« All Blogs

ADP speakers at CES

Creating human-focused solutions in today’s product strategy

ADP Business Anthropologist Martha Bird sat down with Daniel Litwin, the Voice of B2B, at CES 2020, discussing a wide range of topics related to how her anthropological work and research impacts businesses and consumer needs.

Bird has worked for numerous companies in the field of business anthropology since the early 2000s, working to create human-focused solutions to business needs.

Bird and Litwin touch on their CES experience, a modern focus on human-centered and human-responsive products and how those concepts affect consumer product development, consumer longing for personalized experiences, and more.

« All Blogs

Illustration of human arm and android arm with humans shaking hands with androids

C-suite execs give future technology predictions for the decade

What will keep CIOs busy this decade? From machine learning to cybersecurity, IT leaders are providing insights on technologies they predict will be accelerated over the next 10 years.

It’s difficult to predict how technology could influence businesses months into the future, not that such lack of clarity stops analysts and experts from annually making predictions about the next year. Indeed, the prognostications certainly proliferated as 2020 began. It was a new year and it was time, yet again, to look at how AI, IoT, cybersecurity and a wide range of other technology developments could either boost or derail the modern enterprise.

Yet, even though technology rapidly advances, trying to discern a year in advance could be short-sighted. It’s worth looking even further ahead into the future technology predictions to better prepare organizations for the long-lasting consequences of planning new tech initiatives and managing old ones.

A handful of C-suite executives offered their insights on technology predictions and what might occur in the entire decade, from familiar topics such as the dangers of machine learning and cybercrime to issues not generating as much debate.

Technology won’t replace humans

The debate over whether technology will replace human labor is as old as the Industrial Revolution. Many IT leaders acknowledge that some developments including AI, robotic process automation and autonomous cars will replace human workers, but several others contend these technologies will create different jobs that will need to be filled by humans.

Vipul Nagrath, global CIO at ADP, is among those who believe there will always be a place for many human laborers. “As there is a shifting of work, you will always need people to write the programs, the algorithms,” he said.

Vipul NagrathVipul Nagrath

And new ideas can lead to new labor outputs. For instance, “the smartphone has created more industries than it has taken away,” Nagrath said. Even though people now rely on smartphone map applications to get from A to B — diminishing the need for paper maps — GPS-supported maps have created many new business opportunities within digital applications, he said.

Unchecked AI could cause moral problems

Just as the idea of robots taking over human jobs causes consternation, unrestrained AI similarly stirs fear. Human error or bad intent in the programming of machine learning systems has sparked predictions that AI could run amok. Several tech companies have pushed for regulations around AI, with the aim of addressing questions about potential biases and lack of accuracy.

James CarderJames Carder

James Carder, CSO and vice president at the security firm LogRhythm Labs, went as far as predicting that manipulated AI could wrongly put people in prison this decade. Despite warnings of human biases in the training of AI, the legal system relies on the technology to handle voluminous casework, leaving the door open to the sort of exploitation that could implicate someone in a crime, according to Carder. “You can trick AI if you inject a bunch of bad data and say, ‘This looks good.’ You can take that data and say it’s trying to achieve X or Y,” he said. But in reality, its results lean toward a predetermined conclusion.

At ADP, employees are already mindful of the dangers of biases and other misuses of AI, Nagrath said. The company favors explainable AI in its payroll technology innovations, a process that allows people to inspect and review the genesis of data to see how the AI-driven results were achieved, according to Nagrath. Such vouchsafing will matter if AI is increasingly determining financial results such as paychecks. Employees will want to know the reasoning behind compensation in a paycheck, compelling ADP and its clients to explain in real time how those figures were calculated, he said.

Anurag KaholAnurag Kahol

The U.S. gets its own privacy law

The EU famously has GDPR, codified standards for how companies that conduct business with EU citizens have to manage and safeguard those customers’ data, but the U.S. does not have such a blanket law. That could change in 2020, when a similar law will at least be considered by Congress, said Anurag Kahol, CTO and co-founder of the cloud security company Bitglass.

