THE PERFECT FIT: The CIO-CFO relationship THE PERFECT FIT: The CIO-CFO relationship A company’s management strives for synergistic value creation yet, working together doesn’t come easy: it requires constant effort and mutual understanding. When considering a Chief Information Officer (CIO) and a Chief Finance Officer (CFO), the former is known to look at an innovative outlook and the latter is expected to look at a realistic one. Imagine this: A CIO comes up with an innovative digital solution to address company’s problems. It’s seamless in integration, superior in quality, faultless in performance, rich in detail and simply, perfect. Still, when the financial approval is sought, the CFO may reject it because it’s too costly, too over-the-top and seems to be a mountain of a solution when the requirement is a molehill. Sounds familiar? CIOs sometimes struggle to communicate the ROI of IT projects, as well as priorities, costs, commitments, and cash flows. Still, their knowledge and experience of technological solutions and their network of technology partners are priceless. CFOs often consider IT as an expensive budget item and therefore look to cut any cost they deem unnecessary. Most CIOs are aspirational in their thinking; they seek the perfect solution and look at the future. CFOs, on the other hand, stand by the principle of “earn the right to spend” and place priority on ROI which can often be overlooked or oversimplified by CIOs. This clash in philosophy often results in grudges, preconceived biases and ultimately, blocking the pathways for the company’s progress in the digital world. Working to make the CFO-CIO relationship work There are several strategies to weave a mutually beneficial CFO-CIO relationship into the fabric of organizational success. 1. Communicate effectively Communications don’t just mean exchanging words but also understanding personalities, respecting perceptions and accepting attitudes. 2. Mutually sharing organizational objectives and strategies CFOs have good visibility into their organization’s objectives and key metrics, which could be shared with CIOs to develop technological contributions in achieving them since they have a good understanding of the organization’s IT potential. Similarly, CIOs have a good vision of the technological landscape of the industry, which could be shared with CFOs to understand the true potential of the organization and show the pathway of achieving the objectives. This level of mutual sharing will help inculcate finance and technology into business solutions from the initial stages, resulting in more strategic solutions over tactical fixes. 3. Create efficient and automated processes In many organizations, finance teams are still overwhelmed with manual tasks. Legacy systems – or simply MS Excel worksheets – are still favored over ERP systems and other advanced processes. This traditional mindset has normalized slow speeds in organizational accounting, which sometimes justify why many companies release last month’s results in the middle of the following month! The criticality of data-based solutions is still a novelty in many companies, hindering progress and resulting in slower and thereby less effective decision-making. A good relationship between CFO and CIO will help instill better and more efficient processes while managing and overcoming resistance to change. With two teams working in tandem towards the unified objective of efficiency, legacy systems and manual workloads can be replaced by digitally advanced solutions that create a competitive edge. More importantly, when Finance and IT work together with mutual trust and confidence in each other, process automation can be achieved seamlessly and at a fraction of the time it will otherwise take. 4. Use of technology to enable insights Data is the currency of success. Both CFOs and CIOs carry a gamut of data that can be used in analytics and insight generation to drive business performance. When shared, these sets of data become a treasure trove of information. Having the right data at the right time is crucial for business success. So, nurturing a good relationship with a team that has the data you need is a simple formula for success. CIOs and CFOs working together to orchestrate data across the organization generates critical business insights that drive strategic responses. 5. Technology that brings strong ROI CFOs always want to see higher ROI from IT investments while CIOs might struggle to prioritize projects that bring tangible business outcomes and higher ROI. Therefore, collaboration is essential whenever an investment decision is required. When seeking approval for an investment, many IT teams find it challenging to talk to finance teams since they focus on qualitative factors while the other seeks quantitative angles. This results in a clash and subsequent rejection. Yet if both teams can compile a joint business proposal, getting Board approval becomes easy and mutual. While there are many industry-specific use cases, the following are some generic data analytics use cases that affect revenue and cost, directly or indirectly. The future of the IT and Finance relationship For too long, we’ve seen companies having divided fronts in terms of its IT and finance functions. However, with organizations increasingly focusing on holistic business operations and unified direction, moving away from siloed and functional mindsets is crucial. Collaboration, coordination and communication with mutual respect and trust – that’s the formula CIOs and CFOs must brew to create the perfect fit, with common objectives, to make the organization ready for next digital transformation. Dinuka Perera Chief Financial Officer / Vice President – Finance and Supply Chain How can we help you? First Name Last Name Company Job Title Email Address Phone Number Industry Banking & Finance Telecommunications & Media Manufacturing & Retail Government & Public Sector Other Country Afghanistan Albania Algeria American Samoa Andorra Angola Anguilla Antigua & Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire Bosnia & Herzegovina Botswana Brazil British Indian Ocean Ter Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Canary Islands Cape Verde Cayman Islands Central African Republic Chad Channel Islands Chile China Christmas Island Cocos Island Colombia Comoros Congo Cook Islands Costa Rica Cote DIvoire Croatia Cuba Curacao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic East Timor Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Ter Gabon Gambia Georgia Germany Ghana Gibraltar Great Britain Greece Greenland Grenada Guadeloupe Guam Guatemala Guinea Guyana Haiti Hawaii Honduras Hong Kong Hungary Iceland Indonesia India Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jordan Kazakhstan Kenya Kiribati Korea North Korea South Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macau Macedonia Madagascar Malaysia Malawi Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Midway Islands Moldova Monaco Mongolia Montserrat Morocco Mozambique Myanmar Nambia Nauru Nepal Netherland Antilles Netherlands (Holland, Europe) Nevis New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Norway Oman Pakistan Palau Island Palestine Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Island Poland Portugal Puerto Rico Qatar Republic of Montenegro Republic of Serbia Reunion Romania Russia Rwanda St Barthelemy St Eustatius St Helena St Kitts-Nevis St Lucia St Maarten St Pierre & Miquelon St Vincent & Grenadines Saipan Samoa Samoa American San Marino Sao Tome & Principe Saudi Arabia Senegal Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa Spain Sri Lanka Sudan Suriname Swaziland Sweden Switzerland Syria Tahiti Taiwan Tajikistan Tanzania Thailand Togo Tokelau Tonga Trinidad & Tobago Tunisia Turkey Turkmenistan Turks & Caicos Is Tuvalu Uganda United Kingdom Ukraine United Arab Emirates United States of America Uruguay Uzbekistan Vanuatu Vatican City State Venezuela Vietnam Virgin Islands (Brit) Virgin Islands (USA) Wake Island Wallis & Futana Is Yemen Zaire Zambia Zimbabwe Message Submit
Realizing the Value of Data Realizing the Value of Data One of the primary goals of a business is to increase profit. In its simplest form, profit growth can be achieved by increasing revenue and reducing costs. Yet in reality, these could be complex interdependent functions and therefore organizations need to take a closer look to understand the revenue and cost structures and their relationships to manipulate these parameters carefully and increase profit. There are multiple ways to model profit. An organization should find ways to increase income while protecting the existing revenue, thereby contributing to an increase in profit. An organization should also find ways of reducing costs and avoiding future costs to increase overall profits further. Businesses should strive to achieve sustainable profit growth in the long term, and to that end, data analytics can play a significant part. Value Framework to Increase Profit Realizing the Value of Data by Implementing the Right Use Cases Mapping the above framework to data analytics, an organization can implement multiple use cases affecting revenue and cost to realize the value of data to increase profit. While there are many industry-specific use cases, the following are some generic data analytics use cases that affect revenue and cost, directly or indirectly. Data Analytics Use Cases Affecting Revenue Data Analytics Use Cases Affecting Cost Some of the above data analytics use cases affect both revenue and cost simultaneously thereby strongly affecting profit. Organizations can identify such use cases and prioritize implementing those to realize the maximum value of data. Such sample use cases are described below. Use Case 1: Power of Personalization with Targeted Campaigns Customers expect intelligent communications from brands that are personalized to individual preferences. “91% of consumers say they are more likely to shop with brands that provide offers and recommendations that are relevant to them.” Source: Accenture, Personalization Pulse Check 2018 “52% of consumers are likely to switch brands if a company doesn’t make an effort to personalize communications to them.” Source: Salesforce Research, State of Marketing 4th Edition Targeted campaigns are a way of providing personalized offers to customers and one that has consistently proven to improve the campaign results. They can directly increase revenue by delighting the customer with relevant offers leading to more purchases. Targeted campaigns can also indirectly preserve current revenue via protecting the existing customer base by providing excellent service, appealing offers leading to increased customer affinity and reduced churn rates. It can also reduce costs through improved productivity through streamlined and automated target campaign rollouts reducing manual intervention. The following figure depicts how targeted campaigns can directly and indirectly affect the revenue and costs of the organization. Use Case 2: Power of Recommendation with Recommendation Engine Recommendation engines have been an essential factor to the success of digital platforms such as Alibaba, Amazon, Netflix, and Spotify. The Recommender System is not just a marketing tool to increase sales but also a platform to provide insights and promote customer engagement to improve customer satisfaction and loyalty, thus increasing customer lifetime value and business growth. “80% of Netflix’s Viewer activity is driven by recommendation engine.” “1 Billion USD is saved through reduced churn by Netflix recommendation engine.” “35% of Amazon’s sales are generated by their recommendation engine.” Source: Business Insider Recommendation engines can directly increase the revenue streams of a business by providing relevant purchasing advice and delighting customers, leading to more purchases. It can also increase customer affinity and reduce customer churn thereby protecting the existing revenue base. It also reduces the cost of operation by increasing productivity and automating the process of instantaneously providing intelligent recommendations to the user without manual intervention. The following figure depicts how implementing a Recommender System can affect the revenue and cost of a business in direct and indirect ways. Use Case 3: Power of Prediction with Predictive Maintenance In the environment of industry 4.0, predicting machine failures by analyzing and modeling IOT sensory data along with other related data points using advanced analytics techniques is a real use case that can add value to the business. Knowing well ahead that a machine would fail can avoid unplanned downtimes, prevent outages in the factory operation and increase productivity. “Predictive maintenance typically reduces machine downtime by 30 to 