Editor’s comment Dutch companies lack knowledge of the IoT and are missing out on its benefits Netherlands gives young cyber criminals re-education rather than jail sentences Dutch sat-nav pioneer uses consumer data to help map business- to-business future Dutch developer offers firms nuclear security option for communications How to find a much sought-after data scientist Layer your approach to web security computerweekly.com BELOLIPETSKIYRA/ADOBE CW MAY-JULY 2019 The quarterly magazine from Computer Weekly, focusing on business IT in Belgium, the Netherlands and Luxembourg Home New vision for hackers Netherlands offers young cyber offenders re-education instead of a jail sentence
Transcript
cw benelux May-July 2019 1
Home
Editor’s comment
Dutch companies lack knowledge of the IoT and are missing out on its benefits
Netherlands gives young cyber criminals re-education rather than jail sentences
Dutch sat-nav pioneer uses consumer data to help map business-to-business future
Dutch developer offers firms nuclear security option for communications
How to find a much sought-after data scientist
Layer your approach to web security
computerweekly.com BELO
LIPE
TSK
IYRA
/AD
OBE
CW BeneluxMAY-JULY 2019
The quarterly magazine from Computer Weekly, focusing on business IT in Belgium, the Netherlands and Luxembourg
Home
New vision for hackersNetherlands offers young cyber offenders re-education instead of a jail sentence
Dutch companies lack knowledge of the IoT and are missing out on its benefits
Netherlands gives young cyber criminals re-education rather than jail sentences
Dutch satnav pioneer uses consumer data to help map business-to-business future
Dutch developer offers firms nuclear security option for communications
How to find a much sought-after data scientist
Layer your approach to web security
Why don’t Dutch firms embrace the IoT?
In this issue of CW Benelux, we look at how organisations in the Netherlands could be set to miss out on the advantages of internet of things (IoT) technology.
A recent report from Vodafone revealed the startling news that the IoT barely squeezes onto the radar of 90% of Dutch compa-nies, and 28% admit to having very limited or non-existent knowledge of the technology’s benefits.
How can this be? The Netherlands always seems to be a pioneer of the latest technologies. For example, the Port of Rotterdam, as a previous issue of this ezine has described, is moving towards a fully automated port operation, which includes automated ships.
Another thing you don’t expect to hear when it comes to digital is “the Netherlands is falling internationally behind when it comes to IoT”, but that is what the Vodafone report found. It pointed out that the proportion of global organisations that use IoT applications is 29%, whereas in the Netherlands, just 13% do.
But the Netherlands is still a technology pioneer, as is illustrated by its work to help young computer hackers turn from crime and put their skills to good use. Read in this issue how young people convicted of cyber crimes are, as part of a pilot scheme, being put to work with IT departments in the country’s private sector as an alternative punish-ment to serving a prison sentence.
The Hack_Right programme in the Netherlands aims to rehabilitate and educate young offenders. The initiative follows cooperation between the Dutch police and public prosecutors.
One of the problems the programme will address is the fact that many of the young cyber criminals who come into contact with prosecutors in the Netherlands each year are often not even aware that what they are doing is illegal. Nor do they understand the real consequences of their actions, which can cost targeted companies a lot of money, even if it is just to notify customers that they have suffered a breach. n
Dutch companies lack knowledge of the IoT and are missing out on its benefits
Netherlands gives young cyber criminals re-education rather than jail sentences
Dutch satnav pioneer uses consumer data to help map business-to-business future
Dutch developer offers firms nuclear security option for communications
How to find a much sought-after data scientist
Layer your approach to web security
Dutch companies lack knowledge of the IoT and are missing out on its benefitsMany firms in the Netherlands lack awareness of the internet of things’ potential benefits, writes Kim Loohuis
Almost 90% of businesses in the Netherlands are barely aware of the competitive advantages that the internet of things (IoT) can offer them.
This figure is striking given that last year, Vodafone’s IoT trends report for the Netherlands found that organisations that embrace the IoT achieve a significant revenue increase, cost reductions, more satisfied customers or more efficient business processes.
The problem appears to be a lack of understanding, rather than a reluctance to adopt the IoT, because more than a quarter of the companies (28.5%) surveyed for the report regarded their IoT knowledge as limited to almost non-existent.
Striking outcomeJohn van Vianen, director, business market at VodafoneZiggo, said in the introduction to the Vodafone Nederland IoT Trendrapport 2018: “The outcome of this trend research into the adoption of IoT in the Netherlands as a means to develop new products and services is striking. Almost seven out of 10 Dutch entre-preneurs indicate that they do not really or hardly think about
how they could use IoT for their business. There is still a world to win for companies – and thus for their customers. In many sectors, you can still be an early adopter. From healthcare to industry to government, IoT solutions are able to improve businesses, make them smarter and to create completely new business models.”
Internationally, the Netherlands is falling behind in the field of IoT. While the proportion of global organisations that use IoT applications has doubled to 29% in the past five years, the Netherlands remains at just 13%.
Lack of trustVodafone’s report showed that most Dutch companies are reluctant to trust the information produced by IoT equipment and applications. Only 9% said they used such data to make everyday decisions.
A large number of organisations said IoT data supports their business, but they are not making decisions based on it. About 20% of the respondents said they do not really use data at all.
Dutch companies lack knowledge of the IoT and are missing out on its benefits
Netherlands gives young cyber criminals re-education rather than jail sentences
Dutch satnav pioneer uses consumer data to help map business-to-business future
Dutch developer offers firms nuclear security option for communications
How to find a much sought-after data scientist
Layer your approach to web security
Security and privacy concerns were mentioned as the biggest obstacles to implementing IoT by 39% of respondents to the Vodafone survey.
The lack of knowledge and skills among employees is also seen as one of the biggest obstacles to Dutch organisations imple-menting IoT. As a result, they are likely to miss out on opportuni-ties compared with international organisations that have already embraced the technology.
Despite the slow take-up in the Netherlands, virtually everyone seems to recognise the importance of IoT in being able to offer better solutions for problems ranging from energy and the envi-ronment to crime, healthcare and education.
