Embracing innovation comes with risk. Exciting product launches don’t always go according to plan – and when that happens, you need to act quickly, learn from it and find new ways of making a difference.That’s certainly been the case for Graeme Hackland, CIO at Williams F1, whose team had to pull a recent plan to launch its new FW43B racing car using virtual reality, when leaked images appeared online before the scheduled reveal.

Innovation

But this episode won’t put Hackland off trying to innovate. As the person responsible for IT risk at Williams, he says he will not be saying to his board to steer clear of emerging technologies.SEE: Guide to Becoming a Digital Transformation Champion (TechRepublic Premium)The firm is already investigating how it might take advantage of artificial intelligence to help improve decision-making processes. There are also plans for more data-led services that will help boost fan engagement. Hackland, in short, is keen to keep on innovating – so long as the risk to the business is kept in check.”When I get the opportunity at the next board meeting, I’ll be encouraging us to stay brave and to keep embracing new technology in this way. The digital transformation journey we’re on now is not just about our internal systems. For us, it was always about fan engagement as well,” he says.Williams is far from alone in embracing tech-led innovation. All companies have had to embrace digital transformation during the past 12 months – whether that’s in terms of establishing remote working, moving to e-commerce or using new technologies to keep socially distanced customers engaged.  

What’s more, that preparedness to try new things isn’t going anywhere soon. Gartner says creative thinking will continue to be crucial in the post-COVID age. Companies that balance embrace innovation effectively will be most likely to gain a competitive edge on their competitors. The key message from Hackland is that, in age of almost-continual digital transformation, CIOs and their organisations must be prepared to try new things. Yes, things can go wrong – but the key to success is being prepared to embrace innovation and to learn lessons when issues arise.”In Formula 1, every time we make a mistake, we learn from it, we do an after-action review: why did that happen and how do we make sure it doesn’t happen again. I think a lot of organisations are starting to do that,” he says.Evidence would suggest that this kind of review process is absolutely critical. As the demand for innovative digital projects quickens, so do the chances of failure. Boston Consulting Group research shows just 30% of digital transformations succeed in achieving their objectives. That kind of failure rate helps to explain why executives in many large corporations are reluctant to advocate for what they perceive to be risky projects. The Harvard Business Review says they quash new ideas in favour of marginal improvements, cost-cutting and safe investments. Hackland: “I’ll be encouraging us to stay brave and to keep embracing new technology.”
Image: Williams F1
Hackland recognises that it can be difficult for CIOs to gain funding for innovative projects, especially in organisations with competing priorities. But when there’s a chance to try something new, the opportunity must be grabbed – not just in terms of the potential benefits it might bring to the company itself but also in terms of professional development.”You’re learning and your people are learning,” says Hackland, referring to the importance of experimentation. “They’re engaged in something new, they’re not just doing lights-on, which I think is really important. They’re getting to play with new technologies.”Which brings us back to Williams’ recent foray into virtual reality, which was one such attempt to try something new. The intention was to allow users of a bespoke VR app to view and manipulate the new car in its livery in 3D. The app, which was created by an external agency, was made available for fans to download on the Apple App Store and Google Play Store.However, when pictures of the FW43B started appearing online, the team couldn’t be sure if only the image data for the new car had been unpacked or whether the app itself had been compromised.”We didn’t know if there had been a compromise – we just didn’t know it the app was safe, and so you just couldn’t deploy it,” says Hackland. “If the app had been compromised, and we’d delivered it to our fans, I couldn’t have lived with that decision. So the decision was made to pull it.”Hackland says the company’s subsequent investigations have shown that the issue was a “data-loss incident” rather than someone hacking the app. Everything connected to the incident took place outside the team’s enterprise network.”This was not about someone getting into our network and taking our data. It’s the first time we’ve done something like this. So yeah, we clearly missed some things that next time – and I hope there is next time – we’ll learn from,” he says.”It was just unfortunate. An error was made that exposed the data. We’re still investigating and looking at it, and we’ve got a couple of cybersecurity partners looking at it, too.”Just as Hackland and has team have learnt some important lessons about embracing innovation, so other business leaders will have to ensure the right policies, processes and partners are in place to embrace new ideas in a carefully controlled manner.And rather than showing the downsides of working with external third-party suppliers, Hackland says the incident shows the importance of IT risk management and the role of trusted partners in trying to help reduce the ongoing cybersecurity threat.”I’ve been responsible for IT risk at two racing teams now for the past 15 years, but I don’t claim to know everything. The risk landscape changes constantly, which is why we partner with these organisations,” he says. More