A consumer privacy act went into effect in California this year, and the New York legislature is currently considering one. But a comprehensive federal law is “needed to avoid a patchwork of differing data privacy laws from each state, to facilitate more nationwide business and to enable international commerce,” Kahol said. “Facing numerous regulations can be a barrier that keeps foreign businesses from entering a market.”

5G might or might not be revolutionary

For several years now, 5G technology has been touted as the next best thing. It is expected to have lower latency than previous cellular technologies, thus improving computing power for technologies on the edge, as well as those connected to IoT and other digital services. But 5G was a technology prediction that is now rolling out slowly, with telecommunications companies building infrastructures slower than the hype estimated. It’s yet unknown just how potent 5G will be, leading companies to hold their breath and not make any big investments for the time being.

Nagrath said ADP’s mobile-first focus will continue, regardless of the speed of the 5G rollout. “We’ll get the capabilities to do things with mobile that we don’t have the capabilities to do today, and that’s true for many players in the industry,” he said. Still, ADP can’t plan around 5G just yet. Innovation will have to continue with the tools being offered today. Nagrath joked that his day-to-day work continues whether he is relying on 5G or a Wi-Fi router.

Chris DeRamusChris DeRamus

Cybersecurity will influence mergers and acquisitions

Chris DeRamus, co-founder and CTO at the cybersecurity company DivvyCloud, predicted that companies will be more guarded as they move to acquire other businesses or complete mergers. He pointed to the breach of 339 million customer data records from the hotel chain Starwood, which the company announced shortly after it was acquired by the larger chain Marriott.

“Organizations will place cloud security at the forefront of the [mergers and acquisitions] process,” DeRamus said, adding that they will do so by conducting thorough audits of the cloud infrastructures of the companies they are merging with or acquiring.

There’s promise, but caution, with biometrics and IAM

DeRamus said he believes it’s a sound approach if organizations try to protect assets through identity access management (IAM), but still warned that it’s more difficult to manage than it seems. “In this new decade, security professionals are going to realize that IAM is an area where they can lose control rapidly, and it is very hard to take back,” he said. Whereas IT could previously audit the digital footprints of 1,000 employees connected to mainframe servers, security pros now have to stay on top of thousands of cloud gateways.

“Approaches and strategies from the data center world don’t transfer,” DeRamus said. He recommended establishing strong cloud account structures, “starting with curbing what people have access to.” That means dividing users into groups for specific resources.

Biometric authentication has become a popular access tool, but Carder warned that although it seems airtight today, in the future it could pose an even greater issue than a lost password. “There are going to be some unlucky people whose biometric information is stolen and used for repeated fraud,” he said. “If your credit card details are stolen, you can easily change your account number. But what if [the image] of your face gets stolen? Once that information is compromised, there’s no swapping it out.”

He added that the consequences of hacked biometric data could pose a particularly big problem in healthcare, making tighter security and regulations around access a pressing matter that should be addressed now.

Research will go a long way in the 2020s

Alex Holden, a security expert for the nonprofit tech association ISACA and CISO of the consulting firm Hold Security, pointed to how each decade has had its own tech theme.

Alex HoldenAlex Holden

“In the 1990s, we were fighting to keep our systems from crashing. In the 2000s, we worked on stability and functionality. In the 2010s, we fought for availability and against breaches. Now, in the 2020s, it is a race against time,” he said.

That race is against cybersecurity threats that are coming more effectively and at a faster pace in industries that are short on security experts but long on cybersecurity products, according to Holden. Facing those kinds of odds, he recommended that organizations do more than rely on security products and the advice of those vendors. “You can’t buy something off the shelf and believe you’re now secure,” he said. “And you don’t want to get threat information only from vendors who have a solution — they’re more than likely to sell something that can fix a problem but not anything beyond that.”

Instead, the 2020s call for self-education and self-awareness on cybersecurity and other tech issues, Holden said. C-suite executives should read daily technology security briefings from trusted technology pundits and immerse themselves in objective research that covers how their industries are handling tech. According to Holden, it’s a high-stakes battle for which there is a military analogy. “If you are a general, you have to get the state of the troops today; it can’t be yesterday,” he said. “Things change fast.”


