Thought leadership

Global strategic intelligence

Our five-part video series explores this rapidly developing field and the related tools and techniques companies are using to strengthen their preparedness and resiliency.

November 24, 2021

Does your business use a strategic intelligence function to stay ahead of evolving risks? Our new five-part video series, created in conjunction with Deloitte and Georgia Tech, explores this rapidly developing field and the related tools and techniques companies are using to strengthen their preparedness and resiliency.

Episode 1: The connection between threat intelligence and risk management

How has the strategic threat intelligence function evolved to address changing cyber and business threats? And how are organizations using this information in their broader risk management programs? In this video, we explore a proactive view of business risk intelligence and the key role data and technology play in helping organizations approach risk and resilience.

Transcript

Kevin Lyman, Director Global Thought Leadership, Invesco:

Welcome to the first installment in our series of panel discussions, focused on rethinking risk and resilience and the emergence of the global strategic intelligence function. My name is Kevin Lyman, director of Global Thought Leadership at Invesco. There are a great many aspects to this topic, and we ought to say from the get-go that we won't be able to cover all of them today. In future episodes, we'll take a much closer look at the variety of interconnected threats and challenges facing companies today. We'll also examine how management teams and boards of directors can engage a global strategic intelligence function to help increase the effectiveness of their corporate risk management. We'll then discuss the steps and some of the potential challenges to building a strong global strategic intelligence function. Finally, we'll examine the tools and technology that are available to companies and how they can be applied in the strategic intelligence function and beyond. For today's discussion though, we'll focus on providing an overview of this exciting and fast-developing area and address why companies need to be engaging in new thinking today.

Each of my guests brings a distinct and informative perspective on developments in this field. Chris Ruggeri is a principal and crisis and resilience leader with Deloitte. Also, joining us from Deloitte is Linda Walsh, managing director and cyber risk services, data solution leader. Marianne Nichols is Invesco's global head of intelligence and threat analysis. Finally, Adam Stulberg is professor and chair of the Sam Nunn School for International Affairs at Georgia Institute of Technology. Chris, perhaps you could kick us off by talking a little bit about Deloitte's recent work on rebooting risk, and what prompted your new approach to strengthening corporate risk management and resilience.

Chris Ruggeri, Principal, Crisis and Resilience Leader, Deloitte:

Sure, thank you, Kevin, and very nice to be with you today. What prompted us is our view, that traditional approaches to risk management are inadequate to meet the challenges of the day. And what we often see are risk management programs that tend to be performative in orientation, and what I mean by that is they tend to be exercises that are dutifully repeated rather than strategic practices. This may work well for known risks in a fairly static environment, but as COVID has demonstrated, the environment we live in is anything but static. And risk management is not just about loss prevention, it's about increasing the probability of achieving your strategic and financial objectives. And we don't think of risk as a well-behaved house guest, it's anything but. And risk is, in most cases, impossible to predict, yet key stakeholders, most notably customers and investors, will continue to hold management accountable for performance and results, even when a risk event is unpredictable and unprecedented like COVID-19 was.

So, therefore, we believe risk needs to be rebooted. It needs to be more closely aligned with strategy, focusing risk management on what matters most, integrated across the organization and cutting across silos, it needs to be future-focused and accountable for delivering a return on your investment in risk management.

Kevin Lyman:                   

And I think we'll talk in a minute about how this new global strategic intelligence function really aids in a lot of those objectives. But before we do that, I want to take it up a level and Adam, I am going to come to you and say, it feels like the world around us these days, not just the business world, but even at the macro and the geopolitical level, has changed so much in recent years and there's so much volatility and unpredictability, everywhere you look, seems to be growing every day. What do you think is driving these changes?

Adam Stulberg, Professor and Chair of the Sam Nunn School of International Affairs, Georgia Institute of Technology:

Thank you, Kevin. Thanks for the invitation and also the question. And I think you're indeed correct. The international relations landscape, I think is indeed in flux. Why is it in flux? I think there have been a number of things that have happened really since the end of the Cold War. One, we've seen the end of an ideological rivalry, the change in the distribution of power from two great superpowers, from a period that then went to where it seemed like, it was the American unipolar moment to another era where we now see multiple regional players. But I think what's most interesting to focus on is the character of the change of the landscape. And here, I would say the international landscape is much different than the ones that our parents or even we learned about, where it was a world dominated by states, states were relatively isolated.

We're seeing a multidimensional greater intensity of interdependence that cuts across different policy economic domains, that puts states in direct contact, not only with each other, but non-state actors and companies. And so the metaphor today is not one of states that are atomized or interact in dyadic context, it's more about states interacting in networks. So that's the landscape that brings states in many different ways, in their domestic politics, as well as their foreign policy intruding into markets and other types of exchanges. It also brings companies into the national security realm in ways that we hadn't thought about before in terms of their role in securing vital supply lines and supply chains. So we have a very different landscape, as you rightly noted, characterized by networks of interaction and interdependencies that cut across multiple dimensions. So it's a much more complicated and complex landscape, where I think the business operations and the issues that hit businesses from cyber to branding and other topics are front and center and impacted directly by this complex set of relationships.

Kevin Lyman:                   

And that's the perfect setup, really, Marianne, for you to talk a little bit about the global strategic intelligence function that you've built at Invesco over recent years in response to all of these changes that Adam's been talking about. Can you talk a little bit about how and why you built the team, and then we'd also love to hear a little bit about how you work with some of the other teams at Invesco, the enterprise risk function, internal audit, and the other functions that support the overall risk management effort at Invesco.

Marianne Nichols, Global Head of Intelligence and Threat Analysis, Invesco:

Yes, thank you so much, Kevin. Absolutely. So we built this program about five years ago, started out as a cyber threat intelligence function and then expanded out as cyber crosses everything into other parts of the business. So what we have found over the last couple of years is that our function really does complement enterprise risk. So enterprise risk, primarily being responsible for assessing the likelihood and potential impact of strategic business goals and objectives. Our purpose is to be responsible for both tactical and strategic analysis. On the tactical front, we are regularly assessing potential threats and interconnectedness of those threats. So, for example, if there's a cyber vulnerability, we're reaching out to security, technology, others. If we are seeing potential or seeing chatter about a potential protest at one of our offices, then we are going to be reaching out to physical security facilities. But depending on the protests, we may also need to reach out to brand and global comms.

So we also have a global intelligence briefing that goes to all employees each day. And in that briefing, we identify threats, potential impact to the business, as well as mitigation strategy. So in the case of a cyber example, what are we doing to mitigate as best we can that vulnerability? Then we move into strategic analysis. So with all the threats that we've identified throughout the year, what are the actual risk of those threats to the business? So how many times, for example, did we see or write about a similar cyber vulnerability? Or do we see a trend in the number of times we have identified a particular protest or a theme of a protest? And so that analysis helps to identify the impact and likelihood of the risk. And that is then — we pull that into our annual assessment, which is then provided to the business to include enterprise risk and others.

Kevin Lyman:                  

So Linda, maybe you could jump in with some additional examples of what you've seen this global strategic intelligence function look like in action.

Linda Walsh, Managing Director and Cyber Risk Services, Data Solution Leader, Deloitte:

Thanks, Kevin. And Marianne, you bring up some really good points. I think as we evolve the corporate intelligence landscape, we need to make sure that we're not looking at it in isolation. And you brought up some really good examples of how pulling together those geopolitical things, as well as maybe a ransomware attack, malware trends, are going to help everybody look at this in a more holistic way to reduce the attack surface. I think there's another point to this and as we try to shift to being more proactive along this security continuum, we want to make sure that we're not just looking at external, and we're also trying to aggregate our information along with internal. Let me use an example, one of the things that we saw during the pandemic was a huge increase of work from home. Organizations had to move quickly to get their employees on laptops at home. They had a lot of different factors going on, employees that maybe feared their job was at risk. Maybe it was harder to be proactive and productive, I should say. Employees may have been using their personal devices.

