14 February 2007

OPS Risk: The Bishop vs. A Stolen Laptop...

Now that the news is in the mainstream media about the recent threats to financial institutions, one can only wonder how soon this case will be solved. The Bishop is being compared to the "Unabomber". Profilers believe that he is white male, a loner with dangerous beliefs that he can manipulate stocks.

The U.S. Postal Inspection Service is alerting financial firms of potential danger from a would-be letter bomber after companies in Kansas City and Denver were targeted with explosive devices and threatening notes, an agency spokeswoman said on Monday.

Working with the Securities and Exchange Commission, the Postal Inspection service is trying to obtain contact information for thousands of financial companies to warn them of the threats, said spokeswoman Wanda Shipp.

"The events may be linked, and the recipients were probably not selected at random," the postal advisory reads.

The action comes after Stratfor, a global intelligence firm, last week issued a warning that pipe bombs addressed to American Century Investment Management Inc. in Kansas City and Janus Capital Group in Denver appeared linked to someone known as "the Bishop," who has threatened at least six financial firms since 2005.

The Chief Security Officer's at these institutions have a primary duty of care to insure the safety of employees whenever threats of this magnitude take place. There is no "Radar" that can alert you to when the next incident will occur. This is why many institutions have taken a new "Operational Risk" perspective when it comes to the hazards and events that may impact the business.

A true Operational Risk perspective has it's roots in understanding exposure to risk and the likelihood of an event occuring. Yet how could one ever predict the rise of another so called Unabomber? The fact is that you don't. This is why you must have an "All Hazards" worldview operating within the culture of your organization. The threat could be an innocent looking priorty mail package with a pipe bomb or a thick brown envelope containing the latest class action law suit. You have to be operating in a complete state of preparedness for whatever the next incident brings.

What ORM Is Not . . .

  • About avoiding risk
  • A safety only program
  • Limited to complex-high risk evolutions
  • A program -- but a process
  • Only for on-duty
  • Just for your boss
  • Just a planning tool
  • Automatic
  • Static
  • Difficult
  • Someone else’s job
  • A well kept secret
  • A fail-safe process
  • A bunch of checklists
  • Just a bullet in a briefing guide
  • “TQL”
  • Going away
While this incident entering the mail room has slowed down a few institutions, there is another battle going on in a different part of each business that is a whole different type of risk. This has to do with the frequency and the pervasive spectrum of new risks across the enterprise:

The U.K.’s financial services regulator has levied a heavy fine against the nation’s largest building society over a stolen laptop containing confidential customer information.

The Financial Services Authority (FSA) fined Nationwide Building Society 980,000 (US$1.9 million [m]) for "failing to have effective systems and controls to manage its information security risks," the regulator said.

Nationwide, which has about 11 million customers, did not realize the laptop contained customer information and waited three weeks before starting an investigation, the FSA said.

The speed of change in the connected economy...

No comments:

Post a Comment