« All Blogs

Image depicting artificial intelligence

ADP’s Martha Bird on the ground at CES 2020 to talk about NLP/ML and AI, plus the top 5 themes for 2020

ADP’s business anthropologist, Martha Bird, reports on the top five themes at the 2020 Consumer Electronics Show that are important for today’s industry leaders.

With over 4,000 exhibiting companies, 2.9 million square feet of exhibit space, attracting more than 180,000 attendees and 307 Fortune 500 companies, there was a lot to take in at CES 2020 in Las Vegas. Some of the most innovative technologies to come included a flying taxi (Hyundai), electric multi-modal transportation, electric vertical take-off and landing craft (Uber), cool and creepy robotics, green and sustainability tech, 8K bezel-less TVs (Samsung), AI attended drive thru (McDonald’s lab), 150 digital health exhibitors and so much more. Within this tech frenzy, it was my great pleasure to represent ADP on stage and in studio where I discussed how natural language processing, machine learning and artificial intelligence (NLP/ML and AI), in general, is impacting the workplace – the tools, the processes and the people.

While it was impossible to see everything given the sheer magnitude of the event, there are some high-level reflections on what I consider to be the pervasive themes from this year’s event that industry leaders should keep their eyes and ears open for moving into 2020. These are my top five:

1. 5G: Data, data, and more data

On the CES floor, data was the common denominator across products and services on display and those demoed. Given the explosion of data contingent technologies, online privacy and security was a central talking point. How different regions address security concerns around data and privacy was less explicitly articulated although a continuum of highly private to blatantly public could be surmised. Along with a definite trend toward the true consumerization of AI.

Which brings me to 5G. In the next two to three years, networks will expand out exponentially. The first commercial deployments are already being seen but 5G is still in its infancy so it won’t be a matter of simply “flipping a switch” from 4G to 5G.

Along with 5G – increased speed, greater capacity and lower latency – comes huge possibilities for disruptive innovations. There was no limit to 5G talk and imagination at CES 2020. And, of course, there were both pronouncements and announcements on the topic around the coming of 5G handsets. AT&T and Verizon are aggressively developing the infrastructure in an attempt to get out ahead of competition across the globe.

5G will be the “central nervous system of the data age,” according to Steve Koenig, VP, Research at the Consumer Technology Association (CTA).

Martha Bird and others and CES 2020

[Inset above] ADP’s Business Anthropologist Martha Bird (right) took the stage at CES 2020. Bird’s panel “Emerging Technologies Enabling Enterprise” was moderated by Michael Miller, Editor-in-Chief at PC Magazine (middle) joined by fellow panelist Yonatan Wexler, Executive VP of R&D at OrCam Technologies (left).

2. IoI (Internet of Intelligence): The Decade of Connected Intelligence

Just as we were getting accustomed to the term IoT (Internet of Things) the talk this year was around IoI or “Internet of Intelligence.” This new way of thinking is a direct response to the way AI is being integrated into all facets of our technology and consumer culture.

We were told in the plenary keynote that as networks grow, we can expect 5G to unlock more opportunities for enterprise. Building upon what we’ve seen with IoT technologies (think smart home apps that rely on little bits of discrete data), the expansion of 5G and AI capabilities will provide multiple nodes of data informing a much more complex and inter-dependent data landscape. Enterprise applications are expected to lead in IoI in part because of massive data resources and the ability to form mutually beneficial partnerships between OEM, software and engineering. IoI covers things like remote robotic surgery and smart cities. Activities with a heavy data lift and, generally speaking, much higher stakes than let’s say a voice activated light in your home.

3. XR: The New Reality Training Our Future Workforce

XR – the latest technology encompassing augmented, virtual, and mixed reality technologies. Think virtual world up, down, left, or right, and experienced in 360 degrees. Form factors delivering this technology ranged from 5K gaming chairs to sleek eye glasses very much unlike the early Google glasses. Again, enterprise will have a big stake in this area with many use cases including B2B workforce training, safety inspections, AR glasses used by an architect to design a room, training surgeons across geographies, and in travel and tourism where you are able to take a trip to a tropical island right from your living room. Frankly, I prefer the actual trip but foregoing the lines at the airport and customs does sound appealing. Regardless of my preference, there was a lot of excitement for XR in commercial and industrial settings. Not to mention eSports which realized $1 billion in net revenue last year alone.

