A hard reminder of Mike Hurst, that while all eyes seem to be looking at cybersecurity, physical security threats remain a very real danger.
FOR SOME of you of a certain age, when I say "Let's do a physical exam" you can go back to the video of Olivia Newton John's 1981 classic that, while it may have some appeal, it's not surprising that it has very little relevance to the world of security. This article is less a tribute to Ms. John, but it really is a warning not to ignore the fact that physical security threats that, despite the growing awareness of cybersecurity, still exist.
With the variety of attacks, pirouettes, data loss, phishing emails, etc., that we have seen in recent years, cybersecurity has appeared naturally and perhaps because it is still in development and most of people have little understanding of it. It has acquired a certain mystique that is lacking in the parts of the industry of "doors, guards and weapons." Although sometimes the perpetrators of these attacks are loners, loners, who operate from their rooms, many of them are the work of serious organized crime gangs and hostile national states.
This does not mean that we, as security professionals, should stay away from these threats, but in the current climate of VUCA (Vulnerable, Uncertain, Complex and Ambiguous), the threats to our business and institutions are not always simple and linear.
If you run a corporate security team at present, the range of areas you may be dealing with or at least involved in is wide and varied: electronic security (CCTV, access control, etc.); internal threat compliance; travel safety; lonely workers; obligation to care; reputational risk; Health and security; fire risks; intellectual property; supply chain; Security of information and others. In addition, attacks are often mixed together. Someone who is following a physical access control barrier could enter an office when they find a terminal that is still connected or when a staff member has their username and password in a post-it note on their desk. Theft of an unencrypted laptop or smartphone can allow access to a system. Entering a system could allow physical access to a location. Failure to detect a change in a colleague's behavior can lead a disgruntled employee to take action that could negatively affect the business. I'm sure you can think or many other examples.
ASIS International is very focused on Enterprise Security Risk Management (ESRM), which is a security program management approach that links security activities with the company's mission and business objectives through management methods. risks. While this holistic approach is vital for improving the role of the security professional and the security profession, the solution to many threats involves a convergent use of cyberspace, physics and systems.
In fact, as part of its ongoing efforts to identify and document changing practices in the field of security, the ASIS Foundation has launched an important study on the ways in which organizations are converging their functions of physical security, cybersecurity and continuity of business.
With the study scheduled for launch at the Global Security Exchange (GSX) in Chicago from September 8 to 12, the Foundation has distributed a survey to high-level security professionals in organizations in the United States, Europe and India. The survey seeks to determine:
To what extent have the companies departments or functions converged?
What have been the benefits and drawbacks of several structures (convergence, partial convergence, different units)?
What lessons can be learned from the experiences of these companies?
Are there differences in convergence according to geographic region, size, industry or type of organization (for example, public, private, non-profit)?
The study will provide valuable benchmarking information and solid practices that organizations can use in making critical policy decisions.
I hope to be able to report on the results of this survey, but until then, my strong suggestion would be to look at the risks with an open mind and, while I am aware of emerging threats, do not exclude more traditional hazards.
Mike Hurst CPP is vice president of the ASIS UK Chapter and a member of its European Council of Advice and Leadership and Management Practices. For more information visit www.asis.org.uk