Sunday, April 22, 2018

Unthinkable: Adapting in New World Disorder...

Will 2018 bring more data breaches, lost laptops and insider threats than 2017?  This is why CSO's, CPO's and corporate General Counsels have their teams working overtime.

When the enemy is increasing their attacks, utilizing new strategies and leveraging the existing base of compromised organizational intellectual and data assets, the future horizon becomes ever more clear. 

The statistics don't lie.  1579 documented Data Breaches occurred in 2017. Up 44.7% according to reports by the Identity Theft Resource Center (ITRC) compared to the previous year.  It is the new normal.

The Insider Threat Program (InTP) however, remains a key focus for Operational Risk Management (ORM) professionals because human behaviors are exaggerated during periods of stress, fear and uncertainty. This means that people who may have never considered doing something to jeopardize their reputations, may now be up against a wall.

When there is no obvious exit and no way out, people will do extraordinary things to get ahead, beat the odds and hedge their own risk portfolio of life.

In Joshua Cooper Ramo's book "The Age of the Unthinkable", "Why the New World Disorder Constantly Surprises Us and What We Can Do About It" the author discusses the concept of Deep Security. His analogy of how to think about "Deep Security" is the biological immune system:
"A reactive instinct for identifying dangers, adapting to deal with them, and then moving to control and contain the risk they present."
The key word in Ramo's writing is "Adapt".  Being Adaptive.  However, prior to this there are two other very vital words that we feel are even more imperative. Instinct. Identifying. In other words, Proactive Intuition.

Ask any savvy investigator on how she solved the case and you may hear just that, "I had a hunch."

Talk with a Chief Privacy Officer in any Global 500 company.  You might get them to admit they have a sense that their organization will be the target of an "Insider data breach" incident in the coming year or two.

Do you remember signing off on reading and your acceptance of the employee handbook?  When did your organization last make changes to the Corporate Employee policies?  We would start with the updates to the following sections:
  • MEDIA CONTACT
  • SOCIAL MEDIA POLICY
  • REMOTE ACCESS POLICY
  • E-MAIL, VOICE MAIL AND COMPUTER NETWORK SYSTEM PRIVACY
  • (YOUR ORGANIZATION) RIGHT TO ACCESS INFORMATION
  • SYSTEMS USE RESTRICTED TO COMPANY BUSINESS
  • FORBIDDEN CONTENT
  • PASSWORD SECURITY AND INTEGRITY
  • INTERNET ACCEPTABLE USE POLICY
  • POLICY ON USE OF SOFTWARE
  • COMPANY PROPERTY
  • PROTECTION OF TRADE SECRETS/NON-DISCLOSURE OF COMPANY INFORMATION 
Due to the increasing complexity of IT systems, cloud computing, data networks and the hundreds or thousands of laptops and mobile devices circling the globe with company executives and employees is enough to predict that a major breach will occur.

Being adaptive and having proactive intuition in the modern enterprise does not come natural. You have to work at it and it requires a substantial investment in time and resources to make it work effectively.  Proactive Intuition.

Once you realize that all of the controls, technology and physical security are not going to keep you out of harms way, you are well on your way to reaching the clairvoyance of "The Age of the Unthinkable."