50% and increases machine life by 20 to 40%.” Source: McKinsey Industrial Analytics “Predictive maintenance increases productivity by 25%, reduces breakdowns by 70% and lowers maintenance costs by 25%.” Source: Deloitte Predictive Maintenance Position Paper Predictive maintenance of machinery can increase the productivity of the operation by reducing unplanned machine maintenance costs, improving machine lifetime and running the machines at their optimum conditions. It can also avoid future costs associated with sudden machine breakdowns that require unplanned break fixes and maintenance of machines, loss of production due to machine downtime and machine replacement due to poor maintenance of machines. In addition, it ensures smooth operation of 24×7 production in the factory, thus enabling the organization to fulfil customer orders on time thereby increasing customer satisfaction, service excellence and loyalty. The following figure depicts how predictive maintenance use cases can directly and indirectly affect the revenue and cost of the business operation. The use cases described above may have industry-specific versions that can differently impact the revenue and cost. However, the generic use cases are taken to elaborate on their impact on both the revenue and costs. In summary, value creation by data analytics use cases can be assessed by looking at the impact they make on the revenue streams and cost structures of the business. This influence can be direct or indirect but ultimately impacts the bottom line of the business in the short term and long term in a sustainable manner. Furthermore, certain data analytics use cases can simultaneously affect both the revenue and cost to improve the bottom line of the business, hence these use cases should be implemented on priority basis to harness the maximum value out of data. Poornika Wickramasuriya Associate Director – Data Science How can we help you? First Name Last Name Company Job Title Email Address Phone Number Industry Banking & Finance Telecommunications & Media Manufacturing & Retail Government & Public Sector Other Country Afghanistan Albania Algeria American Samoa Andorra Angola Anguilla Antigua & Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire Bosnia & Herzegovina Botswana Brazil British Indian Ocean Ter Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Canary Islands Cape Verde Cayman Islands Central African Republic Chad Channel Islands Chile China Christmas Island Cocos Island Colombia Comoros Congo Cook Islands Costa Rica Cote DIvoire Croatia Cuba Curacao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic East Timor Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Ter Gabon Gambia Georgia Germany Ghana Gibraltar Great Britain Greece Greenland Grenada Guadeloupe Guam Guatemala Guinea Guyana Haiti Hawaii Honduras Hong Kong Hungary Iceland Indonesia India Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jordan Kazakhstan Kenya Kiribati Korea North Korea South Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macau Macedonia Madagascar Malaysia Malawi Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Midway Islands Moldova Monaco Mongolia Montserrat Morocco Mozambique Myanmar Nambia Nauru Nepal Netherland Antilles Netherlands (Holland, Europe) Nevis New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Norway Oman Pakistan Palau Island Palestine Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Island Poland Portugal Puerto Rico Qatar Republic of Montenegro Republic of Serbia Reunion Romania Russia Rwanda St Barthelemy St Eustatius St Helena St Kitts-Nevis St Lucia St Maarten St Pierre & Miquelon St Vincent & Grenadines Saipan Samoa Samoa American San Marino Sao Tome & Principe Saudi Arabia Senegal Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa Spain Sri Lanka Sudan Suriname Swaziland Sweden Switzerland Syria Tahiti Taiwan Tajikistan Tanzania Thailand Togo Tokelau Tonga Trinidad & Tobago Tunisia Turkey Turkmenistan Turks & Caicos Is Tuvalu Uganda United Kingdom Ukraine United Arab Emirates United States of America Uruguay Uzbekistan Vanuatu Vatican City State Venezuela Vietnam Virgin Islands (Brit) Virgin Islands (USA) Wake Island Wallis & Futana Is Yemen Zaire Zambia Zimbabwe Message Submit
TRANSFORMING POST-COVID OFFICE EXPERIENCE: MIT ESP kickstarts the evolution of digitalized working with “Post Pandemic Smart Offices” TRANSFORMING POST-COVID OFFICE EXPERIENCE: MIT ESP kickstarts the evolution of digitalized working with “Post Pandemic Smart Offices” The pandemic has compelled millions of workers to work from home, converting many offices into ghost spaces. Yet with the virus receding, the question of returning to work is rearing its hopeful head. Pandemic-induced remote working arrangements have shed light on several opportunities for businesses to relook at how they run offices. Skyrocketing rent, increasing energy costs, steep internet bills, and car parking limitations are just some of the challenges companies have to overcome in today’s corporate landscape. Remote working helps alleviate many of these, but the picture is far from rosy. While research supports working from home, it also shows that employees and employers are valuing office-based work: PWC’s US Remote Work Survey (2021) revealed that for 87% of employees the office is important for collaborating with team members and building relationships. Going forward, offices will be smaller and smarter. Companies will opt for office spaces that accommodate half or less of their workforce, and hot seats will become the only seats available. However, the real transformation is the emergence of Post-Pandemic Smart Offices – workspaces that use technology to improve productivity, with the added emphasis of ensuring safety, well-being, and social distancing of its workers. This inevitable trend is already taking shape, with future-focused companies already investing in smart offices. Gartner (2020) predicted that by 2022, 60% of hybrid workers will prioritize a wellness-equipped smart office over a remote office. The smart office market, which was valued at USD 33.53 billion in 2020 is expected to reach USD 67.69 billion by 2026, driven by the rise in demand for intelligent office solutions, energy efficiency infrastructure, IoT, and safety at the workplace. For MIT ESP (MillenniumIT ESP), smart offices are the next step of the natural progression of workspaces. We are already designing smart building solutions for companies looking at future-proofing their operations. What advantages does a smart office bring to a business? Safety-first Smart offices are the ideal solution to ensure employees’ health, safety and wellbeing. These wellness-centric offices will enable the seamless ‘reservation’ of workstations from a simple mobile app that employees can use as their workspace remote control. This same app can be integrated to your building management system to reserve rooms, schedule meetings, allocate parking slots and book hardware like scanners. With motion and heat sensors in place, employees will know peak and off-peak times to avoid crowds or come to work with their team members. Thanks to IoT-enabled monitoring, their apps will also remind them to maintain social distance in crowded spaces. Smart tracking The smart office concept will also enable companies to use GPS signals to geolocate employees. In the case of an infection, the company will be able to use the data to track immediate contacts and notify them. Flexible working models Companies can opt for various work models such as the Clubhouse concept where employees meet, socialize and collaborate at the office and return home to work, or Activity-based working where employees come to work but don’t have designated spaces. In addition, companies can also operate co-working spaces to convert idle workstations into revenue-generating real estate. Cost-efficient office spaces Embracing the smart office concept translates into cost optimization since companies are able to manage air conditioning, lighting, shading, access control, and security (to name a few) via IoT-enabled infrastructure, all seamlessly connected to an integrated building management platform. This use-only-what-you-want concept is simple to implement and manage from a single control center, while saving cost. A new level of contactless work Working can be made completely contactless using near-field communications instead of key cards to give employees access to the building, meeting rooms and even when purchasing food from the office canteen. With the entire building management system, including employees’ emails, connected to a simple mobile app, communications will be seamless, effective, and real-time. Smart = Sustainable Corporates opting for smart office spaces reduce their environmental footprint much more effectively than those that run traditional offices. With reduced energy usage, companies will effortlessly kickstart their carbon-neutral journey thanks to IOT sensors that automatically switch on and off air-conditioning units, lights and other equipment. Enhanced employee experiences In addition to making office spaces safer and more efficient, smart offices will also enhance employee experiences like never before. Booking workstations near team members, adjusting lighting and heating according to personal preference, unlocking personal lockers, and connecting phone lines as you take your seat, and even arranging your personal photos in your digital desk photo frames are all possible, to ensure that employees have a great reason to come to work. MIT ESP believes that smart offices are here to stay. Having implemented Smart Building solutions for a range of clients, including integrated mixed use development projects in Sri Lanka to prestigious hospitality solution providers in the Maldives to name a few, we have the expertise, skills and technology to make any building a ‘smart’ building. MIT ESP is offering Smart Building solutions that integrate all modern IP-based ELV systems to corporate clients, hospitality providers, residential units, and anyone looking at embracing the future of spaces. With the ability to tailor-make smart building solutions that cater to its clients’ unique and discerning needs, MIT ESP is ready to help corporates create healthy co-working spaces to convert offices into corporate real estate that supports a company’s wellness objectives whilst empowering employees, optimizing costs and enabling sustainability. Rajith Rangajeewa Director – Smart Buildings MillenniumIT ESP How can we help you? First Name Last Name Company Job Title Email Address Phone Number Industry Banking & Finance Telecommunications & Media Manufacturing & Retail Government & Public Sector Other Country Afghanistan Albania Algeria American Samoa Andorra Angola Anguilla Antigua & Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire Bosnia & Herzegovina Botswana Brazil British Indian Ocean Ter Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Canary Islands Cape Verde Cayman Islands Central African Republic Chad Channel Islands Chile China Christmas Island Cocos Island Colombia Comoros Congo Cook Islands Costa Rica Cote DIvoire Croatia Cuba Curacao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic East Timor Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Ter Gabon Gambia Georgia Germany Ghana Gibraltar Great Britain Greece Greenland Grenada Guadeloupe Guam Guatemala Guinea Guyana Haiti Hawaii Honduras Hong Kong Hungary Iceland Indonesia India Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jordan Kazakhstan Kenya Kiribati Korea North Korea South Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macau Macedonia Madagascar Malaysia Malawi Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Midway Islands Moldova Monaco Mongolia Montserrat Morocco Mozambique Myanmar Nambia Nauru Nepal Netherland Antilles Netherlands (Holland, Europe) Nevis New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Norway Oman Pakistan Palau Island Palestine Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Island Poland Portugal Puerto Rico Qatar Republic of Montenegro Republic of Serbia Reunion Romania Russia Rwanda St Barthelemy St Eustatius St Helena St Kitts-Nevis St Lucia St Maarten St Pierre & Miquelon St Vincent & Grenadines Saipan Samoa Samoa American San Marino Sao Tome & Principe Saudi Arabia Senegal Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa Spain Sri Lanka Sudan Suriname Swaziland Sweden Switzerland Syria Tahiti Taiwan Tajikistan Tanzania Thailand Togo Tokelau Tonga Trinidad & Tobago Tunisia Turkey Turkmenistan Turks & Caicos Is Tuvalu Uganda United Kingdom Ukraine United Arab Emirates United States of America Uruguay Uzbekistan Vanuatu Vatican City State Venezuela Vietnam Virgin Islands (Brit) Virgin Islands (USA) Wake Island Wallis & Futana Is Yemen Zaire Zambia Zimbabwe Message Submit
