The threat in Business Environment

Introduction - Good Fences Make Good Neighbors

The old adage is good fences make good neighbors. That holds true today for
businesses, though
the fences in this case are security policies. Strong security policies coupled with the
use of good procedures and practices should minimize the danger for business risks.
Organizations need to recognize the immediate need to protect their employees,
properties and information assets from emerging security threat from the dynamic
environment. This security threat is significant and should lead businesses to consider
deploying security solutions with a proven ability to detect new and previously
unknown risks emanating

What does Corporate Organization needs?

A successful business works on the basis of revenue growth and loss prevention.
Corporate businesses are particularly hit hard when either one or both of these
business requirements suffer. Security breaches, down-time and reputation loss can
easily turn away new and existing customers if such situations are not handled
appropriately and quickly. This may, in turn, impact on the companys bottom line and
ultimately profit margins. A container hijack, computer virus outbreak, or a network
breach can cost a business thousands of dollars. In some cases, it may even lead to
legal liability and lawsuits.

The truth is that many organizations would like to have a secure business environment
but very often this need comes into conflict with other priorities. Firms often find the
task of keeping the business functions aligned with the security process highly
challenging. When economic circumstances look dire, it is easy to turn security into a
checklist item that keeps being pushed back. However the reality is that, in such
situations, security should be a primary issue. The likelihood of threats affecting your
business will probably increase and the impact can be more detrimental if it tarnishes

1
your reputation. Conversely, if security is accorded adequate priority in the
organization, it will certainly help to maintain a healthy profit margin.

The Threat Environment

One of the most important steps in any security management strategy is to identify
the threats to your organization. A threat is defined as an event (for example, a
tornado, theft, virus infection), the occurrence of which can have an undesirable
impact on the well-being of an asset. The objectives of protection are to ensure the
security and safety of assets in which the most important objective is the safety of the
people in any environment.

Physical security, the most-often overlooked portion of security, has been brought to
the forefront of many organizations in the past decade. The attention can be credited
mostly due to worldwide, multiple catastrophic events in that same time frame.
Although some are man-made, many of the most widespread and destructive are the
result of Mother Nature.

It is the responsibility of all individuals within the organization to ensure that it is

prepared for any physical or environmental interruptions. However, the ultimate
responsibility falls on the top-level leadership to maintain proper levels of planning,
implementing, and oversight. By identifying and understanding the threats to physical
security, organizations can more effectively overcome interruptions, thereby lowering
the organization's risk to unknown events.

Threat Categories

Generally, four categories based on causation threaten physical security:

nature/environmental, supply systems, man-made, and political. Let's take a more in-
depth look at each category with examples.

Nature/Environmental

2
These include anything caused or created by Mother Nature or the result of natural
occurring phenomenon. Many examples of naturally occurring events can threaten
physical security, including but not limited to the following:

Hurricanes
Tornadoes
Wind
Earthquakes
Snow/ice
Floods
Humidity
Static Electricity
Extreme Temperatures
Dust/dirt
Lightning
Avalanches/slides
Volcanoes eruptions
Fire supply systems

These include the critical infrastructure and utilities that most business organizations
depend on for daily operations, including but not limited to power, water, and
communications providers.

Man-Made

Humans are the most common threat to physical security, generally because of
negligence. We spend the most money and effort in defending against these types of
physical threats. Man-made threats consist of a wide array of possibilities; some
examples include hackers/crackers, theft, fire, human error (hitting the wrong button,
unplugging the wrong cord, and so on), mechanical/electrical malfunction, explosions,
vibration, spills, malicious code, radio frequency interference, fraud, intruders,
magnetism, toxic chemicals, pollution, overloaded electrical outlets, and many more.

Political Events

3
With governments, politics, and religion comes power struggles that can sometimes
lead to violence. We have witnessed many of these unfortunate struggles that continue
to occur worldwide. Bombings, strikes, terrorism, riots, espionage, wars, and so on all
can have considerable effects on the security of an organization and its capability to
operate normally.

As an example, the recent civil unrest event (April 2010) in Bangkok had a devastating
effect on the nation and the business community where hundreds of life and millions of
dollars were estimated lost due to clashes, fire and rampage.

3. Emerging Threats

The physical security environment is quickly becoming more complex and more
difficult to protect for several reasons:

We are witnessing an increase in politically motivated attacks. Organizations

realizing the potential damage that can be waged through the Internet have
become highly motivated and profitable.
Identity theft is at the forefront of many organizations that store large amounts
of consumer data. The problem has gained a lot of traction because of the
potential financial gain from obtaining large amounts of sensitive, private
information. This problem crosses into the physical security area in the
protection and disposal of media including paper.

Corporate espionage is becoming increasingly popular as companies look to gain

an advantage on competitors. Penetrating competitors' IT infrastructure can be a
huge advantage when sensitive documents regarding upcoming products and
financial data can be obtained.

As technology evolves and the security landscape changes, security professionals must
stay abreast of the current trends and continually learn how to adjust their posture to
keep their risk levels to a minimum.

Prioritizing Threats

Time and money are always limited resources when trying to create a solid security
posture. Being asked to prioritize security can be a daunting task. Threats are
widespread and they constantly evolve. A common approach to gaining insight into the
most important threats to your organization can be identified through performing a
simple business impact analysis (BIA).

Here is a simple example:

4
5