The Delta variant dashed hopes for a steady “return to normal,” and global business now contends with the reality that the risk of pandemic resurgence will never be zero. Many companies have given up on hard “return to work” deadlines and are enacting workplace policies that adapt to a realization that some amount of health risk will always be present.
This transition is not an easy one, particularly for top-tier security organizations. In the nearly two years since the world shut down due to COVID-19, the security industry has ignored some pre-COVID issues and will be facing a new set of challenges in the years to come. On the plus side, this is a moment of opportunity for security leaders to contribute meaningfully to company strategy and position their departments as strategic assets within the company, instead of just cost centers.
To achieve this status, there are five key changes top tier security organizations should consider.
Pre-pandemic, most security organizations relied on analysts to write risk reports on locations around the world. These static reports would be manually updated with new research every time they were reused, which was a time-consuming process. In addition to taking up time, the methodology on how to extract data for a location would typically reside with a single analyst and not in the collective knowledge of the organization.
The pandemic highlighted the challenge of this approach as security organizations around the world struggled to constantly download global health data and compare it to their own geographic footprints. A collective need emerged to transition away from static reports and toward automated, updated threat analytics accessible across the security organization.
In enterprise security, part of staying ahead of the game is having the right sources of information. Previously there was a priority for hiring individuals with a “rolodex” of contacts in different locations who report on what is happening on the ground. This often provides an incomplete picture filtered through the lens of one individual. Single sources can be biased for a number of reasons. Perceived conflicts could help them remain relevant or decreased conflict could encourage new business in an area. Additionally, connections frequently stay with one employee and are not institutionalized in the organization. A better approach is to move away from individual sources and toward data-driven analysis.
Single pane of glass
Having too many vendors means that not everyone is properly trained up on all tools, resulting in lower return on investment. Yet, forcing everything through a single pane of glass means security leaders lose out on intelligence from the best vendors. Integrations should still be a part of an organization’s intelligence plan, but security professionals should be able to be flexible and include outside vendors. Enterprise security in 2022 necessitates a more flexible approach to integrations, neither mandating everything be integrated nor pursuing a myriad of different systems.
Overemphasis on the reactive
We all know it. The time is now to move away from a solely reactive security strategy toward one that is more proactive and preventative. Many organizations rely only on notification services and crisis communications systems. Their crisis management may be excellent, but their teams end up in a constant state of “whack-a-mole,” exhausting individuals and failing to anticipate and prevent crises from happening.
The key is to allow companies to deeply understand the threat landscape at a given latitude and longitude, thereby making decisions that minimize the chance a crisis will occur.
Historically, understaffed and underfunded security departments were stuck in response mode, without the capability to be proactive. After the tumult of the past two years, from the pandemic to protests and crime spikes around the world, more companies are seeing the strategic advantage of investing in their security departments. They are increasingly hiring data scientists and getting smart on statistical analysis, natural language processing, machine learning and artificial intelligence, increasing expectations.
Some security organizations are being forced to modernize because of pressure from the top. Others must take on the burden of educating top leadership on why our new reality necessitates the prioritization of security organizations. And they can do that, not just by asking for more budget and headcount, but by preemptively showing results. Security departments need cost-effective tools that prepare them to do so.
The security industry is at a crossroads, but we have the opportunity to chart the course. Security organizations have the opportunity to shape the future, building resilient organizations and giving the people we protect the confidence to safely navigate this new world.
This article originally ran in Security, a twice-monthly security-focused eNewsletter for security end users brought to you by Security Magazine. Subscribe here.