Will 2009 bring more data breaches, lost laptops and insider theft than 2008? You can bet on it and this is why CSO's, CPO's and General Counsels are getting their teams ready. When the enemy is increasing their attacks, utilizing new strategies and leveraging the existing base of compromised assets the picture is clear.
That suggests that many companies can significantly boost security and reduce their exposure by following basic and inexpensive measures. But even if your company has encryption in place (as Heartland did), don't rest too easy. "The sophistication and automation of financially motivated cybercrime is very steep today when compared with counter-efforts," says Ken Dunham, director of global response at iSight Partners, a provider of threat intelligence services. "Criminals are agile and able to outpace the rate of adoption of counter-technologies in the marketplace."
The motivation for cybercrime is even higher during economic hard times. A January report by iSight says that the economic decline in the United States and around the world will significantly increase the risk organizations face from employees who are laid off, fear being laid off, or face some form of personal financial trouble that may lead some to consider insider crime.
The insider remains a key focus for Operational Risk Management professionals because human behaviors are exaggerated during periods of stress, fear and uncertainty. This means that people who may not have any prior criminal history, have never considered doing something to jeopardize their reputations may now be up against a wall. When there is no exit and no way out, people do extraordinary things to get ahead, beat the odds and hedge their own risk portfolio of life. Study the women who have made decisions to strap on suicide vests or the dozens of "Mini Madoff's" yet to get their day in court. Both have similar attributes tied directly to human behavior.
In Joshua Cooper Ramo's new book "The Age of the Unthinkable", "Why the New World Disorder Constantly Surprises Us and What We Can Do About It" the author discusses the concept of Deep Security. His analogy of how to think about "Deep Security" is the biological immune system. "A reactive instinct for identifying dangers, adapting to deal with them, and then moving to control and contain the risk they present."
The key word in Ramo's writing is "Adapt". Being Adaptive. However, prior to this there are two other very vital words that we feel are even more imperative. Instinct. Identifying. In other words, Proactive Intuition.
Ask any savvy fraud investigator on how she solved the case and you may hear just that, "I had a hunch." Talk with a Chief Privacy Officer in any Global 500 company and you might get them to admit they have a sense that their organization will be the target of a data breach incident in the coming year or two. The complexity of IT systems, data networks and the hundreds of laptops circling the globe with company executives is enough to predict that a major breach will occur.
Being adaptive and having proactive intuition in the modern enterprise does not come natural. You have to work at it and it requires a substantial investment in time and resources to make it work effectively. Once you realize that all of the controls, technology and physical security are not going to keep you out of harms way, you are well on your way to reaching the clairvoyance of "The Age of the Unthinkable."