All of these things spread out the attack surface or the potential attack surface and I really think that's a great example of using the corporate intelligence function to bring things back into focus, that rush to be operationalized, and organizations were inclined to maybe downgrade some security features. And as we got everybody remotely working and we needed to go back and say, did we make a configuration adjustment that was not for the best attack surface reduction, and looking at that to make sure that organizations were not relaxing their risk tolerance for their third-party vendors as well. And all of this information in this constantly changing threat landscape, we are looking at different ways to be proactive with that data and look at baseline security events to see where we can be ahead of things, rather than just reacting to them. And as Marianne said, the more intelligence we can bring under one shingle or one roof and look for relationship data in there, the better off we're going to be in securing our systems.

Kevin Lyman:                   

Yes and COVID has changed so much about the way that the companies interact with the world around them. It's a really interesting point. Adam, I am going to take it back to you. What have you seen in terms of the impact on relations between states and companies and other actors that the pandemic has had?

Adam N. Stulberg:           

Kevin, I would basically say that COVID is both a manifestation and a spotlight of this highly interdependent network, international landscape that I was discussing earlier. It is a reflection in the sense that if you just hark back into the very inception of the pandemic, we saw the interdependence of our critical infrastructure implicated, with the importance of shutting down air travel and other forms of communication and interdependencies. In addition, I think COVID highlighted the importance of global supply chains and the ramping up for testing and the development of vaccines and the distribution of those vaccines and where those gaps and vulnerabilities exist within the global supply chain. In addition, I think COVID has put the spotlight on the highly interdependent nature of our information and communications systems, such that narratives in different parts of the world reverberate almost immediately in other parts of the world. And I think that COVID, you're right, was obviously a global phenomenon, but I think it represents less of a change and more of a manifestation and really an illumination of what has been changing for a while now.

Kevin Lyman:                   

And Marianne, what did you see with respect to the global strategic intelligence function that you lead in Invesco? What was the role that you played with respect to the company's response to the pandemic, and how did it play out?

Marianne Nichols:          

We found that it's really about just having a team that is responsible for keeping the business informed and being proactive in identifying and communicating potential threats to the business. When I mentioned the global intelligence briefing earlier, that's a perfect example of being able to communicate that awareness. If you take COVID in early December 2019, January 2020, having that briefing to be able to communicate to business continuity, global comms, facilities, other parts of technology, other parts of the business, that for example, in the local office in Hong Kong, when they were in early January, activating — the Hong Kong government that is — activating their preparedness and response plan. Or when Hong Kong and Taiwan just decided to increase border screening, all indicating upticks in cases. So just having everybody aware of that same information just helps to be able to better plan and be proactive.

Kevin Lyman:                   

And Chris, from the higher-level risk standpoint, what lessons have you seen coming out of the pandemic?

Chris Ruggeri:                  

I think risk doesn't exist in isolation. And when you think about it, an enterprise is really an orchestration of activities focused on delivering the firm strategy. And risk can derail those plans. So I think you have to ask yourself, what are the individual risks or packages of risks that could devastate the organization? And how do you leverage the predictive risk sensing tools, AI, data analytics, scenario planning tools that we have available today to get an early warning system into changing trends or increasing risk patterns? And then how do you build agility and resiliency into your organization by thinking about how those risks may impact critical functions? And what do I do in order to build contingency plans and resiliency into my operations and systems?

Kevin Lyman:     

Thank you, Chris, and thank you to my other guests today. On our next episode, we'll be taking a deeper dive into today's threat landscape and looking at how the various types of threats, that seem to be multiplying every day, are connected with one another, as well as the impact that they have on all types of businesses in virtually every industry around the world. Thank you for listening today, and please join us for our next episode.

Episode 2: Today’s evolving and interconnected threat landscape

The global threat landscape seems to be changing by the hour. From geopolitical issues, to COVID-19, this video takes a closer look at how recent events are increasing threats, and the surprising ways these threats can be linked to one another, making it even more important for companies to have a robust strategic intelligence function. We also discuss how organizations can take a broad assessment of the different threats to their business.

Transcript

Kevin Lyman, Director Global Thought Leadership, Invesco:

Thanks for joining for the second in our series of panel discussions. My name is Kevin Lyman and I'm the Director of Global Thought Leadership at Invesco.

Having set the stage with our first discussion, today we're going to take a closer look at the global threat landscape that companies are facing. A landscape that seems to be changing almost by the hour.

We'll also hear about the sometimes unexpected ways in which these threats can be linked to one another, making it even more important for companies to have a robust, strategic intelligence function as part of their overall risk management program.

Our panelists today are Invesco's Global Head of Intelligence and Threat Analysis, Marianne Nichols; her colleague, Candice Blackmon, Head of Global Intelligence Strategy and Brand Protection; David Christophy, Senior Solutions Delivery Manager with Deloitte Cyber Risk Services; and Adam Stulberg, Professor and Chair of the Sam Nunn School of International Affairs at Georgia Institute of Technology.

Marianne, let me start with you. In our first discussion, you and the other panelists spoke about how the universe of threats that companies face today is rapidly growing larger, more interconnected, and more time-sensitive. Can you expand on that a little bit?

Marianne Nichols, Global Head of Intelligence and Threat Analysis, Invesco:

Sure, Kevin. Thank you so much. I think a really good example that helps to clearly illustrate all the interconnectedness of all the different areas mentioned on this diagram here, would be to look at a social activism group, for example, that might be protesting a parent company that we may be invested in which, of course, might also mean that we might see similar protest. That could look like physical protests outside an office. That same group might be sending emails to our employees, trying to reference what they're protesting. They may also be creating websites referencing our brand. So, in that scenario, we would need to bring in physical security, cybersecurity to help block those emails at the email gateways, and brand, as well as possibly global communications and marketing regarding the reference on their website. So, this is an example that really clearly shows how one topic can, the interconnectedness of it, you really need to bring in different aspects of a business to really assess risk.

We're also seeing, for example, over the past couple of years, the social activism groups finding common themes with other groups in social media space. We're also seeing how these same groups might be reaching out to specific companies about their interests, but also reaching out to the investors behind those companies. So, it's critical for us to have a good understanding of the geopolitical landscape, of the social activism, climate change issues, all of that that's happening, so that we can be proactive when we see a topic that might may or may not escalate or gain traction very quickly so that we can alert the respective business partners and assess the risk.

Kevin Lyman:                   

That's really interesting. And Adam, Marianne mentioned geopolitical risk as being a piece of this, and in our first panel discussion, you had talked about how relations between and among nations have been shifting in recent decades. How is that impacting this global threat landscape?

Adam Stulberg, Professor and Chair of the Sam Nunn School of International Affairs, Georgia Institute of Technology:

Thanks, Kevin. And just to refresh, I was underscoring the changing nature of international relations that is, I think, most aptly captured by a network metaphor. And there we're talking about a highly interdependent, globally structured, multi-dimensional set of relationships where companies, states, individuals are bumping up against each other across a variety of different types of policies and relationships. And, as a result, we're thinking about power and influence, and vulnerability in the context of where companies fit in these different networks, and who they're partnered with, and who their partners are partnering with. That then creates synergies among the very threat vectors that Marianne just mentioned that are seen from internally from companies.

