Private security response to the cyber environment
only task has been viewed from purely provision of guard services and the guard being regarded as a simple and cheaper instrument for deterring would be attackers.
Over the years private security has transformed both in its systems and status. This transformation has been in response changes in the legal, social and technology environment. The latest factor which is driving reforms in the private security sector is the cyber-technology environment.
Cyber-technology is causing very rapidly transformation of the security industry and, in the process, leaving some people without jobs and, at the same time, creating new ones requiring technically skilled personnel.
In Zimbabwe the private security industry is receiving its fair share of transformation but for some reason the rate is very slow in comparison to world trends. Over the past few years the sector has witnessed the application of basic electronic and biometric security systems but the market has not embraced the technology as evidenced by low flow of investment in that direction.
The country is, however, increasingly getting hooked to the cyber economic platform and cyber social environment. It appears, though, that the security response by organisation in general and of the private security industry in particular to changes in cyber-technology is not in line with the rate at which economy is getting enmeshed into the cyber environment. This has its obvious operational and economic consequences.
Cyber Security threats are the greatest source of security risks to which both public and private organisation are exposed. Security practitioners all over the world have responded to the cyber security challenge by professionalising. However, in Zimbabwe we still have practitioners who, either through lack of professional knowledge or lack of relevant training exposure, have not realised that the cyber environment, other than being a threat to organisations is also a threat to their own job security.
Most CSOs have not even appreciated the extent to which their employers are increasingly getting vulnerable to cyber security threats and, it appears, without professional advice, their CEOs are unaware their organisations are exposed to a very risk technology environment.
Current international professional security practices are designed to address challenges posed by the technology, including cyber-technology. Thus, as professionals, CSOs are now assigned overall responsibility for development of security policies, systems and procedures and implementation of all security projects while being held accountable for overall organisation security systems effectiveness.
Other experts, incidentally, have to advise on technical aspects relevant to security functions as advisors while the overall accountability for organisation security remains with the CSO. The function of security management is one thing whether the source of the threat originates from cyber, physical or electronic environment. Security therefore becomes a function that should be looked after under one professional purview; the security profession.
This aspect is already being captured by many organisation as they address their security concerns; it has also been captured in many articles. The approach, however, does not seek to take away security relevant technical functionalities that other professionals have to incidentally attend as part of the routine associated with their professional but rather to assign relevant responsibility and accountability for formulation, development and implementation of overall security policy profile of the organisation as a whole.
The question being addressed is that overall organisation security requires dedicated and undivided attention which can only be achieved through separation of duties. It follows therefore that security as a profession has to have people who possess professional knowledge of security with some specialising in its diverse faculties.
As an example Engineering remains a function practiced by engineers and other professionals including accounting come as complementary functions in the application of accounting to engineering processes. Electronic, Computer, Mechanical and Architectural are all specialised areas of engineering placed under one Engineering Division in an organisation.
It is from the same notion that the argument for integration of the different specialised areas of the security function is advanced. It follows then that for that to happen anything to do with organisation security should be placed under the charge of the CSO.
Needless to say, overall implications of the application of technology systems such as cyber, physical or electronic on overall organisation security fall squarely on the functions of the CSO who has to be accountable at the end of the day.
Technology, including IP-based, is equally applied in the design of detection, access control, surveillance, prevention, investigation and management. This adds to the requirement for CSOs to be held responsible and accountable for the security implication of the application of technology.
Technologies such as forensic investigation, be it computer forensics or bio forensics, all become tools for application by security practitioners, that is if they are dedicated and not incidental functions.
This is the trend and our local practitioners are recommended to embrace it if they have to remain relevant. Following the numerous cyber security attacks “cyber . . .” is the buzzword in the security industry and in many organisations across the globe. Security risk exposures, threats and vulnerabilities confronting corporates and governments are real and should be taken seriously.
It is not correct to hold IT professionals responsible and accountable for cyber-related security issues which have a bearing on overall organisation security exposures. These are technical people who are available to offer technically-related advice if approached and remain only accountable for issues which have a direct bearing to operational security of their function. This is the correct stance because the responsibility for overall corporate security policy formulation and development is the responsibility of CSOs with technical specialists as advisors.
The financial sector is undergoing rapid transformation of systems both structural and operational. There is increased use of plastic money and mobile financial transactions. This, as part of the economic transformation process, has brought the need for incorporation and employment of appropriate security systems whose responsibility lies with the CSO.
These systems need to be incorporated into overall organisation systems at institutional and Government levels. The impact of the process is already showing itself through the gradual disappearance of armoured vehicles as part of CIT systems.
Robbers are thus left with no physical targets hence they also transform and become what we now call hackers. This gives us clear indication that when your target transforms you also have to transform. The robber has transformed because the means of cash transit has transformed.
Therefore, CSOs have to transform because the robber has transformed otherwise the job of the CSO ceases to exist or it is taken over by those who have identified the opportunity and embarked on learning the new requirement.
What security practitioners in Zimbabwe seem not to realise is the country is now hooked on to cyberspace. Without relevant qualified security professionals the cyber security risks, threats and vulnerability thereof will not seriously be addressed and organisation exposures will remain a big challenge.
The cyber security and other security technologies application are not different from the Y2K compliant requirement that sent shivers to many originations in 2000.
* This article has been prepared on behalf of the Institute of Certified Loss Management. For more detail or any details, contact Colonel Murire on 0778927618 or visit website www.iclm-int.org.
* Colonel Murire is a Loss Management Researcher and Executive Director of ICLM