Tag Archives: Toby Redshaw

Dark Web and Other Scary Cyber Trends

We have all heard the continued drum beat regarding hacking. Anthem, Sony, Target, Home Depot, Experian and various government and military branches have all been hacked and have received their fair share of negative press. In each case, people were harmed, leaders were fired, brands were damaged and no one was really surprised.

I am not a singularly focused cybersecurity expert, but I have been up to my neck in tech for 30 years and have a knack for seeing emerging patterns and macro trends and stitching those together to synthesize consequences and outcomes. In the case of the Dark Web, none of that is good news; The emerging patterns should worry us all. As English historian (1608-1661) Thomas Fuller wrote, “Security is the mother of danger and the grandmother of destruction.”

See also: Best Practices in Cyber Security

Below is my list of the “Top 10 Scary Macro Cyberthreat Trends” –and this is still early days for them.

1. The Dark Web Pareto 

Over the last decade, the hacker population has gone from 80% aficionados/hacktivists/deep-end-of-the-pool techies and 20% professional criminals to 80% professional criminals and 20% “other.” To be clear, by “professional criminal” I mean organized criminals who are there for the money, not just to someone who broke the law.

2. “Lego-ization” of the Dark Web

Over the last few years, technology in the Dark Web has been changed from intricate, end-to-end hacks to a place where one merely assembles “legos” that are commercially available (albeit inside an anonymized criminal environment.) People don’t just buy tool kits with instructions but also the ability to buy “lego-ized” services like illicit call center agent time for more complex criminal activities such as getting access to someone’s bank account. Parts of the Dark Web look like IKEA without the assembly difficulty or the inevitable leftover parts.

3. The Dark Web embraces the capital-lite approach

Of course, the Dark Web has embraced the cloud-computing model for the reasons we see in the enterprise world. What this means to the criminal hacker or, more likely, hacker organization, is that they can now go asset-free and rent the assets they need when they need them.

For example, there are services for running a few hundred million password permutations in less than an hour for a few hundred dollars. Hackers no longer need to infect a massive amount of computers to fire up a denial-of-service hack; they can simply rent time on a botnet, a massive amount of “hijacked” computers up for sale in the Dark Web. Most companies still do not have a botwall to deflect bots.

Gameover ZeuS is a massive example of a botnet with one variant able to generate 10,000 domains a day with more than three million zombie computers — just in the U.S. Botnets are sometimes referred to as “zombie armies” (surely there’s a TV series in there somewhere.) The Bredolab botnet may have had as many as 30 million zombie computers.

See also: Demystifying “The Dark Web”

4. Clandestine versus brazen 

The bragging rights for revealing a hacking “accomplishment” was once a hallmark of this space. Over the past decade or so, that factor has greatly diminished. The criminal enterprise would like nothing more than to go unnoticed. The recent massive Experian hack only came to light after the Secret Service let Experian know some of its stuff had been found for sale in the Dark Web. Focusing on avoiding detection by adopting smarter methods, targets, distribution models and revenue capture is better business and is in line with a longer, sustainable view of profit. None of the criminal organizations have boards of directors that pressure them to hit the quarterly sales and operating income figures. A hack is not a moment in time; if a hacker can go undetected, he or she can milk the hack for years. This is worrisome.

5. The total available market has grown and is target-rich 

The target space for crime connected to an IP node has grown tremendously, and so has the value of the content. The massive increase in mobile IP addresses, the online transactions we do and IP-related things like stored value cards or mileage points makes a rich target for crime. It is 100x bigger than what it was just 10 to 15 years ago.

The target space’s growth is accelerating. After banking regulations on the minimum size of banks were relaxed in 1900, 2,000 banks were added in two years along with growth in the relatively new credit union sector. This increase in “target space” spawned bank robbers. The target space for Dark Web crime loves the increase in the target area and doesn’t mind that the “banks” are smaller. The number of people using the Web and the average amount of time spent on the Web continues to increase. I think with the advent of things like the Internet of Things, 5G, Li-Fi and a quantum leap in cloud computing capacity per unit cost, this increase will accelerate.

