04 October 2015

OPS Risk: Everyday is a Training Day...

When the front lines of privacy and security converge on the digital front, the decisions to trust become more vital.  The questions about what tools and what methods are appropriate to address the 21st century domains for advertising, media and entertainment, news, weather, and thousands of other human interests become more complex.

Operational Risk Management (ORM) is evolving as the dynamic mobile digital environments adapt and continuously change the rules of the game.  Now that Edward Snowden has finally set up his Twitter account, the world can engage with him on a more direct basis.  On the metro, sitting in an industry conference watching him via Skype or your own back yard.

Here's his first tweet -- an apparent Verizon Wireless joke and subtle dig at the spy agency:

Can you hear me now?

— Edward Snowden (@Snowden) September 29, 2015

The world is becoming a more dangerous place, as millions of new IP devices become more connected and human behavior is influenced ever more rapidly.  That favorite App that you encounter tomorrow, may be feeding you interesting content that you believe is being customized according to your requests.  More likely, it has also been modified to fit your history of clicks, location, comments and other online behavior.  Everyday becomes a "Training Day"...

You see, the ICT-based machines are storing and learning your behavior, each second and each minute you are connected to the Internet.  The massive analytics engines are consuming Yottabytes across multiple hard drives and data centers, preparing and adapting to your particular behavior.  The unique "Trust Decisions" that are being made according to the rules coded by humans, are now being executed in nanoseconds.

Where is the future of Operational Risk, destined to arrive in the years ahead and just Over-the-Horizon (OTH)?  Think about how we forecast the weather risks associated with the planet Earth.  Soon we will be utilizing the same kind of forecasting for the ecosystem of digital environments.  Using science and sophisticated engineering sensor data will provide us with early warning of Internet thunderstorms, hurricanes and snow storms.  Soon thereafter even the Cyber Insurance and Cyber Legal domains will become even more robust.  Why?

Uncertainty in Internet weather patterns, will create new products and services in order to find more certainty.  The current state of the Cyber Insurance industry, is in it's infancy as a result of the few documented historical events and actuarial knowledge on data breaches.  Yet as insurance corporations and the legal frameworks grow towards enterprise risk, so too will the ability to more effectively hedge the cyber risk.  The likelihood that a Fortune 50 company will now file a claim is at 50% and growing, as each company becomes insured by the modern Cyber Insurance policy product.

The assumption of data breach is now becoming the new normal.  Boards of Directors are preparing for the organizations inevitable need to file a claim, with one of the myriad of insurance companies that are now operating in the Cyber Domain.  The Cyber Reinsurance business, is now starting up.

High Risk / High Frequency events, become insured and the mitigation tools for dealing with the potential for high levels of capital being paid out for remediation, introduces exposure to the bottom line.  Cyber Insurance is a risk mitigation tool to the enterprise, just as any substantial class action law suits trend and other litigation exposure.  So what?
Where are the professional Operations Risk Officers going to focus, after these kinds of events?
We shall make our way to the next major area that could bring down the entire organization.  It is in another Quadrant of High Risk / Low Frequency.  Why?  This is where your organization is now most vulnerable.  This is where the next risk exposure becomes so great, that you may not survive the next major loss event.  Think about the environment you operate in and the stakeholders you answer to, on a daily and quarterly basis.  The stakeholders have little understanding of where you are actually concentrating your thinking, expertise and resources.  You are focused on the next unknown:  High Risk x Low Frequency = Next Target Zone.

Where is the emerging target zone within your enterprise today?  What are you working on to address this, in the time frame that it takes, for the rest of the risk mitigation products and industry to mature.  Will you catch-up to the reality of the actual threat and the potential loss to the enterprise?

So what and where is the mindset of the most highly trained and capable Operational Risk experts concentrating today:
  • Operations that use tried-and-true technologies
  • Operations that rely only on general knowledge and that attackers can obtain easily
  • Operations that require clandestine activities
Your adversaries are using these three, to ensure their success.  It makes the possibility go up in their favor, that they will achieve their goal.  Their target.  Their mission.

As you convene your next meeting on the digital privacy and security issues that will occur in the next few months, where will you be focused?  How will you allocate resources?  Will your enterprise be ready and waiting in that Target Zone of High Risk and Low Frequency?

Your Operational Risk strategy shall evolve.  The elements may include both looking through an Internal and External environment.  Intentional Misconduct and Negligent Conduct are major factors.  It is time to increase the RPM's.  Recognizing, Prioritizing and Mobilizing (RPM).  Now Execute.

Everyday is a "Training Day"....

No comments:

Post a Comment