This was the message from Mike Gillespie, Managing Director and Co-Founder of Advent IM Ltd. at IFSEC on Thursday.
Gillespie argued that the current thinking is that cyber is an IT function. “I work in facilities and I don’t do cyber. It’s IT’s problem and it has nothing to do with me,” Gillespie said.
“But cyber is so pervasive and interconnected, we can’t get away from it,” he said. “Cyber is everyone’s responsibility. You need to know about it and talk intelligently about it. Cyber is going to affect every one of you.”
Today the biggest disconnect is communication and collaboration. “We don’t have people talking to each other with a common language,” Gillespie said.
One of the biggest problems is security practitioners are not well-versed in speaking the language of business. “Have you sent data to the Board or have you sent them something that offers insight and is actionable,” Gillespie said. “If you don’t send insight, don’t expect them to engage.” he said.
As threats become more complex, physical security practitioners need to collaborate within their organization and among peer groups. In particular, Gillespie told the audience they need to be familiar with standards such as the National Surveillance Camera strategies which will be working on products for the industry including buyer’s guides, education, police standards, among others. “If you have anything to do with surveillance systems, you need to be pulled into this strategy to get ahead of it,” Gillespie said.
Attendees also need to source new skills and understand the cybersecurity landscape. “Cyber security is not a separate discipline and is integral to business and building systems,” he said.
Last, he implored the industry to ensure that their hardware was secure and up to the latest standards.
“Check that all of your systems are secure. How much of your security kits goes through penetration testing? Is your firmware being updated to protect against hacks? Are you choosing poor passwords that are hard-coded and cannot be changed?” Gillespie asked.
“We need to understand the whole of the ecosystem in which the systems sits. If we don’t know this, then we can’t protect properly, “ he said. “The threat is not going to go away. You really need to get on board.”
Great presentation by Security Institute Director Mike Gillespie at #IFSEC2017 @IFSEC @SyInstitute pic.twitter.com/ZWATKpLye4
— Rick Mounfield CSyP (@SyInstituteCE) June 22, 2017