What really is interesting about this current international environment dominated by network relationships is this confluence of these highly interdependent relationships across multiple different levels, with active measures by states to exploit those network relationships, such that state policies as directed towards companies may not be only aimed at stealing money or stealing proprietary information for individual gain, or other narrow exploits, but rather to leverage that information, to manipulate that information, to compound those various threat vectors that Marianne mentioned, as part of their broader state strategies of long-term competition against other states, such as the United States or the West.

So, the point about the changing threat landscape is that, increasingly with states looking to exploit network relationships, companies can find themselves in the crosshairs of efforts where they're simply conduits for these broader state policies, not just endpoints for theft of information or financial gain.

Kevin Lyman:                  

I think, look, we've seen some of that in the context of the COVID pandemic, right? And David, that's a good segue because I was going to ask you what you've seen in the context of the COVID pandemic. How has that affected this threat landscape? I know it's opened up some new vulnerabilities that we've seen, also some new opportunities, hopefully, but can you talk about that a little bit?

David Christophy, Senior Solutions Delivery Manager, Deloitte Cyber Risk Services:

Thanks for having me on, Kevin. The COVID-19 pandemic has provided a tremendous increase in opportunities for threat actors, whether being nation-state threat actors, or cybercriminal, whereby they're exploring various vulnerabilities, and they're exploring various tactics in order to target organizations and individuals, and use those individuals and targets to either benefit from an intellectual property theft or benefit financially, and some of that was mentioned by Adam. In reality, the COVID-19 pandemic has provided this opportunity for threat actors just by the virtue of millions of users and workers going remote. And that by itself creates a vast threat landscape for the threat actors. Opportunities for them to be able to use the remote workforce as their threat vectors and targets makes things lots easier than if they were to target organizations in a strategic manner.

I'm not saying they still don’t do that. What I'm saying is that there's easier ways to attack users and organizations now. And we know that organizations have been trying to produce vaccines. And we have reportings that, in certain countries, that production or research has been disrupted, and the type of attacks were very sophisticated in some aspect by nation-state where a national power grid or regional power grid was targeted, and it wasn't just limited to one region, it was followed by other regions in order to disrupt these types of research. And this is all competitive work, really having a nation-state doing these types of attack, it's very alarming.

We also know that other nation-states have targeted, for instance, pharmaceuticals, vaccine, and biology organizations in order to steal intellectual property. So, we're not just talking about disruption, we're talking about the theft of intellectual property, disruption, in some cases there has been a destruction type of attack where organizations have been targeted by ransomware.

Kevin Lyman:                   

So, we've been talking about the threat landscape broadly, that universe of threats that are out there that companies are facing. Candice, can you talk about how you and your team, the process that you go through to translate that broader set of threats into a specific set of risks that Invesco faces, and then how you respond to those?

Candice Blackmon, Head of Global Intelligence Strategy and Brand Protection, Invesco:

Our team maintains reporting metrics, and those metrics capture our assessments as well as the questions or requirements that they answer. The requirements help us determine the impact of the risk to Invesco. And they cover a wide range of issues, from cyber threats to geopolitical matters to brand threats. Now, we consistently review our metrics because they help us to formulate our assessment of the threat landscape. And that's specific to Invesco.

                                           

Another organization may track their own metrics and come up with their own assessments, which may lead them to a different threat landscape. Though there are some similarities and some overlaps, the threats that impact an asset manager may differ from another organization. For example, we recently looked at our metrics that focused on our brand threats, such as fraudulent investment website, focusing on attacking well-known brands. Now, what we did was we made sure to analyze this threat, understand the techniques and the trends, and then we're able to formulate an assessment so that we understand the impact to Invesco.

Kevin Lyman:                   

That's really interesting. And certainly, there's been a lot in the news about the nation-state activity. So, what have you been seeing from other threat actors like cyber criminals?

David Christoph...:          

Well, Kevin, cyber criminals are just as active as nation-state or state-sponsored threat actors. Since January of 2020, we've observed hundreds of separate campaigns leveraging COVID-19 related news, documentations, or fabricated information in social engineering cyber attacks. And what I mean by social engineering cyber attacks is not limited to just phishing or spear-phishing emails. This could be a combination of both. There is the targeted attack where spear phishing is leveraged, then it's followed on by phone calls. So, cyber criminals are becoming more and more sophisticated into their attack and leveraging the COVID-19 pandemic.

                                           

And they tend to use these types of techniques and tactics to compromise credentials. We have seen compromised credentials to video conferencing solutions to deliver malware that are spoofing legitimate video conferencing tools. We have seen reported by various law enforcement and intelligence agencies across the world, that there is an increase of COVID-19 themed emails and lures to obtain personally identifiable information, what we call PIIs. We all know that PIIs are used by cyber criminals in the marketplaces very widely, in order to target the organizations and sell those PIIs to other criminal actors.

Adam Stulberg:                

Kevin, let me just add a few points to what David mentioned to sort of augment what he was saying, and maybe take us back to how, what he mentioned, is linked again, back to the state challenges that we faced, that augment what he suggested. Because we now see that states are using, or working in cahoots with cyber criminals, either as directed by the state, or as funded, or supported by the state, or just simply allowed by the state, create a state where states create permissive environments for these types of activities. So, the problems that David mentioned are significant, but they become accentuated when they're augmented by those different roles that states may play in this context.

Kevin Lyman:                   

It almost reminds me of a long time ago when you had, they were called privateers, basically state-sponsored pirates who would go around and sink other companies, or other countries’ ships and that sort of thing, either directly or indirectly supported by their adversaries.

So, another topic where there's been a lot of focus recently is on these supply chain threats. And I know it used to be that companies were very focused on third-party risk, now you're starting to hear about fourth-party, fifth-party risk. How are companies, how should they be assessing those kind of threats and managing the risks that are associated with them?

Marianne Nichol...:         

I can touch on that from an intelligence perspective. So, one thing that we've been trying to do as of the last couple of years, we've definitely seen an uptick in that space of third and fourth parties, and so on being impacted by cyber campaigns or ransomware. So, one thing that we have done is working closely with third-party risk, procurement, technology, security to make sure that we have detailed, and we can prioritize by having a list on, out of all these third parties and such, that we have relationships with, which ones do actually have connectivity into our environment, because then we can prioritize. And then when we go to our intelligence sharing forums or our working groups, and we hear a reference to maybe one of these groups, or we know these companies that have potentially been impacted, then we can quickly assess through the list that we've created in working with our business partners to be proactive in that space.

Kevin Lyman:                   

So, I guess it underscores the importance of knowing who you're exposed to, either directly or indirectly, so that you can quickly make that assessment as you were talking about.

Marianne Nichol...:         

Absolutely.

David Christoph...:          

But the threat to the supply chain from a cyber perspective, in my view, is an important aspect that cannot be overlooked and cannot be underestimated. It's a real threat, it is a continuous threat, and nation-states, organizations, cyber criminals, and even insiders will leverage that opportunity.

Adam Stulberg:                

Well, Kevin, let me just also interject here. I think that the points that my colleagues have been mentioning about the supply chain vulnerabilities, or the supply chain concerns either from the position of another company or another supplier to firms’ supply chain is obviously important where the firm fits into, let's say a national security supply chain, is also important from both the external and internal perspectives that both Marianne and David mentioned.

