Connect with us

Technology

Global pharma firm GSK opens Pandora’s Box of its SAP system to find 28,000 variations on a process • The Register

Voice Of EU

Published

on

The received wisdom in ERP is that businesses design their processes in the system for everyone to follow. Except they don’t.

Ten years after implementing SAP ECC worldwide, GSK considered its ERP unification something of a success.

But a close analysis of how business processes were actually running revealed that SAP’s system was not exactly, well, unified.

Kate Morris, former director of the pharma firm’s global ERP competency centre, told The Register that after using process-mining tool Celonis to examine how work was actually executed on its business applications, it discovered around 28,000 different variations for the process of running a sales order.

“It really surprised us but we had very little visibility of our processes before,” she said. “We had a lot of data, a lot of anecdotal discussion, and the global process owners knew country by country how processes were operating. But we [had] no hard factual visibility of how things looked so it was a surprise but not a shock.”

Headquartered in the UK, GSK reported sales of £34bn in 2020. A global ERP project that began in 2010 moved 100,000 users and 190 different business entities onto a single instance of SAP ECC, the predecessor to its in-memory S/4HANA.

Despite wide variation in how processes are executed on the system, Morris said it was a success that such a large global business made it on to a single system at all.

“GSK is in a really privileged position that we took the decision about 10 years ago, to move on to a single ERP platform,” Morris said. “By the end of this year, 99 per cent of our business transactions and turnover and revenue will go through this platform, which is massive.”

Getting such a large business onto a single platform is a notorious challenge. M&As, changes in business strategy, and different priorities in regions or business units often means it is more pain than it is worth.

But for GSK it was just the beginning. The “journey”, said Morris, was to be more efficient and simplify processes on that system.

“Because you are on one platform everyone, theoretically, it’s meant to follow the same process, which they do to a point. But there’s increasingly variations of what people do, especially as you get nearer to the customer. Sometimes, it’s correct, they should be doing different things, but we had transactions that weren’t being used, that had been designed but were then defunct. We were able to remove transactions or process steps. We also had steps in the process that quite quickly we were able to automate, and that has made something more efficient.”

In 2018, Morris led the group to begin work with Celonis in an effort to find out how processes were run on SAP in the wild, rather than how they were designed to run. One of the reasons for the project was to give global process owners who are in charge of processes in a particular area – say, order to cash – the data they needed.

“It’s all there in these SAP tables, but to actually pull it together meaningfully across the globe was hugely, hugely resource consuming,” Morris said. “By the time they got to any level of insights, it was generally out of date. It was very difficult to benchmark and see entities side by side and see how the process is running.”

Another user of Celonis was the ERP competency centre, which was there to iron out challenges – both in terms of technology and people – in bedding ERP into the business, usually by flying around the world and sitting with business users, Morris said. When Morris’s team first saw process mining, it could see a lot of the data in real time, graphically, at the “touch of a button.” Although it did take about 15 months to get it working, she admitted.

As many Reg readers know, process mining is the idea that by gathering data from people’s interactions with business applications, organisations can find out how their processes are actually performed, rather than how they were designed, or how people were trained.

It has seen a wave of interest in the last 10 years, with German start-up Celonis raising $290m in 2019 to value the firm at $2.5bn. The firm uses application logs and machine learning to build a picture of process activity.

Another market entrant, FortressIQ, which raised $30m in May 2020, uses a different approach. It works by recording all the user’s screen activity and using AI and computer vision to try to understand their behaviour.

The trend has not escaped the notice of ERP behemoth SAP. In January, it acquired Signavio, another German startup, to boost its transformation-as-a-service product, RISE with SAP.

GSK’s work in process mining has led it to tackle audits with the approach, specifically looking to manage the risk in its operations and supply chain, which is required by law, and get a better grip of its commercial practices, work Morris now leads as program director for audit and assurance.

Although Morris said her team was able to demonstrate savings to the finance department, she warns others looking to tap into process mining not to underestimate the effort in getting it working, mainly in deciding the questions to answer and finding trustworthy data.

“Getting the right data and validating it – really being able to explain it and understand it – that’s absolutely fundamental and I think although it might take you a little bit more time at the start, without that you’re lost,” Morris said. ®

Source link

Technology

Apple’s new lockdown mode to protect from spyware such as Pegasus

Voice Of EU

Published

on

Coming to devices this autumn, the new lockdown mode aims to make Apple devices ultra-secure at the expense of functionality.