“It is absolutely vital to gather knowledge in your own organi-sation,” said Gerd Kortuem, professor of IoT at the Technical University of Delft.
Such knowledge can be built up internally, but that takes a lot of time, said Kortuem. Organisations need to learn about the success stories and failures of early adopters of the technol-ogy, and IoT specialists have an important role to play in making the business case for IoT, then implementing it and scaling up, he added.
Jelmer Letterie, IoT specialist at Vodafone, said: “We advise cli-ents to start small and find a knowledge partner who can help to scale up successful business cases.” For example, he said, for the
INTERNET OF THINGS
KWA
NC
HA
IFT/
AD
OBE
Dutch companies are not taking enough advantage of the internet of things
Dutch companies lack knowledge of the IoT and are missing out on its benefits
Netherlands gives young cyber criminals re-education rather than jail sentences
Dutch satnav pioneer uses consumer data to help map business-to-business future
Dutch developer offers firms nuclear security option for communications
How to find a much sought-after data scientist
Layer your approach to web security
development of the Bundelz app, insurance company Nationale Nederlanden called in help from Vodafone, among others. With the app – and a prepaid car insurance policy – policyholders only pay for the exact number of kilometres they drive.
“Why would you pay the same premium when you drive less than somebody that, for instance, drives 20,000km a year?” said Letterie. “By registering the number of kilometres you drive, via IoT, people only have to pay for the exact number of kilometres. They buy a bundle for a certain number of kilometres and get notified when they reach that limit.”
The app was developed with multiple parties. Vodafone was not only brought in for its IoT expertise, but also for its experience with prepaid arrangements.
Nearly half of companies in the Netherlands estimate that at least part of their business processes will depend on the IoT in five years’ time. That is why almost one in four Dutch organisa-tions say they are investing more and more in the technology.
Transforming business processesVodafone’s IoT trends report shows that the number of con-nected devices has grown among these early adopters. “We see companies that already use IoT are creating new services and transforming their business processes,” said Letterie.
But uncertainty over the return on investment in IoT is rife. Almost two-thirds of the Dutch organisations that are investing in IoT said they do not know what it will contribute to their turnover. “It seems that many companies do not yet know how to use IoT to the maximum,” said Letterie.
Some companies do not immediately see what IoT use can yield or where to start, yet Vodafone’s research shows that 51% of entrepreneurs that use IoT see their turnover increase. As well as sales growth, there are many examples of cost savings, work-ing more efficiently and/or a better customer experience.
The main conclusion of the IoT trends report is that most Dutch businesses use IoT mainly for a better customer experience, improved data collection and better productivity, whereas inter-national organisations use it to increase revenue.
Companies that take up IoT technology hope to gain ingenuity, efficiency and profitability, but the main obstacles to these goals are concerns about privacy and data protection, plus practical considerations such as internal reluctance, low budget or a short-age of qualified suppliers of software and sensors.
But the main reason why Dutch companies are ignoring the IoT is the simple fact that they do not appear to see a clear and con-vincing business case for it. n
“we see companies ThaT already use ioT are creaTing new
services and Transforming Their business processes”
Jelmer letterie, Vodafone
INTERNET OF THINGS
❯As IoT devices proliferate, cloud isn’t fast enough – so edge computing comes in.
Dutch companies lack knowledge of the IoT and are missing out on its benefits
Netherlands gives young cyber criminals re-education rather than jail sentences
Dutch satnav pioneer uses consumer data to help map business-to-business future
Dutch developer offers firms nuclear security option for communications
How to find a much sought-after data scientist
Layer your approach to web security
Netherlands gives young cyber criminals re-education rather than jail sentencesYoung hackers in the Netherlands are being rehabilitated through punishments that educate, writes Tijs Hofmans
Youths who are convicted of cyber crimes are being put to work with IT departments in the private sector as an alternative punishment to imprisonment, as part of a pro-
gramme in the Netherlands.The Hack_Right programme is aimed at rehabilitation and edu-
cation, and is a collaboration between Dutch police and pub-lic prosecutors, designed specifically to handle cases involving young and sometimes naive hackers.
Other partners in the project are Child Protective Services and Bureau Halt, which gives criminals aged under 18 alternative pun-ishment, usually in the form of community service. Youngsters convicted through Bureau Halt will have no permanent criminal record that could otherwise hinder them later in life.
It is in this programme that Hack_Right found its inspiration. Rather than cracking down hard on young criminals, authorities now first try to re-educate them and give them a meaningful insight into their actions without compromising their futures. This is thought to reduce the risk of reoffending, and helps youngsters to develop and then utilise their IT talents in later life.
About 70 young cyber criminals come into contact with pros-ecutors in the Netherlands every year, mostly for minor offences. In many cases, the young people are not even aware that what they are doing is illegal. Some hack into their school systems to change their exam grades, or simply just to have a look around.
“Something as simple as obtaining your teacher’s password and logging into the school network is a form of cyber crime,” said public prosecutor Martijn Egberts.
Growing problemAccording to the Hack_Right programme managers, the young hackers usually do not properly foresee the consequences of their actions. Hacks can cost companies a lot of money, even if it is just to notify customers of a breach. There lies the base of the programme.
“We saw a growing problem with young people who can do a serious amount of damage in a relatively easy way,” said Floor Jansen, one of the programme managers. “They usually don’t realise the scope of the damage they cause to the victims.”
Dutch companies lack knowledge of the IoT and are missing out on its benefits
Netherlands gives young cyber criminals re-education rather than jail sentences
Dutch satnav pioneer uses consumer data to help map business-to-business future
Dutch developer offers firms nuclear security option for communications
How to find a much sought-after data scientist
Layer your approach to web security
There are many such incidents. Last year, an 18-year-old hacker took down large Dutch institutions including the Dutch Tax Authority and several banks. He used a simple webstresser that was bought online.