But I would argue that in the network context, it's not only the supply chain where we see these indirect third-party, fourth-party concerns. It's also in corporate strategic relationships. And here, I think this is again, taking us back to a network metaphor. It is the relationships that partners from different companies may have, and the activities that those companies are involved in, in other parts of the world may have a guilty by association effect for companies and their brands.

And so, we're in a world now where we not only have to be concerned about our supply chains, but we have to also be concerned about what our partners are doing in different parts of the world, or different parts of the market that don't directly involve a particular company. And so, we're in the world where a friend of a friend is my friend, an enemy of my enemy is my friend. And the friend of my enemy, of course, is also my enemy. So, we are in a much more complicated situation where it's not just where you fit as a point in a supply chain, but it's also the character of the relationships that we have and that our partners have with others.

Kevin Lyman:                   

I want to thank our panelists today for another great discussion. And I hope that you'll be sure to view the rest of the videos in this series, as we continue to explore this interesting and timely subject.

Episode 3: Perspectives from the board and management

How can corporate boards and management leverage a global strategic intelligence function to assist in risk management? In this video, we explore how business risk intelligence helps facilitate strong connections with the board and management to provide a clear view of the current threat landscape and related risks affecting the company.

Transcript

Kevin Lyman, Director of Global Thought Leadership, Invesco

Thanks for joining us for the latest in our series of panel discussions. My name is Kevin Lyman and I'm the Director of Global Thought Leadership at Invesco. In previous episodes, we've looked at how the global threat landscape is increasingly interconnected and rapidly evolving. We've also explored the emergence of the global strategic intelligence function as a way for businesses to take a new approach in identifying and managing the risks these threats present. Today, we're focusing on how corporate boards and management are responding to this rapidly changing risk environment and how they can leverage a global strategic intelligence function to assist in their efforts.

Kevin Lyman:

Joining me is a panel of guests who are witnessing firsthand these developments. Phoebe Wood serves on the board of Invesco as well as other S&P 500 company boards. Suzanne Christensen is chief risk officer at Invesco. Marianne Nichols is Invesco's Global Head of Intelligence and Threat Analysis. Mary Galligan is a Managing Director with Deloitte's Cyber Risk Services Group. Krissy Davis heads Deloitte's US investment management practice.

Kevin Lyman:

Phoebe, could you start us off by sharing your views on the role of the board and how a global strategic intelligence function can increase the effectiveness of risk management at the board level?

Phoebe Wood, Invesco Board of Directors

Thank you, Kevin. It's a pleasure to be with you today. The director has a responsibility to be aware of the risks that are facing the company. Why else do we spend so much time on the disclosure of risks, for example, in the 10-K, talk about them, have an enterprise risk management system to make sure that we're really looking at the risks and how they might be mitigated or how they might be managed? But certain kinds of risks, especially new risks or newly identified risks, often bring great opportunities, and so if you think about the world in which we are right now, a pandemic, a great opportunity for Zoom emerged. It was a huge risk. The pandemic is a huge risk, but an opportunity comes from it.

Phoebe Wood:

As a director, I feel a tremendous responsibility to scan the horizon, to look for both the risks that might be out there that are a threat, but also those that are an opportunity, and so to be able to share those with management and to have an informed view as you sit around the board table to help companies, so a function in a company that would help you to identify those, you might get some real nuggets, and if you have a team that knows how to put those nuggets together and to string them together, you could really have some insights that would be crucial for not only mitigating risks, but maybe taking advantage of the opportunities because after all, what are we in business for? We take risks to get a return, and so I see the board role as important in both identifying risks and opportunities and using this function to help us along the way.

Kevin Lyman:

I think it's a great point. Mary, I'm interested to hear from you. How are you seeing, as we're seeing these sources and types of threats continue to evolve very rapidly, how is that changing the demands on boards and on management from a risk standpoint?

Mary Galligan, Managing Director Cyber Risk Services, Deloitte

Kevin, the way that it's changing the demands is that it's making the demands more complicated. There is so much information out there, as you've indicated, about threats, about risks, about the impact to business that these threats and risks can have that what's difficult and what's demanding is for the board as well as management to know which threats and which risks are pertinent to them, to Phoebe's point, to prioritize them for opportunities and for better growth.

Mary Galligan:

What boards and management are desperately looking for is someone or some group that can parse through all of this information out there, all of the media information, threat information, information coming in from employees, from customers, and really get to the nuggets, I like that word when Phoebe used it, of what's pertinent to the board and what's pertinent to management. By doing that through an intelligence gathering and an intelligence analytical product is really the best thing that a board in management can hope for. Then along with that, board and management can set the expectations. What is it that they want to know about emerging threats and trends, what is it that they want to analyze further, that helps boards in management mitigate or transfer the risk more seamlessly for them and for their shareholders?

Kevin Lyman:

Suzanne, Phoebe spoke about scanning the horizon. Part of that, for a lot of boards, involves a lot of scenario planning, both short-term and the long-term sort of scenario planning. How can an intelligence function work into that process?

Suzanne Christensen, Chief Risk Officer, Invesco

Hey, thanks, Kevin. That's a really great question. First, I want to start with why you do scenario planning. What's the objective and why is it important? I want to break it down into that short term and long term because they're a little different.

Suzanne Christensen:

In the first instance, with short-term scenario planning, you really do that to improve your responsiveness, to be able to create the muscle memory so that when you are hit with a crisis or hit with a particular risk, that the organization can respond quickly. You do tabletops, you do planning and testing. It's to be able to respond quickly in a crisis, and in order to do that, you have to understand roles and responsibilities. You have to have the right information in hand. You have to identify gaps and do some pre-planning. That pre-planning was really, really important because again, you want to get back to normal as quickly as possible.

Suzanne Christensen:

A global threat organization can really help, or an intelligence function like this can really help, because again, it's about seeing these things as they're coming, having a bit more time because the more time you have ahead, you can, one, either mitigate the risk or just avoid it, or you can dampen the impacts of it, or worst-case scenario, you can get out in front of it with enough lead time that perhaps you're quicker on the response, and so, as I always say, if you can't get away from the bear, you better outrun the bear. I don't know about you, but if I have a little bit more lead time to outrun the bear, that's always a good thing.

Suzanne Christensen:

But let me contrast that a little bit with the longer-term planning and the purpose of the longer-term scenario planning is really to make sure you've got a comprehensive view of risks that can have a high impact to the organization perhaps you're not thinking about today, and as we've been talking about in these series is this interconnectedness of risk and these contagions that can happen. I mean, who would've thought, or did we really understand that a pandemic would increase the phishing attacks because of our virtual environment, or that instantaneously, our backup and recovery plans are obsolete because you can't co-locate to a new location, or this supply chain disruption that's happened? Doing this longer-term scenario planning allows you to think about these things, how they might impact the organization and think about them, the domino impacts of those things.

Suzanne Christensen:

In the case of threat intelligence, I think it's really all about helping to better identify those contagions, those interrelationships, and having the information to be able to work that through and share broadly and to really think about the threats, the links, and the impacts, not only on the organization itself, but also with third parties and fourth parties, because we're all part of the same ecosystem. It's really about helping to better inform your planning, your risk mitigation, and as Mary noted, risk prioritization, too.

Kevin Lyman:

Marianne, do you have some examples of maybe where we've seen intelligence that your team has been gathering in the context of trying to protect us against outside threats that we've then been able to use to run our business more effectively?

