The word Unicorn is often used to describe a start-up that quickly becomes worth over a billion dollars, no matter how profitable. Billion dollar valued start-ups being almost as rare as unicorns.
The term Black Swan, popularized by Nassim Taleb’s book entitled The Black Swan: The Impact of the Highly Improbable, describes the extreme impact of certain kinds of rare and unpredictable events and humans' tendency to find simplistic explanations for these events retrospectively.
Smashing these concepts together, I have coined the words “Black Unicorn” to be those rare circumstances which severely impacts a company by causing a billion dollars or more in damage (e.g., fraud, fines).
Regulatory fines in banking are one example.
Imagine a bank ran off a customer for suspected money laundering activity. Months later, the very same bad actor worked his way back into the very same bank he was tossed out of. Cleverer the second time around, to avoid detection, this customer has opened many seemingly unrelated accounts – just to ensure they remain under the bank’s radar this go-around. Unbeknownst to the bank, the known money launderer is again enjoying an excellent banking relationship.
If the regulators stumble upon this situation before the bank does, and it’s a big enough deal or reveals a larger systemic problem, a billion-dollar consequence is not out of the question.
Black Unicorns - bad news.
Flushing-out Black Unicorns requires one can overcome channel separation. Channel separation is a form of deception tradecraft used to prevent adversaries from piecing together the big picture. Only the idiots use the same credit card to rent a moving truck, purchase a large supply of fertilizer and diesel fuel; or in one email spell out the entire plan including who, what, when, where, and which credit card he'll use.
Bad actors alter their identity information to keep their channels separated. They do not use their real name and date of birth if they can help it, especially if they know their name and date of birth are on your watch list. They will alter their name, maybe swap the month and day on their date of birth, use a different passport, and so on. BTW: If you have ever emailed someone an encrypted document then called them to share the password – yes, you too have used channel separation.
If you cannot see through (defeat) channel separation, you will never catch the clever bad guys.
While defeating channel separation is non-trivial, there is a big data technique we call entity-centric learning – a specialized form of entity resolution – designed to resolve identities despite your adversary’s attempts to maintain channel separation. [More about entity-centric learning at a future time.]
No matter how many Black Unicorns are lurking in your organization, my new company (still in stealth mode) is going to make hunting for Black Unicorns a whole lot easier – flushing them out, sooner not later – before they mature into a full-fledged billion-dollar consequence.
More fun soon.