“Many executives are insulated from reality and consequently don’t know what the hell is going on.”
Beaver cited this trend and subsequent “general false sense of security” as a major factor in the proliferation of ineffective enterprise risk management policies. Due to the maze of complexity in business environments — wireless networks, mobile devices, the cloud, to name just a few — the potential for flaws and security vulnerabilities is nearly limitless, Beaver said.
As a result, basic technical and operational security weaknesses can snowball and result in big problems for business if they are not dealt with effectively and in a timely manner. This lack of preparation and general “everything-is-fine” attitude was cited several times by presenters throughout the virtual trade show, “Enterprise Risk Management: Mitigation Strategies for Today’s Global Enterprise.”
During his presentation on risk management strategies for protecting enterprise supply chains, consultant and IT auditor Paul Kirvan pointed out the many threats to organizations and the firms that support them, and suggested that supply chain risk management should be an important business activity.
“Much work needs to be done to transform an organization from one that simply reacts to unplanned events to one that anticipates disruption, develops prevention and mitigation strategies to address them and has fully developed procedures to keep the organization and its supply chain running,” Kirvan said.
Kirvan suggested companies quantify and prioritize risks, then develop strategies that can cost-effectively address supply chain risk points. Another key factor to an enterprise risk management policy is to identify employees’ role in the supply chain, and to outline a succession plan that prepares alternate members of the staff to step in and take over for employees in their absence.
By doing so, organizations can prepare for and plug any holes in the management chain before something as simple as a key employee catching the flu causes a huge compliance risk.
“This type of activity should not be restricted to the most senior members of the organization,” Kirvan said.
Perhaps the simplest message is this: Get involved. By being proactive and paying close attention to the risks unique to your organization, you can get a jump on vulnerabilities before they snowball into major violations.
Security needs to be addressed now, and the true leaders focus their efforts before a security breach occurs, not after, Beaver said.
“Forget about what security analysts are saying, stop listening to scare tactics and focus on the basics: urgent flaws on most important systems,” he said.