How to deal with cyber-attacks: publicly or privately?

StrategyDriven Risk Management Article | How to deal with cyber-attacks: publicly or privately?Cyber attacks spiked 164% in the first half of 2017, compared to the same period in 2016, entailing 918 disclosed breaches-according reports on broadcaster CNBC. Threats vary from sector to sector. Healthcare, for example, is more susceptible to crypto-locker ransomware like the infamous WannaCry.

Internet-connected consumer devices often fall prey to malware that shackles them to remotely controlled botnets such as Mirai. Varied though the threat may be, and staggering though these numbers are, the word disclosed highlights a central paradox: While transparency contributes to the overall fortification of cyber-security protocols and procedures, battening down the hatches presumably mitigates further financial risk.

Sure, a disclosure is immensely beneficial in terms of buttressing industrial safeguards, national and global security, and customer protection – not to mention mitigating the longer-term repercussions of an attack – but so too can disclosure exact lasting damage on a bottom line.

Fighting back

The nature, intent, and consequences of an attack notwithstanding, the way companies have responded to breaches is closely related to their designation: public or private. CFOs at public and private companies face different risks and pressures when it comes to cyber-security and disclosure, and exhibit divergent perspectives when it comes to preparation.

Broadly speaking, public company CFOs are more likely to outsource cyber-security to third-party firms, while private CFOs tend to invest in in-house IT teams. Regardless of who secures a company’s network, breaches are often known by CFOs before they are made public. By disclosing a breach, CFOs of publicly traded companies might trigger investor panic and sell-off, whereas private company CFOs risk irreparable harm to consumer and employee confidence.

On one hand, foreknowledge of pending disclosures can put unique pressure on public company executives, who often own considerable amounts of company stock. The ongoing federal investigation of three Equifax C-suite managers for insider trading arose due to alleged stock dumping prior to the revelation of the company’s catastrophic cyber-attack.
Equifax underscores the tension between a public corporation’s responsibility to its board, shareholders, and customers, and the financial implications of both the breach itself and legal requirements governing its reporting and remediation.

On the other, while private companies aren’t under the same legal obligations in terms of disclosure, and while the short-term consequences may be less impactful, these companies still face long-term pitfalls, such as lost trust and tarnished brands. Moreover, a medium-sized business may not have the capital or reserves to recover reputationally or financially after a major data breach the way a multinational corporation can.

Additionally, the moderate scale of many private companies sometimes instills a false sense of security. Middle-market businesses often assume they’ll be overlooked by attackers, whether due to a large number of similar companies, or a lack of enticing assets. After all, isn’t it the bigger fish that stockpile the type of data and info that hackers tend to target?

Be prepared

A lack of proper preparation only exacerbates the panic once an attack does occur. Attempting to deal with an attack on the down low can earn private enterprises a reputation as easy marks, and provoke subsequent attacks. Further, if the rearguard strategy backfires, or is exposed by the press, this can amplify the damage to a company’s brand and leadership, not to mention potential legal consequences if a court can prove negligence.

In terms of the bigger picture, the lack of reliable data pertaining to attacks on private companies leads to lopsided analysis regarding the multifaceted aims and motives driving these attacks, resulting in a sort of half-finished portrait of the threat landscape.

While cybersecurity prevention could be vastly improved by greater information sharing, some surveys of CSOs indicate that only one in seven attacks are reported to authorities. Alas, as it stands, adequate event modeling, and risk and security assessments, are being stymied by a lack of shared intel on private company breaches, effectively hampering the development of comprehensive prevention and management strategies.

This lack has precipitated the introduction of numerous cyber-security regulations around the world, and though the regulatory ecosystem is in a state of flux, the global trend is invariably toward greater transparency. CNBC notes that “governments around the world are introducing legislation which will force more companies to disclose data breaches,” a reach that already extends to private enterprises.

Regulatory environment

Both private and public companies are compelled to comply with local, national and global disclosure regulations, including Sarbanes-Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPPA), and the EU’s General Data Protection Regulation (GDPR).

The GDPR, which regulates the collection and storage of customer information and data, and can levy fines of up to €20 million, requires that private companies disclose if they have a footprint in Europe, or otherwise handle the information of European citizens.