Unlock the Power of Business Agility via Cloud – Part 2 Unlock the Power of Business Agility via Cloud – Part 2 In the last article (Part 1) we focused on what agility is and why cloud can be an accelerator of agility. The fundamental nature of the public cloud can be levied to increase momentum in the operational process at any scale, in any business. More companies are now starting to herald cloud as a catalyst of innovation and digital transformation, especially due to its ability to support speedy product development with limitless on-demand scalability. In this section, we focus on how to leverage the actual potential of the cloud. Agility is part and parcel of cloud In 2014, HBR Analytic Services conducted a survey titled “Business Agility in Cloud.” The results showed that 71% of companies have implemented cloud to reduced complexities in IT and business process management. Cost, quicker DevOps and DevTests, and minimized risk are the obvious benefits of cloud. Yet strategic goals like becoming the market leader, adopting an innovative culture, instilling continuous R&D, and inculcating an engaged and productive workforce are now the primary reasons companies are looking at when adopting cloud. Let’s deep dive into 5 ways how the above are delivered through cloud. 1. Multi-Cloud Orchestration – Why limit to one when you can unleash your potential using different Cloud Service Providers? Yes, the push for enterprise agility is strong but there is also parallel effort for applications which require specialized, fit-for-purpose infrastructure. Avoid vendor lock-in while focusing on cost-performance ratio. For example, you may use AWS spot instances to secure compute capacity at the lowest price, but you also have the option of using low priority VMs on Azure or preemptible instances on GCP to get the best price when spot instances become expensive. With the emergence of Artificial Intelligence (AI) and Machine Learning, engineers focus on leveraging large farms of GPUs for data crunching and, therefore, are actively looking at SaaS offerings that can be deployed on different public cloud environments. Standardization is what makes applications and data to be portable and accessible across the cloud. 2. Hybridization – Keep your finance team happy. Research by VMware and EMC found out hybrid cloud can lower your typical infrastructure cost to as low as 25%. Hybrid clouds offer lower IT spending through virtualization and consolidation, optimized workload sourcing and provisioning, and better throughput in application development and maintenance processes. Economic benefit of hybrid cloud (Source: VMware). In Sri Lanka, hybrid cloud deployments are primarily seen in regulated environments like government organizations and the Banking, Financial Services and Insurance (BFSI) sector. This is not only due to rigorous regulatory frameworks around data security and compliance, but also due to massive investments in legacy environments within the data center. With hybrid environments, the inherent benefits of cloud such as scalability, elasticity and availability, are accessible. So, why stop at the gates of legacy datacenters? 3. Understand the Economics – Give your shareholders a good night’s sleep. During the beginning of the cloud era, it made sense for the IT department to be the gatekeeper and develop its own understanding and measurement of the technology infrastructure and related financials. However, many IT departments today do not know the cost of tech for specific applications or line-of-business usage. This is not possible to undertake in an ecosystem of heterogeneous silos of technology. Cloud technology dictates that IT departments must grow to be better informed and answerable for knowing actual costs, allocation models, correct chargebacks, and other relevant aspects. 4. Cloud and Data – Unlimited storage unfolds a love story like no other. Data has been growing in an unprecedented manner. While the majority are unstructured, some are unsolicited as well. Businesses have understood the impact of data-driven decisions and the need for utilizing analytics to process these insurmountable sources. Be it a lift-and-shift of a traditional Big Data platform or a modernization of on-prem ERP/ SAP HANA, cloud provides flexibility for your data strategy. Also, maintaining large data pools in cloud has become an effective solution as the cost of maintaining a data lake is becoming cheaper with virtually infinite storage capacity. Also, spot instances in AWS/ Azure (preemptible in GCP) comes with huge savings which is a great perk for data modeling. 5. Focus on Strategizing and Innovating – Leverage the core benefits of cloud. Cloud allows companies to increase the pace of product development and marketing. In a traditional in-house IT environment, procuring new resources and infrastructure just for testing and development causes delays in monetizing the business; this can also become counterproductive if the resources are too expensive or if the product fails in the market. But on-demand/pay-per-use will eliminate risk and saves time. Plus, OpEx based cost models replace initial up-front costs. Faster upgrades to software, high availability, easy scalability and elasticity, and access to vendor marketplaces for quality-tested software are other unique propositions of public cloud. Untapped potential of cloud Cloud has enormous features but its benefits will not automatically appear just because your organization has adopted it. Cloud requires a “well defined, value-oriented strategy and coordinated execution by IT and Businesses” (McKinsey Quarterly, Feb 2021). Simple lift-and-shift of workloads from on-premises to cloud without a cloud adoption framework will miss out on autoscaling and performance management while increasing the cost due to over-provided assets. Also, the business operating model must be cloud-ready and be built for and integrated with the product development life cycle. Untapped economic potential of cloud from three focus areas Rejuvenate, Innovate and Pioneer (Source: McKinsey Global research). Let’s see the example of therapeutics company and vaccine manufacturer Moderna Inc. and how cloud-enabled them to deliver the drug in just 42 days, after the initial sequencing of the COVID-19 virus. The original article from HBR can be found here and you will appreciate how a well-defined cloud-based business model cuts across all the corners of an organization. The drug designing R&D platform is a proprietary web app that used scalable compute and storage infrastructure. The lab used well-integrated cloud-based data-warehousing service to receive insights from other experiments running simultaneously. With details centrally placed, scientists could easily analyze large amounts of protein structures and rapidly design the vaccine. The ability to harness limitless compute power instantly with a pay-per-use pricing model helped in expediting product development cycles without burning time and cash. Cloud also helped Moderna Inc. to be up to date with compliance and regulatory frameworks, using concepts such as Infrastructure as a Code (IaC), Governance as a Code, and Security as a Code. Automating these ‘Cloud best practices’ not only reduces manual labor, but also brings in visibility through one-click audit reports. Your focus as a CxO (or if your career growth will take you there eventually) As a CxO you already would know what cloud can bring to the table. Yet there can be hesitations in adoption which makes the transition slow, especially if managers have cold feet regarding security, latency, cost, and architecture redesign. These can be counteracted, and, on many occasions, cloud has proven to be the best fit for these problems. “From now, many future business leaders will be determined by how well they embrace the cloud.” CTO CIO, CTO and CISO (Chief Information Security Officer) are front-lining now and give their utmost during the pandemic to support the continuity of the business. There is no other time such as now to focus on digitizing the distribution/supply chain channels and holistically accelerating your digital strategy. As we saw in Part 1 of this article series, cloud is no longer just a tool to host workloads online or rent out compute power. Defining the expectation of cloud migration too narrowly (for example, hosting new applications) will not capture the real essence of the cloud, as there is no consideration of the company as a whole. To start off, one can: Picture every single aspect of the business processes and domains in which cloud adoption can bring in efficiency and increase revenue, by looking at how cloud and its surrounding technologies can rip apart the silos in business initiatives. Focus not only on selecting the correct technology but also on sourcing methods that must be aligned with corporate policies to mitigate risks. CEO As cited by McKinsey in a February 2021 article, research on 705 public cloud users by AWS and independent third-party (OmnicomGroup and Known) shows that highly matured cloud adopters stand out from their peers on the below four aspects: They are early adopters of disruptive technologies. They aggressively focus on innovating. They view technology as a competitive advantage and an enabler for launching new businesses. They pursue excellence in knowledge and skills sets by having catered roles and career progression for cloud experts, while building tailored programs to improve cloud-specific skills. The role of a CEO is critical as they only can channel different roles like HR Officer, CFO and CTO. The organization’s cloud strategy needs a collective effort and there is no one better than a CEO to orchestrate it because: Moving to cloud needs investment via sustainable financing. Collaborative top management involvement is needed to create a suitable operating model to facilitate business and technology. Talent planning is crucial to attract and retain specialized tech skills. It is imperative to bring in the organizational cultural practice to enhance a cloud-focused operating model and improve employee commitment to sustain overall value. On the highway to cloud Cloud is no longer used to host apps on the internet; we must move away from our traditional thinking patterns and start creating a business case centering cloud. The agility all companies are wishing for now comes with technology adoption. Cloud is the highway to take you closer to it. To reap the real benefits of cloud, a well-defined business-technology-based operating model must be devised to holistically capture the essence of the company across all functions. CxOs must collaborate to create the cloud strategy and focus on selecting and sourcing correct tech tools, acquiring sustainable funding, and creating a culture with best practices to thrive in the cloud. Lastly but importantly, cloud and its technologies change ever so rapidly. Hence, we should always be receptive to change and be open for learning. Tharinya Sellathurai Engineer – Cloud Technologies MillenniumIT ESP How can we help you? First Name Last Name Company Job Title Email Address Phone Number Industry Banking & Finance Telecommunications & Media Manufacturing & Retail Government & Public Sector Other Country Afghanistan Albania Algeria American Samoa Andorra Angola Anguilla Antigua & Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire Bosnia & Herzegovina Botswana Brazil British Indian Ocean Ter Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Canary Islands Cape Verde Cayman Islands Central African Republic Chad Channel Islands Chile China Christmas Island Cocos Island Colombia Comoros Congo Cook Islands Costa Rica Cote DIvoire Croatia Cuba Curacao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic East Timor Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Ter Gabon Gambia Georgia Germany Ghana Gibraltar Great Britain Greece Greenland Grenada Guadeloupe Guam Guatemala Guinea Guyana Haiti Hawaii Honduras Hong Kong Hungary Iceland Indonesia India Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jordan Kazakhstan Kenya Kiribati Korea North Korea South Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macau Macedonia Madagascar Malaysia Malawi Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Midway Islands Moldova Monaco Mongolia Montserrat Morocco Mozambique Myanmar Nambia Nauru Nepal Netherland Antilles Netherlands (Holland, Europe) Nevis New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Norway Oman Pakistan Palau Island Palestine Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Island Poland Portugal Puerto Rico Qatar Republic of Montenegro Republic of Serbia Reunion Romania Russia Rwanda St Barthelemy St Eustatius St Helena St Kitts-Nevis St Lucia St Maarten St Pierre & Miquelon St Vincent & Grenadines Saipan Samoa Samoa American San Marino Sao Tome & Principe Saudi Arabia Senegal Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa Spain Sri Lanka Sudan Suriname Swaziland Sweden Switzerland Syria Tahiti Taiwan Tajikistan Tanzania Thailand Togo Tokelau Tonga Trinidad & Tobago Tunisia Turkey Turkmenistan Turks & Caicos Is Tuvalu Uganda United Kingdom Ukraine United Arab Emirates United States of America Uruguay Uzbekistan Vanuatu Vatican City State Venezuela Vietnam Virgin Islands (Brit) Virgin Islands (USA) Wake Island Wallis & Futana Is Yemen Zaire Zambia Zimbabwe Message Submit