6. Small many versus big few 

Over the past decade, the trend in conjunction with the above items moved toward smaller “heists” but a lot more of them. Someone in Venezuela took $2 a month off my credit card for 18 months before it stopped. How many people would miss a dollar or two off a stored value card/account that has an auto-refill function like my Skype account does?

What sort of statistical controls would you put on your revenue flows (as a business) to even recognize that leakage? Of course, there are still big hacks going on, but a lot of those are just the front end of a B2B transaction that then sells off that big pool of hacked data to buyers in the criminal bazaar. Small, often and dispersed is harder to catch and more clandestine by nature.

7. Automation of the Dark Web

Timing is everything. As the Dark Web evolved into a scale-based, organized criminal environment, it leveraged modern automation from provisioning to tool sets to communications and even to billing.

Blackshades creepware is a great example of automation extending into the consumer product end. Available for $50, it has a point-and-click interface and has internalized all of the complexity and has automated hacking even for actors with very low-level tech skills. It allows the bad actor to browse files, steal data/passwords and use the camera (often relating to extortion). Blackshades infected more than 500,000 computers in more than 100 nations. A lot of the people who bought this did not have the skills to do any hacking without this kind of automation.

8. Tech getting better, faster, cheaper while talent improves

Late last year, TalkTalk, an ISP quad-play provider in the U.K., got hacked and held for ransom by four teenagers. The company estimates $90 million of cost tied to this hack, and no one really knows what the cost of the brand damage has been. There’s also a third of the company’s market cap gone, and it lost 95,000 customers. In all fairness, TalkTalk’s security was poor. The point here is that the technology in the Dark Web is getting faster, better and cheaper. At the same time, the average talent level is rising, which may not be the case in the non-criminal tech world.

There are three factors at play:

  1. Communities of collaboration and learning are becoming commonplace. Blackshades is a great example of a malicious tool with a super-low point of entry (price and tech skills) backed up by great online help and a community site.
  2. The likes of the Metropolitan Police Cyber Unit (London), the FBI, Interpol, etc. are all very effective and are continually improving organizations that stop crime and lock up cyber criminals. In some ways, this is a culling of the herd that also serves to create a positive Darwinian push on the average talent in the Dark Web.
  3. The giant upside financial opportunity to using tech skills for nefarious purposes creates a big gravitational pull that is only enhanced by recent economic and national turmoil, especially in places like Eastern Europe, Russia and Ukraine. In addition to that, state-sponsored or affiliated hackers with military-like rigor in their training can often make money moonlighting in the criminal world.

The combination of forces raising the talent level and the continued improvement of technology make for a bad combo. The Dark Web is also embracing open sourcing. Peer-to-peer bitcoin-based plays may become the next dark commerce platform.

9. The Dark Web itself

The Dark Web has evolved over the past decade or so from a foggy, barely penetrable space to a labyrinth of loosely connected actors and now to a massive, modernized bazaar thriving with commercial activity with a huge neon sign on the front door saying “Open for Business.” It is not just a bazaar, it is a huge B2B marketplace where the best criminals can resell their wares whole or in “lego-ized” pieces. Some of these criminals even offer testimonials and performance guarantees!

The Dark Web has moved from what economists call “perfect competition” to a more imperfect model trending toward oligopoly. In simpler terms, it is not a sea of malevolent individuals but, rather, the domain of organized businesses that happen to be largely illegal. These are organizations of scale that must be run like a business. This new structure will evolve, adapt and grow so much faster than the prior structure because these organizations have mission-focus and cash-flow pressures. Of course, the market forces common in a bazaar will winnow out low-value and defective products quickly, simply because word travels fast and customers vote with their wallets. 

10. The truly ugly “What’s next?” section

Like many thriving businesses, there is a tendency to move into adjacencies and nearby markets. This has already happened.

