"The problem we have is that people don't learn lessons. They don't heed warnings."
Ahead of teissR3 | Resilience, Response and Recovery Online Summit 2020, Sarah Armstrong Smith, Chief Security Adviser, Microsoft, talks to Jeremy Swinfen Green about learning from any crisis to improve organisational foresight and resilience.
teissR3, taking place 15th - 24th September 2020, is the leading event focusing on how you improve your organisation’s cyber resiliency and adopt best-practice in incident response and crisis management in a post-COVID-19 world. Register your place by clicking here.
How can you use hindsight to improve organisational foresight?
That's a great question. So actually, 150 years ago our then prime Minister Benjamin Disraeli made the old adage-- plan for the worst, hope for the best. I'm not really sure we've learned that lesson. But it's so important that we do that.
Now, arguably for some companies, this is the worst case scenario right now that's playing out in front of us. And for us, it's not. What I think is really critical is actually history has a habit of repeating itself. So if you think over the last 20 years, every single year there's been some kind of cyber attack. There's been some kind of breach. Every single year since 9/11 there's been terrorist incidents. Every year we have natural disasters.
So what we're talking about isn't anything new. Even 10 years ago we were talking about H1N1. And since then we've had SARS, we've had MERS, we've had Ebola. So everything that we're talking about in regards to hindsight is a really good tool for foresight.
The problem we have is that people don't learn lessons. They don't heed warnings. If you look at every major incident-- if you look at every single report that comes out, they all kind of tell a similar story. And it was almost like this didn't just happen. It didn't just come out of nowhere. As I said, there were warning signs. There were umpteen opportunities for you to actually heed the warnings and do something about it.
So as we talk about foresight, what's coming next, this is not going to be the last pandemic we see. In actual fact, it's going to be something that continues to evolve. And in fact, next time what we might see is something even bigger, or a bigger scale. So actually what this is telling us is we should always be prepared. We should always think about what is the worst case scenario, and actually test our limit to that.
And I don't think that any company has really thought about the magnitude of the pandemic that we're seeing now on a global scale of something that could go on for months, if not years.