Words Matter

By Guy Higgins

I recently read an article on corporate preparedness that contained the following assertion:

“In today’s corporate governance climate, there exists an increased emphasis on corporate boards and directors as well as senior management to fulfill their fiduciary responsibilities to guarantee that their corporations have in place the required corporate policies and operating protocols that would be adequate when it comes to managing the affairs of the corporation.” Continue reading

A Note to CEOs – It Will Happen to You

By Guy Higgins

I recently read a short article on the understanding of US, UK and Japanese CEOs to prepare for and respond to a cyber breach. The bottom line of the article is that they aren’t! Ninety percent of the 1530 CEOs interviewed did not truly grasp the magnitude of the threat, did not understand their company’s cyber-security preparations, and did not understand their company’s plans to respond to an actual cyber breach. Appallingly, forty percent of the CEOs did not even think it was their responsibility!

Some basic facts:

  • Every company, organization and person is the target of hackers
  • Every 12 seconds (24/7/365), there is a cyber attack on a company in the U.S.
  • Your IT security team must succeed 100% of the time 24/7/365 – forever. One failure and you have been breached.
  • Two thirds of all cyber breaches are caused by your employees (including you) because:
    • They don’t update their software as your IT team almost doubtlessly urges them to do
    • They don’t pay attention to the basic cyber security tenets your IT team publishes (e.g. don’t use “PASSWORD” as your password)
    • They don’t password protect access to their computer or they don’t routinely turn it off or put it to sleep when they leave their desk
    • The allow access to their computer by a colleague, or (worse yet) a visitor
    • They open emails from unknown senders (one in three employees do this)
    • They click on links within suspicious emails (one in eight employees do this)
  • An actual cyber breach is not just an IT security problem (they have already done their best) – it is a business problem, a liability problem, a PR problem, and (increasingly) a legal

As the CEO, you are responsible for your company, including cyber security and cyber breach response – just as you are responsible for revenue and earnings. The buck does stop at your desk.

Since, as the CEO, you are almost certainly not the cyber-security or cyber-breach expert, what do you do? The same thing that you do for all of your other responsibilities – you find an expert and delegate authority and responsibility for cyber security and cyber-breach response to those experts. It is important to emphasize again that cyber-breach response is not an IT problem. It is a business problem, so you should not automatically delegate cyber-breach response to the IT or cyber-security folks. Pick the right person, empower her, support her and resource her.

It is irresponsible to behave as though your company will not be cyber attacked or that your cyber defenses will never be penetrated. A rapid, transparent and well conceived response to a cyber breach can enhance your company’s reputation rather than damaging it. The failure to be prepared for such breach will damage and may destroy your company’s reputation.

Predict your vulnerability to cyber attack – this is easy. You are vulnerable.

Plan your response to a cyber breach – as a business issue and not only a security problem.

Enhance your ability to Perform by exercising your cyber-breach plan regularly.

Predict.Plan.Perform

Knowledge is Power – Or is It?

By Guy Higgins

A generation ago, when I transferred from my last squadron to Washington, DC, I recall hearing a slightly senior officer repeat the phrase, “Knowledge is power,” in reference to working within the federal bureaucracy in DC. He went on to explain that if you knew something that others did not, then you were in a position of power – power to influence events in the direction you wanted. The phrase has been attributed to Sir Francis Bacon who included it in his 1597 book, Meditationes Sacrae and Human Philosophy. In the context of the book, Sir Francis meant that the more you knew, the more you could influence events – not quite the same thing that the slightly senior officer meant. From the senior officer’s perspective, secret or restricted knowledge provided power. From Sir Francis’ perspective, power accumulated with increasing knowledge (which implies not only facts but understanding) – the more a person knew and understood, the greater influence that person could wield. Continue reading

Competition Doesn’t Happen on a Level Playing Field

By Guy Higgins

On the first of September, SpaceX, the commercial space launch company founded by Elon Musk was conducting prelaunch tests of a rocket scheduled for a satellite launch on September 3rd. An anomaly occurred,, and the rocket exploded destroying the payload (for the non-space folks, payloads destined for orbit run into the hundreds of millions of dollars). Rocket explosions are always spectacular, and if you’re as old as I am, you recall black and white TV showing spectacular failure after spectacular failure in the 1950’s and early 1960’s. You may also have seen film footage of spectacular failures of Werner von Braun’s V-2 tests. Spectacular failures are part of the business. Continue reading

Coulda, Woulda, Shoulda, Din’t

By Guy Higgins

There was a recent news article on a lawsuit against the U.S. Government following the murder of two members of the U.S. Coast Guard on Kodiak Island in the Aleutian Islands. The essentials of the situation are that the alleged murderer displayed increasingly angry and threatening behavior over an extended period of time leading to the attack and murder. The plaintiffs are arguing that the Coast Guard should have been aware of this behavior and taken steps to de-escalate the situation, get treatment for the alleged murderer or remove the perpetrator from the island. Continue reading

Small Island Leadership

By Guy Higgins

Seventy-four years ago this month, the United States conducted an amphibious invasion of a small island in the Solomon Islands between Australia and the Asian mainland. The invasion was conducted by the First Marine Division. The division was led by Major General (later General and Commandant of Marines) Alexander Archer Vandegrift. I suspect, though, that General Vandegrift would be the first to tell us that most, if not all, of the Marines on Guadalcanal were leaders regardless of their rank or rate. Continue reading

Security vs. Convenience

By Guy Higgins

Aviation Week recently published an article on cyber security for connected airplanes. There is growing concern that terrorists will hack into airplane control software through the airplane’s entertainment system – these entertainment systems are increasingly connected, via satellite, to the Internet.

So let’s talk about cyber security. Continue reading

Advice from An Old Farmer

By Guy Higgins

I was getting ready to write a post, when this list popped into my inbox. I smiled at all of the advice and laughed at some of it – not because it is essentially humor, but because it is both right and very broadly applicable. That got me to “thinnin’” (for the young readers, Quickdraw McGraw frequently reminded his sidekick that he, Quickdraw, would “do the thinnin’ around here.”). I think that every one of these sage pieces of advice applies to organizational leadership, and I’m going to leave it to the noble reader to think about how each of them applies because all y’all will find many more applications than will I (think of this as an exercise is cognitive diversity). Continue reading

Neurodiversity

By Guy Higgins

I recently read an article in the Harvard Business Review, Neurodiversity: The Benefits of Recruiting Employees with Cognitive Disabilities. I’ve posted on cognitive diversity (which the article does discuss – from the perspective of cognitive disabilities) before but had never considered this aspect of cognitive diversity, and I found the article to be very interesting. I also think that the work done in this area is only a small beginning and that there remains much to be learned. Continue reading

Parkinson’s Law

By Guy Higgins

I’ve mentioned Parkinson’s Law before in posts. The “law” was stated by Cyril Northcote Parkinson in the 1950’s and was famously derived from a study of the Royal Navy’s shore establishment (he was a naval historian) over a period of about 500 years. Basically, Parkinson found that bureaucracies grow at the rate of about five percent per year – independent of demand for the product of the bureaucracy. Note, the “about” in the above statement of the law is very important because the growth of bureaucracies is a human phenomenon and not driven by any law of physics or nature. Continue reading