I always find articles by McKinsey worth reading – and I strongly recommend subscribing.

One that merits our attention is Managing the Future: Dynamic Risk Management for Uncertain Times.

It has one major flaw that I will mention and then we will look past: it imagines risk management as something you do to avoid failure rather than achieve success. It only considers downside risks and ignores upside opportunities. It certainly doesn’t help you determine which risks to take!

The minor flaw is that all times are uncertain!

Having said that, here are some interesting comments from the paper:

• The digital revolution has increased the availability of data, degree of connectivity, and speed at which decisions are made. Those changes offer transformational promise but also come with the potential for large-scale failure and security breaches, together with a rapid cascading of consequences. At the same time, fueled by digital connectivity and social media, reputational damage can spark and spread quickly.

Comment: let’s not downplay the enormous upside, not only in detecting and addressing ‘risk’ but in upgrading processes and identifying and seizing opportunities.

Comment: the point about the speed of decision-making is very important. Information about what might happen (a) must be rapidly available,…

Подробнее…

Iran’s National Computer Emergency Response Team acknowledged today that two Iranian government agencies had come under cyberattack, which had been successfully confined to those two organizations. The Jerusalem Post notes that the disclosure came after rumors of the disruption circulated widely in social media.

Norwegian Foreign Minister Ine Eriksen Soreide announced that Moscow was responsible for a recent attack on Norway’s parliamentary email system. The BBC quotes the Foreign Minister as saying, “Based on the information available to the government it is our assessment that Russia stood behind this activity.” Moscow dismissed the statement as a “serious and wilful provocation.”

FireEye today released an account of the activities of FIN11, a “financially motivated APT,” that is, a criminal gang. What they lack in sophistication they make up in volume, running as many as five large-scale phishing expeditions a week. Their targets were initially chosen from the financial, retail, and hospitality sectors, but over the past year FIN11’s target list has expanded to the point where few sectors or geographical regions have escaped attention.

Digital Shadows describes an…

Read More…

The editors at Solutions Review highlight what’s changed since the last iteration of Gartner’s Magic Quadrant for IT Risk Management and provide analysis of the report. 

Technology research giant Gartner, Inc. recently released the 2020 Gartner Magic Quadrant for IT Risk Management. You can download it here. Gartner researchers define IT Risk Management (ITRM) as “software and services that operationalize the risk management life cycle in context of the organization’s mission. ITRM solutions are deployed to establish a central hub that facilitates business-related decision making and risk management.” 

Additionally, in their definition, Gartner defines ITRM solutions by their ability to facilitate risk workflows, aggregate risk-related data, design logic to enable risk prioritization, and provision mapped regulatory content and compliance mandates.

Moreover, researchers predict that by 2025 half of all midsize and large businesses shall use risk management to aggregate digital risks. Additionally, they anticipate the evolution of risk management to monitor and aggregate data from social media and IoT environments. 

In the 2020 Gartner Magic Quadrant…

Read More…

Alex Sidorenko has been working in risk management, a relatively small field in quantitative decision making, for 15 years. His speciality lies in the statistics, math and decision-making disciplines.

Travelling to speak at conferences was a major part of his role as Head of Risk at large corporations and later as freelance risk consultant. Besides presenting his risk management case studies as a speaker, Alex and his colleagues also organised several offline summits in Russia over the last few years. Through this, he built a large network within risk management, and helped grow the community by offering training in his native Russia.

Eventually, armed with the experience garnered from various speaking engagements, a YouTube channel and blog growing in popularity, his sights were set on moving conferences to the digital space. In a true sense of risk management, this was a decision done long before it became sexy due to COVID-19.

Attract RM2 speakers

One of Alex’s biggest motivators for starting a digital Risk Management summit was that it would knock down the barriers to participation – namely, travel to physical summits and the cost to attend.

“I hate travelling,” he laughs.

“Plus – this way, it widens up the pool of speakers (and attendees) as no one has to travel and can access the summit from anywhere. A lot of physical summits pick speakers based on who’s available to travel at the time. Meanwhile, I’m able to pick the best speakers as this is not an issue for online summits”.

