22 April 2018

Unthinkable: Adapting in New World Disorder...

Will 2018 bring more data breaches, lost laptops and insider threats than 2017?  This is why CSO's, CPO's and corporate General Counsels have their teams working overtime.

When the enemy is increasing their attacks, utilizing new strategies and leveraging the existing base of compromised organizational intellectual and data assets, the future horizon becomes ever more clear. 

The statistics don't lie.  1579 documented Data Breaches occurred in 2017. Up 44.7% according to reports by the Identity Theft Resource Center (ITRC) compared to the previous year.  It is the new normal.

The Insider Threat Program (InTP) however, remains a key focus for Operational Risk Management (ORM) professionals because human behaviors are exaggerated during periods of stress, fear and uncertainty. This means that people who may have never considered doing something to jeopardize their reputations, may now be up against a wall.

When there is no obvious exit and no way out, people will do extraordinary things to get ahead, beat the odds and hedge their own risk portfolio of life.

In Joshua Cooper Ramo's book "The Age of the Unthinkable", "Why the New World Disorder Constantly Surprises Us and What We Can Do About It" the author discusses the concept of Deep Security. His analogy of how to think about "Deep Security" is the biological immune system:
"A reactive instinct for identifying dangers, adapting to deal with them, and then moving to control and contain the risk they present."
The key word in Ramo's writing is "Adapt".  Being Adaptive.  However, prior to this there are two other very vital words that we feel are even more imperative. Instinct. Identifying. In other words, Proactive Intuition.

Ask any savvy investigator on how she solved the case and you may hear just that, "I had a hunch."

Talk with a Chief Privacy Officer in any Global 500 company.  You might get them to admit they have a sense that their organization will be the target of an "Insider data breach" incident in the coming year or two.

Do you remember signing off on reading and your acceptance of the employee handbook?  When did your organization last make changes to the Corporate Employee policies?  We would start with the updates to the following sections:
  • MEDIA CONTACT
  • SOCIAL MEDIA POLICY
  • REMOTE ACCESS POLICY
  • E-MAIL, VOICE MAIL AND COMPUTER NETWORK SYSTEM PRIVACY
  • (YOUR ORGANIZATION) RIGHT TO ACCESS INFORMATION
  • SYSTEMS USE RESTRICTED TO COMPANY BUSINESS
  • FORBIDDEN CONTENT
  • PASSWORD SECURITY AND INTEGRITY
  • INTERNET ACCEPTABLE USE POLICY
  • POLICY ON USE OF SOFTWARE
  • COMPANY PROPERTY
  • PROTECTION OF TRADE SECRETS/NON-DISCLOSURE OF COMPANY INFORMATION 
Due to the increasing complexity of IT systems, cloud computing, data networks and the hundreds or thousands of laptops and mobile devices circling the globe with company executives and employees is enough to predict that a major breach will occur.

Being adaptive and having proactive intuition in the modern enterprise does not come natural. You have to work at it and it requires a substantial investment in time and resources to make it work effectively.  Proactive Intuition.

Once you realize that all of the controls, technology and physical security are not going to keep you out of harms way, you are well on your way to reaching the clairvoyance of "The Age of the Unthinkable."

15 April 2018

Social Strategy 140: Direct Action #Risk...

Twitter real-time direct action (DA) "Information Warfare" between nation states is a daily task. Current and future Operational Risk Management (ORM) priorities will encompass the imperative to staff "Corporate Intelligence Unit" Fusion Centers.