Unlock the Power of Business Agility via Cloud – Part 1 Unlock the Power of Business Agility via Cloud – Part 1 Cloud, from its inception as a server network service, has grown to be a business integrator and now a business innovator. In the first segment of this two-part article, we discuss why businesses should focus on being agile, citing industry-use cases, and how well cloud can create a dynamic and flexible IT culture. Cloud has evolved and so have businesses Cloud has moved from being a ‘nice-to-have’ technology to an essential piece of IT infrastructure for any and every organization. Just within the last decade, it has progressively evolved not just to be an infrastructure service, but an enabler of businesses. Now, it is becoming the centerpiece of corporates, holistically integrating into every aspect. Cloud is everywhere and it’s empowering everything: Amazon Web Services (AWS) has over 200 fully featured services; Google Cloud (GCP) thrives on its unique cloud offerings centered on Big Data and AI modeling tools. These testify that compute, storage, network, and database services aren’t the only benefits of cloud. “Cloud is not just for hosting apps on the web” Cloud has evolved, so has the need for adopting it. When companies outline their business plan for public cloud migration, they typically focus on cost reductions and efficiency. Questions are always in line with “How much CapEx and OpEx can I cut?” Comparisons are made to understand savings from hardware, licenses and human labor to name a few. Yes, cost and convenience were the main market drivers for cloud but business priorities have drastically changed now. Thus, shouldn’t we too start asking different questions now? COVID-19 didn’t just drive us into remote working; it changed the way we consume products. Consumers are demanding better services that are quick, efficient, easy to use, and customized. If businesses don’t keep up to their users’ pace, they will fail. In today’s saturated market, consumers have zero cost when switching from your service to a competitor’s. Hence, time to market is key and so are functional and stable product releases with continuous uptime. What is business agility? To keep up with the exponential advancements in consumer technology and the surge in digitalization adoption, businesses need to focus on being agile. What does this mean? Business agility is the ability of an organization to be flexible and adaptive to the changing market conditions and take quick responses in a cost-efficient manner. For organizations to appear agile, they must be a powerhouse in innovation, learning and R&D. An effective top-down approach in capturing ideas, testing, deploying and/or scraping projects and knowledge sharing is needed. These companies should also balance speed and stability across organizational processes. “Agility is quickly adapting to market conditions and not getting lost in the competition.” McKinsey & Company identified benefits of business agility as: Faster revenue growth Prolonged reduction in costs Effective management of threats and reputational risks A survey conducted for VMware® by independent market-research firm AbsolutData from over 600 respondents, has found that extremely agile companies outperform others in: Recognizing shifts in customer trends/demand Launching new products or functionalities Managing the execution of programs and scaling resources in order to meet demand How cloud enables business agility Agility brings dynamism which in turn enables organizations to approach markets and operational changes routinely. Continuous testing, greenfield deployments and rapidly engaging new distribution channels are part and parcel of seizing potential opportunities quickly. Cloud computing models are ideal for this purpose due to the ease in provisioning and scaling workloads and pay-per-use models. Cloud also embraces organizational agility by supporting mobility, collaborative communications and real-time feedback loops with continuous data insights. “If your R&D strategy is to fail fast and fail cheap; then cloud is your fast track.” In a cloud computing context, agility is the ability to rapidly develop, test and launch applications that deliver business growth. Cloud enables data driven insights allowing you to focus on strategizing your unique value proposition, instead of focusing on provisioning and maintaining the infrastructure. “Variety for business is more valuable than cost savings.” The primary reason for leveraging cloud in this era shouldn’t necessarily be a monetary benefit, even though it can be a catalyst. With cloud supporting flexibility and scalability, the thinking mindset of cloud-economics must go beyond Total Cost of Ownership (TCO). Therefore, a new set of questions should follow; “How will cloud improve my revenue or the competitiveness of my business?” The hype around cloud is waning with more industry-use cases and facts on what it can deliver to both IT and business. Trailblazing CTOs first think about business transformation and then how technology will enable it. Now the real talk among CXOs is how cloud helps them create a tighter connection between IT agility and business agility. Industry stats and use cases The same survey referred above reveals that business and IT leaders believe that infrastructure and technology are the key drivers of agility. In non-agile companies there is a fundamental disconnect, where the IT department cites money and skills as the problem while non-technical partners focus on the lack of infrastructure and tech to support business demands. Nevertheless, 63% of respondents say, “Cloud can make the entire organization more business agile, with flexible architecture to support changes and be responsive.” “Companies with enterprise-wide cloud deployments are 300% more likely to achieve business agility much better than its competition.” – VMware® survey results Survey results by VMware on the role of cloud in business agility. The public cloud is a wake-up call because of the on-demand, low-cost, self-service computing power with appealing rate cards, and customer-focused service level agreements (SLAs). Businesses must now evaluate a range of cloud options, including public, private and hybrid models, each with its own set of cost reductions. Cloud for banking Banks are forced to adopt technology due to increased pressure from tech-native start-ups providing convenience and control to the users. Retail banks seek to grow their customer bases and revenue by delivering new mobile services faster to the market. Cloud technology provides swift use of a compliant, secure and regulated test and development environment to provide production apps for end-users on any device, at any time and from any location. Cloud for health The health sector is one of the industries that rapidly underwent digitalization and digitization within the past year. Internationally, hospitals are moving towards Electronic Health Records (EHR) to improve patient engagement and continuously track the clinical care and record keep for safety. Healthcare companies benefit from cloud computing by receiving on-demand and cost-effective distribution of records to any hospital in any location, with improved patient data dependability, resilience, and security. Cloud for governments Governments, public sector and even schools are highly regulated with stringent cost structures which are mandated. Cloud computing delivers a dynamic, secure and compliant alternative, significantly reducing the time it takes to supply technology solutions. Cloud for retail and manufacturing Retail and manufacturing industries deal with insurmountable data from inventory to customer behavioral details. Therefore, cloud is vital to store these details but also to analyze and manage them to gain needed visibility about the business. Leveraging data, retailers can understand the customer buying behavior, trends, brand interaction and then use advanced modeling tools for predictive insights and automation. Cloud with its dependable security and dynamic scalability of workloads, large data can be safely stored and SaaS AI and ML tools can be instantly utilized from the cloud service provider’s marketplace. Cloud = Constant change Cloud and its technologies are constantly changing; new and newer tools are being introduced by cloud providers constantly. When the core technology evolves, so does our journey with it. Thus, the key strategy here is to be open and constantly revisit our approach when adopting cloud. If your interest is piqued by reading up the above information on cloud, its elements and applications and now you want to know more, don’t fret. The part 2 segment of this discussion will focus on the features of cloud to create business agility, visualizing the real organizational potential (elaborated with the use case of vaccine manufacturer Moderna Inc. as cited by HBR), and lastly on the actions CEOs and CIOs should collaboratively take to strategize for the future aligning with the cloud. Stay tuned for next week’s release! Tharinya Sellathurai Engineer – Cloud Technologies MillenniumIT ESP How can we help you? First Name Last Name Company Job Title Email Address Phone Number Industry Banking & Finance Telecommunications & Media Manufacturing & Retail Government & Public Sector Other Country Afghanistan Albania Algeria American Samoa Andorra Angola Anguilla Antigua & Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire Bosnia & Herzegovina Botswana Brazil British Indian Ocean Ter Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Canary Islands Cape Verde Cayman Islands Central African Republic Chad Channel Islands Chile China Christmas Island Cocos Island Colombia Comoros Congo Cook Islands Costa Rica Cote DIvoire Croatia Cuba Curacao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic East Timor Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Ter Gabon Gambia Georgia Germany Ghana Gibraltar Great Britain Greece Greenland Grenada Guadeloupe Guam Guatemala Guinea Guyana Haiti Hawaii Honduras Hong Kong Hungary Iceland Indonesia India Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jordan Kazakhstan Kenya Kiribati Korea North Korea South Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macau Macedonia Madagascar Malaysia Malawi Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Midway Islands Moldova Monaco Mongolia Montserrat Morocco Mozambique Myanmar Nambia Nauru Nepal Netherland Antilles Netherlands (Holland, Europe) Nevis New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Norway Oman Pakistan Palau Island Palestine Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Island Poland Portugal Puerto Rico Qatar Republic of Montenegro Republic of Serbia Reunion Romania Russia Rwanda St Barthelemy St Eustatius St Helena St Kitts-Nevis St Lucia St Maarten St Pierre & Miquelon St Vincent & Grenadines Saipan Samoa Samoa American San Marino Sao Tome & Principe Saudi Arabia Senegal Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa Spain Sri Lanka Sudan Suriname Swaziland Sweden Switzerland Syria Tahiti Taiwan Tajikistan Tanzania Thailand Togo Tokelau Tonga Trinidad & Tobago Tunisia Turkey Turkmenistan Turks & Caicos Is Tuvalu Uganda United Kingdom Ukraine United Arab Emirates United States of America Uruguay Uzbekistan Vanuatu Vatican City State Venezuela Vietnam Virgin Islands (Brit) Virgin Islands (USA) Wake Island Wallis & Futana Is Yemen Zaire Zambia Zimbabwe Message Submit