In the US, Sarbanes-Oxley (SOX) indexes the responsibilities of both public and private companies, including rules pertaining to compliance with federal prosecutors, and criminal penalties. Further, HIPAA governs how any company, public or private, handles personal health information.

Though public companies, traditionally, may have shouldered an inordinate amount of the fallout from disclosure, this has left them better readied for the implementation of legislation designed to enforce transparency. Even more advantageous, public companies now have hard-won practice mitigating the financial risks and ramifications resulting from disclosure.

Private companies, by contrast, are less aware and agile in terms of prevention and response; protecting their brand, for example, or proactively communicating with clients. Simply put, having been in battle, public CFOs are stepping up and getting more involved with cyber-security, while private CFOs, hovering on the sidelines, appear far more circumspect.

Make no mistake: this problem is only getting worse. The situation could improve rapidly if execs from companies of all stripes and sizes shared details of attacks with the larger corporate community.

Whether you are a CFO of an international, publicly-traded conglomerate, or a mid-sized regional business, it is well within your portfolio to do everything possible to properly prepare for the threat. Engage with the board, secure funding for proper security controls, and encourage leadership to be forthcoming when not if, your company’s cyber attack occurs.


About the Author

Andrew Douthwaite has over 17 years of technology experience joining VirtualArmour in 2007 as a senior engineer. Now as Chief Technology Officer, Andrew focuses on leading growth in the managed security services business and ensuring VirtualArmour is a thought leader in the security industry.

StrategyDriven Enterprises, LLC

StrategyDriven Enterprises, LLC

StrategyDriven is dedicated to providing executives and managers with the planning and execution advice, tools, and practices needed to create greater organizational alignment and accountability for the achievement of superior results.

We help our clients create and execute a clear, forward-looking strategy – translatable to the day-to-day activities of all organization members – that’s critical to their realizing success in today’s fast paced market environment. Not only does a compelling, well executed strategy align individuals to a common purpose, it ensures that purpose best serves the company’s mission.

The StrategyDriven website provides access to a wide array of best practice business planning and execution tools, streamlined process flows, how-to articles, example-rich podcasts, and customizable ready-to-use program management templates. Premium Members receive access to over 200 members-only articles, whitepapers, models, and tools and templates; providing an in-depth look into critical business performance areas; placing specific focus on the alignment of organizational standards, programs, and behaviors to the optimal achievement of mission goals. Sevian Business Program purchasers receive fully implementable business performance improvement processes out-of-the-box, enabling the acceleration of business growth and heightening of operational efficiency needed to significantly improve bottom line results.

Collectively, our products offer business leaders the opportunity to access the knowledge of a highly educated and experienced staff without the associated overhead expense.

At StrategyDriven, our seasoned business leaders deliver real-world strategic business planning and tactical execution best practice advice – a blending of workplace experience with sound research and academic principles – to business leaders who may not otherwise have access to these resources.

Contact StrategyDriven Enterprises, LLC

Phone: (770) 765-3692

Email: [email protected]

Website: https://www.strategydriven.com

StrategyDriven Service Provider Network Provider Network Disclaimer

How Data Management Can Help You Get More from BI

StrategyDriven Organizational Performance Measures ArticleMaking sound business decisions often relies on extensive analysis from a wide variety of sources, which can be a difficult and laborious process without proper data management solutions. Not taking advantage of modern software services made to manage and govern your information stores in an effective manner can diminish your chances of competing with organisations that do. The business world of today moves at a fast pace, leaving little room for error or experimentation.

To show how business intelligence can be improved via better data management, let’s take a look at how proper data management procedures can drive positive resolutions.

Data Management Suites to Handle Automated Processes

Manually gathering, sorting, and analysing relevant data for your business can be a monumental task that requires a massive amount of manpower. Having the ability to more quickly and efficiently store and retrieve your information in a format that is easy-to-understand and reliable can set you apart from the competition.

Without a proper data management tool such as ZAP Data Hub, you risk missing out on a lot of important data that just can’t be obtained using traditional methods. This reduces your chances of making intelligent business decisions. Data management suites and services are offered by a variety of vendors to meet any industry’s requirements.

Expanding BI Availability Within Your Organisation

If you’re not using information gathering and data-driven decision making across all departments, then you could be missing out on increased productivity and metrics. Lower-level management depends on reports and statistics to be able to do their job effectively; their efforts are hampered by the lack of a fast and simple way to acquire the data they need.