The internet can be a dangerous place, with malware lurking around every corner. While many antivirus programs promise robust protection, choosing the right one can be surprisingly difficult. Which one should you download? Windows Security comes free with every Windows PC, and it’s surprisingly solid. Bitdefender boasts a fully loaded arsenal to protect your computer from bad actors, and at the time of this writing, a subscription costs $60 for a full year.To save you time, I have compiled a list of the best antivirus apps for Windows computers. Each program in this roundup comes highly recommended. You can’t go wrong with any of them, but there is one clear winner.Get more in-depth ZDNET tech coverage: Add us as a preferred Google source More

Passwords are a fact of life, and if you’re one of those people who reuses the same couple of passwords because that’s all you can remember, then you really need to think seriously about a password manager.But in a world where there are countless options, which one is the right one for you?Here I’m going to look at two of the most popular options — LastPass and 1Password — and examine the pros and cons of each.

But before I go on, what is a password manager?A password manager is an app, or more commonly these days, a combination of online services and apps that safely and securely store your passwords — it also securely distributes them to all your devices.Because password managers are storing your passwords, it’s important to choose a trustworthy, reliable, and secure service. This is not a job you want to entrust to any old no-name company.The two services I’m going to look at here are LastPass and 1Password. I’ve used both extensively for several months, and I’ve found them both to be very capable password managers. And while on the surface they seem similar, there are some key differences between the two that might influence which one you choose.Note: Neither LastPass nor 1Password have had any input on this review, and neither company got to see it before it was published.The plansLet’s begin by comparing the basics of the plans on offer for each offering. It’s important to realize that only LastPass offers a free plan, but it has become so limited (the one-device limit is very restrictive) that I don’t recommend it for those wanting a free password manager.Note: If you are looking for a free password manager, my recommendation is Bitwarden. 

Like”Power user” feelBroad platform support

Don’t LikeVery limited “free” offeringRelies on browser extensions

LastPassSettings options allow all sorts of customizations via the web interface.Limited “free” option.Uses browser extensions on most desktop platforms.LastPass offers three “single-user and families” plans, along with separate plans for business users.Free: $0Unlimited passwordsAccess on one device type — computer or mobile 30-day Premium trialSave and autofill passwordsOne-to-one sharing Multi-factor AuthenticationPassword generatorPremium: $3 per monthIncludes all Free featuresAccess on all devicesOne-to-many sharing 1GB encrypted file storageSecurity dashboardDark web monitoringEmergency accessPriority tech supportFamilies: $4 per monthIncludes all Premium features6 individual, encrypted vaultsFamily manager dashboard to manage users and securityGroup and share items in folders Individually encrypted storagesPersonal security dashboards and notifications

