Ensuring business continuity no matter the threat with decision support systems
Achieving operational resilience brings many challenges in an increasingly demanding security landscape. It is key to establish a clear security strategy – aligning it with company objectives. Can decision support systems be the way forward as part of system resilience?
A complex security landscape
Firms have many day-to-day priorities – market strategy, hiring and retaining top talent, profit growth – the list goes on. However, one issue which has grown in importance in recent years is operational resilience – keeping the business and its people safe. However, the security landscape and therefore the ease of protecting people is becoming more complex, and businesses need to respond accordingly in order to be successful. For example, the advent of IoT has precipitated vast interconnectivity throughout businesses, which has led to many benefits (such as quicker information sharing). However, this connectivity has also meant that both physical and cyber security concerns have become irreversibly intertwined, meaning it’s no longer enough to think of them as two separate functions – firms can be attached from both the front and back door.
Increasing damage from cyber breaches
What’s more, it’s becoming increasingly damaging. There is an astounding amount of evidence that shows just how harmful a cyber breach can be. For instance, the Ponemon institute produced research that showed the average cyber attack costs $3.62 million. But physical breaches can be just as costly – and often in terms of human safety. School shootings, for example, demonstrate in the extreme the horrifying outcomes which can happen when physical security systems are breached.
Aligning security and resilience
While security and resilience are undoubtedly linked, they are by no means one and the same. Security refers to the defences in place to protect assets, whereas resilience means the procedures in place before, during and after an incident. It’s vital that organisations address resilience concerns and take steps to align their people, processes and technology to aid recovery times and harden overall security. The features of good system resilience are how effective security procedures are at resolving a situation, the return to normal business and afterwards, what measures can be taken to stop it reoccurring. Crucially, the speed at which these can be done is also a key measure of system resilience. For smaller businesses these challenges aren’t always as severe, but for larger organisations – like retail centres, airports or those that operate across multiple sites – true resilience can be harder to achieve.
However, despite its business-critical nature, an EY survey of 1,400 C-suite executives showed that 77% of organisations operate with ineffective security and resilience, highlighting that many companies urgently need to reconsider their security practices.
But how can firms improve their operational resilience?
An important first step that organisations can take towards a more resilient security system is employing a unified platform, linking everything together to provide one holistic view. This provides a single place for security teams to work from, providing them with all the information they might need from across the entire physical or digital environment. The ability to access all facets of security, like access control, surveillance or cyber, in an instant provides huge operational advantages. For instance, it eliminates the need to search for information as it’s at operators’ fingertips, which drastically reduces incident resolution time. Furthermore, it also means that security teams will be less stretched when covering a large environment and can optimise available manpower.
Decision Support Systems (DSS) are another tool that can ease security challenges by collecting and qualifying data from different security devices. In the event of a security breach, this information can instantly give security teams a step-by-step guide in how they should respond to an incident. This not only reduces operator decision-making time but also ensures organisation-specific processes and compliancy requirements are followed to the letter. This eliminates the potential for user pitfalls, such as false-alarm fatigue or poor decision-making. Furthermore, in the aftermath of an incident, security leaders can do a full audit of the incident and the security response – to ensure procedures were followed correctly and implement necessary training if not.
A quick resolution isn’t the only objective; a truly resilient system means that businesses’ strategies should always be evolving. By analysing data of past incidents, security teams can be more assured in future responses, such as confidently assigning resources to a specific area at different times of day, as the data demonstrates the need. Furthermore, some decision-support solutions allow organisations to review and retrace each step that went into the resolution process. Then, raw data can be exported to help organisations start building a detailed report of an incident, so that they can analyse how things were done and how they could be improved next time. By reviewing the process from incident detection through to resolution auditing, organisations are able to make predictive changes, create new best practices, plan for the unexpected, identify weak spots, determine areas that require extra staff training, and shore up defences.
The benefit of these technologies to a business’s overall strategy is undeniable. But leaders must forego lacklustre practices in favour of a more proactive approach. This will allow them to establish a clear security strategy – aligning it with company objectives and ensuring operational resilience. Ultimately, security teams must move from a policing mindset to one that promotes an integrated, comprehensive strategy powered by people, processes and technology. By fostering a strategic approach that focuses on preparation, prevention, detection, response and recovery, organisations will ultimately be as resilient as they can be.
Paul Dodds
Country Manager UK & Ireland
Genetec
See also:
Hardening physical security by Paul Dodds
Cyber security in an age of state-sponsored cyber attacks by Paul Dodds