Putting more power into the hands of those who actually use business intelligence to make important decisions can liberate their reliance on other groups and allow for much faster solutions.

Real Time Results Can Make for Quick Decision Making

The slow turnaround time from the request of a data report to its delivery can be a huge roadblock that deters the ability to make speedy resolutions on the fly. The time it takes for a team of people to collect, analyse, and extrapolate real information from a chunk of data is monumental compared to the relative ease in which automated systems can process the same data. Lightning-fast collection and reporting – in real time – allows for far greater flexibility for decision makers and speedy response times.

Automation Allows More Time Spent on Examination

Traditional methods of reporting usually rely on IT or executive branches of your organisation to do the heavy lifting when it comes to data acquisition and publication. In today’s heavily data-driven environment, the need for expedient delivery of records is paramount to success. Following traditional procedures puts your organisation at a disadvantage compared to those who understand the importance of proper data management. It has never been easier to automate these laborious data collection and reporting tasks with modern data management solutions, thereby giving your IT department more time to work on their primary tasks.

Companies live and die by the fortitude of their data management and governance principles. Those that have a tenuous grasp of their data and what it really means are doomed to make poor decisions. Getting the most out of your BI tool requires modern methods and technology-driven protocols.

Buying Decisions, Buying Decision Path, Buy Cycles, and Pre-Sales

I’d like to set the record straight. In 1985 I coined terms that I’ve written extensively about in best selling books, magazines, and hundreds of articles. Unfortunately, when finally adopting them, the sales field defined them differently than originally intended, causing important concepts to be lost. This article presents the intended definitions and explains how I came to coin the terms.

In 1979 I became Rookie (stockbroker) of the Year at Merrill Lynch with 210 accounts (the market was 777). I couldn’t understand why prospects who ‘should have’ bought didn’t buy. When I started up a tech company in London in 1983 and became a ‘buyer’ I realized the problem and developed a new skill set to migrate it. Here’s how I figured it out.

HOW SALES IGNORES BEHIND-THE-SCENES BUYER’S REAL ISSUES

As an entrepreneur with needs, I invited sellers in to pitch me. But regardless of their professional skills or my potential need, I couldn’t decide what or if to buy before

  • the people involved shared their thoughts and concerns, and bought-in to any changes a new solution would involve,
  • we discerned any fallout to the company, relationships, people, policies etc. that change would incur and figure out ways to minimize it,
  • we tried workarounds and determined we couldn’t fix the problems with known resources.

Even though we were only a $5,000,000 company, I had a closely knit team and flourishing business to consider before bringing in anything that might rock the boat with my employees, investors, clients, company strategy, bottom line, brand, daily routines and systems. With a focus on placing solutions and ‘understanding’ needs (impossible to answer accurately until we all comprehended the scope of the givens) the sellers pitched solution data I didn’t know how to consider responsibly and potentially lost me as a buyer. That’s when I realized the problem I had had with buyers not closing:

The sales model focuses on placing solutions (seeking folks with a ‘need’ who ‘should’ buy) and ignores the confounding human-, policy-, and system-specific issues buyers must handle before a purchase could even be considered (folks who ‘will’ buy). By entering only during the final element of choice (vendor, solution), sellers squander the ability to influence the major portion of a buyer’s decision process which has little to do with needs or purchase.

Indeed, the sales model promotes the cart before prospects even know if they have a horse or have mapped out a destination, ensuring only those who have their cart ready to go (knew the obstructions, route alternatives, and danger signs) would buy. Promoting solutions, and asking questions in service of a sale, merely captures the low hanging fruit – those ready, willing, and able to buy – and ignores the possibility of influencing, enabling, and serving the early, Pre-Sales components in the decision-making path (whether selling/marketing online or through customer contact) – not to mention loses untold amount of business.