LikeCustom apps for all platformsFeels “easy” to useEasy setup

Don’t LikeNo free plan

1PasswordFeels “easier” to use, especially for those that don’t want or need to take deep dives into the service.Easy to set up and very easy to move to another device.Custom apps for all platforms.Extra protection from “secret key.”1Password offers two plans for home users, along with separate plans for teams and businesses.Individual: $2.99 per monthApps for Mac, iOS, Windows, Android, Linux, and Chrome OSUnlimited passwords, items, and 1GB document storage24/7 email support365-day item history to restore deleted passwordsTravel Mode to safely cross bordersTwo-factor authentication for an extra layer of protectionShare your sensitive information securely with anyoneFamilies: $4.99 per monthAll the 1Password features, plus:Invite up to 5 guests for limited sharingShare passwords, credit cards, secure notes, and moreManage what family members can see and doRecover accounts for locked out family membersWorking with your passwordsHow you’re going to be working with your passwords varies between the different services.I don’t mind if I have to use a browser extension or an app, but I know that other people have their preferences. Usability is so subjective that it’s borderline pointless to review because I can only tell you what I like and not what might work for you. But my feeling is that 1Password offers a simpler, cleaner approach, while LastPass is more basic and utilitarian. While I’m overgeneralizing here, 1Password is better suited to the average user, while LastPass is a better choice for those who want access to the bowels of the password manager.My advice here is to take LastPass and 1Password up on their free trial offer and see what works for you.EncryptionI don’t really have any concerns about the security offered by either service. But there is one difference that’s worth bearing in mind.Both services decrypt the data on your device, so there’s no risk of unencrypted data floating about the place. LastPass 256-bit AES encryption with PBKDF2 SHA-256 for master passwords.1Password uses 256-bit AES encryption with PBKDF2 password hashing for the master password, offering strong protection against brute force attacks. Additionally, there’s a 128-bit secret key backing up this master password.What this means in basic terms is both are awesome, but 1Password offers an additional step that adds a little more security. That said, I don’t think I’d make a switch to 1Password just for the security of the secret key.Multi-factor authentication and securityRelying on passwords alone is a bad idea, and having the ability to use multi-factor security significantly boosts the security offered.

ZDNet Recommends

The best security key

While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More

Both LastPass and 1Password offer a wide array of multi-factor security options, including support for software authenticators and hardware keys (such as YubiKey).Also: Why everyone should have this cheap security toolThere are subtle differences in how this is implemented across both services and the wide array of platforms that each support, but you get full multi-factor authentication support.Both services also support specific device features such as Face ID/Touch ID on iOS and fingerprint readers on Android and other security features offered by platforms and operating systems. Again, this varies depending on service and the device, but it’s there for both.SupportThere may come a time when you need a little help. LastPass paid users to get premium support, but those on the free plan are limited to whatever information is on LastPass’s website. While the chances of you needing support is low, you can never rule it out. While 1Password offers a broad range of support options, the one feature that this company has that elevates it over LastPass, in my opinion, is an active and supportive community forum. In my experience, users will get a solution to most problems here even quicker than going through the support channels, which are themselves quite fast.The bottom lineThe truth is that both LastPass and 1Password are excellent password managers. Some key differences might help you choose between one or the other. However, if you are still totally torn, I recommend taking each company on its free trial offer.

ZDNet Recommends More

Ransomware is the most significant cybersecurity threat facing organisations ranging from critical national infrastructure providers and large enterprises to schools and local businesses – but it’s a threat which can be countered.In a speech at the Chatham House Cyber 2021 Conference, Lindy Cameron, CEO of the UK’s National Cyber Security Centre (NCSC) warned about several cybersecurity threats facing the world today, including supply chain attacks, the threat of cyber espionage and cyber aggression by hostile nation-states and cybersecurity exploits and vulnerabilities being sold to whoever wants to buy them. But it’s ransomware which is “the most immediate danger to UK businesses and most other organisations” said Cameron, who warned that many businesses are leaving themselves vulnerable because “many have no incident response plans, or ever test their cyber defences”. Drawing on examples of high-profile ransomware attacks around the world including the Colonial Pipeline ransomware attack, the ransomware attack against Ireland’s Health Service Executive and those closer to home like the ransomware attack against Hackney Council, Cameron detailed the “real world impact” that these cyber attacks have had over the last year as cyber criminals encrypt networks and attempt to demand ransom payments of millions for the decryption key. And one of the reasons why ransomware is still so successful is because some victims of the attacks will pay the ransom, perceiving it to be the best way to restore the network as quickly as possible – despite warnings not to pay. SEE: A winning strategy for cybersecurity (ZDNet special report)”We expect ransomware will continue to be an attractive route for criminals as long as organisations remain vulnerable and continue to pay. We have been clear that paying ransoms emboldens these criminal groups – and it also does not guarantee your data will be returned intact, or indeed returned at all,” said Cameron, who also detailed how many ransomware groups are now stealing data and threatening to leak it if the ransom isn’t paid. 