A prudent Operational Risk strategy, shall include a "Big Data" capability combined with deep social intelligence analysis. Here is a historical FLASHBACK in time, to one example of why leadership is devoting new resources and investment to these internal risk management capabilities:
New Diplomatic Avenue Emerges, in 140-Character Bursts
By SOMINI SENGUPTA October 3, 2013
UNITED NATIONS — "Countries all over the world, dictatorships and democracies alike, have in the last few years sought to tame — or plug entirely — that real-time fire hose of public opinion known as Twitter. 
But on the sidelines of the General Assembly meeting over the last couple of weeks, ministers, ambassadors and heads of state of all sorts, including those who have tussled with Twitter the company, seized on Twitter the social network to spin and spread their message. 
At the height of the diplomatic negotiations last week over a United Nations Security Council resolution that would require Syria to turn over its stockpile of chemical weapons, the American ambassador to the United Nations, Samantha Power, used Twitter to preempt criticism of the measure as lacking teeth because it had no automatic enforcement provision."
What does this mean for the global enterprise, who circumnavigates the planet to initiate and manage daily business operations?  It means that "Information Warfare" and intelligence collection and analysis for the enterprise continues, as a top strategic and operational function.  It requires continuous Operational Risk strategy oversight.

How an organization directs personnel and manages daily decisions, is more mobile information-centric than ever before.  Just stand at any major sidewalk intersection in a major city across the world and count the number of people looking at their "Smart Phones" as they cross the street.

The speed of business that is fueled by leaders commenting via social media, can even influence commodity traders in futures markets and operational planners in the "E-ring."

Leadership has the ability to by-pass the traditional media juggernauts to get their message heard in seconds.   The President of a major stock exchange or of a G20,  has a "Duty of Care" to it's constituents to make the correct public decisions.  At the same time, a moral and ethical context begins to evolve, in the vast battle space of 140 digital characters.

The use of a social media post or Tweet from the Board Room to the Court Room; from San Francisco to Tehran, or from Wall Street to Hong Kong, is a risk-oriented asymmetric information tactic delivered in plain sight.

Those social tactics, visual in the landscape of our modern day quest for influence, notoriety or outcry, shall forever shape the breadth of our enterprise digital risk management spectrum...

07 April 2018

Privacy by Design: Trust-Based Business Integrity...

The truth is, your enterprise is under assault.  The asymmetric warfare tactics that are targeting the firewall and the e-mail Inbox, will continue to be a digital challenge.  Intellectual Property (IP) Lawyers and government regulators are gearing up, for another salvo of mandates to enable "Privacy by Design" and increase consumer protection.

Operational Risk Management (ORM), is the discipline to focus the organization, with proven tools, methods and strategies to assist in the risk mitigation associated with nation states, rogue criminal syndicates and even your own employees.

Achieving digital trust with your company and your customers is a continuous process.  It requires substantial resources and specialized subject matter expertise to remain effective.

Without a purposeful "Privacy by Design" approach within your enterprise and a renewed focus on the pervasive problem-set now clearly before us, our digital infrastructure integrity is destined for failure.
Privacy by Design states that any action a company undertakes that involves processing personal data must be done with data protection and privacy in mind at every step. This includes internal projects, product development, software development, IT systems, and much more. In practice, this means that the IT department, or any department that processes personal data, must ensure that privacy is built in to a system during the whole life cycle of the system or process. Up to now, tagging security or privacy features on at the end of a long production process would be fairly standard. 
By reading this definition of "Privacy by Design", you may assume this problem is the responsibility of the Information Technology department to fix or manage.  Until you ascertain it is not just an Information Technology challenge.

It is an Organizational Culture issue, that persists at the Board of Directors level, either before an incident, or certainly soon thereafter.  The Board of Director's may question the market value of a Fortune Magazine web page, dedicated to updating the public on the developing company crisis:

"Facebook in recent weeks has been plagued by yet another scandal, as the social networking giant struggles to deal with the fallout from the Cambridge Analytica controversy.

On Wednesday, it was revealed that initial figures estimating Facebook exposed the data of 50 million users without direct consent were actually much higher than reported, closer to 87 million instead. And Facebook CEO Mark Zuckerberg is now set to testify in front of Congress next week.

But this isn’t the first time Facebook has been embroiled in controversy. The social media company has been involved in a number of scandals just over the past week alone."


So how do you mitigate and start to remedy an "Organizational Culture" issue like this one?  Before the government decides to try and fix it for you.

