No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

Building Resilience and Mitigating Risk in the 21st Century

by Corporate Compliance Insights
April 21, 2017
in Featured, Leadership and Career
Building Resilience and Mitigating Risk in the 21st Century

Q&A with Chris Furlow, President of Ridge Global

Ridge Global is working to equip executives and boards of directors to build resilience and properly address their companies’ greatest risks. This includes educating them on cybersecurity, a growing concern for all businesses these days. CCI’s CEO, Maurice Gilbert, interviews Ridge Global’s President to discuss the nature and extent of corporate cyber oversight.

Maurice Gilbert: How did you start your career in cybersecurity?

Chris Furlow: Just after 9/11, I served as Director for State Affairs in the White House Office of Homeland Security.  With the images of the collapsing Twin Towers still fresh on everyone’s minds, the focus was understandably on threats in the physical domain.  But there were individuals in the White House and across government who had been working to counter evolving threats in cyberspace for some time – most notably Howard Schmidt. Howard served as a cyber and critical infrastructure advisor to President Bush and would later serve as cyber czar under President Obama.  Howard recently passed away, but he was a pioneer.

I recall one White House meeting I had with Howard to discuss cybersecurity with a group of state officials.  It was probably 2002.  At that time, many of these leaders viewed cybersecurity as something futuristic. There was little or no understanding of the interdependencies that existed between the digital domain and physical worlds. And even if they understood the connection, cybersecurity was viewed as someone else’s responsibility.  It was through interaction with Howard and other trailblazing men and women that I learned the scale and criticality of cyber and was drawn to it.  It has been a part of my risk management perspective and work ever since.

MG: Who helped shape your views?

CF: Howard Schmidt, of course.  In terms of cybersecurity, you could have no better mentor.  And Governor Tom Ridge.  I have had the privilege to serve under Gov. Ridge at the White House after 9/11, during the stand-up of the Department of Homeland Security and in the private sector as a risk and security consultant for many years.  He has always had a mindset focused on collaboration.  Forget turf.  Tear down stovepipes.  Share information. Collaborate.  As DHS Secretary, he spoke of the homeland security enterprise as being national — not just federal.  That meant that we had to have federal agencies, state and local government and the private sector working together if we were to effectively counter 21st century security threats.  We would be wise to apply many of the lessons from the stand-up of the homeland security architecture to cyber challenges today.  As Gov. Ridge would say, “we’ve seen this movie before.”  Leaders in both public institutions and corporate organizations must have this approach if they want to reduce risk.

MG: How do you stay current on cybersecurity issues?

CF: Cybersecurity is part of our day-to-day client work at Ridge Global.  We advise C-suite leaders, boards of directors, CIOs, CISOs and risk officers on enhancing their readiness, whether it is cyber risk or any hazard.  With the scope and speed of threats today, it’s not just about risk management — it’s about being more agile. Technology has its role, but that sometimes provides a false sense of security.

We find that the way a company addresses the human aspects of security and cybersecurity makes the most significant difference between a company that is resilient and one that may wallow in disruption.  Decision-making is key, so we help leaders with governance, training and exercises for the C-suite down to every employee as may be needed.  The perspective we get from this work allows us to see where gaps occur in companies across sectors.  So our clients get the benefit of leveraging the mistakes of others to help them avoid similar situations.  Additionally, I chair the Cyber Leadership Council and serve on the National Security Task Force of the U.S. Chamber of Commerce.  It’s where national security and economic security policy converge on a peer-to-peer, cross-sector basis.  The regulations you deal with operationally start at the policy level.  If you’re not monitoring those activities as a security leader, you may get blindsided by the operational impacts and associated budgetary consequences.

MG: What are some of the significant issues facing CSOs and Risk Managers today?

CF: The threat surface has expanded greatly.  What used to be viewed in the context of perimeter control — guns, gates, and guards — now includes the cyber domain, which has no borders and no fences.  Actors from around the world can steal, disrupt or destroy from thousands of miles away.  And you still have to deal with the impact of natural disasters, accidents, etc.

But there is another kind of “threat” that has emerged.  On top of trying to manage security operations, you have proliferating regulatory regimes.  No one understands this better than compliance leaders.  I saw a recent fact sheet from the Internet Security Alliance.  It said that security leaders spend about 40 percent of their time and 30 percent of their budget on compliance.  First, as any CSO or CISO will tell you, compliance does not guarantee security.  Regulation has its place, but government leaders should consider potential unintended consequences.  Security professionals should not be put at a disadvantage by over-prescriptive regs, because we all know the bad guys don’t play by the rules.

MG: What do you believe is the optimal reporting structure for the CSO and why?

CF: Security and resilience are not bolt-ons, but are instead business imperatives in the 21st century.  So the role of the CSO — particularly for global companies — needs to be elevated to true C-Suite status and not buried in the org chart.   Cybersecurity has illuminated for corporate leaders many of the risk and enterprisewide interdependencies that have existed for years, yet have gone unrecognized. We’ve seen a lot of antiquated models in our advisory work.  The CEO of one global brand had projected company growth of 3 or 4 percent.  But even a limited assessment showed that they were losing at least that much because of a marginalized security leadership and poor risk management practices. So the CSO should be at the table engaging vertical executives on a peer-to-peer basis to protect people, data, intellectual property, facilities, the supply chain and the brand from an enterprise level.  That can help realize savings in terms of minimized disruption, but a more effectively led security and resilience posture can result in greater reliability, which is a competitive advantage in a risk-laden global marketplace.