Marianne Nichols:

Yes. Thank you, Kevin. I know on an earlier series, we touched on the Global Intelligence Briefing. Our team produces this briefing each day, it goes to all employees. We talk about, we identify threats, how we are mitigating against those threats, and potential impact. That goes to all employees, whether it be a cyber vulnerability or something in the geopolitical space. What we're finding, especially in this work-from-home environment as the attack surface service is increasing due to work from home, we are finding that the awareness that that briefing is providing has been critical. For example, we might write a topic on fake job postings. Well, recently, we've received a number of different emails from employees saying that, "Oh, my goodness, when I read this briefing, I realized that I had seen something similar externally," so we're creating that awareness.

Marianne Nichols:

Also, we used that to talk about COVID early in December 2019, early 2020. As we started seeing an uptick in cases and reporting what was happening at a local level across the globe, we started getting calls from our investment side of the house asking further questions because they were reading the briefing and helping us prepare to move to an eventual work-from-home environment, so just that awareness, having everyone on the same page as these threats are interconnected, is critical.

Kevin Lyman:

Krissy, could you speak a little bit to how a global strategic intelligence function can enable better decision-making by boards and senior management?

Krissy Davis, Head of US Investment Management, Deloitte

Yeah, happy to, Kevin. Thank you. Great to be with you today and my fellow speakers. Listen, I think what we've heard thus far is that the business case and the value for these kinds of programs is really strong and clear. It is about better decision-making, better agility, ultimately enabling a more resilient organization. Management and boards need a clear picture of emerging risks that have the potential to impact their strategy or operations, ultimately so they can make better decisions, right, and enable their organizations to respond and recover to these kind of risk events more effectively. In the past, risk would be overly consumed by loss-prevention activities, or focusing on what's in the rear-view mirror. We don't drive looking in the rear-view mirror, so we certainly shouldn't run our companies and think about risk with that same approach, right? It's really kind of a thing of the past.

Krissy Davis:

To be clear, effective controls and compliance, all of that's still needed, but risk management has to continue to evolve and shift towards providing intelligence about the organization's risks and really helping to anticipate the path forward. That's really where these kinds of programs, strategic intelligence programs, can add tremendous value, sensing changes in the risk environment, and providing an early warning system, that type of a system and communication will really allow management and boards to plan a response and recover, and hopefully thrive when these kind of risks ultimately emerge.

Krissy Davis:

We really have to look no further than the current crisis we're navigating now and this environment of heightened risk and uncertainty. In the early stages of the COVID crisis, I know in talking to many clients that we serve, the most senior leaders of the organization found themselves quickly engaging with their company's risk teams, tapping into their capabilities around risk data and scenario planning, which you heard Suzanne talk about, and risk-based decision support, so it's really proved to be quite helpful in the last 18 months, and certainly will be going forward.

Krissy Davis:

Where these programs can sometimes fall short is with failure of imagination, to think through scenarios and think about what could go wrong that could negatively impact the organization's strategy and operations. As you heard Suzanne talk about, good scenario planning will take you through that if this/then that kind of thinking, and then equally important is to go a step further and think through the potential signals that might indicate where those emerging risks are. You really need to have thought through those signals to then put in place an effective strategic intelligence program and ultimately enable management to make good and timely decisions.

Kevin Lyman:

Let me throw it out to the group, if there's any final advice for how an organization can best identify these sorts of new emerging dynamic risks and opportunities by engaging with a strategic intelligence function?

Suzanne Christensen:

Hey, Kevin. This is Suzanne. I'll take that for a second because I don't think I show up at a board meeting these days where I don't get challenged about how we think about emerging risks and how do we make sure we're thinking about all the things that we need to. It's on top of boards' minds right now and it's more about the process in a lot of ways.

Suzanne Christensen:

But obviously, to really do a good job at identifying things that are unknown, you have to be very broad in your thinking and this is not a business as usual, so casting a wide net and having a lot of different people participate so you can get that diversity of thought and that compounding of ideas and those new perspectives is really, really critical, and obviously, then having a group like a threat intelligence group participate in that to challenge the thinking really is important and helpful to making sure that as a firm, we're thinking about things very, very differently. I know Phoebe, recently you even challenged me, as we were going through our annual risk forum and thinking about business change and emerging risks. You said, "Well, how do you do that? Are you including the right people in there?" It was obviously part of a recent discussion.

Phoebe Wood:

I'm happy to follow up on that. Suzanne, I so agree with what you're saying. I think that one thing we don't do often enough is bring in views from alternative backgrounds and alternative age groups, demographics, et cetera. One of the principles of strategic planning is that you take a look at all kinds of different people from all different walks of life, and I highly recommend that. I think sometimes the value of a board is that it brings so many different perspectives, and so therefore, it can bring that external view, but a function like GSI would be critical to add in some current things that are going on.

Mary Galligan:

What I would throw to you, I think what everybody's touched on, is the importance of the enterprise risk program and everything that goes into that enterprise risk program. You touched on it a little bit, but for the board to understand what that process is and those controls around that, I mean, that's one thing I could think of.

Phoebe Wood:

One of the things that the board really focuses on is the change in perceived risk and threats. At each meeting, management presents what it believes has changed and shares that with the board, and it is critical to know whether or not intensity of the risk or the probability of the risk has changed over that period of time.

Krissy Davis:

One of the things that we've observed as we've talked with our clients and management and boards, is really to be true advisors and to allow good and timely decisions to be made, there is the strong need for robust scenario planning, as we've discussed today, access to the right kinds of data at the right time, strengthened analytical capabilities to step back and evaluate the data and see the forest through the trees in terms of those emerging risks, and then probably most importantly is strong and robust communications between risk teams, between strategic intelligence teams, management, and boards. These are all the kinds of capabilities that are really what's needed to enable that early warning system that I referenced earlier, that kind of approach that alerts management and ultimately boards to emerging risks and enables better decision-making and conversation.

Phoebe Wood:

What we're all talking about here is identifying risk before they become super threats, or identifying risks where we can turn them into opportunities, and that's what, as the director, I'd like to leave with you today.

Kevin Lyman:

I think that's a great place to end our discussion. I'd like to thank each of our panelists for their participation today. We look forward to continuing our exploration of this subject, so I hope you'll join us for our future panel discussions.

Episode 4: How to build a strong strategic intelligence program

Having a dedicated strategic intelligence team can make a tremendous impact in helping organizations prioritize resources and focus on the things that truly matter most. But what goes into standing up an intelligence program? In this video, we discuss how to make the business case, some common challenges, and how an intelligence function can act as the connective tissue across an organization.

Transcript

Kevin Lyman, Director of Global Investment Initiatives, Invesco

Thanks for joining us for this fourth in our series of panel discussions. My name is Kevin Lyman and I'm the Director of Global Thought Leadership at Invesco. Our prior discussions have examined the rapidly changing and interconnected global threat landscape and how companies are increasingly turning to a relatively new function, global strategic intelligence teams, to help them manage risk and maintain resilience in the face of uncertainty and volatility. In today's discussion, we'll talk about the process of standing up a global strategic intelligence team, including some related challenges and misconceptions. Joining me to share their experiences, insights, and war stories are Mark Giuliano, Senior Managing Director and Chief Administrative Officer for Invesco; Marianne Nichols, Invesco's Global Head of Intelligence and Threat Analysis; and Keri Calagna, who leads Deloitte's US Strategic Risk Advisory team. Thank you all for joining me. Mark, maybe we can start with you. And I'd love to have you tell us a little bit about what you found when you first came to Invesco, and how you initially began building out what has now become the global strategic intelligence function.

