Archive for September, 2011|Monthly archive page

Cyberwar is here but are corporations prepared?

A recent article in Foreign Policy magazine is a wake up call for companies who are unaware of a cyberwar being waged right under their noses.  According to the author Joel Brenner, a retired intelligence official from the U.S. National Security Agency, criminals, hackers and terrorist groups are using the internet to target a variety of industries including IT, financial services, defence and electronics.  These attacks are launched for a variety of reasons including financial gain, IP theft, political disruption or merely just for kicks.  Cyber risks are rising so managers will need to understand and accept this reality and better prepare their organizations for inevitable disruptions.

So far, cyberwar has claimed many victims, some public but many private.  Most risks fall into two general areas:  information & IP security threats and operational risks

Information & IP security threats

Most weeks features disclosures of electronic fraud and massive data heists. For example, Sony’s PlayStation Network was hacked (apparently through its Amazon Cloud infrastructure), compromising the personal information of more than 100M customers.  In another case, cyber thieves stole $9M in just a few hours by breaking into an international bank, creating counterfeit credit balances and looting ATMs across 4 countries.  There is nowhere to hide from these threats. According to Brenner, “international gangs spread malicious code that conscripts unwitting computers into zombie armies of hundreds of thousands of similarly enslaved machines.”

Cyberwar pays.    It is often cheaper and easier to steal IP than it is to painstakingly develop it.   Brenner sees corporate espionage by both competitors and foreign intelligence services (or their surrogates) increasing. For understandable reasons around maintaining confidence and not admitting vulnerabilities, government officials are reluctant to speak openly on specifics while victims will rarely admit they have been targeted. Yet, two companies have gone public.  Google acknowledged that a 2009 Chinese government cyber attack was about stealing their market-leading source code.  Brenner asserts that thousands of other U.S. and Western firms were targeted by the same Chinese attack.  In another case, Oracle publicly admitted and successfully sued SAP for stealing some of its software. 

Operational threats

Virtually every company’s operations are susceptible to national infrastructure and supply chains disruptions.  Operational vulnerability has been illuminated by the impact of the Stuxnet computer virus on the Iranian nuclear program.  Having been introduced remotely or embedded in the firmware of the industrial control systems, Stuxnet caused the uranium centrifuges to go haywire, resulting in a major setback to the program.   While good news for world peace, this case exposed the harsh reality that operational espionage is a major threat to highly automated and capital intensive operations.  While it is believed only a top-notch intelligence agency could have developed the virus,  the code itself is now public increasing the possibility of copy cat attacks.   For every Western organizations, the national and trans-national infrastructure is the nexus of vulnerability. Attackers have numerous soft targets including the electricity grid, air traffic control, energy pipelines, water and sewage systems and railroad switches.  These systems are mostly electronically controlled and networked.  If an intruder can break into the right server electronically, he/she can remotely shut down production, redirect goods to the wrong location, and even unlock shipping doors – while leaving no record of ever having been there.

Western companies face a wide variety of cyber threats from all corners of the globe and within their own societies.  According to Brenner, seized al Qaeda computers have contained details of U.S. industrial control systems. A variety of terrorist groups have plotted attacks on the Australian and British electricity grids over the past 8 years. Countless numbers of individual hackers and small gangs regularly look to penetrate poorly defended IT infrastructures.  In fact, criminals can easily rent cyber weapons online, called “botnets,” to attack web sites.

How can managers deal with the onset of cyberwar?

  1. Acknowledge that their firms face serious operational vulnerability in an inter-dependent and wired world.   Organizations need an objective and realistic assessment of which assets, data and IP can and should be protected.  Moreover, managers must look back through their supply chains and equipment suppliers to understand the full impact of cyber disruption.
  2. Accept that risks cannot be eliminated, only managed.  As operators of over 80% of the IT infrastructure, it is the private sector who owns this vulnerability;  they can’t depend on a distracted, heavily indebted government to save them. Furthermore, companies must reconsider their primary focus on efficiency and invest more in operational redundancies in key areas such as business continuity measures, IT & communications support and data storage.    
  3. Understand that technology is only one, albeit the most obvious, aspect of the cyberwar challenge. Unless technology risk mitigation is integrated with people, process and operational elements, firms run the risk of not closing every window of vulnerability.

For more information on our services and work, please visit the Quanta Consulting Inc. web site.


