ISJ Exclusive: The shape of things to come in security
James Thorpe
Share this content
The start of a new decade is the opportune time for reflection and prediction. Now we are well into 2020 a clearer picture is emerging of what is to come in the coming months and years, in what is an increasingly complicated landscape.
The threat landscape may change but focus must remain on security basics
The remit of security professionals is so varied across sectors and organisations, that it can be a tough challenge to identify the most significant evolving threats. The constantly changing threat landscape means that security professionals need to be fully aware of the range of threats that may impact on their organisation or clients.
While there is a tendency to focus on new technologies and their uses to enhance security (or make it ‘easier’) against these threats, I would always advise security practitioners to get the basics right first. This includes selecting the right equipment and mitigation based on the development of realistic operational requirements (rather than just choosing the most ‘exciting’ option) and equally making sure that people are not the main weakness of your security regime.
Ensuring staff are properly trained and updated on security protocols is easily overlooked, but it is vital that everyone involved with security is up to speed because as the old cliché goes: you are only as strong as your weakest link.
Accredited training is becoming more accessible
Like all parts of the security sector, training is evolving. Traditional classroom training will always have a place in the development of the security professional, however distance learning, blended learning and pure online training courses are all providing diversity of delivery.
Equally, training needs to meet the demands and needs of its students and must be accessible in a world that has become ‘mobile’. Being able to access training materials on smartphones and e-readers is not just preferable, it is now expected.
Learners are looking to maximise opportunities for personal development, but the question is: ‘What do I need?’. If there is merely a desire to learn something about a specific topic, or to amass CPD points for a membership of a professional association, then short, bite-size courses may fit the bill. However, accredited courses, with formal assessment, demonstrate the learner has studied and met the necessary learning objectives.
So, it is a question of doing your research and choosing a course from a bona fide company with a proven track record. Spend your money wisely!
Advanced technology – What is possible versus what is permissible
Paradoxically, advances in cutting-edge technology both pose a greater threat to security but also provide greater tools for defence. The blurring of the lines between physical and IT security has transformed our industry and the skills/knowledge required to protect people, property and other assets.
A prime example of this is the increase in cyber-attacks, which require developing countermeasures (notably enhanced encryption and password-less authentication) to meet evolving threats. Recent attacks, such as that against Travelex, show how organisations are vulnerable to ransomware attacks with devastating consequences and will need to treat these cyber-threats just as seriously as physical ones.
The countermeasures are not without controversy though. On the one hand, facial recognition technologies are proving contentious, with concerns over privacy and overly intrusive surveillance. On the other hand, advocates state that this type of technology will provide benefits to counter criminality that far outweigh concerns of privacy.
Whilst law enforcement agencies are starting to implement these technologies, there are big hurdles to overcome, with one of the biggest being to ensure the accuracy and effectiveness of the systems, just as much as overcoming the privacy arguments.
Continued professionalisation of security
Professionalism is something that the security industry must be able to demonstrate to customers and the wider world. It is all too easy for the cliché of ‘burly bouncers’ and draconian surveillance measures to discolour public perceptions and trust in our industry.
If we look at what makes a profession, Freidson (1994) contends that professionals are experts. Indeed ‘profession’, as opposed to ‘amateur’, connotes not only earning a living by one’s work, but also superior skilfulness or expertise at doing a professional job. Undoubtedly the security sector has these basic criteria and manifests other traits of a profession.
The question is whether the public can see past the gates, guards and CCTV cameras and understand the ‘superior skilfulness’ that is displayed by security professionals, with experience and learning that matches those of teachers, accountants and HR practitioners. One thing is for sure, the professionalisation of the security sector is an ongoing process and one that will never end!
Demonstrable expertise and standards
Closely linked to the external image of professionalism is the security industry’s growing expectation that practitioners formally demonstrate and prove their skills and experience through trusted certification.
The Certified Technical Security Professional (CTSP) is a great example of how the technical security sector is embracing this and equally moving through the professionalisation process. Having access to a register of suitably trained, qualified and vetted individuals can only benefit end users and the security industry itself by mitigating the risk of ‘rogue’ personnel.
Similarly, the Register of Chartered Security Professionals (RCSyP) provides the ‘gold standard’ in demonstrating standards of competence in security practice. Both registers require compliance with Codes of Conduct, Disciplinary Codes and the requirement to complete Continuous Professional Development each year.
Whilst some may say these types of schemes are unneccessary, they are good benchmarks for understanding an organisation’s or individuals’ security posture.
Facing the future with security
Preparation is one of the cornerstones of security and looking at the likely needs of the future is all part and parcel of being prepared. There is rarely any certainty in security (except, paradoxically, uncertainty!) but ensuring your team has the latest training and understands evolving technology and threats is a sensible response.
As security comes under ever-greater scrutiny we are all responsible for demonstrating our industry can be trusted and relied upon even during the most dangerous times. By ensuring we can trust one another as well (through solid standards and certification), it is far easier for the security industry to continue doing its job to the full extent.
By Angus Darroch-Warren, Director, Linx International Group