There is a lot of money in fiddling with clickstreams and online advertising flows. Bots account for about 50% of the traffic on the Internet; of those, about 60% are bad bots.

There is money to be made in transportation. One can buy fake waybills on the Dark Web to ship a crate to, say, Kiev at a fraction of the price FedEx or UPS would charge, even though the package will travel through FedEx or UPS.

Here are four emerging and even more worrisome areas that could be leveraged (in a bad way) by sophisticated, tech-savvy commercial criminal enterprises that are alive and thriving today in the Dark Web.

  • Internet of Things – It is just the beginning for the IoT. If you click here, you can read a paper on what may drive the amazing growth and where the potential is. The available talent who know how to secure devices, sensors and tags from hacks and stop those hacks from jumping five hops up a network are few and far between, and they don’t normally work in the consumer and industrial spaces that make stuff and that have decided to make an IP-enabled model. Few boards in the Fortune 500 can have an intelligent conversation about cybersecurity at any level of detail that matters. In short, over the next few years, IoT may be a giant hunting ground. For instance, what if a hacker goes through the air conditioning control system to point-of-sale devices and steals credit card info? That is a target with a big bull’s eye on it. (That is what happened to Target.)
  • Robotics – This is a little further out, and the criminal cash flow is a little harder to predict, but IP-connected robots is a space that will grow exponentially over the next decade and be at key points in manufacturing, military and medical process flows. What is the ransom for holding a bottling plant hostage? The Samsung SGR -1 (no, not a new phone) is a thermal imaging, video-sensing robot with a highly accurate laser targeting gun that can kill someone from 3,000 yards out. The Oerlikon GDF005 is a less-sophisticated antiaircraft “gunbot” that is, in part, designed to be turned on and left to shoot down drones. These things are both hackable. 
  • Biochem – What if some of the above Dark Web trends extend into this area, renting assets and expertise, point-and-click front-end designs? The bad news is that this seems to have started. 
  • The over-the-horizon worries – Nanotech, Li-Fi, AI, synthetic biology, brain computer interface (BCI) and genomics are all areas that, at some point in their evolution, will draw a critical mass of criminal Dark Web interest. The advances in these areas are at an astounding pace. They are parts of the near future, not the distant future. If you have not looked at CRISPR, google it. Things like CRISPR, coupled with progressively better economics, are going to supercharge this space. Li-Fi, coupled with 5G and the IoT (including accelerated growth in soft sensors), will create a large target space. The Open BCI maker community is growing quickly and holds enormous promise. Take a look at the Open BCI online shop and see what you could put together for $2,000 or  $10,000. The Ultracortex Mark IV is mind-blowing (not literally) and only $299.

All of this is going to get worse before it gets better. This is clearly not a fair fight. This is a target-rich environment that is growing faster than almost anyone anticipated. The bad actors are progressively getting better organized, smarter and better built for “success.” Interpol, the FBI and other law enforcement agencies do great work, but a lot of it is after-the-fact.

Enterprises need new approaches to network-centric compartmentalized security. New thinking about upstream behavioral preventative design is needed for robustly secure IoT plays.

National organizations in law enforcement and intelligence need to think through fighting a borderless, adaptive, well-funded, loosely coupled, highly motivated force like those under the Dark Web umbrella. Those national organizations probably need to play as much offense as defense. Multiple siloed police and intelligence units that are bounded geographically, organizationally, financially and culturally probably will start out with a disadvantage.

This article was originally published on SandHill.com. The story can be found here.

Your Next Director Should Be a Geek

Imagine that you were a major investor in a leading company, and its board of directors had no members with independent, world-class financial expertise. Who would look after your interests? You could probably coach the directors to ask good questions, but they would lack the competence to judge the answers. The board would not be able to engage management in robust conversations about the complexities of capital structure, mergers and acquisitions, financial accounting, reporting, regulatory compliance or risk management. Most investors and regulators would deem such a board unfit to carry out its fiduciary guidance and governance responsibilities.