Mark Giuliano, Chief Administrative Officer and Senior Managing Director, Invesco

Sure, and thank you, Kevin. So, just like anybody going into a new company, there were some structural changes and some, I think, resource asks that we had to make. And so, we came in and stood up what we call convergence models, so really taking cybersecurity and information security and putting them under a senior leader. And once we did that, we spent a good bit of time trying to understand what we were defending against. And I saw, really, a lack of understanding of what the threat actually was, and what it meant to Invesco. And so at that point, I knew we needed to stand up an intelligence function. I had spent a lot of time prior to coming to Invesco in the law enforcement and intelligence community, and I realized the benefit of having an intelligence function that can really help us understand both the threat and help us, as we're building and resourcing a program, to be able to focus the resourcing against the threat. And that's when I reached out to Marianne and asked her to come in and help us stand up a program.

Kevin Lyman:

And Marianne, can you talk a little bit about some of the outputs that your team produces? Who do you share them with? What kind of reactions and results do they generate when you share it?

Marianne Nichols, Global Head of Intelligence and Threat Analysis, Invesco

Absolutely. Thank you, Kevin. So as Mark mentioned, earlier on about five years ago, we were very focused on cyber threat intelligence. So we had a product, which we now call the global intelligence briefing, which I've touched on previously, but at the time it was very focused on a small distro. So, it's security, technology, a few others, and again, it's very much just cyber articles for the most part. But as we gained a better understanding of the threat landscape and started seeing, for example, these phishing emails might be not only targeting but might have HR-related themes, or something that we thought that maybe some other part of the business outside security technology, maybe to be aware of. So, we started with just forwarding our intelligence briefing to those respective parts of the business. And over time, we started getting more requests to be added to the distribution list, because as cyber crosses everything, many other parts of the business were finding an interest and understanding the cyber threat landscape.

Marianne Nichols:

And then as we continued to expand outside of just cyber and into physical security, given the convergence model and others, into 2019 to early 2020, we were regularly reporting in our intelligence briefing about the uptick in COVID numbers around the globe where our local offices were. So, we started getting more requests to be added to the briefing because investments and others, as we've talked about before, were very interested in the COVID situation, of course. So at that time, a decision was made to just have the briefing go to all employees. And again, as we've talked about before, that helped our team, too, to better understand the priorities of the business because we would start getting a better line of communication with other parts of the business, because of what we were talking about and requests to talk about different topics.

Marianne Nichols:

We also have a variety of other products outside of the global intel briefing. So, one would be our annual assessment. That is a product that is a look back and look forward. So, if we talk about all the threats we've seen that we've talked about in the briefing over the past year, what are the risks to the business of those threats? So, that's one product. We also have a brand protection program, and we have a variety of products that we produce under that program with key stakeholders, so that would be largely marketing, legal, and other teams. Those products largely focus on, are we seeing an increase in fake social media profiles, or fake mobile applications?

Marianne Nichols:

So in addition, and the last one I'll really point out, is our country threat assessments. We have a variety of interest and requests from other parts of the business to kind of delve deeper into at the local level of what's happening in high-risk areas. So, we'll give a snapshot of — a one-pager of — the security situation, the cyber situation, the criminal... or what's going on with regarding crime. Weather. So, we'll get requests for that as well. So, that's kind of a snapshot of the products we provide.

Kevin Lyman:

That's great. Thank you. So Keri, I'm going to throw it over to you and ask, in your practice consulting with all sorts of companies, what advice would you offer to a company, an organization that is thinking about starting a global strategic intelligence function, including how do you make a business case for it? Because I can imagine there may sometimes be questions about that. What words of wisdom would you offer to someone on that?

Keri Calagna, US Strategic Risk Advisory team, Deloitte

Yeah. Well, I would say that the increasingly complex and uncertain and dynamic nature of the marketplace today really makes the call to action here more important than ever before. I think we're also seeing that the timeframe to respond to threats has been quickened, right? With social media and technology. Where previously you had perhaps days, now you may only have hours to really respond. So, the call to action I think is very important. And when this is done really, really well, a strategic intelligence program can really equip leaders to make better, faster, more risk-intelligent decisions on how to respond and how to navigate uncertainty. Now, the business case can sometimes be hard to articulate because often there's a kind of a misunderstanding or lack of understanding on what the value really is. And I think some of that comes from leaders that just haven't seen this working really well in their organizations before, so they don't know what they don't know.

Keri Calagna:

So, a couple of tactical, practical words of advice to get started. I'd say first of all, think of this as a journey. You need to learn to crawl and then walk and then run with your intelligence program, and you can do so by starting really small. As Marianne mentioned, you can pick an area of focus, maybe it's corporate travel, maybe it's cyber, but keep the focus small. Let the team get going to start to create some of that intelligence, to let it get into the hands of the business leaders to use it and start to demonstrate the value, and then really build from there. So, I think a couple of things to really do: start small, be really focused, and then evolve. And continuously improve and build upon what's working really well.

Kevin Lyman:

That makes sense. And Mark, can I ask you to weigh in with, I don't know whether they're war stories or what, but just stumbling blocks, misunderstandings. Keri just mentioned some of those, but what did you find are some headwinds as you were getting this going, and misunderstandings maybe that people had about what you were trying to do?

Mark Giuliano:

Look, I think Keri nailed it. I think that the first thing that you deal with is trying to build a business case and try to articulate an ROI, right? Right out of the chute. What's your return on investment? Oftentimes, people are looking for a dollar investment. I say, it really is an investment in protecting the organization in understanding both the threats and helping the risk function operate at a much higher level. I think the other thing too, as a leader in an organization it equips you to make better decisions, to make quicker decisions, but also there's a resource allocation piece that the team helps us, as we're actually taking limited resources and deciding actually where to allocate those; understanding the risk and the threat that you're dealing with. And using that to pigeonhole where you are spending your capital dollars to protect the organization, or even your operational dollars, really helps and really ends up being part of that return on investment and part of that business case. So I think that's one, and I think the other thing is, is starting small, getting it right, because if you get it right, it will... success will breed success. And I think that's the key.

Kevin Lyman:

So Keri, one of the things that we've talked about over this course of this series is some of the unexpected benefits, I guess, I would say, of developing an intelligence function as we've been talking about. And I'm curious; one of the things that's come up is the notion of, the intelligence function is kind of serving as kind of a connective tissue between different parts of the company that might not ordinarily be in regular communication. Can you talk about that a little bit, and the potential benefits of that as part of this function?

Keri Calagna:

Yeah, absolutely. And I'll go a little bit even further. I like to think about this function as the intelligence hub that also has the connective tissue to help connect the dots, right? Across the organization. And so, a couple of points about this. In order for the team to be effective in doing that, they really need to be well-connected and well-positioned. So first and foremost, the intelligence team has to have a really great understanding of the current strategy and how that strategy is playing out. What forces are in play, internal and external? And in order to stay really close to that strategy and how it's unfolding, they need to be positioned well, ideally as a direct report even, to a C-suite executive team member. And that elevated position gives them visibility, but also elevates the impact of the intelligence they're creating and how it can be used. So I'd say, that's one element of connectivity.

Keri Calagna:

Another one is for the team to work incredibly closely with the risk management function and other risk-related teams and capabilities. That way, the intelligence team and the risk teams can really share and dialogue on the threats and the risks and the interdependencies and the ways in which these things can come to life. And more importantly, can also connect to what the organization is doing today to prevent or manage or be prepared to respond to those threats. So, I think that's really important as well. And one final point I'll make about this and the connectivity, is the success of this team is dependent on some tools and technology, but, more so, it's the human-to-human conversations and connections that are made to really dig into the intelligence to synthesize it and talk about how it can be used to drive some actions. So, there's a component of the daily briefs that go out, but also the team engaging with the right leaders throughout the business to really utilize the intelligence and to think about how to respond.