It’s an all-too-familiar scenario: your top-choice speaker is unavailable, so you go further and further down the list until you find someone who is. Plus, there is always the risk of travel not going according to plan. From flight delays and cancellations to personal circumstances, holding a summit offline involves taking risks -risks mitigated by moving it entirely online. Not only did Alex get his top-choice speakers – by pre-recording many of his talks (dubbed ‘workshops’ for this summit), it allowed him to take control of the quality and length of all workshops.

Alex also found that during offline events speakers rarely gave practical case studies- instead, choosing to share general career trajectories, aspirations and their life experiences. Though fun the first time, such stories get old quickly.

“In the world of risk management, which is highly mathematical and scientific, none of this matters. Audiences want practical information, and less motivational content that is usually featured at summits. It makes me very sad largest risk management associations offer fluff, feel-good stories and blatant ads instead of useful content at their annual conferences. I was determined to change that.”

Alex approached speakers with themes for the summit – something that narrowed the focus down for speakers, ensuring they could provide relevant content without worrying too much about topic selection. Leveraging his own personal network of contacts, including 28,000 connections on LinkedIn, Alex crafted a line-up that delivered just that. And so, his five-day Risk Academy Week was born, with over 50 workshops – and over 3,500 attendees, with many still signing up to catch replays.

Cater to an international audience

Not one to waste valuable content, Alex is currently working on translating the workshops into Russian to repurpose content for his YouTube channel and blog. He also just held a second Risk Academy Week in Russia which had 3700+ participants – mostly consisting of subtitled workshops from the original summit, but with additional content from local speakers. Repurposing content is one of the most important lessons Alex has picked up from his summit journey.

Make full use of social media

Setting a goal of organising the summit in 4 months, it was important for Alex to build momentum and hype around it as quickly as possible. Alex singles out his social media strategy as the key to attracting attendees. Automating most of the process,  his social media accounts were used to share video invitations, newsletters and blog posts on risk management as well as the theme of his summit.

When promoting your summit or conference, there can never be ‘too much’ promotion- the social channel promotions were supplemented with articles on each of the individual workshops, including both speakers and topics. It’s important to play to one’s strengths – as an avid blogger, Alex regularly publishes articles and videos, so in preparation for the summit, all articles and videos were rebranded to link back to the summit. Besides that, the summit’s speakers, many of whom also signed up as affiliates, mobilised their own networks – sharing pre-written copy on their social media accounts as well. It’s also key to play to your strengths.

To leverage an even greater network, Alex had media partners send out event details in their newsletters and social media pages. And it seems there is no end to Alex’s ambition and plans to utilise all aspects of social media to his advantage – this year, there are plans to introduce LinkedIn Live, YouTube Live and Facebook Live into his marketing arsenal to drum up buzz.

To fully engage a new audience, you always want to be working on your partners’ networks – that is your speakers, sponsors and exhibitors. As well as making use of the affiliate offering, Alex used EarlyParrot to incentivise early bird ticket purchasers to promote the summit.

Make full use of social media

As a risk professional, Alex used lots of planning resources which helped make the summit journey a lot smoother; ensuring days were carefully planned out in the run up to the summit – dedicating some days to promotion, others to summit organisation and others to tasks like checking graphics were in order. However, even with meticulous planning, as a solo summit organiser with only 4 months to deliver an entire summit, challenges were bound to occur. Taking them in his stride, Alex highlights two key issues his summit faced, which were both tech-related.

“They were an easy fix – and taught me the importance of good and clear communication with attendees on how to use the platform.”

Firstly, uploading all his workshops on Vimeo meant that attendees would have to manually press play on the video for it to start, instead of it starting instantly after the page had loaded. Secondly, comments would not update automatically as the workshop played – only displaying new comments if the page was refreshed, thus re-starting the video all over again. Both issues have now been resolved on HeySummit’s platform.

A unique pricing plan

Alex priced his tickets according to the number of workshops – starting from access to 3 workshops for free and all the way up to all-access. There was also a corporate ticket option enabling all-access to the summit for up to 50 attendees.

For him: “It makes sense for attendees to be able to watch the workshops live and access the replays afterwards – this way they wouldn’t be focused on note-taking and remembering content, and would be able to fully engage in the workshops as they were streamed”.