Go Beyond Chatbots with AI-powered Conversational Banking Go Beyond Chatbots with AI-powered Conversational Banking AI-powered Digital Assistants (DAs) have gained popularity over recent years. According to a study by Juniper Research, consumers are expected to interact with voice assistants on over 8.4 billion devices by 2024, surpassing the world’s population. Unlike chatbots, DAs have evolved over the past few years from rule-based responses to function as fully integrated end-to-end customer journey mapped solutions with integration flows. The rule-based approach used to take the user through several predetermined steps to achieve their goal. With the introduction of pre-trained language models and advanced NLP algorithms, DAs were able to understand user requests better. These improvements led DAs to be conversational. DAs were able to evolve from understanding their users’ requests to being contextually aware of the user’s requests. Now, DAs can initiate conversations, understand the user’s request, be contextually aware, lead users through complex processes, integrate to external systems, communicate via speech commands, and efficiently complete user-requested actions from applications. MillenniumIT ESP’s FinBot – The Banking Digital Assistant MillenniumIT ESP has deployed FinBot – the Banking DA – for financial institutions to enhance banks’ customer experience and approachability. FinBot can converse with a user while being contextually aware. It is capable of providing product information related to accounts, loans, credit cards, value-added services, general information, nearest branch/ATM information, check credit card balances, account balances, suspend misplaced cards, generate leads, handover the session to a live agent, raise a complaint, and many more features. Below are a few advantages of FinBot: Transformed Customer Experience FinBot can understand human conversations and deliver a personalized and conversational experience to users. The DA improves customer experience by responding to customer inquiries in real-time and maintaining positive NPS and resolutions. 24/7 Availability & Scalability The Banking DA can assist customers and employees 24/7 via various channels such as WhatsApp, Facebook, Skype, MS Teams, Telegram, and Twilio, among others. It is reliable and can handle a number of requests simultaneously. Reduced Cost FinBot is able to handle customer inquiries from digital channels with minimum human intervention. This would enable bank agents to focus on more high priority, important tasks and attend to customer queries only when needed. Unforeseen Insights When DAs are incorporated, banks can understand their customers’ sentiments, most frequently inquired products and services and other insights to judge their areas of interest to use for targeted campaigns and promotions. Real-time insights will assist banks to take more strategic decisions based on concrete data. Below are a few features and functionalities of the FinBot solution. Feature 1: Conversational Flows The DA understands the context of the user’s query without the user explicitly mentioning it. For instance, the user could ask “I want to know the nearest branch,” and the DA would respond with the nearest branch information based on the shared GPS location/entered city. If the user then asks, “Can you provide me the contact information,” the DA would know the user is asking for information on the nearest branch information shared and will provide the response accordingly. The DA is also designed and developed to understand the user’s query no matter how complex the command sentence is; it will understand all relevant entities mentioned by the user and provide the final response. Auto-correction and misspelt words are also supported. Feature 2: End-to-End Process Automation The DA could trigger RPA processes. Information entered to the DA could be used to fill and submit external forms without manual intervention. The DA could trigger the first level verification RPA process of a customer based on the information provided. A user can type a message in the DA like “I want to disable my debit card,” the DA would then process the request and trigger the RPA bot. The RPA bot would connect with the on-prem legacy system, and once the task is completed, the RPA bot would pass the status of the response to the DA which would provide the relevant information to the user. Feature 3: Integration with On-prem Systems FinBot could be integrated with the backend systems of an organization. This includes integrating with CRM systems, submitting support tickets to ticketing systems and integrating with on-prem core-banking systems to get account balance and credit card balances. The high-level process of checking the credit card balance through the Banking DA is illustrated below. Feature 4: Integration to Multiple Channels Using the Banking DA, organizations could engage with their customers on multiple platforms. A DA could be embedded to the company website, Facebook Messenger, Telegram, WhatsApp, Skype, Twilio, Slack, and MS Teams, among others. Feature 5: Live Agent Handover When a customer prefers to speak to a live agent, the DA could hand over the session to the live agent with the customer conversation history. This ensures a smooth transition for the customer and makes it an easier process for the customer care agent to take over the conversation. Feature 6: Customized GUI Components Customized UI components, including rich user controls such as cards, forms, carousels, menus, multimedia content, and customized branding can be incorporated to improve the overall user experience. Feature 7: Multilingual Capability DAs have the capability of conversing in multiple languages. At MillenniumIT ESP, we have deployed DAs that support English, Sinhala and Tamil languages to ensure that more people can access the DA in their native language. Feature 8: Delivering Insights through Analytics Dashboard While customer-facing DAs mainly support customer care agents, they also provide key metrics for managerial decision-making. Through the insights and analytics provided following the deployment of a DA, key metrics can be collected. An organization could identify their popular products, customer queries and expectations, identify seasonal changes and gather other key information for their decision-making needs. Feature 9: Speech Capability Users are able to interact with voice DAs via voice commands. Custom Neural voice is also supported, which allows users to create a customized voice for their brand. Feature 10: Pre-trained Use Cases The DA consists of pre-trained banking and financial language models for account information, credit card information, loan information, value-added service information, e-banking information, and general information enabling the DA to be rapidly deployed. Feature 11: Continuous Re-training Continuous re-training and improvements of the DA will be done on a daily basis to improve the customer experience. FinBot’s High Level Architecture FinBot is powered by Microsoft’s Bot Framework and the Azure Cognitive Services. The Microsoft Bot Framework is used to build DAs that use natural language understanding, speech, questions and answers, etc. Microsoft Cognitive Services are used to build cognitive intelligence to the DA. Microsoft’s Language Understanding Model is used to predict the overall meaning and retrieve detailed information of the user’s conversation. QnA Maker is used to build a knowledge base by using question and answer pairs. Azure Storage is used to handle temporary session data. A site-to-site VPN is integrated to securely connect with on-prem systems. Security-first Approach Relevant security measures are undertaken to secure the banking DA by adhering to PCI Security Standards. Azure Bot Service is continually expanding its certification coverage. Currently, Azure Bot Service is certified with the following certificates. UI-level masking and encryption mechanisms are incorporated to ensure that all sensitive information exchanged are secure. What Makes Us Unique? MillenniumIT ESP provides end-to-end DA solutions. Each solution maps the customer journey to provide a seamless user experience. Development best practices and processes are followed to create production-ready DAs. Source: https://appsource.microsoft.com/en-us/product/web-apps/millenniumitesppvtltd.finbot?tab=overview Our FinBot solution is also recognized as a preferred solution on the Microsoft Marketplace and it is Microsoft co-sell ready containing pre-trained models for banking and financial institutions. End note: With people increasingly adopting digital platforms and virtual consumer behavior practices normalizing across industries, DA’s will soon become the preferred choice for customer engagement. These versatile artificial intelligence applications with multiple industry flexibility will liberate individuals from mundane tasks and help humans focus their energy on more creative endeavors. Shehani Perera Engineer – Software Engineering MillenniumIT ESP Areefa Thassim Engineer – Enterprise Applications MillenniumIT ESP How can we help you? First Name Last Name Company Job Title Email Address Phone Number Industry Banking & Finance Telecommunications & Media Manufacturing & Retail Government & Public Sector Other Country Afghanistan Albania Algeria American Samoa Andorra Angola Anguilla Antigua & Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire Bosnia & Herzegovina Botswana Brazil British Indian Ocean Ter Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Canary Islands Cape Verde Cayman Islands Central African Republic Chad Channel Islands Chile China Christmas Island Cocos Island Colombia Comoros Congo Cook Islands Costa Rica Cote DIvoire Croatia Cuba Curacao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic East Timor Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Ter Gabon Gambia Georgia Germany Ghana Gibraltar Great Britain Greece Greenland Grenada Guadeloupe Guam Guatemala Guinea Guyana Haiti Hawaii Honduras Hong Kong Hungary Iceland Indonesia India Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jordan Kazakhstan Kenya Kiribati Korea North Korea South Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macau Macedonia Madagascar Malaysia Malawi Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Midway Islands Moldova Monaco Mongolia Montserrat Morocco Mozambique Myanmar Nambia Nauru Nepal Netherland Antilles Netherlands (Holland, Europe) Nevis New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Norway Oman Pakistan Palau Island Palestine Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Island Poland Portugal Puerto Rico Qatar Republic of Montenegro Republic of Serbia Reunion Romania Russia Rwanda St Barthelemy St Eustatius St Helena St Kitts-Nevis St Lucia St Maarten St Pierre & Miquelon St Vincent & Grenadines Saipan Samoa Samoa American San Marino Sao Tome & Principe Saudi Arabia Senegal Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa Spain Sri Lanka Sudan Suriname Swaziland Sweden Switzerland Syria Tahiti Taiwan Tajikistan Tanzania Thailand Togo Tokelau Tonga Trinidad & Tobago Tunisia Turkey Turkmenistan Turks & Caicos Is Tuvalu Uganda United Kingdom Ukraine United Arab Emirates United States of America Uruguay Uzbekistan Vanuatu Vatican City State Venezuela Vietnam Virgin Islands (Brit) Virgin Islands (USA) Wake Island Wallis & Futana Is Yemen Zaire Zambia Zimbabwe Message Submit
The Need of the Hour of Today’s Enterprise – Innovation Within to Enable a Sustainable Ecosystem The Need of the Hour of Today’s Enterprise – Innovation Within to Enable a Sustainable Ecosystem The uncertainty and chaos caused by the prevailing deadly pandemic clearly shows that although we live in a world complete with cutting-edge technological solutions for many of our problems, we are not really focusing on the ‘right’ problems. Are we addressing the world’s most challenging issues in the right way? The pandemic itself is proof that we have probably missed some of the most important aspects in this world and shown us that we lack innovation, investment and technological advancements in healthcare, education, environmental and many other areas. The current world order and the financial ecosystem as we know it, is fragile and it clearly is not focusing on the important issues that we need to solve as a human race. With this realization, the world is starting to understand a little better and is making an effort to shift gears to creating and maintaining a more sustainable ecosystem with innovation at its core. Doomsday Hollywood movies have often depicted how our world may end in the most dramatic way – but the truth is we may be heading that way in reality unless we act fast. Are we too late to change course for the better? The good news is we can, but we need to act fast. What is Sustainability? Before we get into the solutions, we need to understand some of the underlying concepts and models that we can use to solve these problems. Sustainability has become a buzzword today, but what does it really mean? Let’s consider this definition “Meeting our present needs without compromising the ability of future generations to meet their own needs (Brundtland Commission, 1987). It has three components — environmental conservation, social responsibility and economic development. While most people primarily associate sustainability with environmental conservation, it is about people and the health of our communities! In 2015, the United Nations drew up a guideline called The Sustainable Development Goals, a blueprint to achieve a better and more sustainable future for all. They