“Their intention is clear: to increase pressure on victims to pay,” she said. In recent months, the impact of ransomware has become so great that world leaders have discussed it at international summits.  “We should not view ransomware as a risk we have to live with and can’t do anything about.  We’ve seen this issue become a leader level G7 topic of conversation this year. Governments have a role, and we are playing our part,” said Cameron. “We are redoubling our efforts to clamp down and deter this pernicious and spreading crime, standing firm with our global counterparts and doing our best to turn this into a crime that does not pay,” she added. But while governments, law enforcement and international bodies have a role to play in helping to fight back against ransomware attacks, businesses and other organisations can also examine their own defences and what plans they have in place, should they fall victim to a ransomware attack. “But victims also have agency here too. Do you know what you would do if it happened to you? Have you rehearsed this? Have you taken steps to ensure your systems are the hardest target in your market or sector to compromise? And if you would consider paying a ransom, are you comfortable that you are investing enough to stop that conversation ever happening in the first place,” said Cameron. Actions like applying security patches and updates promptly and using multi-factor authentication can help protect networks from cyber attacks – and the NCSC has published much advice on how businesses can help protect their networks, emphasising that cybersecurity must be a board level issue. “One of the key things I have learnt in my time as NCSC CEO is that many – in fact the vast majority –  of these high-profile cyber incidents can be prevented by following actionable steps that dramatically improve an organisation’s cyber resilience”, said Cameron. “Responsibility for understanding cyber security risks does not start and end with the IT department. Chief executives and boards also have a crucial role,” she said. “No chief exec would get away with saying they don’t need to understand legal risk because they have a general counsel. The same should be true of cyber risk”. MORE ON CYBERSECURITY More

The Office of the Australian Information Commissioner (OAIC) has asked that the powers given to the minister responsible under the pending Critical Infrastructure Bill, which would allow them to step in when a cybersecurity incident has occurred, be further defined to take into account the impact on individuals’ privacy.
The Security Legislation Amendment (Critical Infrastructure) Bill 2020 introduces a government assistance regime that provides powers to protect assets during or following a significant cyber attack. This includes the power to authorise information gathering directions, action directions, and intervention requests.
The Bill proposes that where an appropriate ministerial authorisation is in force, the Department of Home Affairs secretary can compel relevant entities to produce any information that may assist with determining whether power should be exercised in relation to the incident and asset in question.
“The secretary may also direct an entity ‘to do, or refrain from doing, a specified act or thing’,” the OAIC highlighted in its submission [PDF] to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) and its review into the Bill.
“This broad power should be balanced with appropriate safeguards, oversight, and accountability to ensure it is proportionate.”
The OAIC recommended that, in deciding whether or not to give the necessary authorisation, the minister responsible should be required to consider the privacy impacts of the exercise of these powers insofar as they apply to “business critical data” or other data that may include personal information.
“In our view, this would help to build both industry and community trust and confidence in the proposed framework,” the OAIC wrote.

“This requirement to consider privacy could be included in the matters that the Minister must have regard to when determining whether a direction or request is a proportionate response to a cybersecurity incident, as under ss 35AB (8) and (11).”
The OAIC said there is precedent for this approach in the Telecommunications (Interception and Access) Act 1979.
It also recommended the committee consider an amendment to ensure disclosure of protected information is permitted for the purposes of giving effect to the exercise of the information commissioner’s privacy functions.
“The OAIC wishes to ensure that the restrictions on an entity making a record of, using or disclosing protected information under [parts of the] Act do not limit the ability of the OAIC to exercise its privacy functions, or prevent entities from disclosing information required for compliance with and the administration of the Privacy Act,” it said.
The OAIC has also asked for an amendment to the Australian Information Commissioner Act 2010 to permit information sharing between regulatory agencies. The last recommendation is that the explanatory memorandum makes reference to the commissioner’s guidance function to indicate that it is intended that the OAIC is consulted in relation to any guidance on the personal information-handling obligations that would apply to the scheme.
HERE’S MORE More