There will likely continue to be high numbers of lone wolf and soft target attacks in the year ahead. The drivers behind these tragedies are a confluence of self-radicalisation, social media, violent extremism, and mental illness. They will require our skills as security professionals — observation, investigation, interviewing, due diligence — like never before.
Looming in the background of these physical attacks is the prospect of combined physical and cyberattacks that could disable network control systems and target critical infrastructure, leading to cascading effects that could result in the crippling of sectors of society. This past year, the FBI and Department of Homeland Security began warning of cyberattack threats on the U.S. power grid. These threats require strong relationships with our public-sector counterparts and public-private partnership groups, like InfraGard, to broadly disseminate information and best practices.
Recent member research by ASIS International shows that few organisations have truly converged security departments that can holistically deal with cyber, physical, personnel, and information risks.
Internet of Things risks
And speaking of cyber-threats, we are dealing with an ever-evolving and increasingly complicated threat landscape. Not least among the targets is the Internet of Things (IoT).
It is projected that by the year 2020, more than 50 million objects will have discrete IP addresses, including cars, airplanes, pacemakers, control systems manufacturing process control components, access control—and yes, even your refrigerator letting you know you need more milk.
The IoT opens an organisation up to incredible risk, which was illustrated this past October with the Mirai DDoS attack that took down Twitter and other mainstream websites. Its attack vectors were largely unsecured IP cameras and DVRs, two entrenched residents of the IoT. We need to raise awareness on product security and educate stakeholders about vulnerabilities (from default logins and password settings to embedded backdoors sending information via unencrypted channels).
Holistic security management
One area of security that often gets overlooked is management. Long gone are the days of the reactive "corporate cop" using a command-and-control management structure.
Today's emerging security leader is a holistic risk manager, dealing not only with security, but investigations, loss prevention, fraud, cybersecurity, safety, and other issues.
He or she must be steeped in Enterprise Security Risk Management (ESRM) — which has become a global strategic priority at ASIS. Security leaders must also become business strategists, trusted advisors/collaborators with the C suite, contributors to the bottom line, talent acquisition experts, and empathetic leaders.
|Security managers must lead a widely-dispersed staff encompassing many cultures, backgrounds, and geographies|
According to Professor Mario Moussa of the Wharton School of Business, the workplace of the future will be "flatter, looser, wider, and faster." This means that hierarchies will matter less, flexible schedules will predominate, and remote work will become commonplace. Yet, staff will need to be more collaborative and team-oriented.
Over the longer term, security managers must lead a widely-dispersed staff encompassing many cultures, backgrounds, and geographies. Facilitating communication will be critical, especially with the proliferation of millennials who will make up 50 percent of the workforce by 2020.
And, although women currently make up only a small minority of security executives, their day is coming. Multiple studies show that companies see a bigger rise in revenue under female leadership than under male leadership. They are shown to be more transformative, collaborative, and empathetic than their male counterparts.
Over the longer term, security managers must lead a widely-dispersed staff encompassing many cultures, backgrounds,
2017 changes at ASIS International
This past year saw tremendous change at ASIS International. We welcomed a new CEO, Peter J. O’Neil, who has brought fresh energy, wisdom, passion, and leadership to the association. We’ve undertaken a top-to-bottom review of our operations and have a number of exciting new initiatives in store.
This year, we are launching a revitalised member-focused strategic plan that will move the Society in a more transparent and inclusive direction. We are exploring expanded membership categories, increasing our online learning, revamping our website, and strengthening partnerships with groups like ISSA and InfraGard to ensure our members maintain access to best practices throughout the security spectrum. We know people across the globe are entering our profession, and we want to be able to serve their educational and professional development needs, while forming local communities of support to make them stronger and more successful.
In 2016, our flagship event, the Annual Seminar and Exhibits, hosted the first U.S. Outstanding Security Performance Awards, as well as the launch of Security Week, which provided an opportunity for us to give back to the event’s host community. We experienced a 10 percent increase in registrations and are looking to build on this momentum in Dallas at ASIS 2017. ASIS plans to make a significant investment in reshaping this event to provide attendee and exhibitor partners with more value than any other security-oriented event in the United States. We will convene an enhanced programme, including new learning formats, networking events, and show floor features.
See the full coverage of 2016/2017 Review and Forecast articles here