addressed the global challenges we face, including poverty, inequality, climate change, environmental degradation, peace, and justice, encompassing all elements that need to be considered given that sustainability has a broader aspect. Businesses too can add great value to solve these problems if they have a clear focus on them. How Can a Business Realign and Change? Develop a greater purpose – Businesses have typically had one financial objective – to increase revenue, create shareholder value, improve customer portfolio. However, today, this focus must shift slightly to have a bigger purpose. Companies today must invest in more sustainable ways of doing business, which include culture, impact to society and the community, as well as the environment. Shake off the legacy mindset – To be able to incorporate sustainable practices into your business, organizations need to focus on what’s called the triple bottom line. To build a purpose driven business or operate as one you need to have a long-term vision. Most businesses operate on short-term goals or quarterly based achievements. But, there needs to be a balance, meaning a business should have both short-term and long-term goals. These goals must be impactful with a larger and lasting impact on society and on the planet. It’s only then that any high-tech modern-day innovation can contribute meaningfully to sustain our existence. Carve out a different way to operate – A sustainability focus driven business needs to operate two steps ahead, which means they need to have a long-term focus. It also needs to be partnership oriented, which means it needs to be open to partners who have expertise in other areas and have common goals and vision. Above all, it needs to be human centric and must include an element of empathy. Nurture purpose-driven employees – No goal or innovation can be accomplished if you do not have the right talent and the required motivated and passionate mindsets. That is why your employees will be the biggest assets to transform or build a purpose driven organization or innovation. To do this, you must focus on creating a work environment where employees feel their job is more than just a paycheck by incorporating other intangible benefits. When organizations prioritize purpose over paychecks, they appeal to candidates who are committed, intrinsically motivated and show greater passion for a bigger cause in their work, especially among younger generations entering the workforce today. Conclusion The problem is very real and requires immediate attention. While much has been talked about and debated on many forums, some organizations lack the enthusiasm or sense of urgency to address these issues by redefining how they operate. In a nutshell, the future of businesses and companies are not going to be spreadsheet driven. It has been proven by Elon Musk and other modern-day entrepreneurs that their successes were achieved by trying to solve real-world problems. The mantra of organizations today should be to create wealth and value by adopting a larger purpose – one that recognizes and embraces the bigger picture of sustainability to positively impact people and the planet via innovation and disruptions. “Disruption is the watchword in business today. With technology changing at hyper speed, corporations may struggle to build a foundation for long-term success. Traditionally, organizations have emphasized how much revenue they create and how many expenses they cut. With the challenges facing society today, that simple focus is no longer sustainable.” — Forbes Calvin Hindle Associate Director – Emerging Technologies MillenniumIT ESP How can we help you? First Name Last Name Company Job Title Email Address Phone Number Industry Banking & Finance Telecommunications & Media Manufacturing & Retail Government & Public Sector Other Country Afghanistan Albania Algeria American Samoa Andorra Angola Anguilla Antigua & Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire Bosnia & Herzegovina Botswana Brazil British Indian Ocean Ter Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Canary Islands Cape Verde Cayman Islands Central African Republic Chad Channel Islands Chile China Christmas Island Cocos Island Colombia Comoros Congo Cook Islands Costa Rica Cote DIvoire Croatia Cuba Curacao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic East Timor Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Ter Gabon Gambia Georgia Germany Ghana Gibraltar Great Britain Greece Greenland Grenada Guadeloupe Guam Guatemala Guinea Guyana Haiti Hawaii Honduras Hong Kong Hungary Iceland Indonesia India Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jordan Kazakhstan Kenya Kiribati Korea North Korea South Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macau Macedonia Madagascar Malaysia Malawi Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Midway Islands Moldova Monaco Mongolia Montserrat Morocco Mozambique Myanmar Nambia Nauru Nepal Netherland Antilles Netherlands (Holland, Europe) Nevis New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Norway Oman Pakistan Palau Island Palestine Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Island Poland Portugal Puerto Rico Qatar Republic of Montenegro Republic of Serbia Reunion Romania Russia Rwanda St Barthelemy St Eustatius St Helena St Kitts-Nevis St Lucia St Maarten St Pierre & Miquelon St Vincent & Grenadines Saipan Samoa Samoa American San Marino Sao Tome & Principe Saudi Arabia Senegal Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa Spain Sri Lanka Sudan Suriname Swaziland Sweden Switzerland Syria Tahiti Taiwan Tajikistan Tanzania Thailand Togo Tokelau Tonga Trinidad & Tobago Tunisia Turkey Turkmenistan Turks & Caicos Is Tuvalu Uganda United Kingdom Ukraine United Arab Emirates United States of America Uruguay Uzbekistan Vanuatu Vatican City State Venezuela Vietnam Virgin Islands (Brit) Virgin Islands (USA) Wake Island Wallis & Futana Is Yemen Zaire Zambia Zimbabwe Message Submit
The Evolution of Cyber-Attacks in Sri Lanka The Evolution of Cyber-Attacks in Sri Lanka As you are already aware, cyber-attacks reported within the country has become more common in the recent past. Reflecting on these attacks, we noticed three trends that have been explained below: Drastic increase in threats – Over the past two-to-three years, we have noticed that the number of cyber-attacks targeting Sri Lankan-based enterprises has been drastically increasing. We hear more stories about successful attacks compared to attacks that were detected and mitigated at their early stages. Increase in the complexity of attacks – We aren’t talking about isolated, annoying viruses anymore that make our life a little difficult, for example folder.exe., rather attacks that go through multiple stages spanning over a period of time. Attackers improvise and adapt to the environment and leverage stealth mechanisms to remain undetected until the very last stage is executed. Exponential increase in the impact of attacks – The impact of modern attacks is increasing rapidly. We have come across many instances where large organizations have been brought to their knees and took days to recover. In addition to the financial loss due to the abrupt stop of business, money and resources been spent on the recovery process, many organizations suffer significant reputational damage. News travels fast and bad news travels faster. Some attackers even go as far as releasing samples of stolen data to persuade companies to pay ransom. In order to understand the current cyber attack trends within the country, let’s analyze what has changed over time from an attacker’s point of view and from a defender’s point of view. The Evolution of Cyber Attacks in Sri Lanka – From an Attacker’s Point of View Looking at how the attacks have evolved from an attacker’s point of view, there are a few key points that we have observed. Sri Lanka is no longer a hidden target – For some time, we had the luxury of reading about attacks only in news or tech blogs. It was very rare for us to be at the receiving end of a cyber-attack. But that isn’t true anymore. Attackers have their eyes set on enterprises in Sri Lanka. With acceleration in digital transformation happening and changing work dynamics due to the prevailing pandemic, Sri Lanka is more visible to attackers who now view it as a viable target. Attackers collaborate – Just like we collaborate to defend our organizations, attackers too have started to collaborate in order to be more efficient when running attacks. It is no longer required for a single attacker to run all the stages of an attack by themselves, instead they collaborate and function as a tag-team. For example, one attacker group may have expertise in stealing credentials, while another has expertise in stealing data or running ransomware attack campaigns. In such an instance, the former would tend to sell the credentials they stole to the latter, so they can run a ransomware attack. This enables the attackers to focus on what they are good at. Everything is available at the right price – I believe most of us are familiar with the term XaaS (X-as-a-Service). Customers prefer to consume functions in the form of “as-a-Service” since you can get what you want without having to worry about the underlying technologies and maintenance overheads. This is true with attackers as well. Attackers rent out their infrastructure or services to interested parties to run attacks expecting a percentage of earnings in return. For example, Ransomware-as-a-Service (RaaS) is a very common thing these days. Easy way to earn money – If you have been following the news and have been monitoring professional social networking sites such as LinkedIn, you will notice that there are a lot of professionals who are seeking work due to the effects of the pandemic. Attackers seek to lure such individuals by showcasing the potential of earning a quick buck. The Evolution of Cyber Attacks in Sri Lanka – From a Defender’s Point of View Cyber-attacks are no longer a smash and grab operation – In the past, it was very rare to experience an attack that had multiple stages and most attacks rarely spanned over a couple of hours. But now we experience attacks that have many stages, such as initial compromise, credential theft, privilege escalation, lateral movement, detonation, and these span over a period of time which could range from a couple of days, weeks, to even months. This makes it incredibly difficult to detect if you do not know where to look. Attackers actively participate – Attackers have become more involved during the period the execution takes place. They no longer release viruses or worms and expect them to do the job on their own. Instead attackers are focused on creating and maintaining communication channels to the victim networks and dictating how the attack is executed. This enables them to be more devastating since they could quickly adopt and circumvent any changes the defenders place in order to thwart such attacks. No more bringing your own tools – In the past, most attacks were done using tools created by attackers for that particular purpose. This made it easy for security solutions to detect such tools and prevent them from executing. But this is no longer the case. Attackers prefer to improvise, hence whenever possible, they would leverage legitimate tools used by administrators to carry out the attack. This is also known as “living off the land.” This makes it very difficult to detect since we would always have to consider the context of an event before deducing if it is malicious or not. One example would be an attacker compromising your software distribution tool to deliver a malicious payload within your network. Without knowing if the payload is malicious or not, you cannot accurately say if this activity is malicious or not. Multiple entry points to exploit – In the past, an enterprise had an easier job protecting their networks since the perimeter was clearly defined. Anything within the organization’s premises was considered to be trustworthy and anything coming from outside was scrutinized before allowing access. But with the “New Normal” everything has changed. It is no longer about who is inside your premises and not since many or even all employees are working from home, connecting via secure links and have direct access to the heart of the organization, which are essentially the critical business applications. These devices that are allowed to connect are rarely scrutinized, hence act as easy entry points for attackers. This has made the defender’s lives much harder since now they must focus on multiple entry points (in some instance even unknown) rather than the few well-defined entry points they used to have. In summary, the attack landscape has drastically changed and keeps changing, and attackers are becoming increasingly effective with time. We have a fare doubt in our minds whether we are putting enough effort to protect ourselves against these attacks. The time has come for us to up our game as defenders and work towards advancing our techniques in order to defend against the attackers who will never rest. Rukmal Fernando Associate Director – Cyber Security MillenniumIT ESP How can we help you? First Name Last Name Company Job Title Email Address Phone Number Industry Banking & Finance Telecommunications & Media Manufacturing & Retail Government & Public Sector Other Country Afghanistan Albania Algeria American Samoa Andorra Angola Anguilla Antigua & Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire Bosnia & Herzegovina Botswana Brazil British Indian Ocean Ter Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Canary Islands Cape Verde Cayman Islands Central African Republic Chad Channel Islands Chile China Christmas Island Cocos Island Colombia Comoros Congo Cook Islands Costa Rica Cote DIvoire Croatia Cuba Curacao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic East Timor Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Ter Gabon Gambia Georgia Germany Ghana Gibraltar Great Britain Greece Greenland Grenada Guadeloupe Guam Guatemala Guinea Guyana Haiti Hawaii Honduras Hong Kong Hungary Iceland Indonesia India Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jordan Kazakhstan Kenya Kiribati Korea North Korea South Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macau Macedonia Madagascar Malaysia Malawi Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Midway Islands Moldova Monaco Mongolia Montserrat Morocco Mozambique Myanmar Nambia Nauru Nepal Netherland Antilles Netherlands (Holland, Europe) Nevis New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Norway Oman Pakistan Palau Island Palestine Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Island Poland Portugal Puerto Rico Qatar Republic of Montenegro Republic of Serbia Reunion Romania Russia Rwanda St Barthelemy St Eustatius St Helena St Kitts-Nevis St Lucia St Maarten St Pierre & Miquelon St Vincent & Grenadines Saipan Samoa Samoa American San Marino Sao Tome & Principe Saudi Arabia Senegal Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa Spain Sri Lanka Sudan Suriname Swaziland Sweden Switzerland Syria Tahiti Taiwan Tajikistan Tanzania Thailand Togo Tokelau Tonga Trinidad & Tobago Tunisia Turkey Turkmenistan Turks & Caicos Is Tuvalu Uganda United Kingdom Ukraine United Arab Emirates United States of America Uruguay Uzbekistan Vanuatu Vatican City State Venezuela Vietnam Virgin Islands (Brit) Virgin Islands (USA) Wake Island Wallis & Futana Is Yemen Zaire Zambia Zimbabwe Message Submit
MillenniumIT ESP’s HealthVision Platform Revolutionizes Teletherapy and Sets the Stage for Global Impact MillenniumIT ESP’s HealthVision Platform Revolutionizes Teletherapy and Sets the Stage for Global Impact When MillenniumIT ESP (MIT ESP), along with the MJF Charitable Foundation (MJFCF), repurposed and adopted the HealthVision tele-medicine platform last year, they created a global benchmark in supporting children with special needs as well as their families. Almost a year later, the project has culminated in MIT ESP becoming a ‘Finalist – Microsoft Partner of the Year’ under the Inclusion Changemaker Category for its contribution toward this timely requirement of teletherapy services for children with Cerebral Palsy. This is only the beginning of what’s in store. In October 2020, MJFCF and MIT ESP launched disABILITY – an app designed to support children with disability and their families by connecting them to expert guidance. The launch coincided with the World Cerebral Palsy Day and the application was aimed at complementing the MJF Foundation’s disability advice channel on YouTube in reaching children and people with disabilities in remote parts of Sri Lanka. The disABILITY app powered by HealthVision has been extremely successful and received well. Children with special needs and their caretakers are now able to directly communicate with the MJFCF Team via audio, video and chat facility through a tri-lingual service. Moreover, the platform’s remote monitoring and response ability ensures patients’ health status can be brought to attention early enough so proactive intervention and individual care can be provided as and when required. What’s significant about the award? Microsoft’s Inclusion Changemaker Partner of the Year Award recognizes partner organizations that go over and beyond in offering innovative and unique solutions or services based on Microsoft technologies. These solutions are often those that aim to help customers solve common challenges related to diversity, economic access, digital inclusion, and accessibility. The purpose of inclusion changemakers is to drive digital transformation toward a more inclusive and equitable world. This year, around 100 countries submitted over 4,400 projects. What’s special about the tele-medicine platform? Aims to increase greater awareness about Cerebral Palsy (estimated at around 40,000 people in Sri Lanka and 17 million around the world). Fosters greater communication to address stigma around those with disabilities and encourage acceptance, respect and inclusion. Promotes knowledge sharing and therapy, especially for children in Sri Lanka, around regions where access to such services is limited. Ensures continuous care during crisis times, such as the lockdown due to the pandemic, where physical presence is deemed risky. Insights into progress of care provided by using techniques that combine learnings with regular therapy. Functionality and capabilities MIT ESP adapted its Remote Patient Management platform, HealthVision, to assess, diagnose and continue online therapy for children with Cerebral Palsy and other special needs. The uniqueness of this platform is its end-to-end capabilities, encompassing disability screening, pediatric diagnosis, early identification and intervention, multi-disciplinary team support, and therapeutic, educational and rehabilitation services. The platform also provides mobility aid support, child progress monitoring and follow up, as well as live video teletherapy. All these capabilities are seamlessly integrated with flexibility and agility at the core to easily adapt to specific use cases. The use of data analytics and Artificial Intelligence (AI) further adds value by providing analytical capabilities for faster and accurate decision making. Platform features Remote teletherapy and video conferencing – Realtime video teletherapy services connect patients (children) and their caretakers with the MJF Centers anytime, anywhere. This facility also allows for patients who live in remote parts of the island to easily connect with healthcare service providers via this platform. Customizable assessment workflows – The MJF Foundation can customize and enable new assessment workflows to capture valuable information from patients and then assign them to their physiotherapist teams. Multilingual capability – The application is supported by Sinhala, Tamil and English languages, catering to all three languages spoken in the country. Data analytics and Machine Learning (ML) – The data gathered by the platform is used to create real time insights via dashboards. In addition, physiotherapists’ comments and reviews are taken into consideration in developing a ML model to help identify disabilities during the early stages and proactively provide care. Omnichannel access – The application is developed to support mobile and web responsive access. It can be used via both Android and iOS supported devices. HealthVision is designed as an asynchronous, near real-time platform to solve the challenge of meeting the ever-growing demand for healthcare with the limited capacity of healthcare providers. State-of-the-art technologies such as analytics and AI, coupled with automation will help further reduce the overall cost per engagement, making access to quality healthcare viable for everyone. The use of HealthVision ensures the reduction of healthcare risks where deterioration in a patient’s health status can be brought to a provider’s attention early enough, enabling proactive intervention and personalized care, and assisting their caregivers, teachers and trainers who work with special needs individuals. MillenniumIT ESP Team How can we help you? First Name Last Name Company Job Title Email Address Phone Number Industry Banking & Finance Telecommunications & Media Manufacturing & Retail Government & Public Sector Other Country Afghanistan Albania Algeria American Samoa Andorra Angola Anguilla Antigua & Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire Bosnia & Herzegovina Botswana Brazil British Indian Ocean Ter Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Canary Islands Cape Verde Cayman Islands Central African Republic Chad Channel Islands Chile China Christmas Island Cocos Island Colombia Comoros Congo Cook Islands Costa Rica Cote DIvoire Croatia Cuba Curacao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic East Timor Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Ter Gabon Gambia Georgia Germany Ghana Gibraltar Great Britain Greece Greenland Grenada Guadeloupe Guam Guatemala Guinea Guyana Haiti Hawaii Honduras Hong Kong Hungary Iceland Indonesia India Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jordan Kazakhstan Kenya Kiribati Korea North Korea South Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macau Macedonia Madagascar Malaysia Malawi Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Midway Islands Moldova Monaco Mongolia Montserrat Morocco Mozambique Myanmar Nambia Nauru Nepal Netherland Antilles Netherlands (Holland, Europe) Nevis New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Norway Oman Pakistan Palau Island Palestine Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Island Poland Portugal Puerto Rico Qatar Republic of Montenegro Republic of Serbia Reunion Romania Russia Rwanda St Barthelemy St Eustatius St Helena St Kitts-Nevis St Lucia St Maarten St Pierre & Miquelon St Vincent & Grenadines Saipan Samoa Samoa American San Marino Sao Tome & Principe Saudi Arabia Senegal Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa Spain Sri Lanka Sudan Suriname Swaziland Sweden Switzerland Syria Tahiti Taiwan Tajikistan Tanzania Thailand Togo Tokelau Tonga Trinidad & Tobago Tunisia Turkey Turkmenistan Turks & Caicos Is Tuvalu Uganda United Kingdom Ukraine United Arab Emirates United States of America Uruguay Uzbekistan Vanuatu Vatican City State Venezuela Vietnam Virgin Islands (Brit) Virgin Islands (USA) Wake Island Wallis & Futana Is Yemen Zaire Zambia Zimbabwe Message Submit
The Ins and Outs of Ransomware-Attacks in Sri Lanka The Ins and Outs of Ransomware-Attacks in Sri Lanka A few years ago, Sri Lankan enterprises were fortunate that they only had to learn about cyber-attacks, such as ransomware, through media and Tech blogs, depicting horrifying stories on how such attacks brought large enterprises to their knees. Attackers forced helpless organizations, which were large in size and significant in terms of brand, to pay massive amounts of ransom to retrieve their stolen data. These organizations were heavily dependent on information technology to carry out their work. Many of us didn’t think such attacks would hit home due to a perception that we may be less appealing to such attackers. But that has changed. The question that organizations face is not “if a cyber-attack will happen?” rather “when will a cyber-attack happen?” Many customers have recently reached out to us when they were hit by such an attack or when they suspected they were being attacked. Therefore, we have had our fare-share of experience in helping organizations to identify, respond, protect themselves, and recover from these cyber security incidents. When there’s news of a cyber-attack close to home, customers often reach out to us and ask questions such as – What actually happened, Do you know how we can check if we will be targeted, What do we need to do to make sure we will not be victims. Taking all of this into consideration, we wanted to share our experiences in dealing with such attacks, explain how these generally happen and possible preventive measures you can take to protect your organization. From what we’ve gathered, most of these attacks have the following major steps, which I have explained below: 1. Initial compromise 2. Privilege escalation 3. Lateral movement 4. Persistence 5. Data theft (Less Common) 6. Payload detonation The Initial Compromise is where the attackers gain access into your network, and there could be many ways in which this could happen. It could be as easy as brute forcing a Remote Desktop (RDP) session you have opened to the Internet to help with your remote working or it