4. Culture: Pragmatics of Technological Innovation

While attending a panel discussion on “Future Cities” I was struck by a similarity between re-architecting an existing urban space to accommodate new technologies and the work we do at ADP.

A former secretary of transportation listed one of the greatest challenges to innovating cities as the pre-existing roadway infrastructure. He went on to say that between the legacy streets and traffic patterns it was actually the inability to imagine new ways of mobility that was the major barrier.

People get accustomed to “how things are done here” and find it difficult to adapt to changes in the system. This is a cultural and technical matter. Culture, at the most basic level, is the collection of practices and beliefs we take for granted. These habits are slow to change. New technical opportunities can catalyze innovation and cultural change, but this process is never a one-to-one.

Which brings me to humans.

5. Humans: Agency in a Data-driven Era

Humans (people like you and me) when faced with the explosion of new technologies – tech that augments our vision, our speech, our bodies and, even, our memory – begin to question their own reason for being. The existential ponderings around what it means to be human are concomitant with those group of technologies loosely described as “AI”.

Talk of “machine-human partnership” was pervasive on the CES exhibition floor and in panels and keynotes. For my part, I welcome the question as it points to a shared humanity that we often overlook. Yes, partnerships between people and technology will continue to evolve. Who has agency over the relationship will remain a critical point of personal reflection and public debate.

« All Blogs

Cloud computing imagery

Why ADP’s Next-Gen HCM Is A Disruptive Force In HR Technology

A year ago I wrote a controversial article about ADP’s new core HCM system, code-named Lifion. Well here it is a year later, and it looks like ADP has done it. The company’s next-generation HCM and payroll system is now available, and could become one of the more disruptive systems on the market. While the system is still young, it sets a technical direction for Workday, SAP, Oracle, and others.

How The HR Software Market Has Changed

Let me briefly discuss how the HR software market has changed. Core Human Capital systems are a large, growing and important market. Once considered the “system of record” for employees, they are now used by every company as a way to keep track of people’s jobs and work, plan and facilitate careers, and make sure people are paid correctly.

Now, they are changing again.

Today’s HCM platforms are no longer just systems of record, they are systems to make employees’ work lives better. They have to support many organization models (hierarchy, teams, projects, contractors, gig workers); they have to address many forms of reward and pay (salary, hourly, by the project, by output); and they have to be open to many third-party applications.

Organizations now function as talent networks, not hierarchies. 34% of companies tell us they operate as a network (up from 6% in 2016), and more than 88% of companies tell me they want a better technology to manage gig and contract work. Zappos, Schneider Electric, Unilever and many others now manage themselves as “talent marketplaces,” encouraging people to play roles in multiple teams around the world.

And these new HCM platforms are not just “applications,” but rather micro-services platforms where applications run. Some of the most innovative apps in HR now come from third parties. HCM vendors simply cannot build everything themselves. I now think of core HCM as “application ecosystems,” more like the i-Phone than like Quickbooks.

Moreover, these systems have be designed around “experiences” not “processes.” The word Experience is now the biggest buzzword in HR, and it is profoundly changing the way software is developed. It’s no longer sufficient to build forms, tabs, and buttons for users: now we have to build systems that adapt to our needs, listen to our voice, change based on our data, and can be configured in many ways.

(Both SuccessFactors and Workday are just launching Experience Layers on top of their systems to address this.)

Finally, the HCM system of the future has to be an employee productivity tool, not jus an HR tool. It isn’t designed for HR anymore, it must be designed for employees and managers. The system should be useful, simple to use, and must interface with Microsoft Teams, Slack, WhatsApp, and all the other various collaboration tools we use at work.

In short, this is a whole new world – and it requires a new architecture, new user experience, and new technology stack.

ADP, An Unexpected Tech Leader

This industry is not for the faint of heart. Building an enterprise platform takes years, and once you start you’re stuck with the architecture you start with.

Workday’s architecture is fourteen years old and quite innovative, it feels proprietary. SuccessFactors is similar in age and is now being re-engineered around SAP Hana and a new Experience interface. Oracle recently re-engineered its HCM platform and it took almost five years. So when a company like ADP starts from scratch, it can upset the apple cart.

