ASIS Toronto Best Practices: Drones, money, insider threats and more (with photos)
The ASIS Toronto Chapter held its 24th annual Best Practices seminar in Markham, Ont., last week, highlighting topics of interest to security professionals such as job mobility and industry image, the evolution of the CSO role, unmanned systems, insider threats, active shooter scenarios, and security features in Canadian bank notes.
By Neil Sutton
Silvia Fraser outlined her career at the City of Toronto from security professional to business leader — including the hurdles she faced and the lessons she learned as a result of taking on new responsibilities outside of her comfort zone. Fraser encouraged Best Practices attendees to take stock of their resources and skillsets. Know the influencers in your organization, said Fraser — know what you can do for them and what they can do for you. “Really think about what keeps you up at night. Is it a threat? Is it a business issue? Is it a product issue? Look at who you can partner with to help you solve that issue,” she said.
Fraser also spoke of the perception and image of security and how the industry itself tends to be “humble,” sometimes to its detriment. Articulate the value of security in a way a business professional can appreciate, she said, and celebrate accomplishments.
Mivil Deschênes, president of consulting firm Mirades Inc., also spoke about professionalism in security and the need to be seen as a value generator and contributor to the business conversation. Security professionals are often sitting at the same table as professionals from HR, IT, health and safety, etc. As such, security solutions should to be created with other aspects of the business in mind.
“We have to be sales people. We sell security in our organization every day,” said Deschênes, who was previously a security leader at a major mining corporation and is a veteran of the Canadian Armed Forces. He also noted that the mission of protecting information falls squarely within the purview of the CSO — security professionals are better suited to data protection than IT professionals, argued Deschênes. You don’t keep the safe and the key to the safe in the same place, he reasoned. Likewise, the CISO is in charge of information policy, but information protection should reside with security.
Vanessa Collins, senior analyst at the Bank of Canada, provided a hands-on demonstration of the security measures that are embedded into each and every Canadian bank note, particularly those made with polymer material (86 per cent of bills currently in circulation are polymer). Collins indicated consistencies in Canadian money, such as the main portrait (the Queen, Sir John A. Macdonald, etc.), which matches the one depicted in the hologram window, and the hard-to-spot serial number in the “frosted maple leaf window” to the left of the bill. Collins also previewed a new Canadian $10 bill, which is being printed for Canada’s 150th anniversary (it will be available June 1, and there should be sufficient quantities in circulation for Canadians to keep one as a souvenir if they wish, she said.).
The duo of James Acevedo (Star River) and Michael White (Michael White Group) offered a presentation on the “Dr. Jekyll and Mr. Hyde” nature of unmanned systems — technology that represents improvements to agriculture, the energy sector, service delivery of all types, and security, but equally poses a threat to safety in the hands of those who wish to do harm.
Drones may be growing in popularity, but few are aware of their current scope and future potential, argued Acevedo. “It’s land systems, it’s sea systems, it’s even underwater systems,” he said. “This may sound funny to some people, but it’s right around the corner.”
Acevedo said he anticipates that the security industry will be split into three disciplines — human only, robot only and hybrid. The latter would involve unmanned vehicles that are controlled and operated by a person — a skilled pilot.
White cautioned Best Practices attendees to do their research before selecting a drone provider or operator. Ensure the company or individual is up-to-date with current regulations, carries the appropriate level of insurance and has a good operating record (i.e. no safety violations or “crashes”).
Acevedo also indicated the potential for malevolence: a drone of sufficient power and size can transport a major payload that could be deployed in a public area, resulting in serious harm and damage. The technology does not have to be sophisticated, either. Acevedo showed an image of a drone cobbled together from components easily found at a hardware store.
The afternoon concluded with a two-part presentation from Satyamoorthy Kabilan, director of national security and strategic foresight, Conference Board of Canada. Kabilan highlighted two of the most pressing concerns facing security professionals today: insider threats and active shooters.
The former can be difficult to recognize and act upon, since insider threats may be acting against the best interests of their employers or organizations unwittingly. It is often the “non-malicious, well intentioned accident” that represents the most common threat, said Kabilan. Understanding and addressing such a threat requires a concerted effort from number of different departments, he said, since it is so difficult to recognize.
Kabilan added the “insider” threat may come from outside your four walls, but within your network of trusted partners. “Your supply chain is your next insider threat matrix,” he said. Organizational leaders may inadvertently pose a threat by seeing themselves as exempt from some of the rules that govern employee conduct (e.g. using appropriate IT within the organization). They may also be singled out as a target for cybercrime — a spear-phishing attack referred to as “whaling” when it is directed at very senior employees.
Kabilan concluded with insights on the active shooter phenomenon and the lasting impact such an event can have beyond the immediate tragedy. Kabilan pointed to the toll taken by survivors, who may suffer not only from trauma but also feelings of guilt and inadequacy due to perceptions that maybe they could have done more to help out or even prevent the event itself.
Kabilan also spoke of the financial fallout caused by active shooters and the massive costs associated with mobilizing large security and police resources in response.
He commented that security protocols cannot be rigid when preparing for the possibility of active shooter events, since the events themselves tend to be fluid and unpredictable in nature.
Finally, he urged all organizations to create (if they have not done so already) and maintain a comprehensive social media presence, cautioning that “the conversation will happen on social media, with or without you.”
ASIS’s Best Practices event was also attended by ASIS Toronto’s chapter executive and other leaders including Mark Folmer, who was recently named Senior Regional Vice-President Group 6 (Canada), and ASIS International’s CEO, Peter O’Neil. The executive promised an even bigger event for the 25th annual Best Practices, which will be held next year.