In the never-ending search for potential areas of business growth, are we missing a clear opportunity within our own industry?
In the modern business world, the word ‘security’ tends to be viewed as a double-sided coin with physical security on one side, and cyber security on the other. Organisations will understand only too well that they need to take each side of the coin seriously, but are these two disciplines working closely enough to deliver best value for the marketplace?
There seems to be little contact of any value between physical security and cyber security, yet both are attempting to achieve the same goal of ensuring corporate security, and both stand as a defence against the same enemy – those who would choose to target, disrupt, and steal from our customers. The worlds of cyber security and physical security even have their own media and events, and rarely does one intrude on the marketing of the other.
And yet, as is becoming increasingly clear, there are definite advantages to be had if only these two disciplines could speak to each other more and share information and knowledge. An analogy would be national security, whereby a country is more adequately defended when its army, navy and air force are well synchronised and sharing information to strengthen the defence strategy. It’s an analogy that is increasingly valid as the world of crime and terrorism increasingly uses both online and real-world angles of attack, often simultaneously.
The recently high profile Ashley Madison data hack presents an interesting example. ALM’s CEO Noel Biderman has gone on record as saying that he is certain the hack is an inside job. In his words ‘It was definitely a person here that was not an employee but certainly had touched our technical services’. From this we can assume it was somebody – possibly a contractor – who had physical access to Ashley Madison’s network and was able to gain access to the passwords and anything else needed to conduct the hack.
The question that is yet to be answered is; could that individual’s intentions have been picked up and could they have been stopped at the early stages, when he or she was physically within the Ashley Madison environment?
As Chairman of the Southern region of the Cross-Sector Safety and Security Communications initiative, I can attest to the effectiveness of collaborative partnership between law enforcement agencies, local and national government organisations and private sector businesses, whereby the sharing of information, backed up with effective communication, and augmented by a more-eyes-on-the-ground approach can deliver a security stance that is greater than the sum of its parts. This is an approach that I believe the security industry should be championing and looking to develop. And one glaring opportunity is to bridge the gap between physical and cyber security disciplines.
For the cyber security industry, this should present an intriguing opportunity to plug the weak spot in its offer to customers. For major corporations the technology of cyber security is phenomenally expensive and large firewall solutions can cost tens, if not hundreds of thousands of pounds. Yet that investment is all for nothing if all a criminal needs to do is walk in to a branch office of a company that hasn’t invested in adequate physical security, sit at a vacant work station and download data or passwords.
There is also an opportunity that works the other way, because the information that is gathered through IT security systems can help to identify potential real-world criminal activity that can be fed through to manned security to deal with. At the moment, there is not enough of a formal relationship between the two that allows effective information sharing. The people who manage corporate IT security should be working closer with manned security, and vice versa.
So there is a clear opportunity here for business development that would deliver a more holistic solution to the marketplace. There is potential here for both physical and cyber security that both industries should be looking to grow.