In a sense, the past two years have served as a proving ground for security practitioners and their ability to help organizations maintain business continuity in the face of unprecedented threats. With the first global pandemic in more than a century combined with supply chain bottlenecks and now a raging conflict in Ukraine, businesses have had to confront a wide range of challenges.
From the seemingly overnight shift to remote work for countless employees, to ever-evolving health and safety policies for staff and visitors and the increasing proliferation of cyberattacks, the mindset of security as being “guns, guards and gates” has become as antiquated as the rotary phone. Protecting perimeters is no longer just about locking doors and installing intrusion detection sensors and cameras, but rather safeguarding people and assets wherever they may be against a much broader risk picture than at any other point in human history.
Exactly how security practitioners are adapting to this new threat landscape was the theme of a panel discussion last week during the Converged Security Summit in Atlanta, which was hosted by security integrator GC&E Systems Group. Among the panelists included: Steve Hindle, Chief Information Security Officer, Mad Mobile; Joe Coomer, Vice President of Security, AMB Sports and Entertainment, which oversees security for Mercedes-Benz Stadium; and Dave Wells, Deputy City Manager for the City of Sandy Springs, Ga., a suburb of Atlanta.
Here is brief sampling of what they had to say on a range of issues:
Supply Chain Headaches
Hindle, who was working as Senior Director of Global Security Operations at Sykes Enterprises when Covid-19 began to spread globally, said that 60% of their workforce went remote once the pandemic hit, which presented a number of logistical challenges – both in the shift to work-from-home and when people started to return to the office – and that that is when the supply chain issues kicked into high gear.
“We were sending desks and chairs home. We were just ripping stuff out of our sites. But then imagine, like a bungie cord – your people are now as far away from you as possible – and that bungie cord starts to slowly recoil,” Hindle explained. “At that point you are bringing people back into more of a hybrid work environment and that’s when the supply chain problems kicked in and we would not be able to survive that without the improved client relationship and the additional business that we won without our partners. You can only beat the supply chain [issues] with partners.”
The key for Sandy Springs, according to Wells, has been to work with said partners to get out ahead of possible inventory challenges before they arise.
“Getting out on the lead times, getting in the design of the buildings way ahead, ordering the parts and components way ahead before the project gets kicked off – that will help you in the long run to get those critical components in during the construction. It's very important for that,” Wells said. “The other thing is the fluctuations in the prices, you have to get that in your budget, make sure that you're not under cutting your budget because we have seen increases up to 40% on some of these components.”
Leveraging Shared Services
The concept of security convergence and the proliferation of physical security technology on the corporate IT network means that these systems are now increasingly leveraged among departments within an organization. However, many security practitioners still want to work in their own individual silo, which Hindle says is not a good mindset to have in today’s business world.
“Security is its own entity, so you need to be a good partner to IT. You need to be a good partner to human resources because there's always a person involved, whether it's the bad guys, the good guys, or somebody who just happens to click,” Hindle advises. “So, build those partnerships in that shared services model to be able to say, ‘We are the department of everything, how can I help you? How can I help the IT guys secure their IT infrastructure through leading inside? How can I help HR onboard, offboard successfully with dignity and integrity so we're not creating a future threat?’ All of those pieces, that shared services model, build it altogether under an ecosystem, either through technology or through just the relationships or both.”
Despite all the Hollywood depictions of cybercriminals who can feverishly type and hack long lines of code to achieve their goal, Hindle says that the reality is that cybercrime schemes are nowhere near that complex and urges business to invest in training people.
“All they're doing is targeting the weakest link in your organization, which is your people. There's no reams of code. There's not a guy in a basement anymore. It is at entire nation-state levels of sophistication and coordination. This is big money, big business,” he says. “So, that's what you're up against, but they're coming in through your people. Building those core services, focusing on those basics – that's where you can secure your company, secure your organization, whether it be physical, whether it be cyber, the basics of what matters.”
Finding Funding
One of the biggest challenges historically for security practitioners has been convincing the C-suite to make the necessary investment in people and technology to be able to adequately mitigate risk in an organization. However, according to Wells, Sandy Springs has taken a more forward-thinking approach.
“There's really no room to be reactive in security, whether it's a cyberattack or it’s physical security,” he said. “Once that is breached, then you're already behind it, especially for a cyberattack. We could really easily lose vital resources in our city if we get attacked, so we're very proactive about allocating money towards our security systems – whether it's the IT security systems or physical security systems, our police force, that's very important, very critical.”
In the case of Mercedes-Benz Stadium, home to the NFL’s Atlanta Falcons and MLS’ Atlanta United teams, Coomer said the onset of Covid-19 put a dent in the availability of their workforce, which forced them look at investing more into technology to makeup for the manpower shortfall.
“A large part of our workforce on game day are folks that are looking at either a second type of career or that retired person that wants to be interpersonal and either work security or guest services. That workforce completely melts and so we were able to leverage technology in some areas, like we said with Evolv [weapons scanners] and that dropped our workforce needs in some areas, but we're seeing huge drops in our workforce coming back,” Coomer added. “We're also in the middle of a wage war right now… and you’ve got to make sure you're getting to that $15 an hour [rate] so we're hitting everything that we can to bring our workforces back, but I think that group most affected by Covid over the age of 65 they have no intentions of coming back.”
Dealing with the Unknown
When it comes to age-old topic of “what keeps you up at night,” Hindle said it really is as simple as trying to prepare for the unknown.
“We don't know what we don't know. There is so much now that we are faced with – civil unrest, societal justice people with causes that don't necessarily align with your company's mission or vision or anything else. And everybody is out to make a buck,” he added. “But the sheer scale of organized cybercrime that is transitioning, not just in the digital space and in the technology space but transitioning and hitting on the physical pieces – they're going after the infrastructure. That is what keeps me up at night. It's what we don't know. And it's what's next being planned.”
Joel Griffin is the Editor of SecurityInfoWatch.com and a veteran security journalist. You can reach him at [email protected].