A True Christmas and New Year Message

May peace fill all the empty spaces around you, your family and your friends and your colleagues at this special time of year, and in you, may contentment answer all your wishes.

Raise a toast to yesterday’s achievements and tomorrow’s brighter future.

May comfort be yours, warm and soft like a sigh.

And may the coming year show you that every day is really a first day and a new year.

Let abundance be your constant companion, so that you have much to share.

May mirth be near you always, like a lamp shining brightly on the many paths you travel.

Work with the best of your abilities in 2019 and show to the world your power to create wonderful and superior things.

New Year 2019 may turn out to be a year when you are put on the road to everlasting success and prosperity.

Be the change that you wish to see at your workplace and take initiatives to make things better.

Wish your tomorrow is more prosperous, happy and successful than yesterday and today.

Looking forward to another year with hunger and passion to exceed at work and you are sure to meet with success.

Let new beginnings signify new chapter filled with pages of success and happiness, written by the ink of hard work and intelligence.

May the New Year bring us more wonderful opportunities for success.

Here’s wishing you the gift of peace and prosperity throughout 2019.

What can we all learn from the cyber threat landscape of 2018?

Every year, as a co-founder and member of the Neustar International Security Council, I attend The Neustar Cyber Summit, this year the summit was held at the OXO Tower in London and there really were some very interesting findings from the summit which I would like to share.

Rodney Joffe, Chairman of NISC, started to discuss where the Internet of Things fits into the equation.

‘The first thing to recognize is that the Internet of Things is a new phrase for something that’s existed for years. The only difference is scale.
Sometime in the late 1970s or early 1980s, some computer science students wired a Coca-Cola vending machine to the Internet. The students wanted to solve the problem of walking down three flights of stairs to the lobby only to discover there weren’t any cold Cokes in the machine.
It was one of the first devices wired to the Internet, and anyone could connect to it and ask for the status of the Cokes. So IoT isn’t really new. It’s probably best defined as all of the devices that can be connected to the Internet that don’t necessarily look like traditional computers. Items like smart power meters, smart lightbulbs and modern home thermostats, all the way to critical medical appliances and devices, jet engines and power turbines.

Because everyone is now focused on the IoT, we’re trying to develop rules around how all people, places and things interconnect. But millions of devices and things that are out there already are not secure, so we have to find ways of securing them and making sure that everything that gets added in the future is secure.
It’s no big deal if the Coke machine is wrong, but what if a nuclear-generating turbine goes down or if all the air-conditioning systems in a city go on at the same time because the smart meters that control the smart homes were compromised?

The other thing to recognize is that the industrial IoT is much larger than the consumer IoT. The breach of Target customer credit cards started when network credentials were stolen from an air-conditioning filtration vendor that had serviced various Target stores. Those credentials were used to hack into Target’s system, then install malware on a large number of the chain’s point-of-sale devices. The end result was brand damage for Target that has reverberations today.

The facts are, in 2016, we saw a number of huge attacks — many that exceeded 1Tbps. In 2017, by contrast, we saw fewer large distributed denial-of-service (DDoS) attacks, possibly because hackers were finding little advantage in taking a company completely offline. Another explanation is that hackers were simply enjoying the success of the previous year’s myriad of extortion and ransomware-oriented attacks, as well as the many DDoS associated data breaches.

So far in 2018, however, the big attacks are back with a vengeance. Earlier this year we saw the largest DDoS attack ever recorded — 1.35Tbps — using a new type of attack called Memcached, which will be discussed later. Then, a 1.7Tbps DDoS attack was recorded. Previous amplification attacks, such as DNSSEC, returned a multiplication factor of 217 times, but Memcached attacks returned amplification records exceeding 51,000 times! In fact, the potential return from Memcached attacks is so large that they do not require the use of botnets, making them a new and dangerous risk vector.

We are hoping that these attacks will go the way of the Simple Service Discovery Protocol (SSDP) amplification attacks, which used the protocol designed to advertise and find plug-and-play devices as a vector. SSDP amplification attacks are easily mitigated with a few simple steps, including blocking inbound UDP port 1900 on the firewall. There are similar steps that organizations can take to mitigate Memcached attacks, including not exposing servers and closing off ports, but until then, Neustar is prepared.

