As the pandemic recedes and businesses aggressively relaunch cross-border trade and expansion, they’re returning to a very different world. That makes it crucial for corporate leaders to rethink how they manage security risks.
Rapid social and technological change, combined with geopolitical instability, have created the most volatile and complex environment for international businesses in decades.
The Russia-Ukraine war and mounting U.S.-China tensions are creating a more polarized world in which companies can quickly find themselves on the wrong side. Inflation and economic instability have contributed to an unprecedented rise in social unrest – like that which has engulfed Peru - with companies increasingly expected to identify with causes or risk a backlash from investors and customers.
A sustained rise in cybersecurity threats has made security a pressing issue. News and data are moving at a faster pace than ever, while a rising tide of misinformation is making it harder to decipher what’s really going on.
It’s an environment that contains a much broader spectrum of risk, but one that equally provides big opportunities for those who are agile and well equipped enough to take advantage.
The companies that manage risk well throughout 2023 and beyond are those that understand where to prioritize security and associated investments. The ones that fall behind are those that aren't tech friendly or mistakenly assume that their few previous security problems mean they’re adequately protected or unlikely to be affected by future ones.
A common misstep I see is when companies change their core business model – moving from physical to digital sales, for example – but fail to adopt the very different security practices required, exposing themselves to major risks.
Jim Brooks is CEO of Seerist.
Many organizations are stuck in a mindset of seeing risk management as purely a protective or defensive value proposition. They’re missing out on how it’s now a competitive advantage and a growth opportunity.
Fortunately, there’s a plethora of machine-learning tools you can use to filter and aggregate open source information that signal threats. Twitter, for example, is a morass of jokes, memes, and fake news as well as extremely valuable information. Algorithms can filter for the most relevant, accurate information and be adjusted along a spectrum of speed versus greater veracity.
Unfortunately, the firehose of information makes it hard for CSOs and CISOs to process and interpret it. This makes it essential to find tools that establish a balance between machines and humans. Despite rapid tech evolution, humans remain essential for analyzing data, spotting the more subtle forms of disinformation, projecting into the future, and of course making decisions.
Looking ahead, labor unrest may disrupt global operations even more than it already has. It’s one thing to have software that alerts you to threats. But having a sophisticated, speedy understanding of the emotions that are driving the protests is vital to both grappling with their consequences and making them less likely to happen again. If workers are angry, it may not be advisable to lock the gates and further antagonize them with a robust physical response. A better approach is likely to be using strategic communications and relationship-building to address the cause of the anger and avoid a repeat.
Getting the response right can create opportunities to get ahead of the challenge by giving decision-makers a faster, more accurate, and nuanced picture of an incident. Anything that can give you back hours or minutes in decision-making time, and get the decision right, is a potentially crucial advantage.
Yet implementing the right solution is rarely easy: It can be a cultural and organizational challenge. Any new initiative should have an assigned internal champion. This person will have the necessary interest, curiosity and will embrace “the art of the possible”. Just as important, they need to be able to drive collaboration with stakeholders across the organization, helping to avoid tool duplication and turning the implementation into a win-win for everyone.
On the operational side, companies need those rare professionals who are savvy on the use of open source tools, advancing threat and risk intelligence and monitoring solutions, as well as understand where human intelligence brings value, and are strong communicators.
CEOs and board members have a big role to play too. In the past, they’ve tended to avoid playing an active role in risk management policies, but their governance and duty-of-care responsibilities coupled with rising global risks mean they should be driving the adoption of better practices and systems from above.
Speed to action
When it comes to understanding and managing the risks of social unrest, foresight and speed to action is vital. Technology can both speed your decision making and help you determine threat vectors, allowing you to get ahead of the turmoil. What unrest is on the horizon? Who’s behind the unrest? What is their motivation? Yet tech isn’t enough. Human intelligence takes the information a few steps further: A team of experts can help you contextualize and verify it.
The capacity for technology to have a transformative effect on risk-management is advancing so rapidly that any delay now will mean a much steeper climb in the future. Practices that are standard today will be a relic tomorrow - does anyone remember the teleconferencing tech of 10 years ago? And if you need a reminder of why bold change is necessary, just read the news.