Michael D. Moberly
Convergence is a dynamic security – intangible asset safeguard bond that produces new insights to mitigating vulnerability, probability, criticality to risk -threat materialization.
Experientially, there was certainly more simplicity and clarity then, than now, regarding industry’s – sector’s receptivity – tolerance to the vulnerability, probability, and criticality of cyber-computer risk and crime materialization, insofar as exposure to adverse effects. In part, of course, this was due to few firms being wholly immune or unattractive as potential-probable targets.
So. when I developed the initial ‘computer crime, computer security, and computer crime investigation’ curriculum at Southern Illinois University in the mid-1990’s, a company’s receptivity-vulnerability to the materialization of cyber-computer security risks-threats was generally presumed to be high. This presumption of vulnerability at the time, existed, in part, because credible gradations – distinctions had yet to be developed insofar as recognizing what non-state – legacy free economic and competitive advantage adversaries deemed attractive aside, of course, those seeking access to U.S. classified (national security) R&D.
In addition, there was little evidence-based research outside the U.S. classified communities-agencies aside from anecdotal evidence from U.S. private sector probing, victimization, and losses that described the conventional who, what, when, where, and how, e.g., develop and incorporate the necessary defense systems and practices to at least decelerate what many of us believed would be inevitable, more encompassing, and stealthily asymmetric.
The actual number of U.S. companies targeted and experiencing data-information breaches, i.e., misappropriation-theft, etc., during the early-to-mid 1990’s were mere guesstimates, at best. Few defensive – mitigation mechanisms were in place then to monitor and/or track illicit IT-computer system probing of or breaches insofar as exploiting vulnerabilities and successfully acquiring access to U.S. company proprietary competitive advantage data and information.
U.S. company-business leadership generally presumed then, as now, those engaging in surreptitious intrusions that lead to breaches of computer systems were variations-combinations of state-sponsored actors. Based on my experience, few U.S. company c-suites recognized the much-expanded role now played by legacy free (independent) actors, growing technological advances in business-competitive intelligence, and information brokering operations. I and others have been characterizing this very lucrative and largely successful phenomena for the past 20+ years, as economic, competitive advantage, and political adversaries at work!
U.S. companies-organizations that experienced breaches – losses of proprietary – competitive advantage information and data during the early to mid-1990’s, were initially and frequently characterized as victims and having little or no responsibility for self-mitigation to cyber-mounted risks or otherwise improve their computer-IT system’s defenses to favorably change their organization’s posture-exposure to unauthorized-surreptitious access to minimize vulnerability, probability, and criticality.
Also beginning in the mid-1990’s, perhaps ironically, there was mounting economic research and evidence that increasing percentages, i.e., 80+%, of most businesses – company’s value, sources of revenue, competitiveness, and sustainability lie in – emerge directly from intangible assets. Not coincidentally, the number of acknowledged intangible asset intensive and dependent companies rose significantly. An intangible asset intensive and dependent company is operationally defined as one embedded with – dependent on business-project specific variations of intellectual – knowhow, relationship, competitive, and structural capital.
It was these firms, based on my independent (investigatory) research, that were routinely being targeted, often successfully, by economic and competitive advantage adversaries globally.
To be sure, certain industry sectors had, at stake, significant financial – reputation exposures (risk) when-if they did not take decisive action to mitigate their vulnerabilities (that favorably affected probability and criticality to breaches-losses or proprietary – competitive advantage information and data which with growing frequency, emerged as reputation risk, civil actions, and financial liabilities, ala criticality. Granted, intangible asset intensive – dependent companies are frequently high-profile players in the global business, trade, and innovation economy. But, admittedly, the concept of ‘convergence’, i.e., recognizing the relevance of a union between physical and cyber security expertise was in its early stages of actual practice.
Beginning in the late 1990’s and early years of the 21st century, there was growing research and ‘white papers’ produced by national defense agencies, professional associations, and sector relevant vendors variously addressing on the benefits and how’s of converging physical and computer security. My close study of many of these sources proved useful insofar as identifying additional and/or alternative facets of convergence.
By the early 2000’s, there existed somewhat of an industry frenzy regarding the practice of converging physical and computer security. This movement (frenzy) was particularly evident in the tech sector and related companies, a majority of which were clear examples of (R&D) intangible asset intensive and dependent. Too, the tech sector was largely driven by completion – market time frames.
Michael D. Moberly December 2, 2017 St. Louis email@example.com ‘Business Intangible Asset Blog’ where attention span really matters!