Gamification: games businesses play

Game playing is moving out of the animated world of video games and into mainstream business. Gamification – the use of games to address business problems or opportunities – is an innovative form of consumer and employee engagement  that translates online game design elements into non-game settings.  A recent phenomena, gamification is being used by innovative organizations to: 1) increase consumer participation with a brand; 2) drive faster adoption of a new application or tool and;  3) foster process alignment. The premise is that games can help change and sustain new behaviours among your target audience, thereby generating real business value.   Games are particularly helpful with tasks people find a hassle, boring or psychologically challenging, such as following routines, shopping, completing surveys or reading websites.

Gamification improves engagement by leveraging a person’s psychological nature to play games, interact with others, and seek extrinsic rewards.  The more entertaining, competitive and rewarding the game is, the more likely people will participate in a desired behaviour and for longer periods of time.  Numerous studies have shown that extrinsic motivators (e.g., leader boards, badges  and virtual currencies) are effective drivers of participation, at least in the short term.  To be fair, it has yet to be proven whether extrinsic motivators (versus intrinsic motivators like personal will and desire) are sufficient to trigger long term behavioural change.

Game playing is common to every demographic and socio-economic group as it addresses fundamental human desires for things like rewards, status, achievement, competition, self expression, and altruism. Not surprisingly, Gamification can produce benefits across the  entire organization.  Marketers look to games to increase consumer participation with their brand or social media presence;  players are more likely to return to a site and engage in desirous online behaviour like completing tasks, visiting different web pages or shopping.  Other functional groups can use games as a means to catalyze employee action in areas like improving project execution, completing corporate education programs and maintaining employee health regimes

Gamification in action

Knowledge@Wharton, a publication of Wharton Business School, has noted some well-known examples of innovative gamification programs:

A Nike program, Nike Plus, allows runners to keep track of their runs using a small accelerometer in their sneakers.  The runner can plug the device into their computer and track results against their friends via leader boards.

The USA cable network uses a rewards system to fuel an ardent fan base for some of their shows like “Psych.”   Viewers on the channel’s special “Club Psych” website are awarded points for their active engagement with the site.

In an effort to cut its high fuel expenses, software firm SAP uses point-based games to incentivize employees to carpool.

Given the newness of gamification strategies and the inevitable customization needed for each company, published best practices and ROI numbers are not always accessible.  However, we have discovered some learnings that would benefit organizations looking to dip their toe into game-playing:

Great games are more than the sum of their parts

Just because something has an interesting game element doesn’t make it a good, complete game. Truly successful games are designed around a business need, are compelling to play and really focus on something fundamental that people genuinely want to do. Because game design is often based on widely held but sometimes faulty assumptions – for example, money motivates people the most –  managers must be careful not to introduce bias.

Start small and test

Like any other tool or methodology, games can be misused and manipulated (i.e. people cheat), producing unintended consequences or results.  The best approach is to do little experiments,  test different variables and measure the right metrics, both quantitatively and qualitatively.

Get the right business owners

For optimal strategic focus and game design, games should be “owned” by the business unit or department that has the pressing business issue.  Regardless of the of the game being run, it is well advised in the planning stage to engage a team or outside firm with solid functional expertise, experience in human psychology,  and expert game design skills.

For more information on our services and work, please visit the Quanta Consulting Inc. web site.

Reducing cheating in self-reporting documents

When considering self-reporting forms, the assumption is that individuals are generally ethical in their reporting behaviour. Yet even when people care about morality and want to be seen as ethical by others, they sometimes (or often) are dishonest in their statements when it is beneficial to their own self-interest.  The accuracy of millions of these written assertions has a major financial impact on a variety of industries including insurance, professional services and health care.  New research out of the Harvard Business School looked at how organization can reduce unethical behaviours.  The conclusion was that signing a form up front – versus at the end – can appreciably reduced cheating. Simply put, improving ethical behaviour will significantly reduce costs and increase revenues.

In accordance with legal requirements, individuals are typically asked to sign at the end of a self-reporting document to certify the truthfulness of their statements.   Most organizations rely solely on a person’s honesty, using the possibility of punishment to deter dishonesty. Not surprisingly, considerable amounts of cheating occur given the potential payoffs, the high cost of compliance and the low probability of getting caught within an honour-based system. 

The objective of the study was to develop and test an efficient and simple measure to reduce or eliminate unethical actions — particularly behaviours that rely on self-monitoring in lieu of societal restraints. Examples of self reported, unethical deeds includes over-claiming expenses, inflating business results, over-stating billable hours and under-reporting taxes.

