From Jamie Shea, Deputy Assistant Secretary General for Emerging Security Challenges at NATO
Although we are often taken by surprise when crises erupt, we tend to realise in hindsight that the warning signs were there a long time in advance – if only we had been able to identify them and join them up.
One way for business to recognise developing threats is to get closer to international organisations, governments or the think tank community that are in the business of strategic forecasting and predicting the interactions of elements that can produce a security crisis. Fortunately for the risk manager, many of these organisations publish their forecasts and are keen to establish partnerships to share their analyses and forecasting methodologies.
International organisations such as NATO are making a much more concerted effort to exchange intelligence and establish data fusion centres, so that we can match breaking events to pre-defined early warning indicators. Cyber risk is clearly now a known threat but one which is evolving in ways that could take us by surprise. We are realising that the aggressive use of cyber space can serve multiple purposes: not just information or financial gain, but also propaganda, disruption, actual physical destruction, extortion and ransom, and now interference with a view to influencing political debates.
Private companies own and operate 90% of information technology networks, so they are often in the lead for early warning, threat assessments and analysis, and the innovative ideas that can help us achieve a more secure cyber space. At NATO, we now share real-time information through a dedicated malware information-sharing platform established with nine industry partners. We would also like to see processes for this type of information sharing included in the cyber risk governance structures of business.
Over the last four years, more data has been produced than in the entirety of previous human history. Data is also becoming more valuable to a company than physical infrastructure or material resources. So the issue is one of devising risk management models that enable companies to properly assess the value of different types of data and focus protection on what really matters for a company’s business model. The alternative of trying to build higher and higher walls around more and more data is destined to fail.
A more consistent and structured dialogue between government and business on risk management and maturity models must be a future priority.
Jamie Shea is Deputy Assistant Secretary General for Emerging Security Challenges at NATO Headquarters in Brussels. He is a keynote speaker at the FERMA Forum in Monte Carlo, from 15-18 October.
Contact: Williamson Susan williamson.susan@hq.nato.int