This year we are also seeing different uses for DDoS beyond simple volumetric attacks, including what we call quantum attacks. Quantum attacks are relatively small and designed to bypass endpoint security and avoid triggering cloud failover mitigation. These attacks are being used for scouting and reconnaissance. In a recent incident, Neustar stopped a quantum attack that never peaked over 300 Mbps, but it featured 15 different attack vectors, went on for 90 minutes, and involved all of Neustar’s globally distributed scrubbing centers.
This attack came from all over the world and was designed to bypass perimeter hardware, using protocols to circumvent their defenses. The attackers behind such campaigns may start small, but they can quickly add botnets, attack vectors, and ports to get what they want.

Neustar recently thwarted what is believed to be the first IPv6 attack. This attack presented a new direction that attackers are likely to pursue as more and more companies adopt IPv6 and run dual IPv4/IPv6 stacks. We believe that IPv6 vectors will continue to emerge as organizations around the world move to adopt the new standard.

You can also expect to see more Layer 7 (application layer) attacks, including those targeting DNS services with HTTP and HTTPS requests. These attacks are often designed to target applications in a way that mimics actual requests, which can make them particularly difficult to detect. It is important to note, however, that Layer 7 attacks are typically only part of a multi-vector DDoS attack. The other parts are aimed at the network and overall bandwidth.

DDoS attacks can be found in a multitude of sizes and for any reason imaginable. They can now be used to find vulnerabilities, to locate backdoors for exfiltration, and as a smokescreen-like distraction for other activities. Today’s organized criminals are able to focus on the results that they want and simply buy or rent the malware or botnets they need to get there. Some have gone so far as to comment that criminals are getting more and more like corporations, each with their own specialization.

The simple fact is that if you’re online, you’re susceptible to an attack. Whether you are vulnerable or not is entirely up to you.

The summit and Rodney Joffe’s keynote was incredibly insightful, but where does that leave us today and how can we guard against such threats in our business and personal lives?

A New York Times report reveals another cyberattack using stolen NSA hacking tools, and experts warn computer systems are not prepared for even more widespread attacks likely in the future. Max Everett, the managing director at Fortalice Solutions, joins CBSN to discuss the threat.

Cybersecurity expert warns the world is not ready.

We can all agree over the course of 2018, global cyber threats have continued to evolve at speed, resulting in a dramatic reshaping of the cyber security landscape. Traditional threats such as generic trojans, ransomware and spam bots were transformed.

After years of focusing on individuals, malware authors will increasingly target enterprises and networks of computers.
Powered by military-grade code allegedly leaked from the NSA, threats such as WannaCry and GoldenEye wrought havoc throughout, shutting down businesses and causing unprecedented operating losses.

The effectiveness of these threats has been compounded by novel lateral movement vectors that augment zero-day exploits such as EternalBlue and EternalRomance, allowing malware to ‘hop’ from one network to another, from organisation to organisation. These targeted attacks are reshaping corporate and government digital security, whilst simultaneously causing fallout in the consumer space.

Ransomware specifically aimed at companies has also become far more prevalent. Since the re-emergence this March of Troldesh, companies have faced extremely targeted attacks that abuse the Remote Desktop Protocol to connect to infrastructure, then manually infect computers.

Certain strains of ransomware such as Troldesh and GlobeImposter come equipped with lateral movement tools (such as Mimikatz), allowing malware to infect an organisation and log clean-up mechanisms to cover their tracks.

Following a surge of market interest around cryptocurrencies that has continued through 2018 and into 2019, miners have diversified and proliferated. Traditional illicit coin miners have rushed to adopt lateral movement tactics such as the EternalBlue and EternalRomance exploits, allowing cybercriminals to infect computers in organisations and increase mining efforts.

Based on threat developments in 2018, organisations should essentially prepare for more sophisticated iterations of malware based on the same theme in 2019.

After years of focusing on individuals, malware authors will increasingly target enterprises and networks of computers. Lateral movement will become standard in most malware samples, either via password-grabbing utilities like Mimikatz, or by exploiting wormable vulnerabilities. In addition, the number of malicious attachments in SPAM emails will increase, particularly those written in scripting languages such as PERL or Python.

“All the world’s a stage/ And all the men and women merely players”; Shakespeare’s famous line makes us consider each person an ‘actor’ in their own right, with their own individual role to play. And when looking across the cyber threat landscape, this rings especially true – each actor has their own motivations and distinct part to play.
When the proverbial hits the fan, it’s typical for the victim – a business or government entity – to focus on the indicators of compromise (IoC) rather than what led to the attack in the first place.

