In a previous blog, we explored the importance of bridging the gap between cyber and physical security within your organisation. One of the recommendations was to create joint resilience and security playbooks. The rationale being that security and resilience ultimately share interdependencies and a failure in one area can negatively impact another.
Since that blog was released, it has become apparent that there is further focus required on raising the importance of broader corporate security alongside resilience; those operating in financial sector where Operational Resilience is a regulated activity.
What is corporate security?
Corporate security is an organisation’s comprehensive approach to protecting its physical, digital, and intellectual assets from various threats, both internal and external. This includes implementing policies, procedures, and technologies to safeguard sensitive information, infrastructure, and personnel, as well as ensuring compliance with relevant regulations and industry standards.
By proactively managing risks and addressing vulnerabilities, corporate security helps organisations maintain their reputation, safeguard business resilience and support long-term growth.
Corporate Security influences all important business services pillars
When discussing operational resilience, financial services organisations focus efforts on five key pillars of important business services. These being 'People, Property, Data, Technology and Third Parties’. Corporate Security permeates through all of these areas and poor maturity can lead to a breach of impact tolerances for your important business services. To articulate this point further, there are three areas where corporate security, cyber security, and operational resilience cross over.
People are still a target for threat actors
Risk events involving an organisation’s people happen frequently, according to the 2023 data breach investigation report by Verizon. 74 per cent of breaches involved a human element, which includes social engineering attacks, errors, or misuse. Alongside this spear-phishing is an already common attack method for threat actors to use however to create a more plausible attack, a threat actor may look to take things a step further by gathering information on a person through social engineering or Open-source intelligence (OSINT) methods.
Flawed perceptions can lead to disruptions
It is important to contest your organisations internal thoughts about corporate security, as it may be wrongly assumed that the linked controls are successfully managed, have transparent ownership, and are subject to testing in accordance with company procedures. This unchallenged perception can result in exploitable gaps being discovered which can be used to disrupt your organisation.
When discussing perception, considerations should also be made at the impacts of public perception. Organisations are increasingly become vulnerable to negative reputational perceptions and subsequent retaliatory actions from social amplification through social media. These retaliatory actions can be escalated to protests, vandalism or full targeted attacks on your premises. In some cases, your organisation may not be the target of however due to co-leasing arrangements within office building, your organisation could still be indirectly disrupted.