In the United States, the business formation rate has been on the decline for years, and there’s little sign of a reversal in the trendline. International patent application rates are falling, too; lower rates of trilateral patent protection may bode ill for global engines of innovation.
What accounts for the relative decline in entrepreneurial activity? Like all such trends, the true answer is, “it’s complicated.” But that’s not to say the mushrooming constellation of competitive threats to businesses based in the U.S. and abroad isn’t playing a decisive role in the pullback.
Indeed, with so many complex and ever-evolving threats looming on the horizon, it’s no wonder entrepreneurs are feeling less sure-footed than ever. The picture is much the same for established businesses, as well.
Most decision-makers understand the importance of comprehensive cyber protection, for instance, even if they can’t speak at length about specific cybersecurity risks that threaten to cripple their companies and send customers fleeing to more secure competitors.
Comprehensive cyber protection is certainly a crucial backstop for businesses in a threat-laden digital landscape, as we’ll see in a moment. However, it’s just one protective measure among many that decision-makers can and should take to keep their organizations, employees, and shareholders safe, secure, and happy.
Some of these measures are digital or digital-first; others involve old-fashioned vectors that remain relevant today. In the following sections, we’ll explore some of the top risks facing U.S.-based organizations doing business in North America and beyond. You’ve surely encountered some of these in your travels already. Are any, in particular, keeping you up at night?
1. Zero-Day Exploits (Vulnerabilities)
Think of zero-day vulnerabilities as cracks in your digital devices’ and platforms’ factory-made armor. Like flaws in your car’s chassis, these weaknesses are present from the moment of inception, right out of the box.
Unfortunately, although zero-day vulnerabilities aren’t your fault, they are your responsibility. It’s incumbent upon you to do everything in your power to prevent zero-day vulnerabilities from turning into zero-day exploits, which arise when malicious actors use zero-day weaknesses to gain access to your systems, networks, and data.
This isn’t always possible. By definition, zero-day vulnerabilities remain unknown unless and until they’re discovered by the manufacturer, white-hat security professionals, or — in the worst-case scenario — hackers looking to exploit them. By that time, the damage may be done, and you’ll be left to clean up the pieces.
You can reduce (but not eliminate) your exposure to zero-day vulnerabilities and exploits by dutifully applying patches and system updates as soon as they become available and conducting thorough research to reveal potential zero-day issues before they’re widely known.
2. Computer Viruses And Worms
You almost certainly use an antimalware program to defend against common cyber-threats, including viruses and worms. Unfortunately, the state of cybersecurity play changes so rapidly that even the best antimalware suites provide only partial, qualified protection against these threats.
The good news: You needn’t place all your antivirus/antiworm eggs in your antimalware program’s basket. You can absolutely take proactive, low-cost steps to reduce your exposure to the worst threats out there.
But it’s a team effort, one that will quite literally require an all-hands-on-deck approach. Your cybersecurity posture is only as strong as its weakest link, after all. For more on the threats posed by malicious code, check out this whitepaper from SANS, a leading cybersecurity organization.
3. Insider Threats (Malicious Insiders)
The gravest threats to your organization may well be human, not digital. Malicious insiders are employees and contractors who, for whatever reason, have decided to turn against you. They may simply be looking to disrupt your operations on the way out the door, they may be actively working for a competitor, or they may have some novel motivation that’s not worth trying to figure out.
Whatever the basis, they can do serious harm to your organization’s bottom line. That is unless you anticipate and parry their attacks. At a minimum, you’ll want to have a comprehensive framework for “watching the watchers” — monitoring the behaviors and activities of internal security employees and top executives across all departments, as these groups are likely to have the highest permissions levels.
You’ll want to live by the principle of least permission, such that your entire team (including the loftiest executives) has just enough access to do their jobs. And you’ll want to deactivate or change these permissions as soon as circumstances require — most commonly when permissions-holders change roles or leave the company.
4. Insecure Vendors And Customers
Some of the most devastating data breaches of the past decade began with an insecure vendor serving non-core support functions. For instance, Target’s 2013 data breach, which resulted in the compromise of tens of millions of customers files, happened thanks to the laid-back security practices of a regional HVAC vendor serving a few dozen stores in the mid-Atlantic region of the United States.
Your vendors’ security practices are your responsibility, at least if you take your obligation to keep customer data secure. Indeed, Target was at fault for not caring more about its many vendors’ security practices.
The company also failed spectacularly or perhaps didn’t even try, to protect against just this sort of uncontained breach by segmenting its internal network in accordance with the principle of least permission. For Target, what’s done is done. For your organization, there’s still time to learn from the mistakes of the past.
5. Global Data Regulations
You’ve no doubt heard of the GDPR, the European Union’s sweeping personal data privacy regulation. Do you know what it means for your organization? If you want your website to be fully accessible by Europe-based IP addresses, let alone to do business with clients and vendors based on the Continent, you’d better. We won’t go into all the eye-glazing detail here, but this Fortune primer is a good high-level overview of what may be expected of your firm.
6. Third-Party IP Theft
If you’re committed to doing business internationally, GDPR isn’t the only far-reaching data-related issue you’ll need to keep straight. It may not even be the most important. This is doubly true if you plan to do business in countries where third-party IP theft is an issue.