Keri Calagna:

So, I'd say those are a couple of the things that I think about in terms of connecting the dots, but their purview is all-encompassing and they should be in touch with all the departments that could benefit from the use of the intelligence.

Kevin Lyman:

Yes. And I think Keri's point also about having that level of seniority, plugging into that level of seniority, is important for two reasons. One, you're making sure that the information is getting to the places where it needs to get, but also having that very solid understanding within the intelligence team of the business priorities. Again, back to the resourcing point, if the intelligence team... the intelligence team needs to have a very clear understanding and deep familiarity with what the business objectives are, and what the strategic initiatives that are going on throughout the firm are, in order to really be able to provide the best intelligence back to management and the risk organization, to give them the information that they need to make, again, those resource allocation decisions, the risk decisions and all of that. But it needs to be a two-way thing, I think, where the intelligence function understands what the business is doing and the business understands what intelligence is being generated out there.

Mark Giuliano:

Yes. And I think that when you build that relationship the way that you talked about, then you actually get some real requirements from the business, right? And some real intelligence requirements going back to the team, the team being able to provide those in a way that is effective, is efficient, and has the "so what?" to it. It just kind of starts to build on itself. I would say the other thing, too, is you just have to be patient. So it does need top-down support. Secondly, it'll take a while for the company to understand the value and it'll take a while for the team to really pull the dynamics together and be value-add. But if you can think about it in somewhat, in micro bursts, right? Start small, show value, then you can expand it. Then you can build a business case to expand it because you've proven what it can do in a smaller area. And so, I would just say the big bang may be difficult. It is the crawl, walk, run that was discussed earlier that I think is an imperative.

Kevin Lyman:

Keri, additional thoughts on all of this we've been discussing?

Keri Calagna:

Yes. I love it. I think we've nailed so many important elements here. But I would say, trust that a small, dedicated team really can make a tremendous impact if given the mandate and the space to do so. And they truly can help you prioritize your precious resources, right? And help you focus on the things that truly matter most. Consultants, we like to simplify things. So, a couple of questions I sometimes say is, the team should focus on "what?", "so what?" and "now what?" So, we make sure that intelligence is actionable and used, and into the hands of the leaders that need it when they need it. So, it needs to be very timely as well and forward-looking, so we can get from hindsight to insight to foresight. So, a couple of my favorite terms all thrown out there at once. But I think the power and benefit of these teams can be really spectacular.

Marianne Nichols:

Just real quick. I wanted to add to what Keri said. That is what our niche is. I mean, you see all this information outside the newspapers and the media, but what does it mean to us? So we can say, "Okay. Well, you've read that, but this is actually what we are doing to mitigate it. Or do we need to mitigate it? What's the impact?" So all of that information that we can provide, that's the additional layer from what you're going to see outside the organization.

Kevin Lyman:

Thanks for watching today's panel discussion. I hope you'll join us for our final session, which will focus on the tools and technology that can enable a global strategic intelligence function.

Episode 5: The strategic intelligence toolkit

With recent advances in technology, it can be tempting to turn things over and let machines take charge. But they’re not always perfect. This video dives into the tools and technology currently available to assist intelligence teams and why it’s important to maintain the human element.

Transcript

Kevin Lyman, Director of Global Investment Initiatives, Invesco

Thanks for joining us for this last in our series of panel discussions. My name is Kevin Lyman and I'm the Director of Global Thought Leadership at Invesco.

Kevin Lyman:

Our series so far has covered the emergence of the global strategic intelligence function as a new means for companies to address the threats created by an increasingly uncertain and volatile world. Our final panel will dive more deeply into the tools and technology currently available to assist intelligence teams in their efforts. We'll also discuss how to integrate these tools into a company's wider technology platform, and the importance of maintaining the human element.

Kevin Lyman:

Joining me today from Deloitte are James Cascone, a partner with the Strategic Risk practice; Dilip Krishna, Global Cortex AI Platform Leader; and from Invesco, we also have Marianne Nichols, Global Head of Intelligence and Threat Analysis, and Donie Lochan, Invesco's Chief Technology Officer. Finally, bringing a broader academic perspective to the discussion, we have John Stasko, Regents Professor at the Georgia Institute of Technology's School of Interactive Computing. Thank you all for joining me.

Kevin Lyman:

James, I'm going to start with you and ask you to help set the stage for the discussion by providing an overview of the sorts of tools that are currently available to global strategic intelligence teams.

James Cascone, Strategic Risk, Deloitte

Great, pleasure to be here.

James Cascone:

So when it comes to different types of analytics and monitoring tools, there are literally dozens of technologies out there. Some are general purpose aggregators, others are more general-purpose tools that could provide specific regulatory or financial or even cyber information, some of them are more recognized tools and there's always a new technology that's being developed with some advanced analytics approaches. So depending on whether someone is interested in just understanding the geopolitical landscape, cyber threats, anti-corruption, anti-bribery intelligence, or a combination of the above, there are different tools that someone can license or open-source intelligence that can be leveraged.

James Cascone:

From an actual visualization perspective, there are several well-known tools such as Tableau and Qlik Sense, many others that are more statistically based, many of the hyperscalers, cloud providers have their own tools, graph data bases that can be utilized to visualize data. So, there are many, many different options, depending on the expertise of the user and the needs from a visualization perspective.

Kevin Lyman:

And Donie: Can you talk a little bit about how the tools and the technology... some of the tools and technology that James was just discussing. They may be developed for the global strategic intelligence function in the first instance but are those tools that can be applied more broadly within a company or are they really specific to that intelligence function?

Donie Lochan, Chief Technology Officer, Invesco

No. So I would say the short answer is they can be. What I would advise companies to do is look at the... as you're building out the strategic intelligence function, think about the attributes of what that team does. It's highly skilled, it's out there looking at various data sets, alternative data sets, et cetera. It's able to curate those and then it's able to trigger-base, sort of disseminate that data out to different stakeholders. So if you were to think about it like that, there are many areas that you could point that to.

Donie Lochan:

At the corporate level, as an example, many companies will have a strategy function that is doing strategic scenario planning as an example, looking out x years ahead of the market, that's one area. Some companies have, I do in technology as an example, a group that's looking at innovation and what's out there next in terms of technology advancements and that's another area that you can point at.

Donie Lochan:

As we're an investment firm, there's information and insights there that can help our investors, our portfolio managers when it comes to our core business of investing. For many organizations, there's sales opportunity, you have sales people and there's a lot of intelligence there that you can gather that can actually help your sales folks as they're interacting with your customers. So I think you can look at this quite strategically as a capability that you can point at a number of different areas of one's business.

Kevin Lyman:

It sounds like then you would want to be thinking about that at the front end as you're onboarding some of these technologies or thinking about them that you'd want to be thinking about it more broadly than just with a specific intelligence gathering function just in the risk and resilience context but that you want to be thinking about, as you said, how you could kind of point those at other functions down the risk. So, that's something.

Donie Lochan:

Yeah, because you would be looking at it from a sort of business and a technology architecture. So if you had that in mind as you're looking at the different data sets, you would architect it in a way that you could easily ingest more and more different data sets as an example. Not to get too technical, but you would then design what's called an API layer, an application layer that allows you to take those data sets and integrate it into whatever systems you may have, workflow systems, sales force, et cetera.

Donie Lochan:

So yes, it's prudent to think more strategically, let's say, and then bake that into the design even if you obviously just begin with strategic intelligence.

