28 December 2013

OPS Risk: Best of 2013 and 2014 Forecasts...

This Operational Risk Management (ORM) blog has been posting since September 2003.  Over a decade later, the 1000+ pages of content on the discipline and profession of Operational Risk Management provides continuous learning and significant new insights.

Here are a few of our most visited "Operational Risk" blog posts of 2013:
As we approach the end of 2013 and embark on our journey into 2014 in the United States, there are many reflections and new aspirations on our mind.  When we look back over the past 12 months, we see old Operational Risk vectors pioneered in the days prior to the Internet, now making their way online.  Why?  It is far easier and more efficient to rob banks, extort people, defraud consumers and conduct psychological warfare, over a global network of interconnected digital devices.

2014 will continue to accelerate the needs and requirements for more robust Operational Risk Management strategies and increased adaptive tactics to neutralize a rapidly evolving set of new adversaries.  This however, may be one of the most compelling challenges for OPS Risk professionals across the globe:

Correcting the record on the NSA review
By Michael Morell, Published: December 27 
Michael Morell is the former acting director and deputy director of the Central Intelligence Agency and a member of President Obama’s Review Group on Intelligence and Communications Technologies. 
One of the dangers of a 304 -page report on a complex subject is that everyone gets to choose what he or she thinks is the bottom line. Many of those commenting on the report and recommendations of the recently completed Presidential Review Group on Intelligence and Communications Technologies must have read a different report than the one I helped write. 
As one of the five members of the panel, let me try to clear up some of the confusion and misperceptions. One such misperception is the extent of the changes called for in the report. Commentators have used the word “sweeping” to characterize the recommendations, arguing that they would“roll back” the capabilities of the intelligence community.  This is incorrect.
The reason that the ambiguity on the "Security vs. Privacy" debate will challenge the OPS Risk professionals, is obvious.  Uncertainty and indecision, increases vulnerability.  As a policy maker, U.S. military officer, consumer or a corporate CxO, the same applies.

2014 will require augmented abilities to adapt and to increase our adaptive speed.  What is your latency to change, from the time your adversary measures your behavior after a test of your controls or defenses?  In these continuously asymmetric ecosystems operating on a global basis, the response time window has narrowed to minutes or even seconds.  Not hours or days:
Target: Deceive first, answer questions later
Issuing deceptive statements is no way to win back customers' trust. That's a lesson for anyone who might find itself in Target's position someday. 
Evan Schuman December 28, 2013 (Computerworld)
For Target to get beyond its data breach disaster, it needs to regain the trust of its shoppers. Mystifyingly, it has opted to issue statements that are, at best, misleading. Some tiptoe beyond misleading, since the chain had to know they were untrue when it issued them. 
The latest example came Friday, when Target confirmed that encrypted PIN data was stolen. Then came the whopper: "The most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken." 
Of course those debit card accounts have been compromised. Webster's dictionary defines compromise as exposing something "to risk or danger." When personal identification numbers that give full access to someone's bank account are in the hands of experienced and sophisticated cyberthieves, I think it's safe to say that those bank accounts are indeed exposed to risk or danger. How could anyone argue otherwise?
2014 Operational Risk Management (ORM) will include "lessons learned" from the advice given to and within companies, such as Target Corporation.  Corporate counsel in collaboration with external private sector Incident Response companies including government agencies, will debate the disclosures, the sources and methods, as well as the timing of public relations press releases.

2014 will embark with the political narratives that are necessary to gain psychological advantage over the masses. Business media interests will begin managing the risks associated with any negative outcomes of their favored Pawns, Bishops and Knights.  Protecting the King or even the Queen for the first time, is the name of the game.  Political chess has an impact on governance, regulatory and compliance environment for business.

In 2014 horizontal thinking will "Break out" to bridge the gaps between public and private strategies. Managing catastrophic risks to vital critical infrastructure requires private sector willingness with public sector cooperation.  Big picture problem-solving and addressing global issues, requires more focus on the World Economic Forum  Global Risks Report agenda:
  • Testing Economic and Environmental Resilience
  • Digital Wildfires in a Hyperconnected World
  • The Dangers of Hubris on Human Health
In an interdependent, fast-moving world, organizations are increasingly confronted by risks that are complex in nature and global in consequence. Such risks can be difficult to anticipate and respond to, even for the most seasoned business leaders.
Finally, 2014 will provide new opportunity and a positive outlook not seen since 2007.  The global investors are still bullish on the possibilities for long-term growth.  The religious wars will continue to spark new regional conflicts, yet the super powers will continue to find common ground.  Resilience to systemic failures will define what countries emerge, as the next tier of global influence.

At the end of the day, we are all the same.  Love for our family and the constant anxiety of providing a safe, secure and nourishing environment for them to live out their days.  As we close our eyes each night to try to sleep, we plan our next day on managing the "Operational Risks" in our path ahead.

No comments:

Post a Comment