Filter Results:
(69)
Show Results For
- All HBS Web
(130)
- News (30)
- Research (69)
- Multimedia (2)
- Faculty Publications (63)
Show Results For
- All HBS Web
(130)
- News (30)
- Research (69)
- Multimedia (2)
- Faculty Publications (63)
Sort by
- 13 Aug 2024
- Research & Ideas
Why Companies Shouldn't Delay Software Updates—Even After CrowdStrike's Flaw
software update to the Falcon security platform managed by CrowdStrike, the giant cybersecurity company. “What happened in CrowdStrike is an illustration of the risk of picking up an upgrade immediately.” Greenstein’s work focuses on... View Details
- February 2024 (Revised May 2024)
- Case
Johnson Security Bureau: Building Multigenerational Success
By: Henry McGee, Annelena Lobb and David Muoser
Jessica Johnson-Cope, CEO of Johnson Security Bureau (JSB), pondered options for scaling the firm. JSB was the oldest Black-owned security firm in New York, and among the oldest Black-owned security firms in the United States. It provided mostly unarmed security guards... View Details
Keywords: Business Growth and Maturation; Gender; Race; Cybersecurity; Growth and Development Strategy; Competitive Strategy; Expansion; New York (state, US)
McGee, Henry, Annelena Lobb, and David Muoser. "Johnson Security Bureau: Building Multigenerational Success." Harvard Business School Case 824-040, February 2024. (Revised May 2024.)
- 15 Aug 2024
- Op-Ed
Post-CrowdStrike, Six Questions to Test Your Company's Operational Resilience
When cybersecurity firm CrowdStrike distributed a faulty software update in July, it impacted a staggering 8.5 million devices. The crisis rippled through commercial airline operations, package delivery logistics, ecommerce, and health... View Details
Keywords: by Hise Gibson and Anita Lynch
- 04 Oct 2016
- First Look
October 4, 2016
teams (in some areas). The case centers on questions of how to adapt this successful model to new demands in a different service domain, specifically, cybersecurity and defense-related areas. The case also explores how the company is... View Details
- October 2022
- Background Note
Note on Cyberattacks and Regulatory Regimes
By: Frank Nagle, George A. Riedel, William R. Kerr and David Lane
Describes common types of cyberattacks on enterprises and their costs, as well as the fragmentary regulatory regimes through which U.S. states and regulatory agencies at the start of 2021 attempted to encourage disclosure of cyberattacks and to pursue enforcement... View Details
Keywords: Regulations; Regulatory Agencies; Cyberattacks; Governance; Corporate Disclosure; Cybersecurity; Information Industry; Information Technology Industry; Health Industry; Financial Services Industry; United States
Nagle, Frank, George A. Riedel, William R. Kerr, and David Lane. "Note on Cyberattacks and Regulatory Regimes." Harvard Business School Background Note 723-392, October 2022.
- March 2023 (Revised June 2023)
- Teaching Note
Ransomware Attack at Springhill Medical Center
By: Suraj Srinivasan and Li-Kuan (Jason) Ni
Teaching Note for HBS Case No. 123-065. In July, 2019, Springhill Medical Center (“SMC”) in Mobile, Alabama fell prey to a malicious ransomware attack that crippled the hospital’s internal network systems and public-facing web page. While the hospital rushed to... View Details
Keywords: Disruption; Communication; Communication Strategy; Decision Making; Decision Choices and Conditions; Judgments; Corporate Accountability; Corporate Disclosure; Corporate Governance; Governance Controls; Policy; Employees; News; Cybersecurity; Digital Strategy; Information Infrastructure; Information Management; Internet and the Web; Crisis Management; Business or Company Management; Resource Allocation; Risk Management; Negotiation Tactics; Failure; Business and Stakeholder Relations; Attitudes; Behavior; Perception; Reputation; Trust; Public Opinion; Social Issues; Health Industry; Alabama; United States
- November 2024
- Case
FedEx Cyberattack (A): Navigating the NotPetya Storm
By: Hise Gibson, Frank Nagle, Alicia Dadlani and Martha Hostetter
In 2017, FedEx’s European division — acquired the year before for $5 billion — was hit by a devastating cyberattack that destroyed thousands of computers and business systems across several countries. Corporate Chief Information Officer Rob Carter put the company’s... View Details
Keywords: Cybersecurity; Crisis Management; Disruption; Planning; Transportation Industry; United States; Europe
Gibson, Hise, Frank Nagle, Alicia Dadlani, and Martha Hostetter. "FedEx Cyberattack (A): Navigating the NotPetya Storm." Harvard Business School Case 625-049, November 2024.
