7.16.21 – SIW
Physical, IT security professionals discuss the challenges facing their organizations as businesses prepare to reopen
With an ever-increasing number of people starting to make their way back into public spaces and traditional office environments as the Covid-19 pandemic wanes, many security professionals fear the so-called “return to normalcy” will also result in an uptick in physical threats to the businesses they serve.
In fact, the results of a newly published study by the Ontic Center for Protective Intelligence, the consulting arm of security intelligence software firm Ontic, found that 75% of physical security and IT leaders agree that physical security threats will increase exponentially as companies begin to reopen their facilities.
Additionally, the study, which polled 300 senior physical and IT security leaders, found that since the beginning of this year, 33% of respondents say their company has received or investigated at least one physical threat per week. Another 21% respondents said they have dealt with between two and five such threats per week, while 4% reported dealing with over six threats per week.
As a result of intelligence failures, security leaders in these organizations say they have seen a wide range of impacts, including:
- An insider abused authorized cyber access that led to property theft or supply chain damage (34%)
- An employee was threatened and/or harmed while working at company facilities (33%) or working remotely (28%)
- A former employee threatened and/or harmed current employees (25%)
- Our CEO and/or family members received threats and/or were harmed when working from their private residence or while traveling (24%)
- An active shooter event occurred at one of our locations (18%)
Fred Burton, a former State Department counter-terrorism deputy chief and U.S. Diplomatic Security Service special agent who now serves as Executive Director of the Ontic Center, says that the threat landscape has changed in 2021 due to a confluence of factors, that not only includes the pandemic, but also anxiety related to the shift from work from home to the reopening of offices and even the events of Jan.6 and the U.S. Capitol siege continue to weigh on people’s minds.
“We almost have a perfect storm, which is one of the reasons why we wanted to do this research project because we did a baseline research project last year and we wanted to look at that in context of how the threat landscape changed or emerged,” he explains. “I’ve been in the business long enough to know that I had seen those warnings and indicators from an emerging threat perspective, so some of the data certainly reinforces that.”
Of the threats that have morphed into physical harm or death at organizations this year, nearly half of respondents (49%) felt that most or almost all these incidents could have been avoided if cybersecurity and physical security intelligence were unified so that information could be shared. There was also strong support from those polled for the integration of these two sides of the security house, in fact; 95% of both physical security and IT professionals agree that cybersecurity and physical security must come together to avoid missing future threats.
However, according to Burton, says there are systemic issues that are keeping departments siloed in many businesses today.
“There is a tremendous amount of money thrown in the cyber space and what you will find, at least from a trending perspective, is that it is not the same budget lines associated with physical security. But what you do have, and I think this report indicates that, is this convergence effect where you have a blending between cyber and physical,” he explains. “It’s almost like death by a thousand cuts, meaning when you open up the Wall Street Journal or you look at Bloomberg or any of the major news outlets any day, cyber and hacking and data breaches are all over and you rarely see physical security threats manifest themselves. What you do see though, is the uptick in mass shootings… and that’s kind of compounded this issue a little bit in that not only do you have this convergence of threat variables, but you also have these horrific shootings that have taken place all across the country.”
Speaking of workplace violence, the study shows that many organizations are woefully lacking when it comes to active shooter preparation or mitigating other physical threats. Of those polled, 55% said their CEO believes training employees so they are better prepared for potential workplace violence will create a culture of fear, while more than a quarter (26%) reported that their company has never even addressed the potential for workplace violence and would not know what to do if a shooter entered their facility.
“One of the things that our survey revealed is that one-third of companies are dealing with physical security threats each and every week and I think we all expect – in our never-ending influx of cyber-attacks and data breaches – to be vulnerable in that space, but I think realistically, the C-suite doesn’t understand the scope of physical security threats that is also manifesting in this space,” Burton says.
Pandemic Challenges Remain
Security professionals also expect to encounter a lot of friction with employees due to polices that they decide to put in place around Covid-19. Nearly three-quarters of respondents (74%) said they anticipate significant conflicts between management and employees regarding health and safety protocols, as well as work from home policies when businesses reopen. Additionally, 72% agree that their company has experienced physical security threats related to requiring employees to show proof of vaccination in order to return to the office.
“The physical threat landscape has drastically changed, starting with Covid. The events of January 6 have compounded that. With racial and social justice issues, CEOs, if they take a stance on either side of that equation, have also received threats,” Burton adds. “We are in a very unique threat environment here today that if companies are sitting back and not thinking about this in a dynamic, holistic, kind of always-on monitoring capacity, they are literally going to be blindsided and behind the curve.
About the Author:
Joel Griffin is the Editor of SecurityInfoWatch.com and a veteran security journalist. You can reach him at firstname.lastname@example.org.