You have to start with building proactive data privacy awareness with every employee.  Especially if your revenue model is based upon selling advertising.  What is your organizations revenue model?  Are you aggregating members or users data and offering a free service platform?  Buyer beware.

What is ahead of us, as we approach a digital "dead mans curve"?  Jeffrey Ritter best explains this:
"To shift toward building digital trust, nation-states must acknowledge that sanctions become increasingly difficult to enforce and must, instead, move toward a regulatory scheme that favors, and provides incentives for, stakeholders that commit to trust-based business methods. Already, both in the United States and other nations, companies that can certify their compliance with third party standards are receiving direct benefits from government agencies."
How are you improving the trustworthiness of your organization? With employees, partners and customers. Think about it long and hard during purposeful learning sessions with your Board of Directors.

So what?

What are you doing today to increase the integrity of your TrustDecisions, to enable and perpetuate your foundation for digital business integrity?

As you analyze your current state, pages of words written by lawyers in "Terms of Service" policies are not enough to satisfy your customer.

Have you strategically implemented all that is possible so far, to address your organizational culture with the pursuit of achieving digital trust?

Leadership of any organization, must perpetuate and transfer the morals and ethics of our society, into the trusted digital products and solutions that our enterprises design, distribute and sell to the public.

01 April 2018

Leadership: The Life Journey of Discovering "X"...

There, can you hear it?  The sound of the helicopters in the distance.  Where is the sun this dawn lit morning, to join all the incredible sounds of nature?  The birds with their unique languages and the insects sending their clear signals of distress.

What will this new day bring before us, this Easter Sunday, April 1, 2018?  How will our leadership be challenged with new problem-sets and the speed of making the right trust decisions?  There is one certainty today, that is unrefutable, to prove wrong by argument or evidence.

As a recognized leader in your current role, how would you describe your particular style?  Do you lead by example or do you just sit back and wait for others to make it happen?  Maybe you do it all and never let anyone else learn from their mistakes and learn the feeling of success or failure.

It all begins with your up-bringing and where and how you were raised as a child.  The roots of your leadership in many ways, has been influenced by your early years, before you were even in your mid 20's.

Maybe somewhere along the path of your career, you were administered a psychological profile test.  You know, some form of questions or exercise instrument, to help you determine what particular "Quadrant" or dichotomies of cognitive learning style you are in, as it pertains to the psychologists descriptions:

Cognitive learning styles
Yet by the time you have reached the age where an employer, agency or other unit has a reason to peel back that facade you wear on a daily basis, you are already destined.  By DNA and by your parents.

Now the question is, who do you want to be and how are you going to train or re-train to be that kind of person?  That kind of leader.  To learn how to behave in a way, that truly makes a difference in other peoples lives.

The answers that you seek will be determined by your actions.  You have heard this before.  Who you are becoming and how you will judge your progress, is worth examining further.  What is your measuring device?  How do you feel at the end of the day, if you "Have" or "Have not" seen, heard or accomplished "X"?

What is "X" in your life?  Is it a signature on the bottom of a new contract?  Is it the smile on a loved ones face?  Is it a 3 mile run or ride?  Is it a "Thumbs Up" on your latest social media posting?  Perhaps it is simple as five hours of solid sleep.  Everyone has their own particular metrics by which they are judging their progress each day.  What is yours?

Metrics and your personal measuring device may determine who you are and what you are becoming.  Discovering and knowing that "X" in your life is perhaps more of an influence than you ever anticipated.  What the psychologists and the research has proven over the years, is that DNA and environment in your early years will be a major influence on your life.

Yet when you are ready to lead yourself or others in the small world you live in, think about what "X" has been for you this particular day.  Write it down and explain it to yourself each day.  Call it a journal, or a blog or just a composition notebook.  Without writing it out and explaining it to yourself you will have missed the opportunity.
The opportunity, is your own version of leadership:   To guide on a way especially by going in advance, to direct the operations, activity, or performance of, to guide someone or something along a way...
Now, listen carefully.  Do you hear the birds singing and see the sun rising... Happy Easter!