Looking at IoCs is an essential part of a cyber defence strategy and can help victims identify who is targeting them. But it’s a reactive approach, which doesn’t help once your organisation has been breached.

This rear-facing view is also reflected in the cyber sensationalist news narrative. The media tend to focus on the number of attacks – a vanity metric – but rarely on its complexity, length, or who was behind it, and what their motivations were for attacking the organisation in the first place.

IoCs tend to change very quickly, the actor behind does not, nor their objectives and tactics, techniques and procedures (TTPs). For example, US-CERT’s release of the Grizzly Steppe malicious Russian activity was complex in that many of the IoCs that were provided were false positives or TOR exit nodes, making it difficult for companies to make sense of them and ingest.

As such, it’s vital that organisations look to understand the actor – their motive, opportunity and means – and not merely read into the IoCs if they are to protect themselves from potential attack.

Threat intelligence highlights IoCs around an attack, such as that the actor was using cheap outsourced labour to perpetuate the attack, was using a particular hosting platform, or shared infrastructure.

IP addresses and domain names change very quickly, but the adversary’s motive does not. Knowing this is the first step towards changing an organisations’ security stance to mitigate the threat, identifying the indicators of attack (IoAs) rather than just the IoCs. Without intelligence, this would be impossible.

The type of malicious actor organisations must deal with will differ. Some may be state-sponsored, for example, carrying out cyber espionage on behalf of a nation. Others may be hacktivists, looking to incite political change, or cyber criminals looking to make a profit.
Understanding the bigger picture beyond the impact of the attack itself is critical if the good guys are going to triumph over the bad. Intelligence plays a key role in getting to the core of that bad apple.

STIX, the standardised language to represent structured information about cyber threats, helps to store and share information on actors and TTPs. It has become the de facto standard for information sharing in cyber threat intelligence as it facilitates automation and human assisted analysis.

Finally, it’s worth remembering that intelligence is not a silver bullet. It’s a part of a wider puzzle that enterprises need to put together in order to give themselves the best chance of defence against a cyber attack.

Security needs to be seen as an architecture, embedded in the foundation of an organisation. Hygiene factors such as ongoing patch management and end-user training also need to be considered.

The human element behind an attack is often forgotten. However, analysts can create a ‘big picture’ of the lifecycle and ecosystem of hackers by adding in the more specific details.

Enterprises and governments are under a constant barrage of cyber attacks. With the threat landscape evolving and attacks becoming ever-more sophisticated, having time to stop and think about the actor behind the malicious intent may seem like a luxury.
However, businesses need to start looking at cyberattacks from the adversary’s perspective to understand what is most attractive to an attacker. Without this understanding, the problem will persist and the next newspaper headline will feature their name.

In summary, the question is not whether you will be attacked. It is when, by what, and how badly your company’s reputation or finances will be damaged. And one thing is sure in the uncertain world of cybersecurity – the wrong time to consider defence is after the attack has occurred.

James Comey once said:
“We face cyber threats from state-sponsored hackers, hackers for hire, global cyber syndicates, and terrorists. They seek our state secrets, our trade secrets, our technology, and our ideas – things of incredible value to all of us. They seek to strike our critical infrastructure and to harm our economy. “

Does shareholder value rule business?

What is the purpose of a corporation?

It’s remarkable that after a century of management theorising, there is no agreed upon answer.

Common-sense tells us that the purpose of a business is to make money.
A conversation with almost any businessman or economist shows it to be so.
Why else would a company be in business? Many experts agree: The Economist has recently declared that the goal of maximizing shareholder value, i.e. making money for shareholders, is “the biggest idea in business.” Today, “shareholder value rules business.”

Yet two distinguished Harvard Business School professors – Joseph L. Bower and Lynn S. Paine – recently declared in Harvard Business Review that maximizing shareholder value is “the error at the heart of corporate leadership.”
It is “flawed in its assumptions, confused as a matter of law, and damaging in practice.”
Bower has long held this view: back in 1970, he told NPR that maximizing shareholder value was “pernicious nonsense.”

Jack Welch, who in his tenure as CEO of GE from 1981 to 2001 was seen as the uber-hero of maximizing shareholder value, has been even harsher.
In 2009, he famously declared that shareholder value is “the dumbest idea in the world. Shareholder value is a result, not a strategy… your main constituencies are your employees, your customers and your products.

