This is the second in a six-part Hillard Heintze series on the top trends in 2015 we expect to see driving best practices in investigations, security risk management and law enforcement program improvement in the U.S. and worldwide.
Earlier this week, I outlined the top six 2015 trends in security risk management. Here are additional ones the Hillard Heintze team believes will play defining roles in setting funding and operational priorities for Directors of Security and Chief Security Officers this year.
Trend #7: Intellectual Property Protection Will Keep More Leaders Up at Night.
Across the United States and around the world, the theft of intellectual property (IP) – including trade secrets and digital assets – is increasing. Counterfeiting is on the rise – of consumer goods, manufacturing parts, electronics and pharmaceuticals. The piracy of software, music and movies is more prevalent than it has ever been. And the theft, accidental release or willful destruction of intellectual property through economic espionage is becoming increasingly difficult to prevent. As gangs, organized crime groups and terrorist organizations benefit, other problems emerge. This trend will result in significant human, financial and economic losses for business and countries in 2015.
As a result, we predict greater pressure on security teams – both physical and logical – to improve intellectual property protection. This will take the form, for example, of:
- Updates and improvements to IP protection strategies
- Assessment of gaps and vulnerabilities with the organization
- Countermeasure implementation related specifically to theft, counterfeiting, diversion, destruction and misappropriation
- Identification of responsible parties
- Litigation support, loss quantification and, if possible and relevant, recovery
Trend #8: Crisis Planning for Travel – When Medical and Natural Disasters Strike.
While the largest enterprises have been deeply invested for years in the travel security, intelligence and crisis response capabilities necessary to protect the portion of their workforce that undertakes international travel, we see more mid-sized entities preparing to offer their employees greater prevention and planning support than they have in the past. Drivers of this trend include:
- The growing focus on integrated workforce protection
- Technology advances in travel intelligence monitoring and alerts
- The rise in the number of centralized corporate security command centers
Trend #9: Effective Access Control Will Retain Prominence over Other Physical and Technical Security Priorities.
The use of a solid physical and logical access control program will continue to be a very high priority for security budgets in 2015 – as will supporting capabilities such as access control policy documentation and enforcement and a diligent focus on background investigations.
- Access control is often the first “line of defense” in the prevention of incidents such as active shooter, theft of intellectual property and a host of workplace violence scenarios.
- We already see this manifested on corporate security departments and government agencies at the federal, state and local level through a more acute focus on initiatives such as the integration of tactical, sensor and video data (e.g., CCTV, intrusion alarms) in command centers and increased expenditure on information security and infrastructure hardening to protect against data loss from internal and external actors.
Trend #10: The Dark Side of Social Media Will Push Its Way Onto Management’s Agenda.
Dealing with the “bad problems” of social media will require additional focus for security leaders this year – and for the next several, at least, as the risks emerging from this sector continue to evolve. This is one area in which best practices are evolving so quickly they can become out of date before companies have implemented them. ISACA, one of the leading global associations dedicated to advancing information system assurance and IT-related risks, points to several risks associated with employee use of social media. These include risks related to:
- The use of personal accounts to communicate work-related information
- The posting of content such as pictures or information that identifies the person as an employee of the company
- The use of company-supplied mobile devices to access social networking sites
The impacts of these risks can be substantial. They include increases in the rates of threats to organizational leadership, intellectual property theft, privacy violations, damage to brands and reputation and exposure of the network to viruses, spyware and malware. As we did last year, we expect to see a continued surge of interest among Directors of Security and Chief Security Officers in strategies and countermeasures such as:
- Ongoing updates and improvement to employee social media usage policies
- Mandatory security awareness training for staff and supervisors
- Inclusion of social media searches in risk, threat and vulnerability assessments
- Social media intelligence and threat monitoring on a one-time, periodic or ongoing basis. Many security heads are realizing that widely used, automated social media monitoring solutions are not useful unless overseen by an expert in intelligence, investigations and security threat assessments.
Trend #11: Winning the Battle to Defend and Increase the Security Budget Will Require Greater Sophistication.
This trend remains a perennial favorite of ours – but for different reasons. We find that pressures on the corporate or agency security budget vary widely depending on factors such as the ebb and flow of the business cycle; industry-specific security risk management issues from supply chain security to corporate espionage; major business activities such as M&A, mergers and divestments; and the attractiveness of alternative demands on capital. Just a few years ago, security leaders were slashing costs to conform with mandatory, across-the-board budget cuts. Now, with a strong economy at hand, the CFO would rather allocate financial resources to revenue-generating operations.
We see continued pressure on security leaders this year to justify additional funding. The savvy ones will protect their budgets and earn additional funding by pursuing strategies such as:
- Tighter alignment of security’s goals, priorities and operations with the strategic objectives of the organization
- The enterprise-wide and often global integration of security resources and departments
- Greater rationalization and transparency in security spend
- Migration to organizational models based on roving regional security directors, where appropriate, instead of dedicated country-specific personnel
- The collection and analysis of relevant security metrics
- An escalation in strategic communications and the development of security strategy blueprints and annual reports that quickly convey to senior constituencies the contributions that security is making to business objectives
Trend #12: New Ways Will Emerge to Leverage Big Data, Analytics, Information Sharing and Real-Time Decision Making.
For years, technology advances have been shadowed by the burdens of harvesting actionable insights, situational awareness and information from a deluge of data. That challenge will continue. But new solutions in addressing them are compelling. With respect to security, many of these are being tested, refined and improved by the major law enforcement agencies in this nation under the greatest pressure to expand their traditional policing mission to include a rapidly expanding set of objectives in homeland security and counter-terrorism.
New York stands out in this regard, and the NYPD’s implementation of Microsoft’s Aware solution is helping other major urban centers learn how to manage overwhelming quantities of camera feeds and data, build a surveillance and intelligence-sharing network to fight terrorism and help police solve crimes.
Full disclosure: Hillard Heintze is serving as a strategic partner and advisor to Microsoft, helping major policing agencies across the country evaluate this platform and apply it to their own real-time decision-making objectives.
What does this have to with corporate security? Quite a bit. Security leaders in the private sector need to keep a close eye on how the public sector is addressing its security challenges. There are a number of very critical differences but businesses can learn on the cheap by tapping lessons learned on the taxpayer dollar. Based in part on what federal, state and local policing agencies have been able to do with its Aware solution, Microsoft is now bringing a commercial version of this capability to the market. We see companies and industries with the most at risk tapping solutions such as Microsoft Aware’s cloud-based private-sector version at a growing rate in 2015 and beyond.
In the next set of blogs, we’ll focus on the top investigative trends we expect to encounter over the course of 2015. If you find these posts informative, subscribe to our blog – The Front Line.