Kevin Lyman:

So John, can I pull you in to maybe bring that wider perspective in talking about the role that the human element continues to play in marrying the technology element with the human element when you're building out a program like this. I know you've done a lot of work on the academic side on this, so I'd love to hear your take on all of this from a practical perspective, what people should be thinking about as they're building out these programs.

John Stasko, Regents Professor, Georgia Institute of Technology's School of Interactive Computing

Sure, sure Kevin. I think with all of the advances in AI, machine learning, and related technologies recently, it's very, very tempting to just turn things over and let the machine take charge and make decisions, but we see the algorithms aren't perfect, they make mistakes or maybe they even have biases favoring a certain type of decision. So, I'm always an advocate for keeping a human in the loop, especially when critical decision-making processes are involved.

John Stasko:

My own research area, data visualization and visual analytics, I think is one of the best ways to do that, where it's not just automated analysis of data, but we're also seeing what the data looks like and there's always a human checking what's going on, making judgements, perhaps steering computations or decisions. And that's a great way to keep people involved and to keep things working as hopefully we expect them to.

Kevin Lyman:

Yeah, so it's really... I guess you need the humans to kind of help figure out which questions you should be asking that help you process all of the data that you're gathering and whatnot. You may have lots of information, but what's the phrase? Lots of information but no wisdom or whatever it is.

John Stasko:

Yeah. I think some of the automated approaches are fantastic when your question is very precise and when you already know it, but many situations arise where you're just given this pile of data and you're not quite sure what to ask or what to look for and that's a great scenario for visualization tools to assist in that early exploration. I think they're valuable if they do nothing more than give you really good questions to ask downstream.

Kevin Lyman:

So Marianne, I'm going to turn to you and ask as somebody who's been on the cutting edge of this, so to speak, standing up this program over the past several years. From your standpoint, what are some of the tools that you've found to be most powerful as you've been building out this function and maybe talk a little bit about the process that you go through in trying new things and figuring out what's most effective.

 Marianne Nichols, Global Head of Intelligence and Threat Analysis, Invesco

Absolutely. Thank you, Kevin.

 Marianne Nichols:

So really, it's a variety of different tools to get that broad sense to make your assessment. Looking at dark web sources, social media, local news, discussion boards, pay sites, all that information, to be able to assess the risk and impact. We also have a dashboard that we regularly internally for the team, monitor and evaluate constantly as far as what tools we're using the most. So which ones are we using for our different products that we put in through our global intelligence briefing, for example. We're constantly evaluating that as we mature as a team. Sources and vendors and tools that we used a few years ago may not be needed as much as they were then because again, we keep developing and keep broadening out the function.

 Marianne Nichols:

We also feel that the technology is critical because for such a small team, a need to weave, as has been mentioned before, through all of this different data and all these different sources, we need to be able to work internally with the business to understand their priorities and couple that with what we're seeing externally. That really helps us to be able to modify and aggregate our information based on requirements. So, topics that would include geopolitical developments, climate change, reputational risk, so all of that, to be able to weave that information to assess impact.

Kevin Lyman:

I think, you make a good point about being a small and agile team that we've talked about in some of the prior discussions, that makes it critical to be as efficient as you can be and of course these tools are all about that, helping you sort through massive quantities of information to really find the pieces that are most relevant to the risks that the company's facing.

Kevin Lyman:

I'm curious: I would guess, Dilip, that you may have some similar experience on the Deloitte side, building out your own technology platform and kind of trying things along the way. Can you speak to Deloitte's journey along those lines?

Dilip Krishna, Global CortexAI Platform Leader, Invesco

Absolutely Kevin. What we find with specifically strategic intelligence and strategic risk is there is a lot of volatility. Combine the volatility of strategic risk with the volatility of the technology and you have an interesting mix. You have requirements for new types of risk, new types of monitoring, new types of visualization and human in the loop that John talked about along with huge changes in technology, and what this really drives is a need (we have experienced this more than once), a need to be very agile in terms of thinking about architectures, but also agile in terms of thinking about vendors, about technologies. Don't get married to a technology. Be ready to use a technology for a while and if you see something better, the architecture has to be built in a way that the technology can be replaced by something else fairly easily. I think Donie talked about APIs and that I think is a way of doing that as well.

Kevin Lyman:

I know you're out talking to clients, people out in the field all the time. What are you finding that you're hearing as some of the biggest challenges that people, others have been encountering when they're building out these technology platforms to support their intelligence functions?

Dilip Krishna:

So, I think the biggest challenge that we find is really the volatility of the intelligence and risk landscape. This can range anywhere from cyber intelligence to supply chain, to insider threat and many other things like that. Not only is there a volatility in the risks themselves, but a volatility in how those risks might interact among each other. Insider threats could be cyber threats, ransomware could have supply chain implications and third-party implications, all sorts of things like that. So that has direct implications in terms of how the technology platform needs to get implemented and built. There are needs for different kinds of data feeds, needs for different kinds of models to be incorporated in very varied but rapid ways because often these threats emerge and mature very, very rapidly. So there's a lot of need for things like that.

Dilip Krishna:

Staying for a moment on the topic of data, the data formats then can have a lot of different variety as well. Anything from structured data to semi-structured laws and things like, that to even the documents, news, information, emails, chats, all those sorts of things and the ability to incorporate all of that and integrate them is critical to doing this effectively.

Dilip Krishna:

Finally, the edge. The point that John made about human in the loop is extremely critical and the user interface and the user experience at the end of all this is really what keeps the risk at bay, and that's probably the hardest part of making this really work effectively.

Kevin Lyman:

So thank you. Any last thoughts? I'll throw it over to you, maybe Donie and Marianne. Just having, again, built out one of these functions, any final lessons that you would want to share with others who may be embarking on this journey?

Donie Lochan:

Yeah, look, maybe what I'll do is give a view just as a user, as a recipient from the service that Marianne has and show how basically I've leveraged it more and more over time. So initially, it was great insights and give me the insights as it were but then you get to a point and you say, "Can you actually curate this for me in a certain way?" and that's the next level. Then when you get that, suddenly it's well, can you automate it or can you actually run some additional insights for me, et cetera. And then finally you get to a point where you realize the value and you say, "Oh, can you point it over here and do this for me?" because I have something I'm working on over here that I think you can help.

Donie Lochan:

So I think there is a level as a user and you start to see the criticality and the insights coming out of the group. You start to create more. I'm technical, so I'll just say use cases for it, but Marianne maybe from your standpoint…

 Marianne Nichols:

Yeah. No, thank you so much, Donie. Absolutely what we found as we continue to expand the program through our global intelligence briefing, we would start getting requests for, "Oh, I saw that you wrote this on the briefing, can you delve a little more into that because we're actually looking at something similar?" or "Have you thought about talking about this topic because this is a priority for our part of the business?" and that gave us a window in into really more about what their priorities were and helped us gain our customer base.

 Marianne Nichols:

So absolutely, the more we understand about what the priorities of the business are, and the more they understand that we are not just a security threat function, we can be more proactive in our analysis, coupling that internal with external information and really be able to make assessments and opportunities as we can be more proactive.

Kevin Lyman:

That's great. So thank you. Thank you all for your input today. This has been a really interesting conversation and I think it's a great way to round out our series on the global strategic intelligence function.

Kevin Lyman:

So, thank you to all of the panelists and thank you to our audience who’ve been following us on this journey. We hope you've enjoyed our series on the emergence of the global strategic intelligence function and that you'll share your feedback and any questions you might have. Thank you again for joining us.