Managers and investors should not set share price increases as their overarching goal… Short-term profits should be allied with an increase in the long-term value of a company.”

But despite these denunciations, the “pernicious nonsense” of shareholder value has spread.
Shareholder value thinking, say Bower and Paine, “is now pervasive in the financial community and much of the business world. It has led to a set of behaviours by many actors on a wide range of topics, from performance measurement and executive compensation to shareholder rights, the role of directors, and corporate responsibility.”

There are thus two opposing schools of thought: Shareholder value is either the best idea in business and the worst idea in the world. Which is it?

Corporate strategy on the other hand, is the overall plan of contemporary management practice, CEOs have been obsessed with diversification since the early 1960s, because almost no consensus exists about what corporate strategy is, much less about how a company should formulate it.

A diversified company has two levels of strategy: business unit (or competitive) strategy and corporate (or companywide) strategy.
Competitive strategy concerns how to create competitive advantage in each of the businesses in which a company competes.
Corporate strategy concerns two different questions: what businesses the corporation should be in and how the corporate office should manage the array of business units.

Corporate strategy is what makes the corporate whole add up to more than the sum of its business unit parts.
The track record of corporate strategies has been dismal.
A study of the diversification records of 33 large, prestigious U.S. companies over the 1950–1986 period, found that most of them had divested many more acquisitions than they had kept.
The corporate strategies of most companies have dissipated instead of created shareholder value.

The need to rethink corporate strategy could hardly be more urgent. By taking over companies and breaking them up, corporate raiders thrive on failed corporate strategy.
Fueled by junk bond financing and growing acceptability, raiders can expose any company to takeover, no matter how large or blue chip.

Recognising past diversification mistakes, some companies have initiated large-scale restructuring programs. Others have done nothing at all. Whatever the response, the strategic questions persist. Those who have restructured must decide what to do next to avoid repeating the past; those who have done nothing must awake to their vulnerability. To survive, companies must understand what good corporate strategy is.

Many post-Enron discussions about corporate governance have focused almost exclusively on the responsibilities of directors and the structure of boards and shareholders.
This is hardly surprising – after all, a company’s survival ultimately depends on the effectiveness of its board’s decision-making processes.
But boards don’t exist in a vacuum. Ultimately, board structures and decision-making cultures will depend on a company’s unique circumstances.
Large companies may also operate different levels of boards throughout their businesses. The complexity of large international organisations with many subsidiaries makes the issue of management information and decision-making more complex, and the need for directors of such vast organisations to have early-warning systems is a must.

The board of directors in any organisation is responsible for its operational, strategic and financial performance, as well as its conduct.
Boards exercise their responsibilities by clearly setting out the policy guidelines within which they expect the management to operate. They will set out the short- and long-term objectives of the organisation and a system for ensuring that the management acts in accordance with these directions.

They will also put procedures in place for measuring progress towards corporate objectives. There is therefore a clear difference between the main responsibilities of directors and managers.
In his recent book, “Corporate Governance and Chairmanship: A Personal View”, Sir Adrian Cadbury distinguishes between direction and management: “It is the job of the board to set the ends – that is to say, to define what the company is in business for – and it is the job of the executive to decide the means by which those ends are best achieved.”
They must do so, however, within rules of conduct and limits of risk that have been set by the board.

Can your board answer the following strategic questions:

· Who are our stakeholders?
· What are our stakeholders’ stakes?
· What opportunities and challenges do stakeholders present?
· What economic, legal, ethical, and social responsibilities does our organisation have towards our various stakeholders?
· What strategies or actions should we take to best manage stakeholder challenges and opportunities?
· Do you have a system for managing relationships with stakeholders?
· How do you measure results? What metrics do you use to assess and gauge stakeholder relationships?
· In a crisis how quickly can you communicate with your relevant stakeholders?
· Do you know the various methods to engage with stakeholders and when not to use it?
· Can you state how much you are spending on each stakeholder group and what your ROI is?
· Have you developed a set of rules and practices on how best to manage the process of building stakeholder reputation with each stakeholder group?

