Are large-scale transformation initiatives doomed by default?

megatrends_730x240

Against a backdrop of ubiquitous change, successful transformation is essential for survival in a highly dynamic and competitive environment. However, there is overwhelming evidence that most such initiatives end in some degree of failure. We examine the trends and forces driving these processes and the factors crucial to their success.

Read more …

Details of Cyber Attacks: Sharing is Caring

On 29 December 2016, the US government entered a new round in its fight against malicious cyber attackers. It released a 13-page report, accompanied by a much more detailed listing of almost 1,000 technical indicators. The goal of the report was to help companies detect, block and eradicate cyber attacks on their networks.

The move followed a rough year where not only the Democratic National Committee suffered a consequential and highly mediatized breach, but also think tanks, universities, critical infrastructure and many more. Fears that further attacks are coming appear well-grounded.

The US government’s report is important and relevant for many businesses, also here in Switzerland, for at least three reasons:

Aligned with private companies
Firstly, it confirms what private companies – including PwC – have been saying for a couple of years. The released information is a mixture of yet-unseen declassified technical indicators with a few also coming from the private sector. Private cyber security companies have therefore been doing quite a good job at gaining visibility and tracking what attackers have been up to. The investigative methods of private companies appear to match the ones the US government is using.

Overview on known attacking methods
Secondly, the report strongly highlights current state-of-the-art ways of attacking networks. Attackers send e-mails with malicious content enticing users to click on them. Once in a network they try to gain access to even more protected valuable resources (so-called “lateral movement” aimed at “escalating privileges”). The e-mails need not be precisely targeted: despite the hype over “spear phishing” e-mails, many rather resemble spam being sent to thousands of recipients at a time.

How to tackle threats
And this leads to the third point. The bulk of the US government’s report focuses on how to tackle such threats. And it notes: “These strategies are common sense to many, but DHS continues to see intrusions because organisations fail to use these basic measures”. This aligns very well with PwC’s experience and conclusions. In other words, many organisations, also in Switzerland, have yet to implement strong cyber security measures to ensure that they cannot easily fall victim to such attacks.

The way forward: sharing more data
Technical reports of this kind are very welcome. They lead the way by stressing that the sharing of information is crucial to defending against cyber attacks, and they contribute to normalising such a practice. Until now, indicators of cyber attacks have been very often looked at as sensitive information, thus there has been a notorious reluctance to share them between oft-ashamed victims. PwC supports the idea of sharing: when companies exchange information about experiences they’ve had with cyber attacks, negative experiences included, companies not only bring benefits to other companies, but also to themselves in the long run. They can get feedback on other companies’ experiences and this way improve their own security mechanisms. Reports like the one from the US government may contribute to changing the current mindset.

We’d also suggest adding even more precision and more details to such reports and not merely mention the many different malware names involved. For example: attackers launch their offensives in stages and use different tools and techniques at each of these stages. To protect different areas of their network, it is useful for companies to know exactly which technique is being used and at which stage. And lastly, many of the indicators provided, such as IP addresses (the address of a machine on a network), may have at times been used for legitimate purposes. To be able to differentiate between what is actually a part of the attack and what is not, it is necessary to know the exact time at which the infrastructure was used, this by means of what are commonly referred to as timestamps.

All in all, companies are well-advised to take a close look at the indicators of compromise that the US Government has provided and to use them as much to detect potential current breaches as to prevent future ones. Investigative work means that one must be ready for false-positives and shouldn’t necessarily take the initial result at face value. But, again, sharing with the rest of the community the difficulties and outcomes of these investigations can only help to strengthen the overall state of cyber security.

The aforementioned report and indicators are available here.

Download the article here.

Can AGILE enable a full scope transformation approach and realise expected benefits more successfully?

Agile project and programme delivery might be perceived as a silver bullet. However, while some organisations have achieved good results adapting agile practices, others have been struggling to cope with the multiple challenges related to agile delivery – especially at scale. Making it a success requires rethinking the way an organisation manages inevitable change, and above all, it means embedding agile practices in a full scope organisational transformation approach. If an organisation can get it right, the rewards are potentially immense: reduced time to market and rapid realisation of outcomes with highest value and benefits for your customers.

Read more…

Benefits management – more than a mere buzzword in today’s demanding and changing business environment?

Embracing the need for change is only half the battle. Securing long-term success hinges on understanding the outcome of transformation programmes and getting the most out of what has been achieved. Although wrongly dismissed by some as a mere buzzword, benefits management is in fact of pivotal importance in properly harnessing results and exploiting their potential to the full.

Read more…

UBS/PwC Billionaires report: The changing faces of billionaires

UBS/PwC Billionaires report reveals female billionaires outpace males

 

UBS Group AG and PwC have launched their joint deep dive report, The changing faces of billionaires”, which explores the role of women in building lasting financial legacies and how wealth is preserved across multiple generations.

The report’s findings, which build upon UBS/PwC’s 2015 Billionaires Report released last May, “Master architects of great wealth and lasting legacies”, revealed that the number of female billionaires is growing faster than the number of their male counterparts. Women have been controlling greater average wealth than men and becoming more influential in family businesses, philanthropic enterprises and governance. The report also highlights the fleeting nature of great wealth, finding that only 126 billionaires or 44% of the class of 1995 are billionaires today. It underscores the strategies these prevailing billionaires have employed to build and preserve lasting legacies.

Find more Information here.

Be ready: the new global P&U Thought Leadership report is coming…

We are pleased to announce the global launch of our new Thought Leadership report:

“The changing role of the CFO
How energy transformation is shifting the CFO focus”

The changing role of the CFO: how energy transformation is shifting the CFO focus shows how CFOs in the power sector are shifting from stewardship to  strategy, value realisation and optimisation. The new report, which forms part of a series of PwC publications on energy transformation, looks  at how the power sector CFO role is evolving, the challenges it needs to address and the capabilities that will be crucial for delivering first-class performance.

The report emphasises that the historical CFO capabilities related to management reporting, performance management and investor relationships will continue, but they will become more akin to minimum requirements. Alongside them, CFOs need to be better at communicating where strategy is taking the company and the link between strategy and value realisation.

Be ready for the launch on 24 November 2015!