Every company has its ‘crown jewels’ that it will go to great lengths to protect. Find out what security experts had to say about being a secure business when they paid a recent visit to the Tower of London.
"Security isn’t just about technology, it’s actually about people, process and technology in that order,” said Bryan Littlefair, Vodafone Group Chief Security Officer. “You can invest as much as you want in technology, but you won’t have an effective, secure organisation without the right people, without engaging with your employees and making sure they understand the challenges we face as well. The awareness piece is critical.”
This set the tone of the discussion about the importance of protecting an organisation from online and physical threats and the issues around securing corporate information.
Eight security experts from a range of industries gathered to address the critical issues facing today’s Multi-National Corporations (MNCs). One thing everyone agreed on was the danger of prioritising technology over people. It was emphasised by many of the speakers that the two are interdependent. As Jonathan Upshall, AON Global UK Director noted, “you are only as strong as the weakest link in your chain.”
“You have to be proactive, you have to have technology and you have to educate people,” said Mark Walmsley, Global Head of Information Security at Freshfields Bruckhaus Deringer.
Plan, implement, review, repeat
The importance of holistic planning and consistent implementation of security measures also emerged as key themes. “I think security is a bit like product development – it is changing all the time and you need to be looking for what’s over the horizon without forgetting what happened in the past,” said Stuart Osborne, Chief Security Officer at BAE Systems.
This view was shared by David Fitzpatrick-Grimes, Security Manager at the Tower of London, “you have to plan for everything… good security adds value to any organisation.”
John Bree, Managing Director at Deutsche Bank underlined the ‘always-on’ nature of security and the dangers of letting your guard slip, “it’s not something that just happens in a training session – it’s every day, it’s constant.”
Bryan Littlefair reminded the audience of the consequences of failing to plan adequately, “the bad guys will gravitate towards the easiest target to get what they want.”
The panel also addressed the age-old battle experienced by security experts the world over, how do you prove the value of security?
“We tend to focus on return on investment…I try to use what’s called a ‘return on risk’. Information security should always be about reducing risks – so from a critical to a low. If you can show how you can reduce a critical to a low, if you can show that this cost means this business benefit, it gives you more ammunition,” Barry Coatesworth, an industry advisor in the retail sector.
“What the business wants is silent operations. They just want to know that something is purring away in the background, everything is working fine,” Howard Pinto, Head of Technology Security at Vodafone.
Sometimes the route to winning hearts and minds in the business might just be about reminding them of the worst case scenarios.
“Scenario testing is a great way of actually making sure that any policies and risk management procedures are relevant and they will work if god forbid, something did happen,” said Jonathan Upshall, AON Global UK Director, on winning the hearts and minds of people within an organisation. “You don’t want to be in a situation where something goes wrong, it’s five o’clock on a Sunday, you can’t get hold of anyone, and people are looking at each other, trying to phone each other and no one knows what to do. You need to do that relevant scenario testing so people know how means policies will kick in when you need them to kick in.”
Watch what the security experts had to say about being a secure business in the series of panel debates recorded at the event – or download the insights around how security is moving up the scale of importance within corporations and why behavioural change is key.