Once you have answered the above questions, then you should attempt these:

I. What strategies or actions should our firm take to best manage stakeholder challenges and opportunities?
II. Should we deal directly or indirectly with stakeholders?
III. Should we take the offense or the defence in dealing with stakeholders?
IV. Should we accommodate, negotiate, manipulate or resist stakeholder overtures?
V. Should we employ a combination of the above strategies or pursue a singular course of action?

Shareholder value: Has been called the driving force of 21st-century business.

What value do shareholders bring to the companies they invest in? Are most shareholders interested in what is best for the company, or are they in it only for the financial performance of the company’s shares?

Regenerative Capitalism is an alternative framework for capitalism that embodies a deeper purpose than merely optimising financial returns, with the goal of promoting the long-term health and well-being of our human communities and the planet.
Aligned with our latest understanding of how the universe actually works, the collaboratively created framework illuminates eight key principles backed by solid science and transdiciplinary scholarship.

Adam Smith, the founder of capitalism, said that everyone should do what is best for themself.
However, Professor Nash, portrayed in the movie “A Beautiful Mind”, starring Russell Crowe, stated that “Adam Smith was wrong!”
Commercial organizations can only succeed if everybody is doing what is best for themselves while simultaneously doing what’s best for the whole group.

Beginning in the 1990s, we witnessed extreme egocentric behavior among public companies who were motivated solely by their own financial gains. Several studies prove that self-centered and egocentric companies perform poorly as compared to companies who focus on developing innovative products, delivering value for the customer, and motivating their employees to be more productive and successful.
How can these companies deliver value to their customers or suppliers if they are only looking at their own bottom line? Too much focus on shareholder value, measured by quarterly reports, is one of the primary reasons that public companies are not realizing their full potential and that the West has been in financial chaos for the past six years.
Companies that outperform the rest – over time – build their success on a performance-based culture, driven from the outside in.

Most executives agree that it’s important to create value for the customer. The problem is that despite the good intentions of the senior management team, this mindset often doesn’t travel farther than the company core values posted in the reception lobby of the corporate headquarters.
You know the classic four: honesty, engagement, customer focus, and collaboration.
If you exchanged one company’s value statement for the values posted in the lobby of the corporate headquarters across the street, would anyone notice? Or are the values posted in the lobby of the neighboring company the same four?

Professor Solow, winner of the Nobel Prize for his theory on economic growth, found that only a portion of financial growth in the world comes from companies making money out of money.
Instead, the majority of financial growth comes from companies actually producing a product, developing a new service, or changing the way we conduct business.
Corporate leaders need to do more than shuffle numbers on a balance sheet.
Consider Steve Job’s unrelenting focus on product innovation and what Apple was able to achieve by creating the iPad, iPhone, and iPod. As we know, iTunes has literally changed the entire music industry!

The obsession with maximizing shareholder value has also impacted the way that companies approach negotiations with their customers and suppliers.

To solve the world’s economic crisis, we need brave CEOs and leaders to step up and declare, “I don’t care what the share value will be for the next two years. We might not make a profit during this period. But we are going to focus all our resources on product research and development with the goal to create the best product the world has ever seen.
We’re here to change the world! We are fully committed to delivering value and a return on investment to our shareholders. Yet it may not be in the next 30 days or even the next three quarters. I am asking our investors to look at us with a long-term view. I am asking them to stand by us and risk a much larger return on their investment if they will agree to fund the innovation required to develop a market-changing product.”

If you left Sharpies under the statement of core values that hangs in the lobby of your company, what kind of graffiti would you find scribbled on your values statement? What would your customers and suppliers write? Your corporate values are better articulated by your employees, customers, and strategic partners than by your management team and board of directors.
If there is a disconnect between your formal statement of values and the graffiti, you have work to do.

If you can build a product that will truly change the world, like Steve Jobs did several times, your shareholder value will take care of itself. Your problems will be protecting your distribution channels, defending your intellectual property, and retaining your talent. Which set of problems would you prefer? I think the answer is obvious – to hell with shareholder value.

Experience tells us that listening to your stakeholders and strive to meet their expectations—difficult or not.
Ensuring they are feeling heard, valued, and appreciated grows trust, support and credibility. Building relationships and understanding motivation takes time and effort but will make your job easier in the long run. Companies are more successful when everyone is on board and on the same page!

A famous quote by Dennis Muilenburg:

 “As we continue to drive the benefits of integrating our enterprise skills, capabilities, and experience – what we call operating as ‘One Boeing’ – we will find new and better ways to engage and inspire employees, deliver innovation that drives customer success, and produce results to fuel future growth and prosperity for all our stakeholders.”


