Where Will Your Next Threat Come From?
Organisations are today more aware of the threats facing their business than ever before. These are extensively covered in the media and increasingly highlight the vulnerabilities and exposures they face. At the same time the environment for doing business is changing with increased globalisation, calls for quicker response to market demand and changes to the political landscape. As a result it is becoming increasingly difficult for the executive to decide where best to spend the ‘security dollar’; in cyber controls or physical security systems. Add to this the internal threat posed by employees and contractors and the potential is to develop a largely reactive security ecosystem.
Security professionals advising executives should be able to develop a strategy that is based on realistic scenarios and is able to protect and support the business operation in the face of changes to business objectives and emerging threats. This approach is based on the ability to understand the enterprise risks, normalise the threat horizon and address the risks that most matter.
Anatomy of a Crime in Three Steps
To understand the risks they face, organisations and security managers must understand the threats, why they are relevant and how they are likely to impact the business’s operation and objectives. Aside from the natural hazards an organisation must tackle, it is essential that a clear picture can be defined of the deliberate threats that are faced. Using the ‘Anatomy of a Crime’ analogy below there are essentially three components to be considered:
What is the value of the target? This defines the value to the attacker in terms of financial or political gain or more often now, notoriety;
How easy is it to access the target? What controls will need to be circumvented to enable the attacker to access the target, how much will it cost; and
What is the likelihood of getting caught? Are there controls and response mechanisms in place that will identify the attacker and lead to them being apprehended in a short time?
This is the basis of an enterprise risk assessment and should be defined and maintained for existing or known threats to the organisation’s operation and form the basis of a strategy for emerging threats.
Whilst controls are widely defined and established for known threats in the Physical, Cyber and Personnel environs, organisations have been lax in maintaining these and as a result identified weaknesses or vulnerabilities have been exploited. Alongside this are newer threats which, whilst they may have been developing for some time, are now mainstream and must be considered within the enterprise risk management plan as real threats – worldwide…Click HERE to read full article.