How security teams have expanded their duties

3G legacy focuses, including executive protection, loss prevention, and asset and facility security, have been more reactive, using threat intelligence to a limited extent, and often had nominal cross-functional interaction with the broader organisation. But with cascading issues and asymmetric threats, new ‘Gs’ are challenging this traditional mindset. Ontic’s Executive Director of Strategic Intelligence, Chuck Randolph, explains.

Chuck Randolph, Executive Director of Strategic Intelligence, Ontic

Regarding gigabytes, physical security units are partnering with cyber security teams to manage the protection of highly valued assets, such as intellectual property. Many cyber security standards, including Payment Card Industry (PCI), have physical security components.

But the convergence of physical and cyber security goes well beyond that. Often with backgrounds in law enforcement or the military, physical security teams are uniquely qualified to manage and monitor insider threats utilising their existing case management skills. Expanded responsibilities have teams collaborating with human resources teams and social media specialists to gather openly available intelligence and plan mitigation strategies; where they have not traditionally done so.

While the Spanish flu made its US debut in 1918 and the bird flu had organisations considering continuity issues in 2015, it was the outbreak of the 2019 novel coronavirus (COVID-19) that had the most lasting effects, adding the ‘germs’ to a traditional 3G security risk portfolio.

On the health and safety front, physical security teams have taken responsibility for pandemic response at their organisations. These duties go beyond improvements in access control and touchless entry systems in the office; Teams assess travel risk, health and safety protocols, vaccine mandates, remote work, and return-to-office plans. They are proactively looking over the horizon at new virus strains to monitor their impact.

Security teams are now working alongside their organisation’s Environmental Health and Safety teams and facilities management, giving life to a new breed of (all-source) GSOC analysts and a bevy of technology-driven threat assessment tools to accomplish these tasks.

“Physical security teams are showing their strengths in contingency planning and crisis management over and over, and this will likely become a permanent foundational fixture in a security team’s role, as opposed to a supplemental one.”

Physical security professionals as crisis management specialists

The pandemic response has also generated physical security threats. In a survey of compliance, risk, and security professionals taken in 2022, health protocols and COVID-19 topped the list of critical issues at their company, with 59% citing this issue as a cause for concern. Of those that said health protocols had led to threats, 88% said the threats came because the company implemented vaccine and testing protocols. In contrast, a smaller percentage said it was because they hadn’t.

According to Ontic’s 2022 Mid-Year State of Protective Intelligence report, risk organisations must remain vigilant on the subject because, regardless of the organisation’s stance, there is a high likelihood of issues at either end of the spectrum.

Most recently, the C-suite has openly turned to security organisations to monitor crises with geopolitical and political implications. These are highly involved multidisciplinary efforts as risks presented by geopolitical shifts are complex, including food shortages from the war in Ukraine, inflation, supply chain issues, political instability, Chinese hegemony, and many more.

C-level executives and their companies taking stances on eristic issues emerged in the same survey of compliance, risk, and security professionals as a steady source of threats. 16% of respondents cited the war in Ukraine as a source of threats, and 16% of companies noted gun control as a source of threats. Companies also reported receiving threats when they didn’t take a stance on these issues.

Physical security teams are showing their strengths in contingency planning and crisis management over and over, and this will likely become a permanent foundational fixture in a security team’s role, as opposed to a supplemental one.

Why the evolution matters

Over the last five years, the industry has observed the rise of fusion centres and global security operations centres (GSOCs) that manage a broader range of threats against the organisation. GSOCs are ably presenting a full picture of enterprise risk, spanning from extreme weather threats and theft to cyber security and executive risk.

Alongside the rise of GSOCs, we’ve seen an expansion in skills needed to manage a modern security team’s purview. Adding staff whose background doesn’t come from traditional sources means teams with diverse skill sets have improved security’s value and service offerings.

More emphasis is being placed on planning, intelligence, and prevention, and that focus will continue. For example, physical security teams tirelessly work with human resources to identify potential perpetrators before they flash. Regarding executive protection, practitioners work with internal communications and marketing teams to identify and manage potential threats manifesting on social media in reaction to corporate stances in our increasingly polarised political climate.

Those are just two examples of areas where cooperation between the security organisation and other departments is needed. Data from the above-captioned survey captures the effects of a lack of data sharing. We asked respondents to identify whether various incidents of theft, damage, violence, or threats occurred because of an inability to successfully collect, collate, and share information across physical security, human resources, cyber security and IT, and legal and compliance departments.

More than a third of respondents – 38% – said that an employee was threatened or harmed while working at company facilities, 35% said an insider abused authorised cyber access that led to property theft or supply chain damage, 34% said a former employee threatened a current employee, and 31% said an employee was threatened while working remotely. Just 23% said that none of these incidents occurred.

Risk is evergreen. Today’s priorities will become tomorrow’s requirements urging leaders to invest in technology and people to evolve; it will continuously challenge the security function and, through this constant developmental process, suggests one final, perhaps silent, “G” for our consideration – growth.

EBOOK: Lessons from IFSEC 2023 – Big Tech, Martyn’s Law and Drone Threats

Read IFSEC Insider’s exclusive IFSEC eBook and explore the key takeaways from the 2023 show!

Navigate the impact of Big Tech on access control, gain insights from Omdia’s analysts on video surveillance trends, and explore sessions covering topics like futureproofing CCTV networks, addressing the rising drone threat, and the crucial role of user proficiency in security technology.

There's also an exclusive interview with Figen Murray, the driver behind Martyn's Law legislation.

 

Get your copy today!