Does your executive board need an Entrepreneurial approach to business?

There has been much discussion around transformative innovation that explores new horizons and potentially disrupts business models, and whether this requires an entrepreneur mindset on the Board of Directors.

Recently, I was asked by Freeths LLP, an award winning and large UK legal firm, to share insights on ‘how to infuse boards with entrepreneurial spirit’ – an article that was included in their prodigious Winter 2018 edition of their Platinum Magazine.
The Freeths Platinum Magazine is sent to their top and private clients. You can read it online HERE (page 15).

This subject is increasing in board discussions and agendas, which has prompted me to continue the subject discussion, to take a deeper dive across the positives and repercussions of adapting and entrepreneurial approach to business.

If you are leading a start-up business or involved in a scale up business with potential for high growth, one of the most valuable things you should do early on is to set up an board of advisors.
Scaling an enterprise is hard work, and you only stand to benefit from drawing on perspectives, experience, and networks that augment your own.
A group of advisors committed to your success not only provides a sounding board to test and strengthen your ideas, it gives you access to important competencies and resources.

But many entrepreneurs, especially those in the early stages, find the task of building an advisory board daunting.

Whose strengths would complement their own and counter their weaknesses?

Who might bring an insight to the table that would otherwise be missed?

It can feel like an exercise in knowing what you do not know. Moreover, most people who have not formalised such a board before have not given much thought to what it takes to keep one running effectively.

Board members tend to have immense experience in at least one of these three areas: financial expertise, industry-specific knowledge, or operational management.
Over the past couple of decades, though, companies have become more interested in diversifying their boardroom both in race and gender as well as in expertise.

Today, you’ll find individuals with backgrounds in marketing, IT, and human resources in addition to the “classic” board member tracks.

The latest trend, however, is adding someone with an entrepreneurial background to your team of directors.

Boards are constantly being pulled between short term goal-oriented oversight and long term, strategically focused planning.
Entrepreneurs are generally going to default to strategic thinking and will help pull your board out of conversations that should be left to your company’s C-suite.

Entrepreneurs are often “visionaries” in the business world and offer a complementary element to boards that already favour members who are well-versed in risk management or short term, operational guidance.

This is not to say that an entrepreneur will always be right about their theories or suggestions, but their presence alone will force more conservative members to tackle some out-of-the-box thinking.

The boardroom is not generally thought of as the ‘nerve centre’ of entrepreneurism within a company, particularly a company trading on the stock exchange.
The role of a typical director is often more about audit, risk reviews and compliance, and directors may see ‘entrepreneurship’ as a risk element.

Often this means keeping one or even both eyes on the rear-view mirror, and yet maybe the biggest threat is ahead and not yet fully visible in the headlights.

Most directors have little experience or understanding of the risks posed by disrupters and technological changes. With many directors on stock exchange companies being recruited from large and established companies, few of them can boast about any entrepreneurial experience. This raises a number of questions:

Do boards need to be more entrepreneurial to detect and counter modern-day risks?

Could a board that is more diverse in terms of experience, age or culture help address this?

We live in a fast paced and rapidly changing world. Even just a decade ago, changes to markets and business challenges were slower paced. However, since the dawn of global connectivity, big data and the maturing of the World Wide Web, companies are encountering threats at a much faster pace and competition is global.

Companies face modern-day risks associated with the ‘Sharing Economy’, cybercrime or even the IoT (Internet of Things).
The threat posed by disrupters can be catastrophic and quickly bring down what was a very successful company.
The board needs to anticipate changes and be innovative in relation to these modern day risks; that is, it has to become more entrepreneurial.

Yet, though the environment in which companies now operate is constantly changing, the behaviours of directors and the majority of boards are not.

Boards spend significant time on compliance and on examining historical data on company performance and comparisons to budgets, yet the strategic role sometimes remains an annual event completed, printed and filed away for 12 months.
Directors spend limited time considering strategy at a typical board meeting, and may regard innovation as a change of state and, therefore, a risk factor.

Directors have a duty of care to their shareholders and are responsible for determining the company’s growth and survival strategies. But do boards spend enough time discussing competition, or new developments in technology, or even possible changes to regulations that may in the future impact the business?

