B2B Sphere: Trust, Rewards, and Risk

B2B Sphere: Trust, Rewards, and Risk

You are here:

Isabel Montesdeoca VP, Group Director, and Ian Bruce Principal Analyst

Show notes:

Trust is often viewed in the context of the consumer — trust in brands, institutions, and the government. It is also crucial in the B2B space, where purchases can have major consequences. This week, Isabel Montesdeoca, Group Director and VP, and Ian Bruce (Principal Analyst) explain how trust works in B2B and what companies can do to improve it.

B2B buying relationships are different from consumer transactions in that trust is a key component. B2B buying relationships are based on a risk-reward calculation. The greater the reward or risk associated with a purchase decision, the more trust you have in that factor.

Montesdeoca states that the risk you are taking is not only for yourself but could also be mission-critical. This is a significant weight that must be considered. If you find a solution that increases your efficiency and competitiveness, that’s a huge reward for making the right decision.

B2B companies do not all build trust the same way. Certain aspects of trust are more crucial in certain industries or situations — for example, accountability might be important while empathy and transparency might be vital in others. It is possible to increase the trust level of your buyer by knowing which dimensions are most important.

These analysts will explain how to find these dimensions and use that insight to build trust. The analysts also discuss the many benefits of trust investing, such as higher buyer status and greater ability to rebound from mistakes. Listen to the episode for more information.

The supply chain trust is being abused by our adversaries: They continue to use our tools against us

The supply chain trust is being abused by our adversaries: They continue to use our tools against us

I think that GLaDOS, the evil AI from Portal, was trying to convey the importance of security through her song “Still Alive.” Portal’s fictional artificially intelligent computer system sang “But there’s not sense crying over every error.” It’s just a matter of keeping trying until you’re out of cake.” She was probably referring to how we are our worst enemies because we trust our supply chains until there’s nothing left.

Our trust is so great in our systems, vendors, partners and vendors for software deployment, monitoring network performance, patching (both software and hardware), procuring software/hardware and many other tasks. One such system was used to attack thousands of companies in a ransomware attack.

This attack targeted Kaseya VSA IT Management Software. It was intended to enable IT administrators to monitor and automate routine tasks, patch systems, and deploy software. An attacker was able to exploit the zero-day vulnerability to gain access to customer instances of Kaseya VSA IT Management Software and then use its native functionality for ransomware deployment to these customers’ endpoints.

Managed service providers (MSPs), who use Kaseya software for managing their customer environments, compound the problem. The ransomware was spread to customers by the MSPs after the Kaseya software was compromised.

This is just one example of the many ways attackers abuse trust in unique and unusual ways. IT professionals and security experts alike are left wondering, “Why hasn’t this happened sooner?”

Attackers are getting bolder

Ransomware group REvil is getting bolder. It is clear that an attack such as the one against Kaseya was planned and designed to inflict maximum damage on the largest number of targets. They boasted about infecting over a million devices and demanded $70 million ransom immediately after the attack. They promised that the decryptor would work for all affected organizations if one company paid them.

This highlights a worrying trend that we are seeing: Attack targets shifting away from specific organizations to exploit platforms like Kaseya and SolarWinds that allow multiple organizations to be affected. The attackers continue to study the tools we rely on in order to exploit the native functionality to execute attacks. This attack took advantage of an older version of Microsoft Defender, which allowed sideloading other files.

Software is vulnerable all the way down the chain

Let’s be real. We don’t know what this thing is. You can just put it in the corner and I’ll deal later with it.” — GLaDOS

All the tools that organizations rely on — such as tax software, oil pipeline sensors, collaboration platforms, and even security agents — are built on top of the same vulnerable code, platforms, and software libraries that your vulnerability management team is screaming from the hills to patch or update immediately. | All tools used by organizations — including tax software, oil pipeline sensors and collaboration platforms — are built on the same vulnerable code platforms and software libraries your vulnerability management team is screeching from the hills to update or patch immediately. }

Both organizations and their suppliers must hold vendors, partners, and other parties accountable for the security vulnerabilities in the software they’ve created. They also need to understand the risks they are taking by deploying the software within their environment.

You can run faster than the next guy; take defensive steps now

Allie Mellen (our blog Ransomware: Survive by Outrunning the Guy Next to You) and I discuss ransomware protection. We talk about how to harden systems so that your organization is a difficult target. By exploiting trust in systems, supply chain attacks can bypass defenses. You must examine the trust that you place in your supply chain to protect yourself from them.

