Radar is a pretty simple concept based bouncing radio waves off of objects to detect where those objects are, how fast they are moving and the direction they are headed. While the theory may be simple, it was difficult to implement. Once figured out though, the impact was tremendous. The introduction of radar in World War II arguably turned the tide in some theatres. Since then, the ability to determine range and velocity of objects in the physical space has a wide array of applications beyond military purposes.
Wouldn’t it be nice to have an equivalent technology in the logical environment – specifically when it comes to risk? Today’s global socioeconomic, environmental and political changes add a level of risk complexity and velocity even the most sophisticated organizations find challenging. While this constantly shifting world fuels both opportunity and risk, business and technology strategies increase risk, creating more pressure to ‘get risk management right’ and causing greater dispersion of maturity of risk management capabilities across the market. Additionally, industry factors such as regulatory and competitive shifts continue to heavily impact risk management strategies.
There are three key topics today that should be blinking bright red on your risk radar.
First, privacy of personal data is top of mind for everyone. And when I say everyone, I mean EVERYONE. The recent data breaches have had enormous impacts – from company brand to personal worth. The EU General Data Protection Regulation (GDPR) is an impending shadow looming over many organizations globally. Between the intricacies of the regulation and the possible fines for violations, GDPR is a milestone event for privacy, data protection and compliance. Even if your organization is not affected by GDPR, the topic of data protection and privacy should be a regular discussion – how is your organization collecting and managing personal data and what is the strategy to ensure protection?
Second, resiliency needs to be zoomed in on your radar. The nature and magnitude of recent natural disasters is a reminder that events beyond our control will impact our organizations, but that is just the tip of the iceberg. In PwC’s 2017 Risk in Review Study, ‘62% of companies expect cyber risk to cause disruption in the next 3 years’. As a result of these factors, more organizations are moving from a recovery approach to a resiliency approach in managing business interruptions, whether they are man-made or natural events. This includes the need for more comprehensive management of business continuity, disaster recovery, incident management, and crisis management efforts.
Finally, flexibility must be a mantra for your risk management strategy. I have said this phrase a thousand times, but the way you think about risk (and risk management) today is NOT how you will think about it tomorrow. The cultural and organizational flux caused by today’s highly agile business models is only compounded by the digital transformation affecting all organizations. A risk management strategy must be built on a strong foundation of principles that guide First, Second and Third Lines of Defense with the flexibility to adjust to changing business requirements. ‘Hard coding’ processes (and technology infrastructure) won’t cut it in today’s world.
I am certain you have several blinking dots on your radar screen. However, recent events indicate these three elements of your risk management strategy need to be evaluated. Risk management is a symbiotic ecosystem – no risk stands alone. Given the high level of scrutiny facing organizations after any event, maintaining protection of personal data (privacy), ensuring you can recover from a crisis (resiliency) and building a strategy that can adapt your internal controls to business changes (flexibility) are key capabilities necessary to manage risk today.
Learn more about RSA Archer’s 6.3 release.
Author: Steve Schlarman
Category: RSA Fundamentals, Blog Post
Keywords: Privacy, RSA Archer, RSA Charge, Risk, Risk & Compliance (GRC), Risk Management, GRC, GDPR