Muddling through cybersecurity: Insights from the U.S. healthcare industry

The U.S. healthcare sector is inadequately prepared to deal with the reality of cyber threats. The increasing use of smart medical equipment and mobile devices is making healthcare organizations more susceptible to ransomware and other types of malware. The size and complexity of operations, coupled with the presence of numerous legacy and incompatible systems, make it difficult to implement effective cybersecurity measures. The daunting nature of the problem often results in an if-it-ain’t-broke-don’t-fix-it stance among senior healthcare leaders. The preponderance of healthcare-related laws, compliance regulations, and security guidance frameworks serve to complicate the cybersecurity challenge further and too often results in senior leadership assuming a state of blissful ignorance. This study sheds light on the key factors contributing to the chaotic state of affairs and presents a roadmap to a more deliberate and proactive approach to cybersecurity risk management.     

The Effectiveness of a Buzz Marketing Approach Compared to Traditional Advertising: An Exploration

Marketers are now willing to go anyplace they can find a captive audience to espouse the virtues of their products. The success of the “buzz” marketing approach is linked to the consumer being lured into doing the advertising by spreading the message to others. This study compares students’ responses to a traditional advertising and a buzz approach. Using a factor analysis to identify variables, the results show that subjects perceive a buzz approach to be more influential than a traditional advertising. However, they do not perceive a buzz approach to be authentic. This finding is consistent with practitioners’ argument that, although a buzz approach may be effective in the short-term, once consumers recognize its selling intent, the program may have a “boomerang effect.”     

Impact of star and movie buzz on motion picture distribution and box office revenue

This study contributes to research on the impact that consumer buzz has on movie distribution and box office success by examining the impact of buzz generated about the individual stars and about the movie itself. The results indicate that movie buzz is instrumental in boosting box office revenue throughout the theatrical release, not just in the later run, as has been suggested in previous studies. Star buzz can enhance box office receipts during the opening week and can contribute to the public's anticipation of the movie pre-release. However, early buzz can have a negative impact on revenue during subsequent weeks if the movie fails to resonate with the audiences. Model simulations reveal that, even for poorly received films, the overall impact of star buzz is positive because the initial revenue boost normally outweighs the later decline. Thus, this study empirically demonstrates the positive impact of star buzz on revenue, which helps shed light on the long-standing debate regarding the importance of star participation in the success of a movie.     

Calculated risk? A cybersecurity evaluation tool for SMEs

Small and medium-sized enterprises (SMEs) are among the least mature and most vulnerable in terms of their cybersecurity risk and resilience. In this article, we describe a methodology developed using the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) as a starting point. The NIST CSF does not meet all the needs of the SME IT leader, but it offers a solid foundation for a useful evaluation and recommendation methodology. We propose an SME cybersecurity evaluation tool (CET) that consists of a 35-question online survey to be completed by IT leaders to self-rate their maturity within the five NIST framework categories: identify, protect, detect, respond, and recover. We outline this approach to cybersecurity risk management before discussing its effectiveness and implications for practitioners.     

“Data localization”: The internet in the balance

There is a steady global trend towards “Data Localization,” laws by which data is required to be maintained and processed within the geographic boundaries of its state of origin. This development has raised concerns about its possible adverse impacts on emerging data-intensive technologies such as Cloud services/E-commerce, Big Data, Artificial Intelligence and the Internet of Things (collectively, the Embedded Infosphere). The inability to reach an international agreement on rules for cross-border data flows may have significant adverse consequences for all future users of the Internet.The basis of Data Localization is grounded in two distinct but inter-related policy models: Data Sovereignty and Trans-Border Data Flows. These two concepts have different origins. “Data Sovereignty” is derived from the historic power of a state of absolute and exclusive control within its geographic borders. Policies behind TBDFs arose in Europe following World War II, primarily motivated by Nazi use of early proto-computers to help round up Jews and others. As they have evolved, TBDF policies have been directed primarily at protecting personal data and privacy.This article first examines the issues of: 1) “Information Sovereignty” and 2) TBDFs. It then describes the arguments for and against “Data Localization,” offers some examples of strong localization policies (Russia, China), and summarizes contesting policy proposals. It then contextualizes TBDF with issues of human rights (free flow of information) and privacy.While the utility of an international agreement on TBDFs is clear, the differences in approaches are tenacious. For the free-market developed world (e.g, EU, OECD), the path forward seems to lead through policy convergence to compatible rules, with differentiated levels of data protection and accountability. It is far from clear whether these rules will address, in a mandatory way, issues of the “free flow” of information in the human rights sense. At the same time, there are countries (e.g., BRICS), representing a majority of the world's population, in which political and cultural resistance will produce stringent Cyber Sovereignty and Data Localization policies with few if any human rights components.The article concludes that the more the Internet is “localized”, the more attenuated its benefits will become. The negative consequences of Data Localization will become increasingly obvious as new, data-intensive technologies become ubiquitous, creating a condition of “Data Dependence”. It is projected that in the future the nations with the least amount of Data Localization and the most open flow of information will be the most successful in benefiting from new data-intensive embedded, networked technologies. This will most likely be characterized by values adopted as policies and practices in the EU.     