Yet that’s precisely where many companies are when it comes to information technology. Digitally driven change is becoming as critical an issue to most companies as finance. Companies are being called on to reimagine and reconstruct every aspect of their business; customers, suppliers and markets expect no less. Consider the rapidly expanding use of mobile phones in retail and banking. Or the changes foreseen in the transportation industry due to car-hailing algorithms and driverless vehicles. Already, one MIT study has found that digitally adept companies are, on average, as much as 26% more profitable than their competitors. And that advantage is only likely to increase.

The boards of many large companies are ill-equipped for these shifts. That was the conclusion of our 2015 study of more than 1,000 nonexecutive and executive directors at 112 of the largest publicly traded companies in the U.S. and Europe. By analyzing company filings and public information, we found that all too many boards lacked the expertise needed to understand how technology informs strategy and affects execution. In Europe, for example, 95% of the companies we assessed, excluding technology and telecommunications companies, still had no non-executive directors with deep technology fluency. In the U.S., almost half of the surveyed companies had no technology expertise on their boards. These included major financial-services, insurance, industrial and consumer products companies. Yet each of those industries is grappling with complex strategic questions that hinge on technology.

See Also: How Leadership Will Look in 20 Years

Even boards with world-class technology expertise can have blind spots in areas of strategic importance; these include analytics, cybersecurity and digital fabrication. And even experts who keep up with particular technologies may miss the general effects of rapid technologically driven change on core products, business models and customer preferences.

Many board members are aware of these deficiencies. They know that their companies will either embrace technological change and claim the markets of the future or be put out of business. In 2015, a PwC global survey of large-company directors found that 85% of the respondents were dissatisfied with the way their companies were “anticipating the competitive advantages enabled by technology.” Almost as many, 79%, said their boards did not sufficiently understand technology.

The pervasiveness of the problem is troubling for anyone who cares about these companies — but it also represents an enormous opportunity. At the board level, there is a need for knowledgeable, incisive “geeks”: independent directors with experience and perspective in putting technology to use. In the past, many boards have compensated by relying on management or external consultants for strategic advice. But the stakes are now too high to take that approach.

Boards can no longer duck the responsibility for the company’s digital transformation. They must take real ownership by ensuring that they are equipped to fully understand this part of the board agenda. Otherwise, how can they adequately oversee their company’s strategy, investments and expense base? How can they guide profitability, manage risk, assess management performance and ensure proper talent supply? Below are three critical steps you can take to better prepare your company for these challenges.

1. Hold out for sufficiently broad and deep expertise. Although company leaders agree on the need to attract technology-fluent directors, they often approach the undertaking as an exercise in diversity. They “check the box” by bringing in one person to stand for the full technological field, rather than seeking multiple directors with relevant experience and insight.

To assess the severity of this deficiency in the companies we studied, we analyzed the resumes of their nonexecutive directors on four distinct aspects of technology: pure-play disruptive digital business, enterprise-level IT, cybersecurity and the digital transformation of Fortune 500–sized enterprises. Each is critical to boards’ oversight responsibilities, and fluency in each requires a distinct body of knowledge and experience. Few experts in enterprise-level value-chain IT could offer expert guidance on building disruptive digital business, and vice versa. We found that more than 90% of the companies, including technology and telecommunications firms, lacked expertise in one or more of these critical technology areas. Our research revealed only two companies that addressed all areas: Google and Wells Fargo.

To address the gap, you must open multiple board seats for people with technological experience. Just as having only one woman on a board has proven to be insufficient, having just one IT-savvy member is problematic. To fill these seats, you may have to reach beyond the traditional search targets of former CEOs and CFOs. Tap into recent CIOs, CTOs and other C-level leaders at successful information-intensive companies; retired military officers with large information-technology commands; and senior consulting and private equity partners with deep cross-industry expertise in enterprise technology transformations. Resist the urge to rely solely on Silicon Valley experience. Start-up experience is valuable, but addresses just a small part of the large enterprise technology challenge. Likewise, the “move fast and break things” attitude in Silicon Valley often does not translate well to other industries.

