Convergence is a dynamic security (intangible asset) safeguard…which, when effectively applied, produces practical-useful insights for mitigating vulnerability, probability, and criticality to the materialization of risks – threats.
When I developed the initial ‘computer crime, computer security, and computer crime investigation’ curriculum…at Southern Illinois University in the early-mid-1990’s, a company’s receptivity-vulnerability to the materialization of cyber-computer security risks-threats was just beginning to gain the attention it warranted, especially in terms of what was anticipated to be on the horizon. However, vulnerability-probability-criticality at the time were frequently portrayed as gradations – distinctions which, to date, were not credibly developed insofar as recognizing what non-state – legacy free economic and competitive advantage adversaries deemed attractive, and thus would seek access, aside, of course, those seeking U.S. classified (national security) R&D held-stored in IT systems.
In addition, there was little evidence-based research outside the U.S. classified communities-agencies…aside from anecdotal evidence from U.S. private sector probing, victimization, and losses that described the conventional who, what, when, where, and how, e.g., develop and incorporate the necessary defense systems and practices to at least decelerate what many of us believed would be inevitable, more encompassing, and stealthily asymmetric.
The actual number of U.S. companies targeted and experiencing data-information breaches…i.e., misappropriation-theft, etc., during the early-to-mid 1990’s were largely guesstimates, at best. Few defensive – mitigation mechanisms were in place then to monitor and/or track illicit IT-computer system probing of or breaches insofar as exploiting vulnerabilities and successfully acquiring access to U.S. company proprietary competitive advantage data and information.
U.S. company-business leadership generally presumed then, as now…those engaging in surreptitious intrusions that lead to breaches of computer systems were variations-combinations of state-sponsored actors. Based on my experience, few U.S. company c-suites recognized the much-expanded role now played by legacy free (independent) actors, growing technological advances in business-competitive intelligence, and information brokering operations. I and others have been characterizing this very lucrative and largely successful phenomena for the past 20+ years, as economic, competitive advantage, and political adversaries at work!
U.S. companies-organizations that experienced breaches – losses of proprietary – competitive advantage information and data…during this period were initially and frequently characterized as victims and having little or no responsibility for self-mitigation to cyber-mounted risks or otherwise improve their computer-IT system’s defenses to favorably change their organization’s posture-exposure to unauthorized-surreptitious access to minimize vulnerability, probability, and criticality.
Perhaps ironically, in the mid-1990’s, there was mounting economic research and evidence…that increasing percentages, i.e., 60+%, of most businesses – company’s value, sources of revenue, competitiveness, and sustainability lie in – emerge directly from intangible assets. Not coincidentally, the number of acknowledged intangible asset intensive and dependent companies rose significantly. An intangible asset intensive and dependent company is operationally defined as one embedded with – dependent on business-project specific variations of intellectual – knowhow, relationship, competitive, and structural capital.
It was these firms, based on my independent (investigatory) research, that were routinely being targeted, often successfully, by economic and competitive advantage adversaries globally.
To be sure, certain industry sectors had, at stake, significant financial – reputation exposures (risk)…when-if they did not take decisive action to mitigate their vulnerabilities (that favorably affected probability and criticality to breaches-losses or proprietary – competitive advantage information and data which with growing frequency, emerged as reputation risk, civil actions, and financial liabilities, ala criticality. Granted, intangible asset intensive – dependent companies are frequently high-profile players in the global business, trade, and innovation economy. But, admittedly, the concept of ‘convergence’, i.e., recognizing the relevance of a union between physical and cyber security expertise was in its early stages of actual practice.
Soon however, there was growing research and ‘white papers’ produced by national defense agencies…professional associations, and sector relevant vendors variously addressing the benefits and how’s of converging physical and computer (IT) security. My close study of many of these sources proved useful insofar as identifying additional and/or alternative facets of convergence.
Experientially, there was certainly more simplicity and clarity then, than now…regarding industry’s – sector’s receptivity – tolerance to the vulnerability, probability, and criticality of cyber-computer risk and crime materialization, insofar as exposure to adverse effects. In part, of course, this was due to few firms being wholly immune or unattractive as potential-probable targets.
By the early 2000’s, there existed somewhat of an industry frenzy…regarding the practice of converging physical and computer security. This movement (frenzy) was particularly evident in the tech sector and related companies, a majority of which were clear examples of (R&D) intangible asset intensive and dependent. Too, the tech sector was largely driven by completion – market time frames.
Michael D. Moberly December 2, 2017 St. Louis email@example.com ‘Business Intangible Asset Blog’ where attention span really matters!