Organizations should begin by taking inventory of key partners who have a significant presence in their environment. This could include vendors that provide collaboration/email, MSPs responsible for monitoring and managing infrastructure, or security providers that might have agents deployed to all systems. Once you have compiled your list, the next step is to:

  • Ask your partners about the preventive measures they are taking to stop you becoming another victim of a destructive attack. Ask about the gating process used to push updates to your environment. How does the solution provider validate updates before pushing them? Also, ask how they assess code for vulnerabilities.
  • Ask if they have the right processes and architecture to stop the kind of lateral movement that we witnessed with the latest attack. Ask them how they protect their environments, including their update servers. Ask for third-party assessment or audit results.
  • To find out which contractual responsibility your partners have for keeping you safe from ransomware or malware, review your service agreements. If you are the victim, understand your rights to seek compensation if they use their systems as delivery vehicles.

Forrester addressed third-party risk in its top recommendations for the year. We also recommend that organizations take proactive steps to implement the prescriptive ransomware advice, as well as look at the additional ransomware resources that we have collected to reduce the attack radius.

Trust vs Security: How To Reduce the Risks Of Employee Theft At Your Restaurant

Part of running any successful business depends on hiring employees which you can count on to do the required work, not harm the provider. Having a trusted staff is among the numerous actions to ensure the continuing success of your company. But hard working employees aren’t enough to keep your company safe. Among the most harmful things that can happen to a company is repeated internal theft. So how do you balance security protocols with the confidence necessary to conduct a successful restaurant? Here are the keys to reducing the risks of employee theft in your restaurant.

Cash Management

The processes that you use to handle the cash transactions on your restaurant may limit your vulnerability to employee theft. The more intuitive your POS system is, the clearer it’s going to be when the register is brief. With software that could project the anticipated money in the drawer at the end of a change, it is going to be apparent to management and other employees if there’s a problem with the recorded money.

-> See our products:

  1. shopify-pos
  2. woocommerce-pos
  3. commercetools-pos/
  4. magento-pos
  5. /bigcommerce-pos

When you are able to keep better track of transactions, it lessens the likelihood of employees trying to benefit from the restaurant. This is effectively shutting off some of the available opportunities for employee theft without demonstrating any lack of confidence. Additionally, it makes finishing cash management tasks easier for employees. This is a time saving tool which will benefit honest employees and safeguard the restaurant from possible cases of theft.

Effective Surveillance

Tracking your restaurant permits some amount of employee theft prevention, since it is very likely to discourage the most brazen criminals. Additionally, it does a lot to protect your employees from wrongful accusations. You can get to the bottom of any problems by reviewing the footage. You can expect your employees and get to the facts. Reviewing a questionable situation doesn’t have to be carried out with any obvious amount of suspicion. No accusations have to be made until all the information is collected.

Restaurant owners can look in the best safety cameras for their requirements, and are very likely to find something which matches both the funding and desired documentation parameters. Just be certain that the footage is saved in long intervals to give yourself sufficient time to react to an incident. Cameras need to be able to clearly capture faces and compact details in most areas which are vulnerable to theft. The lighting on your restaurant may affect which sort of cameras you can use and the clarity of your footage.

Related posts:







Improving Access Control

Who has access to specific regions of the restaurant goes a long way to having the ability to ascertain who is dismissing protocols. By way of example, the amount of individuals with the combination to the business safe ought to be kept to a minimum. This will make it much easier for your documentation to point out a mishandling of money. There’s also the matter of who has the keys to lock up the restaurant at the close of the business day.

Maintaining the amount of workers with keys to a minimum reduces the probability of after-hours crime. Things like alarm codes must also be limited to a restricted number of workers. This limits the exposure to overall theft and will let you narrow down the pool of suspects if there’s ever a problem with surreptitious theft. This sort of trust should be earned in order to effectively safeguard safety.

Train Employees With Safety In Mind

One of the simplest ways to trust a worker is when you know they have been properly trained. In reference to preventing and reducing the possibility of restaurant theft, you want to have the ability to train your employees on what you expect from them. It’s important to not do this practice with the goal of scaring your employees. Instead, concentrate on enabling them to come forward when they become conscious of the kinds of questionable behavior that you want to be alerted about.

Give your employees the tools they want to be your ears and eyes. When they see something you’d deem suspicious, they will need to understand that you expect to be educated. They also should understand whom they could approach. If they’re supposed to attend a supervisor, but the manager could be responsible or complicit in the crime, then you’ve limited your own protection. If your punishments or handling of this situation is viewed poorly by other employees, this may also dissuade anyone from coming forward. Be fair and clear about how you’d like employees to take care of theft reporting.


With the particular security concerns of a restaurant, there’s always the prospect of employee theft. And if have a high employee turnover when you’re moving from a busy period into the offseason, it may be tricky to create the necessary confidence with all your staff. That’s the reason it’s essential to have security procedures which you can trust in also.

See more: