On this Saturday morning the prayers are silent. For family, friends and also for the subject matter experts in business and the U.S. government.
They have been waking us up again to the reality of the Operational Risks we now face, to our ubiquitous digital-based economic infrastructure.
The message is clear to those insiders, who have been trying to defend our "Digital Castles" against tremendous odds of these seemingly invisible threats. Is it really, game over?
The short answer is yes. The current mindset should be, that every major business of valuable interest in the eyes of the enemy has already been compromised or soon to be. It is already too late. The stealth digital code is currently waiting in the shadows of your organizations hundreds or thousands of digital assets.
Whether it is the aging Dell Tower Desk Tops still running on Windows XP somewhere or the latest Android PDA/Apple IOS devices tethered to the corporate network does not matter. Your adversary has control of when and where to begin the attack on you and your organization.
So if this is the reality of the global state-of-play, in both the business world and also to government, what should the risk management strategy consist of going forward? How could we ever get to a point of advantage over those who seek to do us harm?
So internally, the prudent corporate business strategy should be for your General Counsel and the CIO of your organization to be already preparing themselves for the day that they will step before the press conference microphone to disclose the material breach of the companies intellectual capital or theft of assets.
They should already know, that it is just a matter time and not a denial that it will ever happen on their watch. If you are a Board Director and you still have not had "The Talk" with management about this stark reality, then you too are complicit in the scheme to present your stockholders and stakeholders with a false sense of confidence that you are safe and secure.
The new normal for forward thinking organizations is already being implemented for adverse events. The Crisis Management Team has already exercised the "Data Breach" scenario numerous times.
Your General Counsel and Chief Information Officer have rehearsed and practiced their testimony before opposing and adversarial questioning of your organizations information security processes.
The company subject matter experts are more than prepared to submit evidence of their best practices, industry standards compliance and previous tests of due diligence. The stage is set for the court room battles ahead:
The quest for the "Digital Castle" has been going on for years. Are you awake now or still living in a dream of denial on your state of achieving a Defensible Standard of Care…