I realized all buyers must do this; and as I seller I had been sitting and waiting while buyers did this on their own, without me. Indeed, the time it took them to complete this was the length of the sales cycle. I figured if I could facilitate the buyer’s decision path, I could accelerate their decisions to ‘buy’ or ‘not buy’, stop wasting time, close more sales (quickly) and really serve. So I coded the entire change/decision arc (13 Steps, 9 of which [70% of the decision process] are outside the scope of how/what we sell), learned how systems make decisions to change, coined some new terms and developed some new models for questioning and listening without bias, and built this into a front end to sales so I could enter, facilitate/serve, and influence, earlier. I named this process Buying Facilitation® to denote the difference in focus between ‘selling’ and ‘buying’ and help buyers do the initial stuff they had to do anyway, but without sellers:

  • assemble all appropriate stakeholders ((Buying Decision Team) to get their input;
  • get consensus for types and levels of change manageable;
  • research options;
  • discover easy, economical workarounds where possible;
  • decide how to identify handle any disruption a new addition would cause;
  • weight risks with stakeholders to discern the efficacy of buying anything (Buy Cycle);
  • choose solutions and vendors.

To be fair, the sales job has never been about facilitating change, using a restrictive ‘solution-placement’ model since its inception without recognizing the low close and enormous time wastage is anything more than a problem finding buyers. This singular focus has been so endemic that sales hasn’t accounted for either the idiosyncratic issues buyers must address prior to buying anything (even for inexpensive items) or the opportunity to influence and serve buyers much earlier than the final point they might reach to buy, believing that if they find creative ways to offer content earlier it will mitigate the problem. But it doesn’t.

The industry close rate of 4% has always been an indication of a problem: the centuries-old bias toward placing solutions (How can we accept a 96% failure rate [from first contact] as standard?) ensures all sales models, including Challenger, create resistance, potentially turn off real buyers who need your solution (80% of prospects buy a similar product within 2 years of your interaction), and ignore the ability to influence 70% of the Buying Decision Path.

Indeed, buyers don’t want to buy anything, they just want to resolve a problem congruently, without major disruption to that which works well. Indeed a purchase happens only when there is no alternate resolution; and we haven’t had a skill set that blends with the sales model to help: except for visionary areas within the global companies I’ve trained over the last 30 years, the sales field found my ideas and newly coined terms pointless. But sellers who added Buying Facilitation® to their sales activities experience upward of a 6x increase in sales as they truly facilitate buying decisions. My dream has always been that Buying Facilitation® be taught as part of sales training for all sales professionals.

Buying Facilitation® Facilitates 70% of Buyer’s Decisions

I taught my sales team how to add Buying Facilitation® to their current sales skills; we quickly experienced a 40% increase in sales (from first call) and I only needed half the sales staff. My tech team used the material to involve all the right people immediately and extract the most vital information quickly, making programming and implementing more efficient, and insuring early project completion and no ‘user errors’. I began teaching the material to clients, coaches, and managers.

Approximately five years ago my terms began entering the sales field. But, as happens when a new idea enters mainstream, the terms were not defined as I defined them, but re-defined to be a part of the very concepts I was fighting against.

Terms Defined

I have no illusions that the mis-definitions will continue and some mainstream sellers will think they ‘do this’ already. Hopefully some folks will seek to learn the material (and training is required as the model employs entirely different thinking and skills). But just for my own piece of mind, I’m offering the definitions of the terms I coined in 1985. They include some form of the word ‘buy’ to denote the disparity between the act of buying and the process of selling. And the underlying belief is that as sellers we should be using our unique positions as corporate representatives and knowledge experts to be servant leaders and truly serve buyers to discover their own path to excellence, hopefully, ultimately, with our solution (But if not, we end quickly and gently. Otherwise, we close in half the time.).

Buying Facilitation®. A generic change management model for coaches, sellers, managers, etc.) that enables efficient, congruent change, that employs a specific type of listening (Listening for Systems), and new form of question (Facilitative Questions – not information gathering), used in a specific, coded sequence, for facilitators to enable excellence through congruent change. It manages all of the unconscious, upfront, endemic change issues that would have to accede for change to happen. Until buyers (or anyone) know how to manage this, they cannot agree to change/buy, hence the length of the current sales cycle.

Helping Buyers Buy. The term comes from the first Buying Facilitation® training I delivered in 1988 to KLM. By ‘helping buyers buy’ we facilitate the full Pre-Sales Buying Decision Path.

Buying Decisions/Process. The outcome of resolving all of the change/decision issues into an action: consensus of all stakeholders who will touch the new solution; the route forward to change without disruption or resistance; deciding to move beyond their workaround; AND THEN the solution/vendor choice issues. The term is being misdefined by sales to merely include vendor/solution choice issues.

