Not so long ago the world and the United States’ role in it were relatively stable. The US was the unquestionable economic and military leader. The economy was beginning to come out of recession. Life was pretty good.
Times have changed. On the international stage, China’s increasingly overt aggression in the Asian-Pacific region and Russia’s expansion into Ukraine, saber-rattling in Eastern Europe and very muscular moves in Syria represent serious challenges. Iran has a path to nuclear weapons and North Korea has a growing stockpile of them, posing a serious threat to its neighbors and the U.S. ISIS is destabilizing the world order through violent terrorist actions in Europe and the Middle East.
Domestically, race relations have taken a step backward, with protests and destructive riots playing out on the streets of many of our large cities. There is the question of immigration from areas of the world where immigrants cannot be vetted, and examples of so-called “Trojan horse” operations exploited by terrorists in Europe. Cyber attacks are on the rise, and the dark web is exploited by terrorists we seek to uncover. What a world we live in!
The threats outlined previously are all indicators of disturbing trends…at the 30,000-foot level. Down at street level, these concerns play out more tactically. A friend of mine told me recently that someone who had absolutely no business being in his office was able to casually walk into the facility and steal critical data. The company’s idea of security was an “unarmed door guard” who clearly had no idea what his/role was. The intruder was able to gain entry into the facility, unchallenged, and get out with the goods. This small incident may have been insignificant in terms of what was taken but is very significant in terms of what it illustrated.
Threat is a dynamic thing, and the recent tectonic shifts in threat and security have occurred over a relatively short span of time. I suspect that security plans, designs and operational procedures are not so dynamic. If anything, they are typically static in nature and represent an initial “push” to get security plans and procedures in place at some earlier date. Then…they gather dust.
The real problem with that mindset is that many of today’s threats were not known nor considered in the original planning phase. Gaps between what is, and what could be, increase naturally over time.
You should ask yourself these questions:
- Are your security organizations properly organized within the company (i.e. placement, expertise and access to senior management)?
- Does your strategy, plan and budget need to change?
- Has your strategy been reviewed recently?
- Is there complacency at any level?
- Do you have a recent risk assessment report?
If the answer is “no” or “I don’t know,” you have problems. You’re vulnerable, because gaps between what was just a few years ago, and today’s reality have grown. Significantly.
The bottom line is, the world situation has changed during the past few years. Uncertainty is on the rise and with another significant political change just weeks away, it is apt to change even more. Your corporate security profile has to change with it.
Don’t be that office that hires a guard who does nothing, while your company’s secrets go out the door. The climate is favorable for threat actors from many quarters. Being complacent and hopeful is not a strategy for success.