When recruiting these board members, be wary of candidates without fresh experience; in fast-moving fields such as cybersecurity or disruptive digital technology, people who are no longer active don’t always keep up with the latest trends. If executives in the business sector are scarce, look elsewhere; other sectors may be surprisingly relevant. In financial services, for example, understanding sophisticated process control is increasingly important. The best prospective board member may come from the logistics industry — from, say, FedEx or UPS.

2. Support robust discussions of technology with the right kinds of practices and management structures. There are two possible mechanisms for accomplishing suitably robust discussions. The first is to establish a formal technology-focused subcommittee of the full board, on par with other oversight functions such as audit or compensation. This can be helpful in raising critical issues and promoting deep discussion of complex topics. It also creates a mechanism for engaging external advisers.

Alternatively, set up a technology advisory committee that meets regularly with top management and periodically reports to the board. AT&T does this. It may be easier, with such a committee, to attract best-in-class expertise, given that the time commitment is low and there are no full fiduciary responsibilities. Typically, advisory committees can also rotate members more frequently than a board can. It must be remembered, however, that an advisory committee reports to management, not the board. This will color its advice.

Whatever the structure, it is important for this group to address topics that go beyond technology strategy and IT governance. The most important priority may be enterprise strategy and the ways in which technology makes new value propositions possible. FedEx, which is as much a technology company as a transportation icon, has used such a board to great effect for many years.

3. Set the right context. Alan Kay, one of the foremost pioneers in personal computer conception and design, once said, “Point of view is worth 80 IQ points.” The context with which your board of directors views technology is a critical element for enterprise success. They must collectively understand the 10 to 15 drivers of technology that have taken quantum leaps in the past decade — for example, big data and analytics, cloud computing, mobile technology, artificial intelligence, the Internet of Things and autonomous transportation — and the potential implications each has for the company.

They must also have a clear view of their own company’s IT landscape: their existing hardware and software, including estimates of redundancy, age, robustness, any risk of obsolescence and costs. For example, how many marketing systems, customer databases and human resource systems does the company have? How interoperable are those systems? The need to ask these types of questions about a factory or back-office footprint would be obvious, but boards have generally neglected such inquiries regarding technology. The board must also understand risks related to technology, the defenses currently in play and any weaknesses in those defenses. Most important, the board must understand how the company’s IT systems relate to the company’s overall strategy, and what capabilities are needed to support it.

It falls to the board to ensure that the company has a multiyear plan to address technology needs while reducing costs and risk. Boards need not grant a license to spend. On the contrary, the hallmark of computers and networks is that they continually get faster, better and cheaper. These benefits accrue only to those with modern gear, however, so frequent upgrades are essential.

Finally, the board must incorporate its expanded technology context into larger deliberations. Talent recruiting and leadership development should be designed to fill gaps in technological fields. The criticality of IT should inform the review of proposed mergers and acquisitions. A close link to the audit committee is important because technology affects regulatory compliance and ethical issues. And the relationship to full board strategy discussions is critical.

Of course, placing someone with world-class technology expertise on a board does not guarantee success. Many technically proficient companies have lost to upstarts with a better product or service. But without this expertise, boards cannot play their most important role: intervening with substantive conversations about strategic decisions early enough to make a difference. And without these focused conversations about technological investments and decisions, boards cannot fulfill their fiduciary responsibilities.

Today, every board of directors has a once-in-a-generation chance to leapfrog the competition through technology competency. The opportunity is great because the task is difficult, and there is no large pool of talent waiting to be recruited. Those companies that meet this challenge successfully will capture the markets of the future.

A version of this article appeared in the Summer 2016 issue of strategy+business.

innovation

Does Your Culture Embrace Innovation?