Audience satisfaction was of utmost importance, and since he would be holding future Risk Awareness Weeks, feedback was collected from attendees through HeySummit’s feedback questions function.

Reusing the content

After the summit ended, Alex reworked the site so that it resembled a summit-on-demand, rather than a “this summit has now ended its original run, but you can watch the replays”. Presentation is important, and he wanted to ensure that even after the summit ended, attendees still felt like the workshops were relevant and worth their time and money. How, you ask? By tweaking copy on the workshop description, as well as removing all mention of dates.

He continued to plug the summit heavily on social media, and received hundreds of new attendees long after the live summit ended. Closer towards the launch of the new iteration of his Risk Academy Week, the older summit was closed to registrations and the workshops were published to the Risk Academy YouTube channel, where they serve as advertising for the latest Risk Academy Week.

With so much on his plate, Alex recently hired a writer to repurpose all workshop content to other forms of content, on various mediums. The content will deliver blog posts, podcasts, and eventually, he hopes, a book. This will ensure the content has a far broader impact than just a one-off summit.

Value-add to your attendees’ experience

A key difference between a webinar and a summit is in the value you can add to your attendees (not to mention speakers and sponsors too!) Many of Alex’s workshops had presentation slides available for download, which is handy to ensure attendees remember the content while keeping them engaged with the presentation in the moment.

He also offered multiple bonuses – for example, software licences and books. Many speakers also offered their own bonuses to attendees, like free additional courses or risk analysis models.

“I wanted to ensure there was value to signing up for the summits; something you could take away.”

Go Evergreen – and use summits to promote summits!

Ultimately, event organisers looking to host annual (or more frequent) summits could take a lead out of the Risk Academy Summit’s book and consider using their old content to market their new content. By leaving registrations open for an extended period of time between one summit and the next, you’ll be able to reach a far wider audience.

Plus- talks are great as marketing collateral. There will be no need for you to create additional websites or video-hosting accounts to host your talks. Evergreen summits benefit from having no end date and the flexibility for event organisers to periodically add new content to it. A win-win for organisers and attendees alike!

So what’s next for this summit whizz? His next Risk Awareness Week, of course! It runs in October 2020. Book your place here.

Related

Read More…

CLOSE

Michigan State University said it doesn’t plan to give into a hacker threatening to publish students’ personal records and university financial documents if the university fails to pay an unspecified bounty this week. 

MSU spokesperson Dan Olsen — citing the ongoing nature of the investigation — declined to answer questions about the amount of ransom money requested or the associated deadline.

University officials believe the latest breach occurred on Memorial Day and took relevant computer systems offline within hours of the intrusion, according to a news release. It compromised data associated with the Department of Physics and Astronomy, and information technology teams are coordinating with law enforcement to understand the scope of the breach. Investigators are notifying and providing support to affected MSU affiliates as they are identified.

The cybersecurity breach, known as a ransomware attack, first became public May 27 when a hacker-affiliated blog posted screenshots of files allegedly belonging to MSU affiliates. Images circulating on social media include a redacted passport and a list of transactions related to physics and astronomy projects. They…

Read More…

The US NSA warned yesterday that Russia’s GRU continues to exploit the Exim mail vulnerability (CVE-2019-10149). NSA identifies the Russian unit involved as, specifically, belonging to GRU’s Main Center for Special Technologies (GTsST), the group commonly known as Sandworm. The vulnerability was disclosed and patched in June of last year, and NSA advises users to apply it. This provides another object lesson in the importance of keeping software up to date: the GRU has been exploiting the bug since August 2019.

Kaspersky outlines a campaign against industrial targets in Japan, Italy, Germany and the UK. The specific goals of the campaign are unknown, although Kaspersky says they’ve observed “destructive activity” and extraction of data. The attackers use steganography in the data extraction process. That and other aspects of the campaign make the attacks difficult to detect and block.

Yesterday US President Trump signed an Executive Order on Preventing Online Censorship intended to address ways in which social media are applying “selective censorship that is harming our national discourse.” It addresses Section 230 of the Communications Decency Act, which affords civil liability…

Read More…