Welcome to our world!
Every day I get hundreds of threat alerts from situational awareness sources I monitor. They include earthquakes, floods, shootings, fires, power outages, protests… Some sort of threat event occurs every few seconds somewhere in the world.
I analyze the threat data for trends and possible impacts to my organization. Geo-location enables me to manage the avalanche of threats to those most likely to impact my assets. In the situational alerts post in the technology part of the site, we will dig deeper into alerts services you can leverage.
Be forewarned, you might not want to leave your home after you turn on the ‘threat faucet’ although it is far better to learn about them than to be blindsided. Even worse than you being blindsided is your management getting blindsided. That happened to me once many years ago and I will not let it happen to you if I can prevent it. Fortunately, at this point you and I can lead with the news.
It is important to keep in mind that threats pose different risks to each of your locations. For example, the threat of a major flood in the middle of a desert is minuscule, although they do occur (Las Vegas has had its share of severe floods), while the threat of a flood to your location 100 yards from the Atlantic Ocean in Florida with a data center in the basement is much more of a concern.
Tip – There are many threats we can plan for. There are also ones we cannot plan for. The ones we cannot plan for are described by Nicholas Taleb in his seminal book, ‘The Black Swan‘ as outliers we cannot see coming. My suggestion is to take a two-prong risk response approach:
- Do as much planning as possible for high probability specific threats
- As you cannot predict every specific ‘Black Swan’ threat (meteor, zombie attack…), also plan your response based on broader impacts to assets – people, locations and systems
Tip – When reviewing threats measure your response maturity level. Ask yourself questions such as:
- Have we planned for this?
- How would we respond?
- Have we done training?
- What can we do better?
Examples of high impact threats:
- Active shooter
- Cyber breaches and viruses these can get you on the front page for all the wrong reasons
- Natural disasters – earthquakes, hurricanes, winter storms, floods, avalanches… (location dependent)
- IOT – Internet of Things security breaches
- Industry disruptors – If you do not see them coming you can be destroyed! For example, Netflix – Blockbuster, Amazon – most brick and mortar retailers.
- Mechanical breakdowns – factory and warehouse equipment… any critical equipment that is a single point of failure (SPOF)
- Supply Chain – Tier 1,2,3 (do not forget tier’s 2 and 3)
- Internal mistakes – ‘Human Error’
- “Black Swans’ – as described by Taleb (mentioned above). These disruptive events are impossible to plan for and can have a huge impact. We cannot see these outliers coming but after the fact we tell ourselves we should have connected-the-dots. This is where impact planning becomes essential!
Below are examples of threats that often-become reality and your headache. Be ready – I can almost guaranty one or more of these are in your future:
- Power outages – local and regional
- Phone systems unavailable – customer service, trading… can’t take calls
- Critical software systems unavailable
- Weather that impacts travel
- Squirrels, birds, backhoes… lesser publicized but more frequent