MG: How do you see the CSO role evolving over the next three years?

CF: As technology advances, cyber will continue to have more and more relevance.  That doesn’t reduce the importance of physical risk by any means.  In fact, they are inextricably linked, so a balanced approach will be key.  Additionally, the Internet of Things (IoT) means that traditional security platforms like cameras, fire suppression and life/health safety systems are also tied to the digital domain.  It will make our safety and security programs more efficient, but it may also open-up new vulnerabilities that have to be considered.

MG: How does your company help its clients mitigate risk?

CF: Even if your company takes all the right steps, a truly determined actor such as a sophisticated nation-state or criminal organization may still get through, causing disruption across the business.  Having the resources to respond, particularly for small and mid-cap companies, is key to resilience.

Our strategic partnership with Risk Cooperative to offer cyber insurance utilizes an evidence-based underwriting methodology and Lloyds-backed facility that approaches cyber risk the way security professionals would look at the risk, not the way a traditional insurance broker would. It means that we can provide more comprehensive coverage with fewer exclusions.  When the process is informed by real, client-specific data, not just actuarial and historic tables, it’s a win for the insured and the insurer. Our specialty is helping C-Suite executives break the risk management molds that are no longer working for 21st century businesses, so our innovative approach to insurance is another implement for mitigating risk and building overall resilience.

MG: What new service offerings do you have in the queue?

CF: A culture of security and resilience is led from the top.  But most C-Suite executives serving today didn’t learn about this kind of risk in business school.  They learned about financial risk.  And for many CSOs, their careers have been centered on physical risk. Hey, it was the 70’s, 80’s, 90’s.  It’s no one’s fault.  But they find themselves in a hyperactive digital age where attacks can happen by the second and regulators and shareholders are holding them more accountable on cybersecurity.  Business leaders are desperate to increase their cyber literacy.  One way Ridge Global has done this is by partnering with the National Association of Corporate Directors (NACD) and the CERT Software Engineering Institute at Carnegie Mellon University to create a Cyber Oversight Certificate Program.  NACD sets the standard for boardroom practices and this 100 percent online course meets busy executives where they are and amidst their many responsibilities and busy schedules.  It is not intended to make them technologists, but it will help them increase their cyber literacy and get a better handle on risk appetite, resourcing and communication with their IT security team.  And unlike a traditional seminar, it results in a tangible credential from Carnegie Mellon University that demonstrates a director or executive’s commitment to their fiduciary responsibilities and to cyber oversight. We’ve had CSOs and CISOs tell us that it has been good for them because it has demystified cyber in the boardroom so that they can have a much more fulsome dialogue with their board and can work together to properly address and resource their company’s risk.  In an age where some brands throw money at the problem without any real sense of ROI, that is a much smarter approach.

 

Chris Furlow is President of Ridge Global. Mr. Furlow develops custom risk management strategies and helps clients focus on the enterprise perspective, tying together people, processes and technologies that are often stovepiped in organizations.  He has particular expertise in cybersecurity and public-private partnerships for security and resilience. After the 9/11 attacks, Mr. Furlow was named Director for State Affairs in the White House Office of Homeland Security, where he developed the network of state homeland security advisors; supported new state and local intelligence/information sharing protocols; and served as policy liaison to governors on behalf of the Executive Office of the President. He was also a member of the Incident Support Group providing intergovernmental coordination on events of “national significance.”

During the stand-up of the Department of Homeland Security, he was appointed Executive Director of the Homeland Security Advisory Council and led operations of its multidisciplinary public and private sector committees. A former Deputy Assistant Secretary of Commerce, Mr. Furlow is a graduate of Louisiana State University and is a former Senior Fellow of the Homeland Security Policy Institute of The George Washington University. He is a member of the U.S. Chamber of Commerce National Security Task Force and its Cyber Leadership Council, the National Emergency Management Association private sector committee and the Royal Institute of International Affairs (Chatham House, London).


Tags: Internet of Things (IoT)
Previous Post

The Risk Management Process in Compliance

Next Post

Cryptocurrencies: Instruments for Payments or Corruption?

Corporate Compliance Insights

Corporate Compliance Insights

Corporate Compliance Insights

Related Posts

hands typing on laptop, smartphones on the table, work anywhere concept

Oomnitza Delivers IT Management Essential to Business Continuity

by Corporate Compliance Insights
March 9, 2021

Provides critical solutions for the work-from-anywhere environment to address massive shifts in operational models, changed IT ecosystems and technology sprawl...

phishing, scam, hacker business concept in red and blue neon gradients

New Report Unveils the Most Vulnerable Sectors and Departments to Phishing Attacks

by Corporate Compliance Insights
September 14, 2020

Cyberattacks cause great harm to the business world due to their evolving nature, and it is expected that cyberattacks will...

snarling hyena on neutral background

IoT Devices: Lion Cubs Surrounded by Hyenas

by James McQuiggan
July 24, 2020

IoT risk management and security don’t seem to get the attention they deserve until there’s a data breach. KnowBe4’s James...

floating icons, concept of internet of things

What Is Next for IoT Regulation?

by Maria Zervaki
May 1, 2020

Cyberattacks on connected devices continue at a rapid pace, and regulators are well aware of this fact. Access Partnerships’ Maria...

Next Post
bills and credit card on digital background

Cryptocurrencies: Instruments for Payments or Corruption?

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT