As technology advances, the lines between cyber and physical security increasingly blur. Securing your assets—both digital and physical—has become more crucial than ever. Whether you are on a physical or cyber security team, the main focus should be risk assessment and management.
Going into our latest webinar alongside Security Magazine, 54% of attendees said the biggest challenge their security program faces is budget, followed by inefficiencies at 20%. Starting off the discussion, this was a great jumping off point into covering how a security program is measured, analyzed, and assessed to see if it’s effective.
Many organizations think of cybersecurity and physical security are entirely separate entities. However, I think of them as siblings:interconnected, dependent on one another, and vital to a comprehensive security plan. We talk more about bridging the gap between physical and cyber security in this blog.
When we all headed home to work back in 2020, security teams reeled at the shift in protection for the modern workplace. And as businesses continue to require more time spent in the office – or manage hybrid-remote teams (74% of U.S. companies are using or plan to use a permanent hybrid model) – security leaders continue to assume a duty of care to increase workplace safety.
Security teams handle a lot of incoming data and information related to potentially life-threatening events and emergencies. Whether you’re working with seasoned professionals or new trainees, having a step-by-step plan for how to handle specific situations consistently is essential for meeting the goal of keeping people and assets safe.
Machine Learning (ML) should not be confused or used interchangeably with AI (Artificial Intelligence). ML is a subcategory of AI that uses algorithms to recognize patterns from data and automatically learn insights, allowing programs to become more intelligent.
ML ultimately should aim to remove the need for humans to do repetitive, low-value decision-making activities, like triaging false positives or system/device health ticketing.
It’s clear that despite recent layoffs in the tech industry and general unease about the economy, there are still significant gaps in the number of jobs available and the amount of workers available to fill them. According to the Labor Department, there are 5.5 million more job openings than workers available. The physical security industry is not immune to these shortages.
Last fall, Allied Universal reported being unable to fill thousands of open roles nationally while other smaller security-related companies also cited difficulties finding workers to fill open roles. Reported instances of burnout among security professionals is contributing to this. In one report, 84% of security pros and 80% of other workers felt burned out. The same report claims that burnout can lead to missteps and employees experiencing burnout were three times as likely to think that security rules and policies “aren’t worth the hassle,” compared to respondents who were not experiencing burnout.
As security leaders look to address some of these concerns for long-term gain, there’s a new discussion to be had: Can technology bridge the gap between worker shortages and the need for robust physical security programs? Implementing technology that streamlines decision-making is one way to try and address retention within a physical security department, but technology in general may contribute to solving this issue.
The Role of Virtualized GSOCs
Mature businesses rely on a Global Security Operations Center, or GSOC, to collect and analyze information about threats to the organization, its people, and its assets. But the resources required to properly staff and maintain a GSOC are beyond the reach of many businesses, including startups.
This presents a challenge: the world is simultaneously more connected and dispersed than it’s ever been, which makes managing physical security risks more critical – and more difficult – than ever before. Add in the challenge of sourcing talent for these operator and analyst positions, and many businesses might not be able to stand up a GSOC that can adequately serve the organization.
Enter: Virtual GSOCs (vGSOCs).
Many established enterprises rely on a physical GSOC to serve as the command and control center for their security programs. These secure locations are where threats are identified and analyzed and the appropriate response is determined. A vGSOC performs the same functions without the need for a centralized physical location, which saves money, enables scalability, is inherently more redundant, and gets the security program up and running more quickly than bringing a physical GSOC online.
vGSOCs can also help organizations address worker shortages and staffing challenges by outsourcing the physical security function and providing additional support that may not have been available previously.
Promoting More Remote Work Options
We’re entering a period of remote work-centric operations, with a recent report by Ladders stating that nearly 25% of all professional jobs in North America will be remote by the end of 2022. This means that remote work is here to stay – and it may be contributing to the worker shortage when remote work is not an option within an organization.
As such, technology contributes to enabling more remote work functionality. Organizations who want to retain workers by promoting remote and hybrid work options have to plan long-term investments in IT infrastructure that support these workers, account for security threats – both physical and cyber – and foster a support environment that embraces remote workers.
Addressing More False Alarms
In physical security, security leaders are tasked with making decisions in a split second using information that they have at their fingertips – and receiving hundreds of alarms each day can quickly lead to burnout and increased risk of missing a true security event. The “noise” generated by disparate systems within a GSOC, funneled through security guards and analysts to assess and respond to can become debilitating. In some regards, the various systems within the GSOC – from access control, video feeds, analytics alerts, intrusion and fire alarms, Dark Web monitoring, and much more – can create so much of this noise that the actual event might be missed.
Operators cannot digest all of these false alarms and noise long-term without experiencing the kind of burnout mentioned earlier. For many organizations to handle the amount of alarms coming in at any given point, leaders have to either add more bodies or implement technology to address these challenges. And as we’ve mentioned, shortages are plaguing even the largest companies.
The good news is that we’re in a period of time where there are many available technologies that implement artificial intelligence (AI) to help address this noise and reduce the number of false alarms there are. It’s critical that physical security leaders start identifying and implementing technology to help retain their operator talent and build a scalable program for protecting people and assets.
The Case for Advanced Technology
In a recent webinar, Travis May from Groove Jones said that having technology that’s innovative helps keep security operators working in GSOCs engaged. With the technical advancements in not only supporting remote and hybrid workers, but also opening up the option for security operators to work virtually, physical security is taking a step forward in modernizing its approach to building the modern workforce.