Apple has developed a new ‘lockdown mode’ for its devices to give extra security to users who are more susceptible to targeted spyware cyberattacks.

Individuals such as journalists, lawyers, government officials and human rights activists have been reportedly targeted by authoritarian governments and criminals using spyware such Pegasus by Israel’s NSO Group or, more recently, Italian spyware Hermit.

The new lockdown mode will be made available on the iPhone, iPad and Mac devices later this year, when Apple – known to make some of the most secure devices and software in the market – is expected to release a suite of software updates.

Apple describes lockdown mode as “an extreme, optional protection for the very small number of users who face grave, targeted threats to their digital security”. Turning it on secures the device’s defences, but comes at the cost of functionality.

Once turned on, lockdown mode blocks most message attachment types other than images and disables features such as link previews. Web browsing technologies such as just-in-time JavaScript compilation are disabled except for sites trusted by the user.

Incoming invitations and service requests, including FaceTime calls, are also blocked if the user has not previously interacted with the person initiating the call or request. Wired connections with a computer or accessory are also blocked when the iPhone is locked.

Lockdown mode is not compatible with the kinds of device management software often used by larger organisations.

“Lockdown mode is a groundbreaking capability that reflects our unwavering commitment to protecting users from even the rarest, most sophisticated attacks,” said Ivan Krstić, Apple’s head of security engineering and architecture.

Krstić noted that the “vast majority of users” will never be victims of highly targeted cyberattacks. But for the ones who may be at risk, Apple will work “tirelessly” to protect them.

“That includes continuing to design defences specifically for these users, as well as supporting researchers and organisations around the world doing critically important work in exposing mercenary companies that create these digital attacks.”

Last November, Apple sued the NSO Group behind Pegasus spyware in a bid to “hold it accountable for the surveillance and targeting of Apple users”, two months after it had to issue an urgent security patch for a Pegasus backdoor on all devices.

NSO Group develops surveillance technology that can be used to track targeted iOS and Android users. It claims its products are only used by government intelligence and law enforcement agencies to prevent and investigate serious crime and terror incidents.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Technology

Bridie Connell: the 10 funniest things I have ever seen (on the internet) | Comedy

Voice Of EU

Published

on

Ah, the internet. My reliable friend. I turn to it when I need to smile (cute pet videos), when I need to cry (war veterans being reunited with their kids), and when I need to destroy what’s left of my self-esteem (Instagram). There are plenty of arguments about why life would be better without it, and honestly? It probably would be. But it also wouldn’t be as funny. Here’s a bunch of things from the world wide web that never fail to make me laugh.

There’s nothing I enjoy more than people trying to make the world a better place. Particularly when they make the world better in a way they’d never intended. I can just imagine the conversations that took place in the drafting process for this campaign:

“We need a catchy and educational campaign to tackle the horrors of addiction.”

“Yes, one that shows we’re in this together, as a community.”

“One that doesn’t stereotype addicts.”

“I’ve got it!”

The result is what I believe they call a “swing and a miss.” A+ for effort, though.

If there was an award for best award acceptance speech, this would win. Julia Louis-Dreyfus is brilliantly funny (while accepting an award for being brilliantly funny) and she remains my hero.

Allow TikTok content?

This article includes content provided by TikTok. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. To view this content, click ‘Allow and continue’.

Here’s one for my fellow theatre kids. This pitch perfect sketch is from comedian and writer Jacob Kaplan. Does it make me laugh? Yes. Does it make me tense every single muscle in my body and hold my breath while I try not to think about the time that 14-year-old Bridie wrote a play about the dangers of DRINK-DRIVING and also DRUGS, which inexplicably culminated in a peppy dance routine? … No comment.

Amber Ruffin is one of the most versatile and talented comedians around. I love a lot of what she does, but this song is a special favourite. Hilarious, a little creepy and downright catchy: a winning combo!

This sketch from the late 1990s sketch group Big Train still delights me. Short, sharp, silly. Please and thank you!

Allow TikTok content?

This article includes content provided by TikTok. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. To view this content, click ‘Allow and continue’.

Adrian Bliss, Certified Internet Star™, is a go-to for inventive sketches (and a seemingly endless supply of costumes). Many of his skits feature historical characters, like this one about a Greek soldier inside the Trojan horse. That layer of awkwardness that the Brits do well drives this skit, and now that I’ve seen it I can only hear The Aeneid being read in Bliss’s voice: “I sing of arms and a man, innit.”