Jansen can give more examples, such as when someone hacked into a large service provider to watch free movies. After a little prodding in the network, he would have been able to take down a large part of the Netherlands’ telephone and internet traffic. When police arrested the perpetrator, they didn’t find a sophisti-cated group of expert hackers, but just a kid.
“Cyber crime prosecutors struggle with such cases,” said Jansen. “They don’t know what intervention is most suitable for these culprits. They did something wrong, but they’re still young and often differ from most traditional perpetrators.”
Strict criteriaHack_Right is not always the best solution. In fact, there are a few strict criteria for youngsters to be admitted into the pro-gramme. Besides being aged between 12 and 23, hackers can participate only if they confess to their crimes. They should also be willing to develop themselves in a positive way.
“Hack_Right consists of four modules that you can view as four pieces of a puzzle,” said prosecutor Egberts. “Every module helps to change youngsters’ behaviour.”
The first module is recovery, in which the offenders are con-fronted with the consequences of their actions. In some cases, they will meet their victims, so they get a first-hand account of the problems they caused.
CYBER CRIME
AN
DRE
Y P
OPO
V/A
DO
BE
The Dutch authorities want to show young hackers the errors of their ways and teach them to use their skills for good purposes
Dutch companies lack knowledge of the IoT and are missing out on its benefits
Netherlands gives young cyber criminals re-education rather than jail sentences
Dutch satnav pioneer uses consumer data to help map business-to-business future
Dutch developer offers firms nuclear security option for communications
How to find a much sought-after data scientist
Layer your approach to web security
The second module focuses on teaching the youngsters where legal boundaries lie in the online domain. “Everybody knows toss-ing a brick through a window is illegal,” said Egberts. “But online, those borders are much less clear.”
In the third part of the programme, the hackers are taught about legal alternatives for using their skills, such as ethical hack-ing through hackerspaces. Those places are often good starting points for young people to develop a career in cyber security.
“Those possibilities are usually completely unknown to most hackers,” said Egberts. In the last phase of the programme, the youths are coached into finding such careers.
In most cases, the police and other public authorities take charge of the first two modules, with private companies handling the latter two. Several companies, such as Deloitte, have made themselves available and police are seeking more partnerships.
Press chargesPart of the programme’s objective is to encourage companies that have been hacked to increase their willingness to press charges. “Small companies or schools don’t always press charges because they don’t want to ruin young people’s lives by giving them a criminal record,” said Lisanne van Dijk, policy adviser with the Dutch national police.
But more prosecutions are not just good for the public record, they can actually help the youngsters too. “When kids are not caught at a young age, they move on to more serious crimes which are even more destructive and expensive,” said Van Dijk. “Then they are even further from home.”
The Netherlands has a wide-ranging network of social workers and neighbourhood policemen who try to counsel young people and steer them away from criminal activities. But youngsters who commit cyber crimes are a lot less visible, both to the authorities and their parents. “When companies press charges, it becomes easier to spot the offenders at an early stage,” said Van Dijk.
But Hack_Right isn’t for everyone. The police want to set a limit on how many youths can take part in the readjustment process and are therefore selective. Possible candidates for the pro-gramme are judged on their age, but also on their willingness to cooperate. “It doesn’t work if the youngsters don’t want to coop-erate,” said Van Dijk.
If that is the case, then normal court procedures are applied. Standard community service, fines or even prison terms become options. But Hack_Right is not simply an alternative punishment that youths can choose instead of prison. In some cases, prosecu-tors can choose a combination of both. n
“everybody knows Tossing a brick Through a window
is illegal, buT online, Those borders are much less clear”
martiJn egberts, public prosecutor
CYBER CRIME
❯Rotterdam initiative targets young IT recruits overlooked by traditional methods.
Dutch companies lack knowledge of the IoT and are missing out on its benefits
Netherlands gives young cyber criminals re-education rather than jail sentences
Dutch satnav pioneer uses consumer data to help map business-to-business future
Dutch developer offers firms nuclear security option for communications
How to find a much sought-after data scientist
Layer your approach to web security
Dutch sat-nav pioneer uses consumer data to help map business-to-business futureTomTom is focusing on the B2B sector, but its consumer base is an important part of its strategy, writes Tijs Hofmans
TomTom was once the undisputed king of the road. But ever since free and increasingly better navigation systems hit smartphones, the once massive Dutch company has had
to set its sights on other areas while not losing track of its vast customer base.
Mike Schoofs has been with TomTom since 2005, and is now managing director of consumer. It is a notable development for the company that “consumer” is now a separate division, along with automotive and enterprise (the company sold its Telematics division earlier this year). “I am involved with everything that ends in the hands of the consumer,” he told Computer Weekly.
In the early years after TomTom was founded, which was in 1991, consumer technology was the one thing that made the company almost unbeatable in the global navigation market. But now the firm, which is headquartered in Amsterdam, faces an uncertain future with the rise of free competitor systems.
The company’s consumer division is still very strong, said Schoofs, but he admitted the market is declining, with little pros-pect for growth. “However, we have a very large and very strong
user base,” he added. “We still sell 5,000 portable navigation devices [PNDs] a day.” According to Schoofs, the customers who are buying TomTom’s products are upgrading. “These are the users that really love our products and want the latest technol-ogy,” he said. “That is why we still innovate by developing con-nected products with SIM or Wi-Fi.”
But a declining market does not promise much of a future, even when the company’s consumer base is so loyal. That is why TomTom is moving into the brave new world of automotive development, partnering with large companies rather than selling directly to consumers.
TomTom’s automotive and enterprise divisions have grown exponentially in recent years. The company partnered with Apple and Uber to produce integrated maps, and it works with large car manufacturers under original equipment manufacturer (OEM) deals.
But it is not the only player in this field. TomTom suffered a set-back when Renault-Nissan signed a partnership with Google in September 2018 and Google became a competitor in more than
Dutch companies lack knowledge of the IoT and are missing out on its benefits
Netherlands gives young cyber criminals re-education rather than jail sentences
Dutch satnav pioneer uses consumer data to help map business-to-business future
Dutch developer offers firms nuclear security option for communications
How to find a much sought-after data scientist
Layer your approach to web security
just the mobile space. Now TomTom competes with Google on an OEM level, and sold its Telematics division earlier this year to free up resources and release capital to help it compete.
