Saturday, November 26, 2022

CxO: Deter. Detect. Defend. Document.

When you become a new CSO, CISO or COO in your growing Fortune 1000 organization, it all starts to become more clear to you.

In decades past, as we worked with transnational law firms up and down Wilshire Boulevard, you could not possibly know in advance, where and how the next major Board-Level issue was going to raise itself to the top of the clients crisis priority list.

Until the minute, hour, day of the month that it actually happened. Was it a surprise corporate incident that is now in the Yellow zone, Orange zone or Red zone?

The pre-9/11 days of Operational Risk Management in the Defense-Industrial-Base companies around the 495 beltway in Tysons Corner, included slow moving, more visible threats to the enterprise, such as severe weather patterns or a forecasted economic recession. There were just a few digital e-mail viruses that popped up on the Internet and grew exponentially that could become a nuisance.

Two decades later working along side the OPS Risk professionals inside large global enterprises in 2022, requires a more detailed and wide spectrum of analytics capability to truly survive.

In early encounters with struggling CxOs we encountered a People, Processes, Systems and External Events matrix, that was in need of real-time relevant updates.

What if you started your journey of excellence today, with just one relevant threat vector named “Ransomware” to excel:

  • Critical infrastructures are those systems and assets-whether Physical or Virtual – that are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination of those matters.
  • As ransomware attacks continue to grow, organizations need to improve their security posture to protect against an attack. Better security requires implementing appropriate security controls and ensuring that effective crisis management and employee education are in place.
  • The landscape of how we work has changed since the onset of the global pandemic. We must today assess vulnerabilities in a new way and with increased due diligence.
  • The cost of a cyber attack is often significant for organizations large and small, and we must strengthen our responsiveness and continuously reduce behaviors that may open vulnerabilities in the future.

This decade, our CxO focus shall evolve on a myriad of “Pre-Incident” indicators and towards our massive data analytics capabilities, to see over the threat horizons towards your organizations most relevant priorities.

You see, the speed and stealth of the modern day adversary has advanced to a whole new threshold, far beyond human sight. Beyond our range of hearing. Now invisible to the naked eye.

Our Corporate Critical Assets still remain "Under Attack".

4D = Deter. Detect. Defend. Document.

"Attackers use Tools to exploit Vulnerabilities. They create an Action on a target that produces an Unauthorized result."

Attackers do this, to obtain their Objective.

As a 2022 CxO in this day and age, you must accelerate to a 24x7 set of TrustDecisions that Deter, Detect, Defend and Document (4D) your rapidly changing Operational Risk Management (ORM) environments...