Cheating is really costly…

In one of the study’s field experiments with insurance firms, asking customers to sign at the start of the form led to a 10.25% increase or an additional 2,428 reported miles driven per car (i.e. they cheated less) versus the current practice of asking for a signature at the end of the form.  After assuming a per-mile-cost of automobile insurance of between 4-10 cents, the study estimated that annual insurance premium per car would have been $97 higher with the more truthful reporting.  One key consequence of false reporting is that the costs extend beyond the insurer to its entire customer base, including the honest policy-holders.   In the case of tax avoidance, the economic cost of tax cheating is estimated to be a staggering $150B every year in the United States alone.  

…but it can be reduced

The research found that signing at the beginning of a report – before having the opportunity to cheat – rather than at the end of the document leads to significant reductions in the likelihood and magnitude of cheating.

Why do people become more honest?

According to the research, simply moving the signature line to the beginning of a form can bring a person’s moral and ethical standards into focus, right before it is most needed – the reporting. The amplified importance of moral standards may trigger increased truthfulness in the subsequent statements. Conversely, when signing at the end of a form, the unethical behaviour has already taken place.  In turn, the individual maintains their positive self-image by engaging in various justifications and delusions.

In the real world…

Every organization can easily take advantage of these insights by redesigning their standard forms to move the signing position to the beginning of the document. Specific sectors like insurance, government, health care and professional services that depend on self-reporting will benefit from more truthful assertions, reduced performance inflation, less over-claiming of credits, and fewer deduction claims.

For more information on our services and work, please visit the Quanta Consulting Inc. web site.

Successful online companies go narrow and local

It’s been over 15 years since the likes of Amazon, Expedia and eBay stormed the business world with their new ways of transacting business and startling growth.  Ever since then, conventional wisdom has said that online success was best achieved by reaching operational scale and mass market appeal as quickly as possible.  In other words, an “if you build it online, they will come from everywhere” approach. 

Yet, recent developments belie this approach.  Booz & Co., a consultancy, studied online successes and failures.  They found that firms such as Webvan, and Value America that focused exclusively on scale and mass marketing were unable to convert this strategy into market leadership.  In fact, there are only 3 non-traditional retailers (Amazon, Newegg and Netflix) among the top 25 internet retailers, with Amazon coming in the highest at #4.  Furthermore, a scale based strategy has fared no better in the B2B space.  Specifically, Booz cites the failures of online auctions like FreeMarkets, and Covisint to transform B2B commerce. 

There is much to learn from the above failures as well as from the new internet stars such as Zappos and Groupon.  Two key success factors stand out.  Firstly, they build distinct yet market-beating capabilities that support their mission.  Secondly, they target these capabilities against local markets. Online winners achieve scale but realize it in different ways than their predecessors.  Simply put, scale follows focus and capabilities.

Narrow the focus

Given the challenges around satisfying fickle consumer needs and achieving technological integration, it is difficult for online firms to design and maintain a full spectrum of powerful operational capabilities. Like traditional businesses, online firms often struggle to be all things to all people.  The successful Internet firms are picking narrow business strategies and then developing supporting capabilities that provide a superior value proposition and service offering. 

Zappos, the leading online shoe retailer, was one of the first Internet firms to follow a focused strategic approach. Before being purchased by Amazon in 2009, Zappos had bested their online foe by achieving superior client service and call center productivity through targeting one crowded and unpredictable market, shoes.  Specifically, the company has been recognized as having the best trained and motivated customer service workforce. Interestingly, Zappos’s success came without enjoying Amazon’s mass scale advantages such as being a low-cost seller or having the largest selection of merchandise. 

Think mass-local

In its early days, the online mantra was to sell everywhere at any time.  While this still rings true in many instances, some of the latest internet success stories have pursued scale by deploying platform-level capabilities and expertise at a local level.

Groupon is an excellent example of this approach. The company – recently rebuffing a December 2010 $6B acquisition offer from Google – has gained scale by launching their “daily deals” coupon promotions in 500 global markets, tapping the marketing spend of local businesses.  Groupon’s key metric is not the number of subscribers (though they have over 50 million) but rather the number of local subscribers – the ones of greatest interest to the revenue-paying merchants.  In essence, Groupon is following the marketing truism of going where the money is.  To support their strategy, Groupon has developed significant capabilities for identifying and vetting local merchants and managing promotional programs around them. Finally, their mass-local approach also generates scale from its inherent network effects (more consumers entice more sellers which in turn attract more consumers). 

Of course, the narrowly focused and locally oriented online companies must continue to execute with excellence if they are  to ward off competitors with similar models and continue to serve fickle customers well.  Failure to do so will consign firms like Zappos and Groupon to the same fate as previous Internet stars Webvan,, Friendster and Napster.

For more information on our services or work, please visit the Quanta Consulting Inc. web site.