While many customers rushed to buy cloud-based HCM systems, their satisfaction has been mixed. The platforms are highly complex, they don’t accommodate new organization and performance models, and buyers want more innovation. HR departments want a stable, reliable HCM platform but they also want to be able to mix and match the best of breed on top.

Today, using what is called “cloud-native” systems, vendors can build modern applications faster than ever. And technologies like AI, cognitive interfaces, natural language processing, and graph database are readily available from Amazon Web Services, Google Cloud, or Microsoft.

Enter ADP.

ADP you say? Aren’t they a 70-year-old payroll company? What are they doing in the cloud architecture business?

Well yes, ADP does pay more than 40 million people in the US (one in six). But behind the scenes, the company is filled with technologists, and its new Lifion group has assembled some of the most senior tech architects in the world.

As Carlos Rodriguez the CEO and Don Weinstein the head of Global Product and Technology put it, ADP used to be a “services company fueled by technology.” Now it is becoming “a technology company with great services.” In other words, the company has heavily invested in its platform.

The new platform, today called ADP Next Gen HCM (a real name will come), has the architecture other vendors only talk about, and as it picks up speed it could become a major disruptor in the market.

What Is ADP Next Gen HCM?

Let me explain what ADP has done.

Through a skunk-works development team in Chelsea, NY, the company has been rewriting its payroll engine and HCM platform for several years. The project, originally called Lifion, is a “cloud-native” platform which embraces the latest technology stack needed to scale for the future.

“Cloud-native” simply means it’s built on the newest, containerized services, leveraging the latest technology in the cloud. This means the system is made up of many micro-apps, it uses low-code development, it leverages graph and SQL databases, and it never goes down for maintenance.

Let me give you some specifics.

ADP’s new architecture is designed around teams, not hierarchies, so it has capabilities to manage the future of work. You can create teams of any type in the system, and then include any type of worker in a team (full time, part-time, contingent). Teams inherit the hierarchical attributes of people (ie. who they report to) but also attribute them to the team. (Imagine a project team working on a new product, a safety team, and even an employee resource group.)
Unlike other HCM systems, each Team is an entity in itself, with its own business rules, apps, and measurement systems. You could have one team that uses an OKR goal application, another that uses a different survey tool. Teams are essentially the “grain” of the architecture, not the hierarchy. This is only possible because the system uses a Graph Database. Graph database technology models data as relationships, not rows and columns. (It’s the tech under Facebook and Google.) It has immense potential in organizations today.

The system is designed for “micro-apps and micro-services.” This means ADP can quickly build new applications easily, plug third party applications into the system, and open up the system for users and consultants to build apps. Think of the ADP Platform as a giant i-Phone: you can plug in any app and inherit all the data and security you’ve already built. You can assign apps to teams, so some teams can use one type of goal setting, another can use other features, and so on.
The development environment is “low-code,” meaning you can build apps in a visual tool. This means ADP and partners can extend the system easily, creating a flexible non-proprietary model to grow and expand.

ADP’s system is mobile-first and visually simple. The system uses a consumer-like interface (similar to Google), and seems very easy to use. Workday, which originally built a very innovative user interface, is feeling its age, and plans a major upgrade this Fall. SuccessFactors new HXM interface (Human Experience Management) is also a major push in this direction.
ADP’s AI engine is useful out of the box. And that’s not just because it uses AI, it’s because ADP has so much data. ADP houses more data about workers and jobs than any other company in the world, so if you want to know if your people are underpaid or if your retention is out of line, ADP has benchmarks you can use. The AI-based intelligence application delivers suggestions and recommendations on hundreds of talent issues, all in a “narrative intelligence” interface.

Just to let you know how much data the company has, ADP has more than 800,000 customers and a skills-cloud with more than 30 million employees’ job descriptions embedded.

ADP’s talent applications are also coming along. Clients sometimes complain about various parts of ADP’s recruitment or learning software, but StandOut, ADP’s next-generation engagement, goal, performance management, and team coaching system is a very competitive product. It is integrated into Next Gen HCM so it can be deployed immediately to any or all teams. The product has been highly successful in ADP, driving a 6% improvement in engagement and a 12% increase in sales productivity. 97% of ADP associates have completed the StandOut assessment, an aspiration most companies would dream of. (Cisco is also a big fan.)

