active since at least 2016. The outfit often uses social engineering-based tactics such as spear phishing and watering hole attacks to deliver both Windows and Android spyware. Latest observations show a continuation of its CapraTube campaign, first identified by SentinelLabs in September 2023. CapraTube initially used CapraRAT weaponized Android applications (APKs) to target YouTube users. Now, the actor has expanded the campaign to further target mobile gamers, weapons enthusiasts, and TikTok users by maximizing their spyware’s compatibility with both older and modern versions of the Android OS.
TikTok and weapons-themed CapraRAT YouTube WebView
The four newest versions of CapraRAT use WebView to launch URLs to YouTube or mobile gaming site CrazyGames[.]com. CapraRAT then secretly accesses locations, SMS messages, contacts, and call logs while also taking screenshots and recording audio and video. These updates to CapraRAT show the removal of certain permissions, indicating a shift towards using the spyware as a surveillance tool rather than a backdoor. The focus on newer Android versions aligns with their higher value targets: individuals in the Indian government or military who are unlikely to use older devices.
While the updates to CapraRAT code is minimal, these kinds of incremental changes within long-running campaigns highlight how malware operators focus on making their tools more reliable and stable. Implementing mobile device management (MDM), strict application allowlisting, MFA, and robust endpoint protection ensures organizations are protected against campaigns similar to CapraTube.
AsiaTechDaily will host an exclusive session for the Innovation Exchange Program on June 28, 2024. Dr. Poh Hui Chia is the Associate Director at Vickers Venture Partners and has been named the Investor of the Month. The event was titled “Navigating early-stage investments in Biotech and Healthcare”. It offered valuable insights for entrepreneurs and startups in these dynamic sectors.
The session began with a formal discussion in which Dr. Chia shared some of her expertise about early-stage investment, especially in the biotechnological and healthcare sectors. She stressed the importance of groundbreaking technology in driving significant medical treatment and patient care advances. She said, “We are looking at breakthrough technologies that can lead to significant advances in medical treatment and care for patients or even treatments for disease where there are no treatments currently available.” This highlights the focus of the venture capital firm on innovative solutions that have a substantial impact potential.
Dr. Chia discussed the key factors that Vickers Venture Partners takes into consideration when evaluating potential investment. “We want teams with relevant knowledge and abilities. She said that if they have prior startup experience, it would be even better. She acknowledged that first-time founders may face challenges, especially in Asia’s nascent startups ecosystem, which might not have the same experience as those in Europe or the US. This candid insight offered aspiring entrepreneurs a realistic perspective, highlighting the importance of resilience and adaptability.
Dr. Chia then shared stories about her portfolio companies in the “Behind the Investments” segment. Dr. Poh Hui Chia provided compelling insights into her five standout portfolio companies. She highlighted their innovative approaches and pioneering technologies. She delved deep into AWAK Technologies which offers dialysis solutions with ultra-portable devices and remote patient monitoring; Aardvark Therapeutics that advances gut-brain interactions treatments for metabolic and inflammatory disease; Emergex Vaccines that develops long-lasting T cell adaptive vaccines for different infectious diseases; Sisaf for enhancing RNA for rare genetic disorders and Biosplice for pioneering therapies utilizing alternative splicing to treat conditions like osteoarthritis or cancer. The unique contributions of each company and their future potential was highlighted, giving a glimpse at the transformative impact these investments have on healthcare and biotech.
She shared the challenges, successes, and journeys of different startups, giving a unique insight into what makes them stand out. Her stories highlighted the importance of perseverance and innovation in the biotech and healthcare market.
During the interactive Q&A, attendees were able to ask Dr. Chia direct questions. The discussion covered a wide range of topics, including the importance and proof-of concept for scientific validation to the strategies used to navigate regulatory environments in various regions. Dr. Chia’s answers were insightful and practical. She provided attendees with advice that they could use to navigate their startup journeys.
The event ended with a reminder that strong networks and connections in the biotech and health care industries are crucial to the success of startups. Dr. Chia stressed that Vickers Venture Partners helps startups not only through the funding process, but also afterward to help them scale and succeed on the long-term.
We at AsiaTechDaily appreciate the insights of Dr. Poh Hui Chia and the active participation from our attendees. We will publish a detailed article covering the highlights from this session. The video recording will also be available next week. Stay tuned for updates!
We appreciate your continued participation and support in the Innovation Exchange Program. We look forward to providing you with more engaging and insightful sessions.
Leadership styles play an important role in shaping a team’s dynamics and helping an organization achieve its goals. Each style comes with its own pros and cons, influencing how leaders interact with their teams and how teams respond to their leadership. Here are five examples of leadership styles that, depending on the situation and audience, could help improve your effectiveness.