Why does it matter whether your organization embraces innovation by design? We are at the beginning of an era where the confluence of increasingly powerful computing capability, ease of starting a tech-intensive firm and massive data in a deeply networked world will drive more innovation more broadly than ever before. The rate of change and, indeed, the speed with which new incumbents enter markets and existing players fail will only increase. This means innovation must become part of a company’s fabric and its culture to ensure success.

Looking over the past 20 years to gain a better view of the next 20 years, there are three things that stand out, are surprising and are instructive.

  1. Science, geo-politics, sports, weather, information technology and cyber are all areas full of events that, a year or two before the “event,” prominent insiders would have said were not in the realm of possibility—they were not just unlikely but impossible, if not loony.
  2. While impressive, the huge growth and acceleration we have seen in information technology, social media, mobile, big data, several areas of science and cyber all exhibit patterns of the beginning of something—not a pattern of stability, maturation or, even, peaking. The amount of data, the amount of IP-enabled nodes and the throughput cost of computing could all scale 100 – 500 times in the next decade, making today just the beginning of a hockey-stick-like curve.
  3. The simple truth, threat and opportunity is that the rate of change is increasing across all areas of life while the scale of change is expanding.

What does all that mean? One thing is certain: Being agile is not enough. Those who effectively embrace innovation at an organizational (if not cultural) level will fare better than those who do not. Indeed, if this is the beginning of accelerating rates of change with massive outlier impacts, then driving innovation pragmatically across an organization is imperative.

See Also: Innovation Trends in 2016

If, from the top, the mission for everyone in an organization includes being innovative, this can become part of the fabric, the culture of the organization. Businesses that effectively embrace innovation at a cultural level will fare better than those that do not.

Still, there is a massive amount of fog surrounding the word “culture.” I often hear it is the insurmountable obstacle to innovation at scale and pace.

One Fortune 500 Example: Motorola

In the early 2000s, I was an officer with tech and business responsibilities at Motorola. The culture was largely internally focused, obsessed with continuous (often marginal) improvements, in love with engineering and intellectual property (IP) filings and not necessarily the monetization of IP. It was a family-oriented culture with, literally, generations of the family working at the firm. But the firm was failing.

The board brought in a new CEO from Silicon Valley, and we changed the company culture radically in 18 months. We did six simple things, instigated and championed by the new CEO:

  1. Clearly communicated a broad new mission about being externally focused, fast-paced, innovative and customer-centric
  2. Set out the behaviors that we expected and that the company would reward, as well as behaviors we would punish
  3. Continually “sold” (over-communicated) the rationale of why we were changing
  4. Made sure rewards and punishments were publicly meted out to support the new direction
  5. Matched structure to mission and talent to task; (when the game changes from soccer to rugby, not all team members have a role despite prior excellent performance)
  6. Eliminated active objectors and passive resistors who simulated support but were not rowing the boat (a third of the top 120 executives changed in about 12 months, mostly for this reason)

Motorola changed its culture and performance radically in 18 months. We released the breakthrough RAZR phone, which became the best-selling phone of all time. IT, for example, became a platform for tech breakthroughs and even had a venture arm for emerging tech.

Unfortunately, shortly after that, Apple made a thing called the iPhone, we made some very bad leadership talent decisions and we backed hardware over software in our largest business unit.

No amount of motivation or positive innovation culture will save you from a bad strategy that is married to poor talent decisions in key posts, compounded by groundbreaking, world-class competition.

Cultural obstacles

A well-communicated mission, backed up by clarity on what garners rewards and punishments, is key. The rewards and punishments must be broadly, consistently and continuously meted out for the behaviors that merit them. This will drive the behaviors in the organization. Lots of organizations get the reward part generally right, but they fail miserably on the punishment side, then wonder why they have cultural obstacles.

Done properly, rewards and punishments drive the behaviors inside your organization. The sum of those behaviors is your culture. 

Tips for building an innovation culture

Innovation must be about both big and small innovation, not just breakthroughs. Almost all organizations have an untapped wealth of innovation they can access by just eliminating the longstanding negativity that confront the rank and file daily. The front-line person in accounts payable and customer service or the distribution center in Managua may have process ideas that are innovative and high-impact for the whole organization.

