If anyone thought that security professionals were nonessential personnel, they’ve been roundly disabused by this pandemic. When our fraught schedules have allowed it, I’ve been having snippets of conversations with colleagues who manage security departments in various industries all over the world.
These men and women are wading in alligators up to their, ahem, access: keeping staff safe, sheltering key employees in place, holding together a fraying supply chain, securing remote network access, educating at-home workers on good cyber hygiene, ensuring identity management, and guarding now-deserted facilities full of valuable assets.
Staff safety, as well as providing necessities to a panicked population, is paramount. But with security professionals frantic with pandemic issues 24/7, is there a time and place for security teams to carve out for medium- and long-term planning?
Absolutely. In fact, it’s essential.
According to Swiftlane, the key is that strategic security planning must align with the overall strategic plans of the business.
Having a long-term strategy for security doesn’t make sense if the company lacks a clear vision of how it will make it through this crisis and beyond.
The fortunate companies during this pandemic—Amazon, Netflix, Domino’s, Cisco, Costco, Clorox, Peloton, and so on—need only to increase production and staff, while still keeping workers safe and supply chains intact.
For everybody else, all previous business assumptions are in doubt. Security executives must work with their business colleagues to map out likely future states, watching closely how people in cities and regions that are starting to recover are creating their new normal.
For example, no one expects large trade shows to return soon, so a company that hosts, furnishes, or otherwise services these events may well pivot to either smaller in-person programs or completely virtual events.
Security would adjust its strategy accordingly, perhaps by switching resources from physical access control, bomb detection, active shooter prevention, and terrorism surveillance to logical access control, network intrusion detection, and perhaps social-distancing enforcement.
Similarly, a brick-and-mortar clothing retailer might opt to go online only, shifting resources from site maintenance, customer experience, and inventory to warehousing, large-scale e-commerce, fulfillment, and rapid shipping.
In turn, security would reorient from shoplifting, cargo security, and employee theft to cyberfraud, data compromise, and porch pirates.
Already cyberthreats are surging; organizations everywhere are besieged by virtual attacks—phishing attempts, charity scams, ransomware, and transmission of malware.
No one knows how the pandemic will change our lives—that depends on how long the virus sticks around, the development and deployment of a vaccine, and access to quick, inexpensive, accurate, and abundant testing kits—but it seems likely that physical business will give way to virtual business for the foreseeable future.
To remain relevant, physical security professionals will have to become proficient in cybersecurity that starts with access control and business continuity.
A 2019 study by the ASIS Foundation revealed that only about one-quarter of organizations in the United States, India, and Europe have completely converged those three functions. The new situation may increase that number. It will be interesting to see if those numbers change in a year’s time.
Yet as much of the world enters a recession or depression, physical security retains an important role, one that may even increase in the short term.
Mass furloughs and layoffs, and fear of the same, combined with family and financial stress, could lead to a spike in violence in the workplace.
Moreover, economic disruption correlates with insider theft and fraud, as staff fret about when they will see their final paycheck. Don’t be surprised to see a surge in insider financial crimes such as embezzlement and payments to bogus contractors.
Let’s get out of this thing with security professionals considered even more essential.