Risk Management and COVID-19 Lessons to be Learned

"THESE are the times that try men's souls." With all that's happening today in the world, from the coronavirus pandemic to the Saudi-Russian oil price war, to the continuing threat of cyber attacks, Thomas Paine's words seem appropriate. How should we, particularly those of us in industry, put this situation in perspective, and what should we be doing about it?

It struck me after participating in Schneider Electric's recent Cyber Summit 2020, that there is much in common between how we deal with cyber threats and how we are dealing with the COVID-19 pandemic. Both are global threats that deal with former US Defense Secretary Rumsfeld's "unknown unknowns," that is to say, we don't know in advance when and where they will strike and precisely how they will propagate through our systems, i.e., in the case of the virus, our society, its many establishments and businesses, and our way of life. Now viruses are not new as it seems we encounter one of these viruses about every five to ten years, from various forms of the annual flu to SARS (2003), H1-N1 (2009), MERS (2012) and Ebola (2014). And our health institutions like the NIH and CDC and their global counterparts like the WHO know how to deal with them, though as we are experiencing, that doesn't necessarily mean that an anti-viral or vaccine will be immediately available.

But perhaps the most significant difference is that a business knows, or certainly should know everything about their networks, and the devices that populate them. Unfortunately, our research shows that many companies still do not have a complete inventory of all the devices, from instruments and sensors to gateways and servers. Furthermore, many still haven’t implemented the traditional suite of security software. And this lack of visibility, along with inadequate policies and processes, are major contributors to cyber vulnerability and eventual damage. Nevertheless, some of the new cyber software solutions with active and passive detection and advanced machine learning algorithms can automatically recognize, catalog, and monitor every device throughout the network.

Contrast that with free and open societies where everyone can go anywhere, anytime, and interact with anyone. In this case, the network and number of devices (people, things, places, etc.) active at any time is highly dynamic. Imagine if one could access a world map of all the cell phone GPS locations in service… now just under 5 billion. The number of interactions is literally impossible to fathom, and hence why we are social distancing, closing and locking down all kinds of establishments, and limiting exposure to those most at risk. The size and complexity of the network must shrink, and the right data collected and analyzed, to slow the spread of the virus and to understand its pattern of propagation better, and for the existing health care system to respond to the increasing demand.

So, what are we learning from this? Well, one thing LNS sees happening is that businesses have expanded their definitions of business continuity to include plans to deal with not only cyber attacks but health emergencies, which can impact the well-being of employees, customers, and the general public. Of course, organizations are banning travel and ordering employees to work from home where possible to limit risk, restricting visitors on manufacturing sites, and reducing shifts and controlling sizes to allow for adequate space. This is sustainability front and center.

A second action that many are taking is to re-think how and where work is done, not only from talent attraction, retainage, and work-life balance perspectives but the ability to keep employees and their families safe under emergency conditions. So, in the medium and longer term, how can companies reshape their workforce to be both safer and more productive? This is already beginning to happen as new technologies empower the Connected Worker.

The third action is how governments, businesses, and the global public are coming together to deal with the virus. As we stated previously, we have had pandemic infections before, but never one in modern times that has us so shaken. Our collective response to date is admittedly a work in progress, but we will get ahead of this. Hopefully, in the future, we will gain the confidence to recognize such black swan threats quickly and know how to handle them with deliberate, vigorous action. Unknowns are unknowable, but we can learn how to deal with them. In the new world, risk management is for everyone.