22 April 2018

Unthinkable: Adapting in New World Disorder...

Will 2018 bring more data breaches, lost laptops and insider threats than 2017?  This is why CSO's, CPO's and corporate General Counsels have their teams working overtime.

When the enemy is increasing their attacks, utilizing new strategies and leveraging the existing base of compromised organizational intellectual and data assets, the future horizon becomes ever more clear. 

The statistics don't lie.  1579 documented Data Breaches occurred in 2017. Up 44.7% according to reports by the Identity Theft Resource Center (ITRC) compared to the previous year.  It is the new normal.

The Insider Threat Program (InTP) however, remains a key focus for Operational Risk Management (ORM) professionals because human behaviors are exaggerated during periods of stress, fear and uncertainty. This means that people who may have never considered doing something to jeopardize their reputations, may now be up against a wall.

When there is no obvious exit and no way out, people will do extraordinary things to get ahead, beat the odds and hedge their own risk portfolio of life.

In Joshua Cooper Ramo's book "The Age of the Unthinkable", "Why the New World Disorder Constantly Surprises Us and What We Can Do About It" the author discusses the concept of Deep Security. His analogy of how to think about "Deep Security" is the biological immune system:
"A reactive instinct for identifying dangers, adapting to deal with them, and then moving to control and contain the risk they present."
The key word in Ramo's writing is "Adapt".  Being Adaptive.  However, prior to this there are two other very vital words that we feel are even more imperative. Instinct. Identifying. In other words, Proactive Intuition.

Ask any savvy investigator on how she solved the case and you may hear just that, "I had a hunch."

Talk with a Chief Privacy Officer in any Global 500 company.  You might get them to admit they have a sense that their organization will be the target of an "Insider data breach" incident in the coming year or two.

Do you remember signing off on reading and your acceptance of the employee handbook?  When did your organization last make changes to the Corporate Employee policies?  We would start with the updates to the following sections:
  • MEDIA CONTACT
  • SOCIAL MEDIA POLICY
  • REMOTE ACCESS POLICY
  • E-MAIL, VOICE MAIL AND COMPUTER NETWORK SYSTEM PRIVACY
  • (YOUR ORGANIZATION) RIGHT TO ACCESS INFORMATION
  • SYSTEMS USE RESTRICTED TO COMPANY BUSINESS
  • FORBIDDEN CONTENT
  • PASSWORD SECURITY AND INTEGRITY
  • INTERNET ACCEPTABLE USE POLICY
  • POLICY ON USE OF SOFTWARE
  • COMPANY PROPERTY
  • PROTECTION OF TRADE SECRETS/NON-DISCLOSURE OF COMPANY INFORMATION 
Due to the increasing complexity of IT systems, cloud computing, data networks and the hundreds or thousands of laptops and mobile devices circling the globe with company executives and employees is enough to predict that a major breach will occur.

Being adaptive and having proactive intuition in the modern enterprise does not come natural. You have to work at it and it requires a substantial investment in time and resources to make it work effectively.  Proactive Intuition.

Once you realize that all of the controls, technology and physical security are not going to keep you out of harms way, you are well on your way to reaching the clairvoyance of "The Age of the Unthinkable."

15 April 2018

Social Strategy 140: Direct Action #Risk...

Twitter real-time direct action (DA) "Information Warfare" between nation states is a daily task. Current and future Operational Risk Management (ORM) priorities will encompass the imperative to staff "Corporate Intelligence Unit" Fusion Centers.

A prudent Operational Risk strategy, shall include a "Big Data" capability combined with deep social intelligence analysis. Here is a historical FLASHBACK in time, to one example of why leadership is devoting new resources and investment to these internal risk management capabilities:
New Diplomatic Avenue Emerges, in 140-Character Bursts
By SOMINI SENGUPTA October 3, 2013
UNITED NATIONS — "Countries all over the world, dictatorships and democracies alike, have in the last few years sought to tame — or plug entirely — that real-time fire hose of public opinion known as Twitter. 
But on the sidelines of the General Assembly meeting over the last couple of weeks, ministers, ambassadors and heads of state of all sorts, including those who have tussled with Twitter the company, seized on Twitter the social network to spin and spread their message. 
At the height of the diplomatic negotiations last week over a United Nations Security Council resolution that would require Syria to turn over its stockpile of chemical weapons, the American ambassador to the United Nations, Samantha Power, used Twitter to preempt criticism of the measure as lacking teeth because it had no automatic enforcement provision."
What does this mean for the global enterprise, who circumnavigates the planet to initiate and manage daily business operations?  It means that "Information Warfare" and intelligence collection and analysis for the enterprise continues, as a top strategic and operational function.  It requires continuous Operational Risk strategy oversight.

How an organization directs personnel and manages daily decisions, is more mobile information-centric than ever before.  Just stand at any major sidewalk intersection in a major city across the world and count the number of people looking at their "Smart Phones" as they cross the street.

The speed of business that is fueled by leaders commenting via social media, can even influence commodity traders in futures markets and operational planners in the "E-ring."

Leadership has the ability to by-pass the traditional media juggernauts to get their message heard in seconds.   The President of a major stock exchange or of a G20,  has a "Duty of Care" to it's constituents to make the correct public decisions.  At the same time, a moral and ethical context begins to evolve, in the vast battle space of 140 digital characters.

The use of a social media post or Tweet from the Board Room to the Court Room; from San Francisco to Tehran, or from Wall Street to Hong Kong, is a risk-oriented asymmetric information tactic delivered in plain sight.

Those social tactics, visual in the landscape of our modern day quest for influence, notoriety or outcry, shall forever shape the breadth of our enterprise digital risk management spectrum...