Now this, THIS is some relatable content. Don’t pretend you’ve never tied one on and woken up on a golf course/boat/gold lame suit, because I won’t believe you. Perfectly encapsulating the delight of a great night-turned great story, I give you this hungover Scotsman who woke up in the wrong house. Of course, it’s made all the better by the Glaswegian accent.

*Assumes elderly wizard voice* I have been studying and performing improv since I was knee-high to a grasshopper, so the Whose Line crew are some of my longtime heroes. This game is one of my faves, not just because it’s so funny and clever, but because the “mistake” that happens around the 2:20 mark encapsulates the joy and collaboration that good improv is all about. Oh dear, this got more earnest than I intended. Just watch it!

A masterclass in physical comedy, from one of the greats.

Last but not least, here’s a video to save for a day where you need a bit of a pick-me-up. This is my favourite of all “laughing baby” videos, a classic in a crowded genre. And sure, if we’re measuring “funny” by incisive satirical commentary or well crafted punchlines, then this is a fail – but no other video fires up my mirror neurons and makes me laugh as much as this one.

Seriously, if you watch this and don’t feel at least a little bit better, then call a cardiologist because you have NO HEART.



Source link

Continue Reading

Technology

North Korean ransomware dubbed Maui active since May 2021 • The Register

Voice Of EU

Published

on

For the past year, state-sponsored hackers operating on behalf of North Korea have been using ransomware called Maui to attack healthcare organizations, US cybersecurity authorities said on Wednesday.

Uncle Sam’s Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Treasury Department issued a joint advisory outlining a Pyongyang-orchestrated ransomware campaign that has been underway at least since May, 2021.

The initial access vector – the way these threat actors break into organizations – is not known. Even so, the FBI says it has worked with multiple organizations in the healthcare and public health (HPH) sector infected by Maui ransomware.

“North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services – including electronic health records services, diagnostics services, imaging services, and intranet services,” the joint security advisory [PDF] reads. “In some cases, these incidents disrupted the services provided by the targeted HPH Sector organizations for prolonged periods.”

The Feds assume the reason HPH sector organizations have been targeted is that they will pay ransoms rather than risk being locked out of systems, being denied data, or having critical services interrupted.

Maui, according to Silas Cutler, principal reverse engineer at security outfit Stairwell, is one of the lesser known families of ransomware. He says it stands out for its lack of service-oriented tooling, such as an embedded ransom note with recovery instructions. That leads him to believe Maui is operated manually by individuals who specify which files should be encrypted and exfiltrated.

The advisory, based on Stairwell’s research [PDF], indicates that the Maui ransomware is an encryption binary that a remote operator manually executes through command line interaction. The ransomware deploys AES, RSA, and XOR encryption to lock up target files. Thereafter, the victim can expect a ransom payment demand.

According to SonicWall, there were 304.7 million ransomware attacks in 2021, an increase of 151 percent. In healthcare, the percentage increase was 594 percent.

CrowdStrike, another security firm, in its 2022 Global Threat Report said North Korea has shifted its focus to cryptocurrency entities “in an effort to maintain illicit revenue generation during economic disruptions caused by the pandemic.” For example, consider the recent theft of $100 million of cryptocurrency assets from Harmony by the North Korea-based cybercrime group Lazarus. But organizations that typically transact with fiat currencies aren’t off the hook.

Sophos, yet another security firm, said in its State of Ransomware Report 2022 that the average ransom payment last year was $812,360, a 4.8X increase from the 2020 when the average payment was $170,000. The company also said more victims are paying ransoms: 11 percent in 2021 compared to 4 percent in 2020.

The advisory discourages the payment of ransoms. Nonetheless, the FBI is asking any affected organization to share information related to ransomware attacks, such as communication with foreign IP addresses, Bitcoin wallet details, and file samples. The advisory goes on to suggest ways to mitigate ransomware attacks and minimize damage.

Last month, the US Justice Department outlined its Strategic Plan for the next four years and cited enhancing cybersecurity and fighting cybercrime among its objectives. One of its key metrics for success will be the “percent of reported ransomware incidents from which cases are opened, added to existing cases, or resolved or investigative actions are conducted within 72 hours.” ®

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!