With the digitization of business, security often finds itself in a familiar, yet uncomfortable space of being reactionary…again. GTRM and the security of data typically is found in bifurcated skill sets, CISO vs. CSO. With the evolution and internet of things, everything is more connected. In the restaurant space, for example, predictive and prevention techniques are being refined as apps and gift and credit cards are now the focus of the digital criminal enterprise. Camera and alarm vulnerabilities have to be (re)addressed as savvy hackers seek to become more criminally creative and less physically confrontational. “Where there’s a will, there’s a way” is being acted out in ways that five years ago couldn’t have been anticipated.
The question is, “So, why do we often insist on attempting to apply old technique and skill to new problems?” “How do we keep up with the new digital criminal?”
One approach is similar to that of one of my favorite childhood cartoons, The Justice League. It takes the creative problem solving, business acumen and the collective skill sets of a few, traditionally separate, business management units to stand up against to the risks that companies face today. Effective enterprise risk management programs seek to work across the natural “silos of excellence,” to better assess and identify risk and all-hazards, in order to better determine whether to avoid, mitigate, transfer, accept or exploit them. Most companies are astute in financial risk, channel and market risk, brand and opportunity risks; becoming more complete and thorough in the spaces of technology, human capital, geopolitics, information, physical assets, resiliency and continuity of operations are paramount to achieving a complete, whole-of–enterprise “all-risks” picture, positioning your organization to have holistic conversations about strategy and direction. There are a million colloquialisms to articulate the need to remain flexible in the security space; the realities are often that your “safety and security” teams accordion, leaving little to “flex with” in terms of personnel, skills, resources or capital. We are often then reminded that doing nothing sometimes costs more. Syncing strategy between CISOs and CSOs and data and physical security is now a new best practice as one often depends on the other.