With the digitization of business, security often finds itself in the familiar, yet uncomfortable space of being reactionary; again. GTRM and the security of data typically are found in bifurcated skill sets, CISO vs. CSO. With the evolution and internet of things, everything is more connected. In the restaurant space, for example, predictive and prevention techniques are being refined as apps and gift, and credit cards are now the focus of the digital criminal enterprise. Camera and alarm vulnerabilities have to be (re)addressed as savvy hackers seek to become more criminally creative and less physically confrontational. The development of new tools such as facial recognition and artificial intelligence and the availability on consumer data make it such that “Where there’s a will, there’s a way” is being acted out in ways that five years ago couldn’t have been anticipated.
The question is, “So, why do we often insist on attempting to apply old technique and skill to new problems?” “How do we keep up with the new digital criminal?” One approach is similar to that of one of my favorite childhood cartoons, The Justice League. It takes the creative problem solving, business acumen and the collective skill sets of a few, traditionally separate, business management units to stand up against the risks that a company faces today. Effective enterprise risk management programs seek to work across the natural “silos of excellence,” to better assess and identify risk and all-hazards, in order to better determine whether to avoid, mitigate, transfer, accept or exploit them. Most companies are astute in financial risk, channel and market risk, brand and opportunity risks; becoming more complete and thorough in the spaces of technology, human capital, geopolitics, information, physical assets, resiliency and continuity of operations are paramount to achieving a complete, whole-of–enterprise “all-risks” picture, positioning your organization to have holistic conversations about strategy and direction. There are a million colloquialisms to articulate the need to remain flexible in the security space, the realities are often that your “safety and security” teams accordion, leaving little to “flex with” in terms of personnel, skills, resources or capital. We are often then reminded that doing nothing sometimes costs more. Syncing strategy between CISOs and CSOs and data and physical security is now a new best practice as one often depends on the other.
"Why do we often insist on attempting to apply old technique and skill to new problems?"
Businesses are also becoming more focused on the capturing of customer data. Doing so allows for creative and positive movement towards the customer experience and customer satisfaction no matter the industry. Trend and habit analysis turn into repeat customers and consistent revenue. One could argue that utilizing the same tech-savvy approach could drastically improve the rate of claims, life-safety, security protocols, and predictive behavior based on a similar approach.
The internet of things has connected processes, business and people in ways that weren’t always intuitive. Technology tends to evolve at a rate often faster than we can secure and support it. At the end of the day, the action is faster than reaction, and with all the evolution taking place around us the digital world continues to evolve, the question becomes “ARE YOU?”