- September 19, 2017
- Article
After Equifax Breach, Companies Advised to Review Open-Source Software Code
By: Ben DiPietro and Lou Shipley
It doesn’t make much sense: At a time when high-powered automated trading systems can execute stock sales in real time, some companies that rely on open-source software to help to run their businesses track their open-source use on spread sheets on paper.
Lou... View Details
Lou... View Details
Keywords: Software; Open-source; Security Vulnerabilities; Data Privacy; Hack; Applications and Software; Safety; Cybersecurity
DiPietro, Ben, and Lou Shipley. "After Equifax Breach, Companies Advised to Review Open-Source Software Code." Wall Street Journal (September 19, 2017).
- 24 Apr 2023 - 27 Apr 2023
- Conference Presentation
Diversity, Equity, & Inclusion: The Paradoxical Effect & Impact on Security
By: J. Carlos Vega, Hise O. Gibson, Nicole Gilmore and Larry Whiteside Jr.
Diversity, Equity, & Inclusion (DEI) is necessary to create the world class teams we need to defend against advanced threats and adversaries; however, the approach that most take often fails spectacularly. The panel challenges the current practices, the failings, and... View Details
"Diversity, Equity, & Inclusion: The Paradoxical Effect & Impact on Security." Paper presented at the RSA Conference, San Francisco, CA, USA, April 24–27, 2023.
- October 2022 (Revised September 2023)
- Case
SolarWinds Confronts SUNBURST (A)
By: Frank Nagle, George A. Riedel, William R. Kerr and David Lane
On December 12, 2020, SolarWinds learned that malware had been inserted in its software, potentially granting hackers access to thousands and thousands of its 300,000 customers. General Counsel Jason Bliss needed to orchestrate the company response without knowing how... View Details
Keywords: Cyberattacks; Cybersecurity; Corporate Disclosure; Crisis Management; Customer Focus and Relationships; Legal Liability; Information Technology Industry; United States
Nagle, Frank, George A. Riedel, William R. Kerr, and David Lane. "SolarWinds Confronts SUNBURST (A)." Harvard Business School Case 723-357, October 2022. (Revised September 2023.)
- March 2022
- Article
From Proprietary to Collective Governance: How Do Platform Participation Strategies Evolve?
By: Siobhan O'Mahony and Rebecca Karp
When platform leaders change the rules guiding who can access and control a platform, the strategies of those who create value from the platform can be upended. Little research examines how platform participants adapt their strategies when a platform leader changes the... View Details
Keywords: Platform Governance; Access; Crowdsourcing; Applications and Software; Employees; Leadership Style; Cybersecurity; Risk Management
O'Mahony, Siobhan, and Rebecca Karp. "From Proprietary to Collective Governance: How Do Platform Participation Strategies Evolve?" Strategic Management Journal 43, no. 3 (March 2022): 530–562.
- 2022
- Article
Data Poisoning Attacks on Off-Policy Evaluation Methods
By: Elita Lobo, Harvineet Singh, Marek Petrik, Cynthia Rudin and Himabindu Lakkaraju
Off-policy Evaluation (OPE) methods are a crucial tool for evaluating policies in high-stakes domains such as healthcare, where exploration is often infeasible, unethical, or expensive. However, the extent to which such methods can be trusted under adversarial threats... View Details
Lobo, Elita, Harvineet Singh, Marek Petrik, Cynthia Rudin, and Himabindu Lakkaraju. "Data Poisoning Attacks on Off-Policy Evaluation Methods." Proceedings of the Conference on Uncertainty in Artificial Intelligence (UAI) 38th (2022): 1264–1274.
- May–June 2025
- Article
Balancing Digital Safety and Innovation
By: Tomomichi Amano and Tomomi Tanaka
Designers of consumer-facing digital products have tended to focus on novelty and speed (“move fast and break things”). They’ve spent more effort on innovating than on anticipating how customers—and bad actors—might engage with products. But as digital products become... View Details
Amano, Tomomichi, and Tomomi Tanaka. "Balancing Digital Safety and Innovation." Harvard Business Review 103, no. 3 (May–June 2025): 120–127.