For Schoofs, the company’s different divisions are not that dif-ferent at the end of the day. “As a company, we might move more towards a B2B [business-to-business] approach, but in the end, our users remain the same,” he said. “It doesn’t matter whether they buy a BMW or Peugeot in which TomTom maps are inte-grated, or use Apple Maps – we just have to keep the connection with them.”
And that is the pivotal point for TomTom. Physical navigation devices are no longer the company’s big money-maker, but the users are still there – and there is a lot of knowledge to be gained about what they want in a journey.
“We are coming up to 100 million devices sold,” said Schoofs, adding that this milestone is more than just symbolic. Combined with TomTom’s heavy push into software – which now generates about two-thirds of its revenue – the company has a lot of data it can use to make a user’s journey easier.
“Users still go from A to B, but their journey is different,” he said. “For a commuter, it is important to know traffic information, or where the speed cameras are, whereas someone going on holiday would rather know where the cultural areas are, where the good restaurants are. That information becomes more important.”
And it is here that TomTom wants to differentiate itself. It is not an entirely new idea, as the company was once famous for integrating points of interest into its maps. Schoofs sees paral-lels, but also differences.
NAVIGATION SYSTEMS
VANDERWOLF IMAGES/ADOBE
TomTom maps are integrated into some cars, allowing it to retain a connection with the consumer and gain knowledge and data about what consumers want from a journey
cw benelux May-July 2019 11
Home
Editor’s comment
Dutch companies lack knowledge of the IoT and are missing out on its benefits
Netherlands gives young cyber criminals re-education rather than jail sentences
Dutch satnav pioneer uses consumer data to help map business-to-business future
Dutch developer offers firms nuclear security option for communications
How to find a much sought-after data scientist
Layer your approach to web security
“People want information, but they want it before and after their journey as well,” he said. “Whether it is a commuter who finds out at the breakfast table what his fastest route is, or a traveller who wants to be inspired before his holiday, we want to answer that question: what do you, as a customer, want?”
Social experienceThe “after” part of a journey is also increasingly important for TomTom, said Schoofs. “People want experiences. They want to be inspired and then they can inspire others through the trips they have had.”
Schoofs hinted at new products coming from TomTom, such as a platform built by and for the community, but details are as yet unclear. “Social recommendations to other users will become a larger part of the TomTom experi-ence,” he said. “We have to kick it off and then let the community take it from there. Those 100 million users mean that we can obtain really relevant insights.”
This approach also means a change in the company’s business model. An advertising model, espe-cially one based on personal data, is not something that TomTom wants, but partnerships are a pos-sibility, said Schoofs.
“It’s not about bombarding people with ads but about rel-evance,” he said. “If we can find out how long it takes before a
driver needs to refuel, we could show them things like dynamic fuel pricing and offer a free coffee and sandwich in partnership with a petrol station.”
New competitorsBut it is hard to add relevance to maps when Google is a competi-tor. This is the elephant in the room for TomTom. Free navigation systems make TomTom’s expensive software packages a hard sell to customers. That is why the company has become interested in lucrative OEM contracts, which it now has with car manufactur-ers such as Toyota and Volkswagen.
It also has enterprise partnerships with Apple, Uber and Baidu, and revenue from these automotive and enterprise contracts has been growing exponentially, with 23% growth in the last quarter
of 2018 alone.High-definition (HD) maps might
be the key to a sustainable future for TomTom, and are one of the most important developments for the future adoption of autonomous vehicles. However, developing such maps might be difficult for TomTom when Google moves into this space as well.
In fact, TomTom is not often seen as a tech company, according to InsingerGilissen analyst Jos Versteeg. “It has never been one,” he said. “It is a great retailer that can sell its signature product really well, but it can’t compete with a tech company like Google.”
“social recommendaTions To oTher users will become a larger parT of The TomTom experience”
mike schoofs, tomtom
NAVIGATION SYSTEMS
❯TomTom and Cisco team up to develop low-latency, real-time traffic services.
Dutch companies lack knowledge of the IoT and are missing out on its benefits
Netherlands gives young cyber criminals re-education rather than jail sentences
Dutch satnav pioneer uses consumer data to help map business-to-business future
Dutch developer offers firms nuclear security option for communications
How to find a much sought-after data scientist
Layer your approach to web security
But Schoofs rejected this assessment. “For instance, we applied artificial intelligence [AI] long before other companies started using it as a marketing ploy,” he said. “We had products like IQ Routes before 2010. Everything we do is technological. Our live traffic feed is often seen as the best around. And we are in an advanced stage of HD mapping.”
Those HD maps have become an important part of TomTom’s identity. The company’s revenue from autonomous driving has grown steadily in recent years and continues to increase. But
despite having branched out from consumer products, that con-sumer base is still important for TomTom. It is also difficult to say what the future of autonomous driving will hold, and how the company should respond to that.
“Developing for an autonomous [driving] future is long term,” said Schoofs. “There are too many factors to take into account – legislation, technological developments, consumer acceptance. We develop for the future, but it is hard to say whether that will be for three, five or 10 years from now.” n
TomTom hopes to offer its customers a more personal journey with dynamic fuel pricing and offers, such as on snacks at service stations en route
Dutch companies lack knowledge of the IoT and are missing out on its benefits
Netherlands gives young cyber criminals re-education rather than jail sentences
Dutch satnav pioneer uses consumer data to help map business-to-business future
Dutch developer offers firms nuclear security option for communications
How to find a much sought-after data scientist
Layer your approach to web security
Dutch developer offers firms nuclear security option for communicationsThe startup that created the secure platform for communication between world leaders attending the 2014 Nuclear Security Summit in the Netherlands is revolutionising business mail with a corporate solution. Kim Loohuis reports
When the Netherlands hosted the Nuclear Security Summit in 2014, all the country’s special units were put in place to make the meeting as safe as possible.