Buying Decision Path. 13 steps that traverse the elements of change management: starting with an idea (Step 1) through to a purchase (Step 13). It includes people, systems, implementation, resistance, workarounds, relationships – and comes well before any decision is made to buy anything, and quite separate from any ‘need’. The sales field uses this term erroneously to denote how buyers choose one vendor/solution over another, line up the funds, etc. – a usage dynamically opposite to the original definition.

Buy Cycle. The entire set of givens necessary for buyers to end up with excellence (either internally or with a purchase). Again, it’s not only the solution/vendor choice issues.

Buying Decision Team. The full set of stakeholders – some not obvious, some not ‘decision makers’ – who will touch the final solution and need to add their ideas, concerns, knowledge, and feelings to the discussion. Usually sellers (or change agents) aren’t privy to the internal machinations necessary before a purchase (or any change) can happen. Hence the 4% close rate.

Buying Patterns. The way the buyer has traditionally bought/changed in the past. Do they always use known vendors? Will they never take cold calls or meetings with sellers? Sellers traditionally use their comfortable selling patterns and cannot connect with buyers with divergent buying patterns.

Marketers currently use the term Buyer Persona to denote ‘influencers’ who will enable a sale. This ignores most of the early decisions buyers make and keeps marketing from entering effectively much earlier. Using different types of content it’s quite possible to influence different points along the Buying Decision Path.

Time for Change

Think about it. Are you happy with your low close rate? Your horrific waste of time and resource running around after people who will never buy (and who you could know on the first call weren’t buyers) or responding to RFPs that fail? The time waste seeking prospects who will take an appointment only to have one person on a data gathering mission show up – and then you never hear from them again (not to mention the hours planning for the meeting!)? Have you never wondered where buyers go when YOU think they have a need?

The current sales model closes a fraction of people who need your solution, and costs much more than necessary on wasted resources (large sales forces, presentations, proposals). The problem isn’t finding the buyers; the problem is facilitating those who can buy. As an example, using Buying Facilitation® at Kaiser, sellers went from 110 visits and 18 closed sales in a month, to 27 visits and 25 closed sales, an increase of 600%, not to mention the time saving.

I go back to the original question I posed decades ago: Do you want to sell? Or have someone buy? They are two different activities. And I’ve developed terms that help sellers think through the steps that help buyers buy. Maybe it’s time to begin learning the ‘how’ of helping buyers buy, the ‘what’ of the buying decision path, and the ‘who’ of the buying decision team. Let’s begin using the terms properly and stop ignoring such a large piece of the puzzle.


About the Author

Sharon Drew Morgen is founder of Morgen Facilitations, Inc. (www.newsalesparadigm.com). She is the visionary behind Buying Facilitation®, the decision facilitation model that enables people to change with integrity. A pioneer who has spoken about, written about, and taught the skills to help buyers buy, she is the author of the acclaimed New York Times Business Bestseller Selling with Integrity and Dirty Little Secrets: Why buyers can’t buy and sellers can’t sell and what you can do about it.

To contact Sharon Drew at [email protected] or go to www.didihearyou.com to choose your favorite digital site to download your free book.

4 Beliefs that Lead to Bad Decisions

All great leaders have one thing in common – they know how to make great decisions. But many people find making great decisions difficult because of common yet avoidable pitfalls. These pitfalls are caused by wrongly held beliefs. Here are 4 assumptions that can get in the way of making great decisions.


Hi there! This article is available for free. Login or register as a StrategyDriven Personal Business Advisor Self-Guided Client by:

Subscribing to the Self Guided Program - It's Free!


 


About the Author

Don MaruskaDon Maruska founded and was CEO of three Silicon Valley companies and venture investor in startups that became public companies. He’s now a Master Certified Coach and author of How Great Decisions Get Made with Foreword by Margaret Wheatley (American Management Association, 2004) and co-author with Jay Perry of Take Charge of Your Talent: Three Keys to Thriving in Your Career, Organization, and Life with Foreword by Jim Kouzes (Berrett-Koehler 2013) serving high-growth firms and Fortune 500 companies. He earned his BA magna cum laude from Harvard and his MBA and JD from Stanford and previously led projects for McKinsey & Company.