Due to the size of its economy and its importance as a U.S. trading partner, China is often singled out in this regard, but Chinese firms aren’t the only offenders. When you manufacture products or components in a third country or loop local partners into your processes, you’ll need to take steps to protect your intellectual property, such as filing international patents and trademarks and understanding your rights under applicable international IP law.
Counterfeiting is a common outcome of international IP theft for firms that manufacture physical and digital products. Contrary to popular belief, counterfeiting isn’t the sole bane of luxury goods manufacturers, though it’s absolutely a serious (and, in cases, existential) threat to bespoke makers.
Counterfeiters also target such mundane categories as electrical equipment, toys, and pharmaceuticals, according to international trade expert Felix Richter. Here’s the bottom line: If your product’s value is inextricably bound up in its brand, you need to take proactive measures to combat counterfeiting before it destroys your value proposition.
8. Tariffs And Entry Controls
While the macroeconomic impact of tariffs is controversial and difficult to measure, no expert disputes that trade barriers complicate matters for organizations looking to do business abroad. If you’re not ready for the patchwork of duties and entry controls that awaits you in the wide world of international trade, you may want to stick to your North American sandbox for now.
9. Local Labor Regulations
Speaking of patchworks: Labor law is even more fragmented than trade law. It’s well known that developing countries typically have lower prevailing wages and fewer worker protections than developed territories, but that’s not where the distinctions end.
Even within countries, prevailing wages and labor regulations can vary widely — wages (and living standards) tend to be much lower in rural areas than larger cities, while enforcement of labor laws may be lax or nonexistent in off-the-beaten-path locales. If you plan to hire locally, you need to understand what you’re in for — and what you need to do to avoid running afoul of the law.
10. Local Partner Requirements
Setting aside the very real risks of counterfeiting and third-party IP theft, doing business in certain international markets may present unacceptable competitive threats that meaningfully affect your decision to proceed (or not).
For instance, in the late 1970s, India famously instituted draconian “local partner” requirements that would have forced multinationals to take on majority-stakeholder partners and reveal their most closely guarded IP secrets in the process.
That led Coca-Cola, IBM, and other major American and European companies to disengage from India’s then-tiny economy. Comparable local partner requirements continue to exist in economically isolated countries today — countries your organization may wish to avoid, even if they’re otherwise wonderful places to visit.
11. Insecure Supply Chains (Hardware Hacks)
Supply chain insecurity is a looming threat for firms that source components from local production partners in multiple international markets. Although many of the takeaways of a sensational Bloomberg Businessweek story about a potential “hardware hack” in a Chinese-made computer chip have been challenged or debunked by further reporting and third-party audits, the takeaway remains distressingly clear: The modern supply chain is rife with potential risks from malicious state and organized criminal actors. Choose your manufacturing partners accordingly.
12. Political Risk
This is an admittedly nebulous category of risk that could nevertheless upend your organization’s best-laid plans at home, abroad, and everywhere in between. “Political risk” looks different depending on where you’re standing, of course. Companies that sell strategically important products or services may find themselves shut out of entire markets by escalating trade wars, for instance.
Others may suffer when the commodity prices spike due to regional political instability, such as conflagrations in the Middle East or civil unrest in sub-Saharan Africa. And, when political risk bleeds over into the real economy and reduces output or productivity, organizations that don’t consider themselves particularly “political” may suffer as a result.
13. Data Loss Due To Natural Or Manmade Disasters
Finally, the loss of digital data due to natural or manmade disasters is a major competitive threat that affects all organizations, regardless of industry or product mix. Call it a great equalizer if you must; just don’t sleep on it.
Investing in a comprehensive cyber protection solution is an important step in mitigating data loss due to natural disasters (say, a fire or flood at your server farm) or manmade travails (say, a broad-based ransomware attack) over which you have minimal control. You may not be able to stop the risk of data loss in its tracks, but you certainly have a say in what happens next.
What’s Keeping You Up At Night?
This is one question few business owners and key decision-makers feel comfortable answering. After all, your deepest fears and vulnerabilities provide a road map to your organization’s weaknesses, which its competitors are no doubt eager to exploit. Why would you possibly want to reveal anything that could put your firm at a competitive disadvantage?
For starters, because peer organizations tend to do better when they stick together. Many of the digital and real-world threats facing global businesses today are too large and involve far too much information for anyone organization to address entirely on its own.
You wouldn’t trust your internal IT team to build an entirely bespoke cyber protection suite, after all — you put your trust in qualified vendors’ expertise to deliver on such specialized matters. The spirit of cooperation between peer businesses — and even direct competitors — is much the same.
Just as the entire team benefits when one member shares an important insight or contribution with the group, whole industries benefit when decision-makers and process owners put forth their own real-world learnings. When communication breaks down or an every-company-for-itself mentality takes hold, the “team” suffers accordingly.
This isn’t to say you need to give your closest competitors the keys to the kingdom, of course. You don’t need to share sensitive IP. You don’t need to let rivals tour your headquarters. You don’t need to share anything in particular.
At the same time, don’t be a stranger. You never know when you’ll stand to benefit from the advice and guidance of your peer executives and owners — even if the thought of speaking frankly with them feels wrong, somehow. It’s a new world out there, with everything that entails. Are you ready for what’s next?
If you are interested in even more technology-related articles and information from us here at Bit Rebels, then we have a lot to choose from.