In 2016, CEOs and Board Members were told they could prevent potentially catastrophic cyber breaches of their enterprise by strong investment in their security infrastructure, implementing fully compliant policies and procedures, and updating their technology, all at an average cost of tens of millions of dollars per year. This, they were assured, would defend them against anything, except Nation State actors.



In 2017 the world changed, dramatically. Early to mid 2017 leaks delivered amazing tools and technologies into the hands of malicious hackers. In effect, the world is now full of bad actors with Nation State capabilities. The WANNACRY virus is but one version of leaked ransomware used thus far, and as of mid-May had already contributed substantially to an estimated $5 billion in annual damages from ransomware worldwide, with hospitals, shipping companies, manufacturing firms and Hollywood studios all targets.



So how do CEOs protect themselves now? They can’t. Not by relying on past practices, anyway.



Despite this, the cyber security industry continues to try and sell CEOs and their security executives more technology aimed at “preventing the breach”. Why wouldn’t they? They anticipate selling $90 billion worth of these products this year. There is just one problem. That approach doesn’t work. No matter how much you spend, or what your vendor tells you, you will never “prevent breaches.”



Highly decorated CIA and FBI veteran John Mullen will explain what CEOs, Board Members and others can do to protect themselves, without breaking the bank. Everyone is a nation state now, and you need to change your thinking, but there are things you can do to flip the risk asymmetry that currently favors the bad guys. That includes aligning spending and taking a more proactive approach. Today’s CEOs must (legally) turn the tables on their adversaries and begin transferring risk onto their heads.

 

The US is confronted by a greater number of complex geopolitical, economic and diplomatic risks than at any time since 1914. The increasing vulnerability and perceived erosion of US military, political and economic leadership, and the concurrent attempts to restructure the international world economic and trade order, have bolstered the confidence of foreign competitors who believe the US is unable or unwilling to stem this tide of change. This is nowhere more true than in East Asia, which accounts for 30 percent of US GDP, a third of world trade, and the nexus of the most dynamic US financial, manufacturing and technology alliances. The connectivity and weaponization of information and nationalist sentiments are fueling the transformation of great power competition. This is manifested in increasing barriers to foreign trade in China and other overseas markets, and uncertainty among traditional US trade partners in the East Asia region in the face of China’s rise, heightened military and trade tension, and doubts about US staying power.



US and western corporations need a new approach to engagement with partners in the region, many of them “national champions” that are both heavily subsidized by their governments and aided by State intelligence services as they seek competitive advantage against real or potential western rivals. A recognition of how these firms view foreign partners, what they do to seek competitive advantage, and how one can counter some of their efforts can spell the difference between success and failure.



Former CIA Assistant Director and clandestine operative John Mullen discusses the use of risk management strategies designed to thwart attempts by foreign intelligence services and competitors to steal secrets, intellectual property, and information damaging to your brand and reputation. John will provide insight into how an adversary can exploit the intersection of technology and people to their advantage.

 

In 2012 Edward Snowden became a contractor with Booz Allen Hamilton, where he was responsible for supporting IT systems at the National Security Agency. After his extensive revelations about NSA operations, a review conducted by the National Counterintelligence Executive found that his reinvestigation failed to provide a comprehensive picture of Snowden. Security experts commented on the lack of adequate personality data, without which they said they saw little possibility of how anyone might have anticipated Mr. Snowden’s actions. The importance of personality attributes in predicting behavior were similarly emphasized in a long-running joint CIA-FBI examination of Americans who committed espionage. The examiners identified a number of personality traits (e.g., obsessive self-centeredness and selfishness) and behaviors common among the 117 convicted spies. Most importantly, evidence suggests that an employee’s personality is important in determining his or her ethical behavior – or more to the point, their potential proclivity to engage in unethical behavior. Recent research consistently demonstrates that the careful selection of employees plays a role at least as important, if not more so, than incentives in generating performance outcomes.



Employee misconduct is not limited to government agencies, and can cost corporations billions of dollars, as evidenced by JP Morgan’s “London Whale” incident and multiple other cases. Despite the mounting evidence, relatively few corporations test for personality traits that help predict unethical behavior. Those who do are more discerning in their selection processes, make more effective use of their interview time, have fewer toxic employees, and higher performance. Testing for these traits is efficient, non-intrusive and inexpensive, but is only now becoming more prevalent in firms focused on “high trust” positions.



Redacted COO, and former CIA and FBI operative and counterintelligence executive John Mullen, discusses the use of these tools to “select in” your best prospects and “select out” candidates who pose potentially existential risk to your enterprise.