World leaders who came to The Hague included then US presi-dent Barack Obama and German chancellor Angela Merkel.
Bas Smits, who at the time was chairman of a customer support group that included all the special units, said it was one of the biggest security operations the Netherlands had seen. “The lead-ers all had their own security guards and, in the Netherlands, all conceivable security units were on high alert, such as the marines, the intelligence services and the military police,” he said.
Smits had held his support group role since 2006. “When per-forming that role, I saw that hardly anyone thought about the communication between all the special units, both our own and those that accompanied the world leaders,” he said. Smits sug-gested to summit organisers that this had to change.
Smits has worked with the Dutch government all his life. He joined the army at the age of 17, then transferred to the police. There, he
ended up working with the anti-terror special units. “In that capac-ity, I did a lot of work with encryption and communication,” he said.
When Smits brought up the communication issue with a tempo-rary project team set up to support the Nuclear Security Summit, they recognised the need for improvements and gave him the green light to work on a secure communication solution.
That was just a few months before the summit. In a matter of weeks, Smits, supported by a couple of dozen IT architects, devel-opers and other professionals, built a platform on which all the special units and world leaders could communicate safely.
“Many more people were involved in the project indirectly because all kinds of equipment was needed,” he said. “Telecoms provider KPN had to lay pipes, for example, and antennas had to be built throughout the country.”
A virtual network was created, to which the equipment used by the visiting world leaders and their entourages could be con-nected. “When the Obama team came to the Netherlands, their equipment was put through our ‘car wash’ as we called it, and
Dutch companies lack knowledge of the IoT and are missing out on its benefits
Netherlands gives young cyber criminals re-education rather than jail sentences
Dutch satnav pioneer uses consumer data to help map business-to-business future
Dutch developer offers firms nuclear security option for communications
How to find a much sought-after data scientist
Layer your approach to web security
their devices were able to use the extra security of our network. Everyone’s identity could be checked and validated.”
After the secure platform proved a success for the summit, Smits saw its commercial possibilities. “At one point, I saw a news item about PostNL wanting to deliver mail through pizza deliverers,” he said. “That kind of made me think. Traditional mail delivery is a very old process – it is time to radically change and digitise it.”
The safe platform Smits had built for the Nuclear Security Summit formed the basis for a company he founded, known as Kryb. “Because you have to identify yourself on Kryb via iDIN [a
Dutch online identification tool], it is always clear who you are,” he said. “This ensures that phishing and spam are no longer pos-sible. The identity of the sender and recipient is always clear to both parties.”
That makes it an attractive system for business communication by small and medium-sized enterprises (SMEs). And through the platform, entrepreneurs automatically comply with the EU’s General Data Protection Regulation (GDPR), adds Smits.
“That is something many entrepreneurs struggle with. They do not have the technical knowledge to protect their systems
COMMUNICATIONS
WO
UTE
RJA
N S
TIK
KEL
/WIK
IMED
IA
The Netherlands hosted the 2014 Nuclear Security Summit
Dutch companies lack knowledge of the IoT and are missing out on its benefits
Netherlands gives young cyber criminals re-education rather than jail sentences
Dutch satnav pioneer uses consumer data to help map business-to-business future
Dutch developer offers firms nuclear security option for communications
How to find a much sought-after data scientist
Layer your approach to web security
adequately, nor do they fully understand the GDPR. It is a very complex matter and it is often not clear what is and what is not allowed,” he said.
Ethical hackers invitedSmits is so certain about the security of his platform that he even invites ethical hackers to look for vulnerabilities in Kryb’s open source code. “Of course, you can never completely rule out errors, but we optimise and improve continuously,” he said. “Our CTO is an ethical hacker, we have regular pen tests and there is a responsive disclosure on our website. Moreover, we invite hack-ers worldwide to approve our software code.”
Smits’ ambition for Kryb is to digitise the business mail market. “Many people now want to receive letters digitally,” he said. “Kryb is faster, easier to archive, better for the environment and, above all, cheaper.”
Because Kryb, via iDIN, links the identity and physical address of a user, organisations can check an address via Kryb’s applica-tion programming interface (API) and see whether there are Kryb users in their own customer relationship management (CRM) or enterprise resource planning (ERP) databases, he said.
“If you want to send a batch of letters as an organisation, you can carry out a check by address via our API,” said Smits. “When a Kryb user is in your mailing list, the letter is removed from the mailing list for physical mailing and the letter is placed directly on the device of that user. People who do not yet use Kryb, or have indicated that they prefer to receive paper mail, will still receive the physical letter at home.” n
COMMUNICATIONS
❯ Digitisation among Dutch SMEs still has a lot to do in terms of cyber security.
MA
RKU
S M
AIN
KA
/AD
OBE
Kryb users identify themselves via a Dutch online identification tool, so phishing and spam are no longer possible
With many organisations putting data at the heart of their digitisation strategy, analyst firm Gartner predicts the market for data analytics is likely to exceed $100bn in the next few years, suggesting
that organisations are driving adoption of initiatives where there is a strong need to invest in analytics.
Techniques for analytics can be relatively simple. “Finding some-thing useful in your data is a starting point,” says TV presenter Hannah Fry, who is an associate professor in the mathematics of cities at UCL’s centre for advanced spatial analysis. “The tiniest clues can give us a prediction of what will happen a long time in the future,” she adds.
It is this ability to predict likely outcomes and derive hidden meaning based on analysis of existing datasets that is propel-ling data science into a modern day snake oil.
Gartner’s analysis of earnings statements from public com-panies shows a strong correlation between the use of the word “data” and reported business growth. The more an organisa-tion can exploit the data it creates to make informed business decisions, the greater its potential to succeed.