ADP’s Next Gen Payroll engine, coupled with the company’s acquisition of Celegro, uses a reusable rules engine to greatly reduce the complexity of payroll. Payroll is a complex business operation filled with lots of special rules. The Next Gen payroll system is designed to be “rules driven.” Microsoft uses ADP’s Global Payroll and has reduced the number of global payroll administrators from 400 to a handful of payroll SMEs across the globe.
ADP’s new payment system is redesigned for real-time pay (the payroll engine computes all gross-to-net and deductions in real-time). This lets companies pay employees and contractors more frequently.
ADP’s Wisely system, the company’s smart payment app, is gaining more than 250,000 new members per month, making it one of the fastest-growing payment systems in the market. (Wisely lets you allocate pay to different categories, automatically create various forms of savings accounts, and use credit/debit and other pay methods right from your payroll.)

Through ADP’s application marketplace, the company is now one of the leading “platform as a service” vendors in the market (SAP is #2). As I mentioned above, HR departments need an “ecosystem of HR apps.” The average HR organization now has 11 systems of record and most companies have more. ADP’s app marketplace has more than 400 apps and sees more than 780 million hits annually. So if you use ADP for HR, you’re likely to find almost any add-on app you need.
Finally, ADP’s mobile HR app is highly competitive ADP has more users on its mobile app than any other vendor, and it includes a configurable onboarding and process design tool, so you can use it as an employee experience platform too. (It is the fifth most highly rated app in the Apple App store with a 4.7 rating and millions of reviews).
Is All This Really Ready?

Years ago an IBM Fellow made a funny statement to me: new software platforms are like babies, they make a lot of noise and they don’t always do what you want them to do. But over time they grow up, and eventually, they become responsible adults.

ADP Next Gen HCM is a fast-growing pre-teen. Today more than 20 pilot customers are using the system, and it’s working well. (Gold’s Gym is a customer and successfully manages many locations, many types of workers, with many pay models). It’s not going into full production until 2020 or 2021, but momentum will grow.

In the US, more than 60% of large companies have moved to cloud-based HCM already, but that still leads a lot of market opportunity. And I know some early cloud buyers are becoming itchy, so they may want to switch.

Can ADP Pull This Off?

One more point: can and will ADP sell and market this well?

In every market I’ve studied the “best product” does not always win. It’s the combination of product, marketing, sales, and service that wins. This is ADP’s next challenge. Now that the company has an advanced new HCM platform to sell, will they market, sell, and evolve it effectively?

I’m not saying you should short Workday, Ultimate, or any of the other successful HCM systems in the market, but this new ADP platform will be a force to be reckoned with. Let’s watch it closely.

« All Blogs

Close up of woman smiling

2020 Vision: Data Security Trends for the New Decade

There are four major trends to consider for your data security planning as the new decade begins.

Cyberattacks aren’t slowing down. In fact, both the number and the cost of attacks are increasing as the new decade dawns.

To combat these current and emerging threats, it’s worth looking back on the last 10 years. What technological advancements sparked the need for improved information security (infosec)? What’s next for attackers as defenses become more sophisticated? And which data security trends offer actionable “2020 insight”?

Retrospective Risk

According to Kim Albarella, Senior Director of Security Advocacy for ADP, significant cybersecurity shifts came about in the wake of events like Y2K and 9/11. “Companies started to get nervous that systems wouldn’t function properly,” she says.

Ten years ago, server and mainframe protection were top priorities. “While there were Blackberries, not everyone had one. iPads were just breaking out. Mobile was remote, but not widespread,” Albarella says. “Infosec was just starting with firewall protection, server protection and physical protection of data centers.”

But existing server protections began to fail. From whistleblowers to commercial breaches to widespread development of ransomware tools, changing conditions made data the battleground of enterprise IT. Attackers were always one step ahead and always finding new ways to enter systems. Businesses deployed intelligent, adaptable tools capable of detecting malicious resource use and network access, and in response, malicious actors leveraged fileless malware. Users moved to mobile, and cybercriminals followed with SMS threats and fake applications. At scale, organizations moved to the cloud, using increased resource availability to boost total security and enhanced connectivity to drive mobile adoption.