See Also: Tech Innovation Is No Longer Optional

The simple question, “What really dumb stuff do we do around here?” in the right penalty-free environment usually unleashes a torrent. But without a culture of innovation, small, incremental, continuous improvements lie dormant.

Idea platforms and innovation/suggestion processes are all well and fine, but they should live inside an innovation culture where everyone thinks it’s part of their individual mission, with the underpinning or institutional agility and continuous improvement that goes with it. Again, you are not asking each person to reinvent Google, Facebook or the low-cost Fusion; you are rewarding them for innovative improvements.

To keep up with the changing external environment, an organization must be adaptable, agile, great at managing change and effective at the necessary but mundane underlying program management. An organization must also be deeply externally aware and manage emerging potential challenges, opportunities and threat profiles as far in advance as possible. No culture can remain innovative if it is internally focused and not connected purposefully to the outside world.

One simple approach to help instantiate innovation is to use “HLI” and that modern cultural artifact PowerPoint to drive innovation into the bedrock of the culture. I did this at several firms where PowerPoint was closer to an addiction than a facet of the culture. Quite simply, I insisted every program update, every group or function presentation, start with HLI.

  • H = Highlights: Show highlights of what the team did well. The real objective is to say “thanks” and acknowledge a mini win. Over time, teams start to think in terms of what they can put under ‘H’ on the front page. Accomplishment and recognition of accomplishment are necessary for a motivated environment.
  • L = Lowlights: Here you want to see some stretch, some failure. But, most of all, you want to see some learning and experimenting. By reviewing this without beating anyone up—maybe even praising the effort—you eliminate the fear. The message quickly goes through the organization that no one got killed for stretching or trying harder and occasionally dropping the ball. This also helps kill one of the most anti-innovation elements in business, the “under promise, over deliver” malaise.
  • I = Innovation: This is simply asking what you tried that was new, what you grabbed from phase two and did in phase one, what serial process you made parallel, what new method or tool you used, what you borrowed from prior efforts, etc.

If anyone shows up with a presentation that doesn’t lead with HLI, you politely cancel the meeting and get them to come back later. Over time, this creates activity inside teams so they can fill in the three sections. Teams start to have early conversations about how they are going to innovate, stretch and learn.

Innovation at scale requires change management 

There are many stories about the initial excitement of going big on innovation that are then followed by failure and disillusionment because the leadership attention waned as the novelty of the program passed and the hard work of change management, scaling and maintaining ensued.

I cannot talk about creating a culture of innovation without also teaching which change management models work best. It sounds obvious to say driving a culture of innovation is change-intensive, yet I almost never see a decent understanding of change management models and which one is most effective.

There are four basic management models:

  1. Edict
  2. Persuasion
  3. Participation (the communities of interest help define the change)
  4. Intervention (the sponsor justifies the need for change, monitors the process and communicates progress)

The change management model that has the highest frequency of success is intervention. It is at least twice as effective as the next-best model. It requires active leadership to continually “sell” the vision or plan, even while executing it. Understanding how that works and making sure everyone understands and follows the changed playbook are topics for a later article.

Suffice it to say, if you were to map the change processes at most firms, they often resemble spaghetti–an inefficient, unintended, sub-optimized maze. The majority of large tech-intensive programs are late, over budget, deliver less than promised or all of the above. Most companies have never mapped their processes and assume all is well.

Bottom line

Creating a culture of innovation inside a supporting ecosystem with a modicum of useful tools and the right leadership can lead to great success. Innovation is a pragmatic, broad-based journey, not a fad-centric exercise. Done well, innovation is the key to being effectively agile, and it is a concrete force multiplier. It very well may be the only sustainable competitive advantage over the next decade.

Do you have a culture that can innovate broadly, or do you have a silo-ed innovation team or champion or campaign?