- November 2024
- Supplement
FedEx Cyberattack (B): Reflections and Lessons
By: Hise Gibson, Frank Nagle, Alicia Dadlani and Martha Hostetter
Set in 2024, this (B) case provides an update to the (A) case (no. 625-049) about a devastating cyberattack that destroyed thousands of computers and business systems at FedEx’s European division in 2017. It describes lessons learned and changes made in the wake of the... View Details
Keywords: Cybersecurity; Disruption; Crisis Management; Organizational Change and Adaptation; Europe
Gibson, Hise, Frank Nagle, Alicia Dadlani, and Martha Hostetter. "FedEx Cyberattack (B): Reflections and Lessons ." Harvard Business School Supplement 625-059, November 2024.
- March 2022
- Article
How to Prioritize the Improvement of Open-Source Software Security
By: Frank Nagle
Nagle, Frank. "How to Prioritize the Improvement of Open-Source Software Security." Brookings TechStream (March 2022).
- 2021
- Article
Evidence of Decreasing Internet Entropy: The Lack of Redundancy in DNS Resolution by Major Websites and Services
By: Samantha Bates, John Bowers, Shane Greenstein, Jordi Weinstock, Jonathan Zittrain and Yunhan Xu
This paper analyzes the extent to which the Internet’s global domain name resolution (DNS) system has preserved its distributed resilience given the rise of cloud-based hosting and infrastructure. We explore trends in the concentration of the DNS space since at least... View Details
Keywords: Domain Name System; Resilience; Entropy; Internet and the Web; Infrastructure; Performance Effectiveness; Safety; Cybersecurity
Bates, Samantha, John Bowers, Shane Greenstein, Jordi Weinstock, Jonathan Zittrain, and Yunhan Xu. "Evidence of Decreasing Internet Entropy: The Lack of Redundancy in DNS Resolution by Major Websites and Services." Journal of Quantitative Description: Digital Media 1 (2021).
- 2023
- Working Paper
Black-box Training Data Identification in GANs via Detector Networks
By: Lukman Olagoke, Salil Vadhan and Seth Neel
Since their inception Generative Adversarial Networks (GANs) have been popular generative models across images, audio, video, and tabular data. In this paper we study whether given access to a trained GAN, as well as fresh samples from the underlying distribution, if... View Details
Olagoke, Lukman, Salil Vadhan, and Seth Neel. "Black-box Training Data Identification in GANs via Detector Networks." Working Paper, October 2023.
- October 2024
- Case
EU's Digital Services Act and Digital Markets Act
By: David B. Yoffie and Sarah von Bargen
Since the early 2020s, the EU began passing regulations on digital platforms and their marketplaces. One of the first was the Digital Services Act package, consisting of the Digital Services Act (DSA) and the Digital Markets Act (DMA). These regulations were focused on... View Details
Keywords: Digital Platforms; E-commerce; Governing Rules, Regulations, and Reforms; Cybersecurity; European Union
Yoffie, David B., and Sarah von Bargen. "EU's Digital Services Act and Digital Markets Act." Harvard Business School Case 725-372, October 2024.
- April 2019 (Revised June 2019)
- Case
Voatz
By: Mitchell Weiss and Maddy Halyard
Nimit Sawhney scrolled through the tweet stream on his phone, unsure of what to make of it on August 6, 2018 or how to respond. Voatz, the Boston-based startup he co-founded and led, provided a mobile-voting platform. In March of 2018, had successfully piloted the new... View Details
- November 2023
- Article
Federated Electronic Health Records for the European Health Data Space
By: René Raab, Arne Küderle, Anastasiya Zakreuskaya, Ariel Dora Stern, Jochen Klucken, Georgios Kaissis, Daniel Rueckert, Susanne Boll, Roland Eils, Harald Wagener and Bjoern Eskofier
The European Commission's draft for the European Health Data Space (EHDS) aims to empower citizens to access their personal health data and share it with physicians and other health-care providers. It further defines procedures for the secondary use of electronic... View Details
Keywords: Analytics and Data Science; Cybersecurity; Information Management; Knowledge Sharing; Knowledge Use and Leverage; Health Industry
Raab, René, Arne Küderle, Anastasiya Zakreuskaya, Ariel Dora Stern, Jochen Klucken, Georgios Kaissis, Daniel Rueckert, Susanne Boll, Roland Eils, Harald Wagener, and Bjoern Eskofier. "Federated Electronic Health Records for the European Health Data Space." Lancet Digital Health 5, no. 11 (November 2023): e840–e847.