Now, experts predict greater personalization of attacks as protected data is leveraged to modify user behavior. More blunt-force breaches are likely as well, as hackers are now seeking simple routes through the increasingly complex Internet of Things (IoT) and other perpetually connected systems.

The last decade made it clear that change drives IT’s advantages and adversaries. With the benefit of “2020 vision,” we can observe four consistent data security trends from these years and move into the future of IT innovation with an informed perspective.

1. Handling the Human Factor

Human error remains the leading cause of data breaches, reports Kaspersky Lab. As Albarella points out, “We’re social computers, easily hacked.” Psychology matters as much as physical or digital data defenses, and if hackers can tap into our knowledge of critical network services, corporate email lists or personnel files, all it takes is “one trick, one click” for hackers to compromise key systems.

Ten years ago, this often took the form of easily identifiable scam emails offering large sums of money to unsuspecting staff members in exchange for seemingly innocuous information. Today, many of these messages are seemingly sent from the C-suite; as Albarella notes, “It’s going to get much worse with deep fake videos that are nearly perfect.”

But it’s not all bad news. Humans can act as both protectors and points of compromise. Albarella recommends investing in regular online and on-site training to help staff recognize potential threats and respond accordingly.

2. Getting Back to Basics

In the decade of databases, patching was priority No. 1. By applying patches to all connected systems, organizations could deliver security at scale to combat potential attacks. Today, the rise of remote workers and third-party providers means there’s no way to ensure all endpoints are equally well-defended, which creates a golden opportunity for hackers.

Here, Albarella recommends getting back to basics. “Don’t focus on what you can’t control or the most remote scenarios. Focus on the doing the rights things with the most impact today,” she says. But what does that look like in practice?

Patch everything — You may not get to every desktop and device, but the broader your updates are, the better your defenses stand to be.
Deploy the right tools — These should include advanced firewalls that can handle both cloud and local traffic and respond automatically to suspicious events.
Implement multi-factor authentication (MFA) — With mobile devices now being an essential part of business operations, MFA can frustrate front-line attackers without negatively affecting staff productivity.
3. Jumping the Generation Gap

Social media has become a driving force for business success. Albarella sees the “social paring of all functions creating another attack surface.” From Facebook to Twitter to LinkedIn to purpose-built, in-house social networks, “Employers must integrate social media — just like the cloud or big data — but they need to defend it.”

This requires policies and procedures capable of jumping the generational gap. While older employees may not understand how to use new tools like TikTok or Instagram, younger staff may not recognize their inherent risks. With social sites now being mined for data by attackers, organizations can’t overlook the need for clear directives and detailed best practices.

For example, it’s worth describing exactly what is permissible both on and off the clock. From posting on corporate accounts to sharing files for collaboration, be clear about your guidelines and the specific consequences for failing to comply with social policies in order to defuse potential attacks before they begin.

4. Developing a Disaster Plan

Finally, Albarella points to the need for resiliency plans that answer key questions, including, “Where’s my data? Who can access it? When? How?” Since pressing cybersecurity concerns are cropping up in real time, organizations need disaster recovery plans that can address the impact of attacks at scale but also focus on specific outcomes, such as recovery time objectives that get local resources back up and running.

Bonus Round: Small Businesses

Big corporate breaches regularly make the news; smaller businesses are often ignored. But as Albarella notes, the majority of cyberattacks are aimed at small businesses. SMBs need procedures in place to notify both staff and compliance agencies of any potential breaches, and they must account for the disparate nature of their networks: How do they secure remote workers? Public Wi-Fi connections? Portable hardware and Google docs?

While the same four data security trends apply, the best-case scenario for small businesses often lies with outsourcing: Finding trusted third parties to improve data defense without breaking budgets.

The last decade saw technology — and attack vectors — advance at breakneck speeds. While the next 10 years will naturally offer their own unique challenges, the trends outlined here will remain foundational elements of 2020 infosec success.