could by exploiting any zero-day vulnerability (or a very recently discovered vulnerability which hasn’t been patched) of your Internet facing webserver. A few ways to reduce the risk of the initial compromise is to expose Remote Sessions via a secure remote access VPN (with multifactor authentication), make sure you regularly patch your Internet server and ensure you do not expose unwanted services to the Internet. Once the attacker gains access to your network, they explore to understand what sort of activities can be performed on that network. In most cases, the attacker tends to perform what’s called Privilege Escalation – in simpler terms, this means they try to elevate their level of access. To do this, they would try out methods such as guessing the passwords (Yes, mycompany@123 can be a very common password) or look for passwords stored in text files (Yes, this sounds very trivial, but the truth is when administrators force you to maintain strong passwords we often resort to simple means of remembering them, i.e. text files) or more complex methods such as running exploitation tools like mimikatz to steal credentials. The higher the access the attacker gets, the more damage they can do to a network. As a preventive measure, you can always try to force users to use complex passwords and educate them on how to keep the passwords safe. You could also monitor your user activity to detect abuse and misuse. The next step of the attack is the Lateral Movement. In other words, once the attacker gains higher privileges on your network, it starts spreading the payload to all possible victim devices to cause more harm than damaging a single machine. Many would ask what makes a ransomware attack so devastating? The answer is its behavior of launching attacks on multiple devices within a small timeframe. This is what makes them so devastating and enables them to bring down organizations within a few minutes or hours. Most attackers utilize vulnerabilities on your network (e.g. the eternalblue exploit) or they would abuse legitimate tools to spread the payload. The abuse of legitimate tools can be very hard to detect as in most cases since the activity is done in such a manner that it mimics legitimate user behavior. Therefore, it’s very difficult to differentiate if the entire activity is malicious or not without proper context. For example, consider an attacker gaining access to the server that you use to distribute software in your organization. They can use this same tool to distribute the malware as well. A few methods of detecting and preventing lateral movement would be to properly segment user privileges, make sure all your devices have UpToDate security patches, your network is properly segmented and firewalled (a common thing we see is that although you tend to protect your network from the external entities, you rarely practice segmentation internally. Hence, when a network gets compromised, it is easy for the attacker to travel within your network), monitor suspicious usage of privileged accounts and limit what privileged accounts could do in your network. The next step of the attack would be to make themselves Persistent in your environment. Many attackers put in a lot of effort to gain access to your network and the effort is mostly proportional to the amount of security you maintain on the network. Once this is done, the attacker would hate to lose access via a reboot or change of credentials or other interruptions. Hence, they deploy methods such as using the group policy feature of windows environments, registering as a service, creating scheduled tasks, and creating new accounts to make sure they will not lose their control abruptly. A few methods of detecting and preventing such attempts would be to limit what actions user accounts can perform, monitoring suspicious user creations (e.g. users created during off hours) and monitoring group policy or other services related changes. Before moving to the final stage of the attack, attackers may opt to steal your data – Data Theft. This isn’t a very common move, but we have witnessed some instances. If attackers sense that your data would have a substantial black-market value or that your brand image would be gravely damaged by certain information becoming public, then they would decide to exfiltrate your data. A common method of stealing data could be uploading the files to a file share site (it’s very common for administrators to allow file sharing sites to make their day-to-day work easy but keep in mind attackers too could exploit these same paths). The methods of preventing or minimizing such data loss would be to implement Rights Management Systems (this will help you to make sure that even if the data is exfiltrated the attacker cannot use it), implementing Data Loss Prevention Systems (will detect/prevent when data is been exfiltrated) and block file sharing sites that aren’t needed for work-related matters. The final step of the attack would be Payload Detonation. Unfortunately, it’s at this stage most organizations learn that they have been attacked, and by the time the initial panic phase has passed, a lot of damage might have been done already. Source: www.microsoft.com There are two types of payloads that we have come across – Cryptominer and Ransomware. Cryptominers do not exhibit any visible damages on your machines and would rather utilize your resources such as CPU and RAM to perform crypto currency mining. In such a situation, you will notice heating up, slow performance, huge bills for your cloud consumption, and abrupt crashing of your devices. Ransomware is the more devastating type of payloads we see. It will start encrypting the commonly used file types, such as documents, videos and photos, and at the end, it will display a note stating what the attackers have done, laying out their demands, what will happen if you do not comply, and in case you want to comply how the money should be transferred. Attackers use crypto currency as the medium of paying ransoms as this method is more difficult or impossible to trace. Once the ransomware is detonated, it could effectively bring down your entire IT infrastructure. It could encrypt the end user devices as well as the servers that host your critical systems, such as application servers, database servers and email servers. In case the attacker has stolen your data, this is the stage where they will communicate to you about the ransom you need to pay to prevent the data from being released to the Internet. They would even go ahead and share a sample of the stolen data to make sure you know they’re serious. Reputational Damage Is Far Worse Than Data Leaks Many organizations do not opt to pay (or cannot afford to pay to recover everything that has been encrypted). Hence, they resort to restoring their systems from scratch, which takes a lot of time and effort. This, in turn, results in massive delays before the organization can get back online to serve their customers. Although the most visible damage of these attacks is done to the IT infrastructure, the biggest, unforeseen damages are to the brand identities of these organizations. News travels fast and bad news will travel even faster. No organization will ever want their names associated with such an event, and any negative media coverage and reputational damage could be made far worse by releasing your confidential data to the public domain. A pertinent question customers ask during the final stage of an attack is “Why can’t my signature-based antivirus software detect this malicious file (payload)?” The answer is that in many scenarios, attackers change the signature (hash) of the payload before using it during the attack. Many legacy antivirus software solely depend on signature updates, and if the signature isn’t in the database, it is very easy for the attacker to bypass the antivirus tool. Quick Detection, Quick Response and Strong Recovery Plan Many organizations take a long time to detect such attacks. And when they do, it is sadly at the final stage of an attack. One main reason for this is that most customers utilize legacy detection mechanisms that have a very narrow visibility instead of adopting more current detection mechanisms which have a broader, in-depth view of the environment. Based on our recent experiences and observations, many organizations take a long time to get their critical business services up and running or in other words, they take considerable amount of time to execute their business continuity plan (BCP). Moreover, although many organizations have satisfactory BCPs and DRPs (Disaster Recovery Plan) in place, almost all of them are rendered little or no use to safeguard from these attacks. Most of these plans have been formulated to protect organizations against events such as natural disasters, power failures, terrorist threats, assuming the backups will be available to start their recovery. Attackers generally know this and will start by targeting the backup systems as the initial attack points before moving toward other critical assets. This way the attackers know they can force the victim to pay up since they have no other means of recovering. Another interesting fact about these attacks is that most of the activities happen either during early hours or during holidays. The main reason is that attackers try to leverage human weaknesses (even security operations centers are less alert during these times) to their advantage. In summary, based on our observations, we can no longer consider Sri Lanka as a country with a very slim chance of being attacked. And these attackers seem to always find enough ways to circumvent defenses employed by most organizations and continue undetected till the very last stage. Many organizations need to rethink and plan their BCPs and DRPs to safeguard from ransomware attacks. In the past, organizations believed in the concept of “Survival of the Strongest,” i.e. if you keep increasing your defenses, you can prevent any cyber-attack. But now, we believe organizations need to equally focus on the concept of “Survival of the Fastest,” which means it is inevitable that your organization will be targeted by an attacker sooner or later, and when that time comes, what matters is how fast you can detect, contain and recover. In other words, the speed at which you react to contain and recover from such an attack will define how your organization will withstand such an event. Rukmal Fernando Associate Director – Cyber Security MillenniumIT ESP How can we help you? First Name Last Name Company Job Title Email Address Phone Number Industry Banking & Finance Telecommunications & Media Manufacturing & Retail Government & Public Sector Other Country Afghanistan Albania Algeria American Samoa Andorra Angola Anguilla Antigua & Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire Bosnia & Herzegovina Botswana Brazil British Indian Ocean Ter Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Canary Islands Cape Verde Cayman Islands Central African Republic Chad Channel Islands Chile China Christmas Island Cocos Island Colombia Comoros Congo Cook Islands Costa Rica Cote DIvoire Croatia Cuba Curacao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic East Timor Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Ter Gabon Gambia Georgia Germany Ghana Gibraltar Great Britain Greece Greenland Grenada Guadeloupe Guam Guatemala Guinea Guyana Haiti Hawaii Honduras Hong Kong Hungary Iceland Indonesia India Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jordan Kazakhstan Kenya Kiribati Korea North Korea South Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macau Macedonia Madagascar Malaysia Malawi Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Midway Islands Moldova Monaco Mongolia Montserrat Morocco Mozambique Myanmar Nambia Nauru Nepal Netherland Antilles Netherlands (Holland, Europe) Nevis New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Norway Oman Pakistan Palau Island Palestine Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Island Poland Portugal Puerto Rico Qatar Republic of Montenegro Republic of Serbia Reunion Romania Russia Rwanda St Barthelemy St Eustatius St Helena St Kitts-Nevis St Lucia St Maarten St Pierre & Miquelon St Vincent & Grenadines Saipan Samoa Samoa American San Marino Sao Tome & Principe Saudi Arabia Senegal Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa Spain Sri Lanka Sudan Suriname Swaziland Sweden Switzerland Syria Tahiti Taiwan Tajikistan Tanzania Thailand Togo Tokelau Tonga Trinidad & Tobago Tunisia Turkey Turkmenistan Turks & Caicos Is Tuvalu Uganda United Kingdom Ukraine United Arab Emirates United States of America Uruguay Uzbekistan Vanuatu Vatican City State Venezuela Vietnam Virgin Islands (Brit) Virgin Islands (USA) Wake Island Wallis & Futana Is Yemen Zaire Zambia Zimbabwe Message Submit