For many boards, these areas are never discussed.

In the business world, will we ever forget Kodak and its devastating collapse, after being a highly successful business that neglected the need to change when digital photography was first introduced.
The irony is that the technology was originally developed by Kodak in 1975 and was effectively discarded because Kodak feared it threatened its photographic film business.
The digital and, at the time, much smaller companies took it on, and everything else is now history.
Although this is a classic example and a tragic one for Kodak’s shareholders and staff, there are many other examples and are likely to be increasingly many more to come.

The new disruptive technologies of the Sharing Economy such as Uber and Airbnb are having a significant impact on the market value of companies in transport and hospitality.
We should also consider the changes that have occurred in print media, including the retrenchment of many journalists because of the impact of digital media and resulting decline in advertising revenue.

Also consider the decline of Blockbuster video and the rise of Netflix. These types of disruptions in other industries could have staggering implications across many markets.

In the area of banking and finance, for example, people are starting to collaborate to exchange money and bi-pass the banks’ foreign exchange departments with the high rise of high growth and disruptive fintech companies.

Directors need to better understand threats and also assess more innovative growth strategies if their companies are to compete in the rapidly changing world in which we live in.

This means a different set of skills are needed at board level, in addition to the more traditional skills.
Business survival requires boards and directors to be more agile and predictive, particularly in relation to disrupters that could be catastrophic for their business.

Technological advances and customer behaviour can turn the business fortunes of companies around very quickly. For the modern-day director, it is necessary to be constantly aware of the external environment so that potential disrupters can be quickly detected and countered.

As a result, more effort is needed to create an entrepreneurial approach at the director level through properly managed processes and structures. This may include extending the current standard board committee structure to include a standalone innovation committee, providing leadership in innovation, and to bringing in a structured process to manage and assess opportunities and threats.

Many classic-minded board members are extremely risk averse and for good reason!

They are tasked with a great amount of responsibility to shareholders and to the overall success of an organisation.

Unfortunately, this can sometimes lead them to fear failure in such a way that it stifles success.

Many successful entrepreneurs are known for embracing small failures in order to reach large triumphs.

This attitude in support of both flexibility and evolution brings a unique and forward-thinking element to any boardroom

For the modern day director, it is necessary to be constantly aware of the external environment so that potential disrupters can be quickly detected and countered.
As a result, more effort is needed to create an entrepreneurial approach at the director level through properly managed processes and structures.

This may include extending the current standard board committee structure to include a standalone innovation committee, providing leadership in innovation, and to bringing in a structured process to manage and assess opportunities and threats.

With the growing need for businesses to fend off disruptions, as well as to create their own disruptions, it is time to consider how board meetings can evolve so that instead of spending so much time on backward looking and historical data, boards do a little bit of creative forecasting and consider the future of the business and the market.

Some suggestions are:
• Create an Innovation Committee. Increasing the time spent considering innovation will make an enormous difference to many companies.
• Spend some time discussing ‘what if’ scenarios to facilitate innovation discussions.
• Develop an opportunity management focus at the board level, instead of just a risk management focus.
• Place on the board’s agenda an item for competitive trends and behaviours and possible disruptions to the business model. Look to other industries for examples of how disruptions have been addressed.
• Encourage management to look to untapped knowledge in the staff pool (e.g. users of the ‘sharing economy’ might have a good understanding of disrupters).
• When it comes to funding a company, maybe consider other innovative methods to raise funds.

The future is bright for those who direct their focus to the headlights and away from the rear-view mirror. Being forewarned of an impending risk or threat may provide the opportunity to develop strategies and so mitigate that threat before its impact is catastrophic.

Keeping an eye on what is coming may help enable your company to be the disrupter, not the disrupted. Maybe we all need to reflect on that ‘Kodak Moment’ to see how quickly things can change.

Final thought, to achieve substantial and continued growth in the 21st century, companies will have to look beyond improving the existing business model or simply launching new products. These actions just will not generate enough growth anymore.

Growth will come from more ambidextrous organisations that excel at improving their established business model (exploitation) and excel at inventing tomorrow’s growth engines at the same time (exploration).

As Peter Drucker once said discussing Innovation and Entrepreneurship – Practice and Principles:

 “This defines entrepreneur and entrepreneurship – the entrepreneur always searches for change, responds to it, and exploits it as an opportunity.”

Peter Drucker