Skills challengeTo use Gartner’s definition, the role of a data scientist is to cre-ate a shared vision of how data is used in an organisation. Such people tend to have an academic background – perhaps a PhD in mathematics – combined with strong programming skills. They are hard to find and expensive to hire. Gartner estimates that
How to find a much sought-after data scientist Every organisation seems to be hunting for a data scientist, but securing
the right people with the right skills is a challenge, writes Cliff Saran
Dutch companies lack knowledge of the IoT and are missing out on its benefits
Netherlands gives young cyber criminals re-education rather than jail sentences
Dutch satnav pioneer uses consumer data to help map business-to-business future
Dutch developer offers firms nuclear security option for communications
How to find a much sought-after data scientist
Layer your approach to web security
the average tenure of data scientists is just over three years, and the average level of experience is just two years.
Technology, growth and strategy adviser Mark Ridley has held a number of chief technology officer (CTO) positions in blue-chip organisations. In his experience, data science is a nascent field. He says it first took form by breaking out from the tra-ditional database administration role, then evolved with data analysis and, subsequently, big data analytics, which, he says, requires data engineering skills.
“I hired my first data scientist in 2012, direct from academia. I saw the role of data scientist as being someone who has a whole lot of data and treats it as an experiment to prove a hypothesis,” says Ridley.
According to Iain Brown, head of data science at SAS, while organi-sations have tended to hire highly skilled mathematicians, statisticians and computer scientists for their data science roles, this approach has not always been a success. “Highly skilled people may not understand the needs of the business. I believe data science should start with the busi-ness,” he says.
Brown adds that organisations sometimes treat data science as unicorns, but there needs to be a business context. Since there is a high cost associated with data science, it must deliver value. “Where data science has succeeded is when there is close alignment. Then you get a fast turnaround of projects,” he says.
It is also difficult for a data scientist to gain domain expertise in two years.
According to Simon Blunn, vice-president at DataRobot EMEA, organisations often end up not using the skills of their data scien-tists effectively. “They may have a data scientist, but linking with all the right stakeholders is very difficult to achieve,” he says.
This is one of the key problem areas DataRobot aims to address. The tool is designed to enable more people in business
to collaborate on the data model.Insurance firm Liverpool Victoria
(LV) has been using DataRobot for about a year. LV has a team of data scientists who are building machine learning using open source soft-ware tools that require coding and an understanding of different programming languages. Pardeep Bassi, head of data science at LV,
says DataRobot removes the need for coding, allowing business analysts to collaborate on building data models. “DataRobot democratises analytics. It stops data analytics being restricted to people who can code. This increases the number of people who can build data models,” he explains.
Bassi says LV builds its data team both by growing internal expertise and hiring external contractors. “We have a joint strategy to train internally and hire externally – [not looking for] people with all the skills needed, but people with the ability to learn,” he says. “We give employees opportunities to learn
“organisaTions may have a daTa scienTisT, buT linking wiTh The
righT sTakeholders is difficulT”simon blunn, datarobot emea
Dutch companies lack knowledge of the IoT and are missing out on its benefits
Netherlands gives young cyber criminals re-education rather than jail sentences
Dutch satnav pioneer uses consumer data to help map business-to-business future
Dutch developer offers firms nuclear security option for communications
How to find a much sought-after data scientist
Layer your approach to web security
and develop their skills through a data science forum. This gets people interested. There is also a mentoring forum where key individuals who play with analytics tools in their own time are identified and supported.”
Centralising data scienceLV’s data science team is a centralised function, whose role is to identify business areas where machine learning and advanced analytics can be applied. Tied to LV’s overall business strategy, it looks at how to enable business decisions to be made more accu-rately and more efficiently, such as examining how to improve the claims process. Problem areas are identified through work-
shops. “We will have a workshop with a business function and its domain experts, then we’ll prioritise outputs and look at how easy they are to implement,” says Bassi.
Similarly, venture building company Blenheim Chalcot (BC) has a centre of excellence for building out its data science
BUSINESS INTELLIGENCE & ANALYTICS
“There is a menToring forum where key individuals who play
wiTh analyTics Tools in Their own Time are idenTified and supporTed”
pardeep bassi, liVerpool Victoria
BAK
HTI
ARZ
EIN
/AD
OBE
cw benelux May-July 2019 19
Home
Editor’s comment
Dutch companies lack knowledge of the IoT and are missing out on its benefits
Netherlands gives young cyber criminals re-education rather than jail sentences
Dutch satnav pioneer uses consumer data to help map business-to-business future
Dutch developer offers firms nuclear security option for communications
How to find a much sought-after data scientist
Layer your approach to web security
expertise. BC uses Fospha, its data science-heavy business, as a training ground for the whole group.
Describing the approach BC takes, CEO Kate Newhouse says: “We have created a grow-your-own programme to invest in and foster brilliant data scientists to forge a career in this arena.” Newhouse says BC takes either graduates, including master’s and PhD graduates, or second jobbers, such as analysts and engineers, onto the programme and provides centralised train-ing via Fospha, its centre of excel-lence for data science. “We partner with Imperial College London, but attract from a diverse range of aca-demic institutions to try to build a diverse workforce and approach to complex problems,” she says.
In-house or external skillsWhile data science incurs high costs and requires a high level of expertise, Ridley says there are no defined outcomes. This raises the question of whether it is more cost-effective to hire a contractor or invest in a full-time data scientist. He advises organisations to frame their data science expectations. “If the expertise is needed for a short period of time or used irregu-larly, you cannot justify hiring a full-time employee,” he says.
In Ridley’s experience, many organisations rush to bring in tal-ent and hire permanent data science teams before they under-stand what they really need. “At the experimental stage, how
do you know you have the right data scientist for your busi-ness? Having a longer-term view may mean that organisations hire data science contractors for skunkworks initiatives to show what is possible, or when projects require specific expertise.
Given the difficulty organisations face in hiring data scien-tists, Gartner has found that the market for service providers to support organisations’ data analytics strategy is maturing.
Jorgen Heizeberg, senior direct analyst at Gartner, says: “Vendors are planning to do more for you, such as building data foundations to create value.”
The analyst firm has also seen a shift from traditional per-hour-based costings to asset-based con-sulting where the service providers offer services and software. Some consulting firms are also creating
their own big data platforms and developer workbenches to provide to organisations. “The convergence of software and ser-vices is very disruptive,” adds Heizeberg.
Lack of understandingSince data scientists are not cheap and hoarding data is expensive, a lack of understanding in organisations means the money invested in data projects appears to flow in the wrong direction, according to Harvinder Atwal, head of analytics at MoneySupermarket.com. “The C-suite doesn’t understand
BUSINESS INTELLIGENCE & ANALYTICS
“we have creaTed a grow-your-own programme To invesT in and fosTer brillianT daTa scienTisTs
To forge a career in This arena”kate newhouse, blenheim chalcot
Dutch companies lack knowledge of the IoT and are missing out on its benefits
Netherlands gives young cyber criminals re-education rather than jail sentences
Dutch satnav pioneer uses consumer data to help map business-to-business future
Dutch developer offers firms nuclear security option for communications
How to find a much sought-after data scientist
Layer your approach to web security
data,” he says. “They understand the need to hoard data and hire data scientists, but then they think magic happens.”
Rather than treat data science initiatives as projects, he rec-ommends organisations run them as products and create a data science factory for developing new data products.
Branching outThis becomes more important as organisations reach beyond their own internal IT systems to cloud-based systems, and connect through application programming interfaces (APIs) to business partners’ systems. In this age of software as a ser-vice (SaaS), where organisations may have employee data in WorkDay or another SaaS-based HR system, they should use SalesForce, Microsoft Dynamics, SAP or Oracle in the cloud and connect across its supply chain with their business partner. Understanding the data flow, such as the customer’s journey, is more complex when that journey spans multiple external and cloud-based systems.
Ridley sees the emergence of an enterprise data architect role, analogous to an enterprise architect, who has the expertise and broad view of the whole data ecosystem, in terms of bringing all the disparate data sources together.
For SAS’s Brown, while a chief data officer may have a view and insight of all data sources, there needs to be a consideration both for the value that can be created, and how data can be brought to the surface to enable the data science people to derive busi-ness value from the data source. “But,” says Brown, “unfortu-nately data scientists are being left to their own devices.” n
The World Wide Web (WWW) is celebrating its 30th birthday. Among the many benefits it has given soci-ety, the web has also become the perfect vehicle to trick unsuspecting users into visiting rogue websites
containing malware. Bridget Kenyon, global chief information security officer (CISO)
at Thales, says search engines such as Google and Microsoft Bing have worked hard to remove malicious search results, but while web browsers are filtering out most of the bad sites, it is difficult to prevent the worst attacks. “Spear phishing is a lot harder to recognise,” she adds.
The web has made it possible for users to jump easily between different servers across the internet, without even being aware that it is how web pages are rendered on their browsers.
For security professionals, ensuring users don’t acti-vate malware that could attack the corporate network is an uphill battle, often involving multiple security systems, with each requiring administration. Unified threat man-agement (UTM) is an attempt by the industry to simplify security management.
Traditionally, UTM has focused on preventing and detecting cyber attacks. Ideally, security incidents and breaches should be prevented, says Maxine Holt, research director at Ovum.
However, organisations recognise that not everything can be prevented, so Holt says it is essential that the potential for a security breach is detected while an attacker is in the network, before the breach happens.
Layer your approach to web security
Combining unified threat management with other security systems and a strategic CISO is essential to defend
Dutch companies lack knowledge of the IoT and are missing out on its benefits
Netherlands gives young cyber criminals re-education rather than jail sentences
Dutch satnav pioneer uses consumer data to help map business-to-business future
Dutch developer offers firms nuclear security option for communications
How to find a much sought-after data scientist
Layer your approach to web security
“As we have seen with enterprise approaches to security across all sectors and in organisa-tions of all sizes, there is increased focus on the third objective of technology security controls – responding to an attack,” she says.
More of these types of technology capabilities will be deployed as part of UTM. Data loss pro-tection (DLP) is generally included, but may be joined by data breach reporting capabilities to comply with the EU’s General Data Protection Regulation (GDPR), for example.
Multiple layers of securityFor Holt, the benefits of UTM, led by the reduction of complexity in the security environment for small and medium-sized enter-prises (SMEs), mean that UTM will be around for years to come.
However, Simon McCalla, chief technology officer (CTO) at Nominet, says: “Having one system in place means there’s only one system to go wrong. A lack of redundancy systems means that if the worst were to happen, there’s nobody on the subs’ bench ready to come on and change the game. If the UTM sys-tem fails, the criminals can essentially walk right in.”
Given that the profile of cyber criminals is changing and attack vectors continually change, McCalla warns: “With a UTM sys-tem, you’re reliant on the threat intelligence provider to be as quick as the criminals. If it’s not up to date, a business’s whole security posture is weakened, instead of just one element. This leaves multiple attack vectors open to criminals, and makes the business more vulnerable.”
McCalla urges CISOs to be wary of marketing hype. He says one major cyber security player was recently criticised for the inefficient alerts it was giving the teams that used it. The technol-ogy was essentially accused of crying wolf, mean-ing that security professionals ignored alerts, or turned them off all together. “This doesn’t mean that the system wasn’t also flagging legitimate
threats, but they were likely lost in the maelstrom,” he adds.According to McCalla, one of the key areas which is often
underlooked is domain name system (DNS) security, which offers a layer of protection that sits at the very gateway to your network. DNS is usually a reliable attack vector, as firewalls often allow traffic through this way.
However, as McCalla points out, what is weak in the event of an attack can be made strong in defence – if every packet of data leaves or enters via the DNS, it can be used as a strong first line of defence.
“At the moment, UTM systems don’t pay much attention to the DNS,” he says. “CISOs would be wise to consider a layered approach to cyber security, with bespoke tools for each poten-tial attack vector. Or, if a UTM system is the preferred method of protection, a backup system that sits at a DNS level should be considered.”