网络暴力治理： 平台责任与守门人角色

网络暴力不仅侵害个人法益,而且破坏健康的网络生态。网络暴力概念的失焦,群体聚合作用下个体责任的模糊,表达自由与网络监管的平衡需要,使得网络暴力的治理面临诸多困难。在网络暴力多元共治的基本前提下,除了个体责任的认定之外,应当重视对网络平台的法律规制。不论是从网络技术和传播学的原理还是从法律责任认定的角度,这都是合理的选择。在当下网络空间违法信息与内容的治理中,突出大型网络平台的守门人角色,已经成为国外代表性法案的做法,这也是我国网络暴力规制的重要制度设计方案。网络平台守门人角色的法理内涵,可以从技术措施和义务承担两个角度来具体展开。网络平台守门人制度应当符合我国网络监管模式的国情,重视民法、行政法、刑法等不同部门法的不同规范目标追求,为其合理构建层级性差异,并通过明确可操作的具体规定来落实。     

中国服装业营销模式探索：VANCL品牌营销案例

进入数字化时代,电子商务正改变着工业化社会传统的、物化的营销模式,消费者可以直接通过网络完成购买行为,市场营销走入了新的阶段——网络营销阶段。以中国服装行业为背景,在分析服装行业的特点及经营模式的基础上,探讨了B2C网络营销模式的关键影响因素,最后以VANCL为例,分析其取得成功的原因及如何保持有效的竞争力。     

Updates management in mobile applications: iTunes versus Google Play

This paper focuses on a specific strategy that developers of mobile applications may use to stimulate demand: The release of updates. We develop a theoretical analysis that shows that developers have incentives to release updates when experiencing a drop in performance. The predictions of the model are then tested using an unbalanced panel of top 1,000 apps in iTunes and Google Play for five European countries. We estimate that while in iTunes the release of an update stimulates a 26% increase in download growth, in Google Play updates play a less significant role. This difference is partly due to systematic differences in apps and in developers operating in the two stores (“selection effect”), and partly to a lack of quality control on apps and updates in Google Play (“quality check effect”). These findings highlight the crucial importance of an appropriate management of updates as well as the relevance of institutional characteristics of the app stores.     

Digital force majeure: The Mondelez case,insurance, and the (un)certainty of attribution in cyberattacks

Insurance companies typically secure themselves under force majeure exclusions against the unpredictability brought about by acts of war. If a company were to be attacked by a nation-state in physical space—hit with a missile or by aerial bombing—there would be fairly clear carve-outs so their insurance company could exclude such an incident from coverage. But the same is not always true in cyberspace. This article examines an extreme outlier case in the world of cyberattacks and insurance—that is, the losses suffered by the U.S.-based food and beverage company Mondelez as a result of the NotPetya cyberattack—and scrutinizes just how far force majeure exclusions can be applied in cyberspace. The article attempts to reveal the significance of the legal qualification of a cyberattack and its attribution to a state for insurance coverage in both general insurance policies, like the one the Mondelez case stemmed from, as well as in insurance policies targeted to cover cyber risk.     

Misinformation,disinformation, and fake news: Cyber risks to business

Misleading information is an emerging cyber risk. It includes misinformation, disinformation, and fake news. Digital transformation and COVID-19 have exacerbated it. While there has been much discussion about the effects of misinformation, disinformation, and fake news on the political process, the consequences of misleading information on businesses have been far less, and it can be argued insufficiently, examined. The article offers a primer on misleading information and cyber risks aimed at business executives and leaders across an array of industries, organizations, and nations. Misleading information can have a profound effect on business. I analyze different misleading information types and identify associated cyber risks to help businesses think about these emerging threats. I examine in general the cyber risk posed by misleading information on business, and I explore in more detail the impact on healthcare, media, financial markets, and elections and geopolitical risks. Finally, I offer a set of practical recommendations for organizations to respond to these new challenges and to manage risks.