Testing our resilience
By Tim McCreight
By Tim McCreight
We’re heading into a second year of dealing with a global pandemic, and our ability to change and pivot is being severely tested.
The stress of shutdowns, vaccine passports and restrictions are beginning to show in more protests, unruly crowds at election rallies, and increased physical and cyber threats to organizations.
How do we help our organizations persevere as we deal with an ever-changing threat landscape? How can we stay engaged when we’re dealing with pandemic fatigue, job burnout and a higher-than-average number of folks leaving jobs and trying to find balance?
For me, I’m trying to stay focused on risk and data. I’m always reminding myself to search for the data to understand the risk. I know I need to present that objective information to my leaders so they can make good business decisions. It sure sounds easy when you’re typing it for an article, but it’s been pretty damn tough to follow these past many months.
The difficulty is in the distractions. As security professionals, we’ve witnessed so many distractions throughout this pandemic: the very fluid response by government and organizations for lock downs, mask mandates and vaccine passports; the opening and shutting down of businesses across so many sectors; and the movement back and forth between working at an office and operating from home.
All of these activities, and many more, have made it difficult to assess the risks our organizations face. We know we have to deal with what we longingly refer to as “normal risks,” like malware being opened by a user or someone trying to break into a facility. But now we have to turn our attention to protesters blocking access to hospitals, or ransomware holding companies’ hostage for millions of dollars.
The risks are more complex, I think, caused by the pandemic, its lasting effects on the economy and its direct impact on our social interactions. I didn’t think I’d be writing this but we now have to take into account supply chain impacts for items ranging from computer chips to Christmas toys!
Through all of this turmoil and turbulence, I’ve found some peace by relying on the principles of ESRM. Whether it’s trying to figure out what assets we need to launch a new product, or giving myself the licence to follow Design Thinking principles, the philosophy of ESRM has really helped! I know this sounds like an infomercial, but being able to look at risks collaboratively and coming up with options that make sense has been something I’ve relied on more these past months.
We can’t deal with all the security risks we’re facing by ourselves. We need to really engage our business stakeholders and other departments to get their perspectives on risk. We need to make sure our executives know what we’re doing and how our work can positively impact our organizations. And we need to spend more time educating employees and making project teams aware of our role, how we can help, and the role they play in our security program.
I’m looking forward to the changes I’m going to make with my security family. This coming year, I’m going to share my ESRM journey at ASIS International and within my organization. I may not be able to give specifics for either role, but the lessons I’m know I’m going to learn are really what I want to share. I’m pretty sure I’ll make mistakes and fall down along the way. But that’s OK — it’s how often I get up that’s more important to me, and to the readers of this column.
Stay tuned for the journey ahead!