The other thing CISOs need to consider is what type of busi-ness they are in, and where it might be vulnerable. For example, a manufacturing or industrial business will be vulnerable in dif-ferent areas to a bank.
THREAT MANAGEMENT
❯ Implementing UTM will help maintain good security
and so help prevent breaches – but it must be maintained
Dutch companies lack knowledge of the IoT and are missing out on its benefits
Netherlands gives young cyber criminals re-education rather than jail sentences
Dutch satnav pioneer uses consumer data to help map business-to-business future
Dutch developer offers firms nuclear security option for communications
How to find a much sought-after data scientist
Layer your approach to web security
One thing that is clear, however, is that as businesses continue to transform digitally, connecting more devices online, maintain-ing a secure network environment becomes harder. Due to the interconnected nature of today’s businesses, a UTM tool likely wouldn’t cover all bases anyway.
Firewalls and anti-spam software are effective at catch-ing phishing emails aimed at employees, but they may not notice packets of data leaving a connected device infected
with malware – this happened to a casino when its connected fish tank was hacked. To that end, CISOs should consider their spend. UTM systems may give them protection in areas they don’t need, while leaving them vulnerable in others.
UTM is not a silver bulletSimon Persin, director of Turnkey Consulting, warns that over-reliance on a UTM system must be avoided. “If alerts are
THREAT MANAGEMENT
ALE
X/A
DO
BE
firewalls and anTi-spam sofTware are effecTive aT
caTching phishing emails aimed aT employees, buT They may noT noTice packeTs of daTa leaving
Dutch companies lack knowledge of the IoT and are missing out on its benefits
Netherlands gives young cyber criminals re-education rather than jail sentences
Dutch satnav pioneer uses consumer data to help map business-to-business future
Dutch developer offers firms nuclear security option for communications
How to find a much sought-after data scientist
Layer your approach to web security
switched off – possibly as part of an attack, as this would be a target – effectiveness is seriously compromised,” he says. “In other words, using UTM shouldn’t mean foregoing controls at other levels throughout the organisation.”
He adds that storage is another consideration. “UTM systems rely on vast amounts of stored data to detect patterns over time as well as identify immediate threats. When implementing UTM, the team must understand the data requirements, avail-ability of storage and potential impact on key applications prior to installing,” he says.
Vladimir Jirasek, managing director of specialised cyber secu-rity consultancy and services company Jirasek Security, says: “Sometimes I get into discussions pertaining to the use of the latest technologies to thwart data breaches. In many cases, the debate quickly steers into suppliers, capa-bilities and features. I try to get my point across: cyber security starts with processes at the hygiene level – once these are implemented to a satisfactory level, add more advanced processes.”
He believes cyber security pro-cesses are undervalued in the portfolio of security programmes. “Companies put various technologies in place, in some cases implementing these without a care for how they will be managed, monitored and integrated into the rest of processes,” he says.
Jirasek believes UTM, or any other technology for that mat-ter, is no good without well-executed processes. “Start with the critical controls implemented as processes, supported by trained people, good configuration and managed technolo-gies,” he says. “It is only then that we stand a realistic chance to protect against data breaches.”
What next for UTM? As threats continue to evolve, so too will UTM tools. In the age of GDPR and similar legislation worldwide, where businesses are under increasing pressure to disclose breaches, McCalla believes that the ability to forensically report on attacks will be key. “Knowing what data was stolen and where it went will need to
be a key offering for all cyber secu-rity suppliers,” he adds.
Nominet’s McCalla expects UTM tools to become more expansive as they cover the ever-increasing attack vectors available to criminals.
“They will also look at offering protection at a deeper network level to cope with the plethora of devices now connected to the internet. Some sort of DNS protec-
tion capability will be essential,” he says.Ultimately, UTM systems – as with all types of threat pre-
vention – will always be in responsive mode, tracking the
THREAT MANAGEMENT
“cyber securiTy sTarTs wiTh processes aT The hygiene level
– once These are implemenTed To a saTisfacTory level, add
more advanced processes”Vladimir Jirasek, Jirasek security
Dutch companies lack knowledge of the IoT and are missing out on its benefits
Netherlands gives young cyber criminals re-education rather than jail sentences
Dutch satnav pioneer uses consumer data to help map business-to-business future
Dutch developer offers firms nuclear security option for communications
How to find a much sought-after data scientist
Layer your approach to web security
latest threats and adapting accordingly. To that end, it will still require the guile of a strategic CISO to understand their own network, identify the weak points, and deploy tools accord-ingly. Whether that’s a UTM system, bespoke tools, or com-bination of the two, nothing will beat the strategic outlook of a well-versed CISO.
The threat landscape has exploded as the web and services built on web technologies gain in popularity. Given that every device – whether it is a corporate PC, a smartphone or an inter-net of things (IoT) device such as an internet-connected TV
or security camera – requires an open connection to the inter-net, this provides a network port through which hackers can target attacks.
Understanding the health of the corporate network from a security standpoint – where are attacks being targeted or which exploits have broken through – is key to stopping or limiting damage from any attacks. UTM may go some way to helping security admins manage the ever-changing threat landscape by providing a single console to assess the overall security posture of the corporate network. n
Three network traffic patterns to watch out for and what to do about them
1. Generic patterns, known within the industry and likely to affect many organisations: Tools to detect these can be delivered by the UTM provider, and is potentially an area for the customer to consider when undertaking due diligence on the prospective supplier.
2. Patterns specific to individual organisations that are known about: This requires the UTM solution to be extendable so that custom patterns can be defined to meet specific needs.
3. Patterns that are not yet known and therefore need to be defined: The UTM product could analyse the source data, for example, and propose potentially undetected scenarios outside the previously known threats. This is where artificial intelligence may be most effec-tively applied.
Once patterns have been identified, the right tools are needed in the operational world to generate a relevant response – such as an alert or notification – direct to a nominated user, or the incident response system, should an anomaly occur. This should also include an aspect of machine learning to assist where a potential violation has been repeatedly marked as an exception or false positive.
Source: Simon Persin, director of Turnkey Consulting
