Georgina Martin, Head of Talent Resourcing at CIS Security discusses recruitment and evolving hiring practices, highlighting the importance of an inclusive approach and diverse paths to learning for successful onboarding.

Rethinking recruitment: hiring for character, not just credentials

As threats to people, property, and physical assets evolve, so must the approach to hiring those who protect them. Security is no longer just about boots on the ground, it’s about people who understand customer service, emergency response, surveillance technology, access control systems, risk & threat, and securing people, property, and assets. In this new reality, organisations must rethink how they attract and retain top security professionals.

In an increasingly competitive and driven sector, recruitment has evolved from a reactive process to a strategic foundation of organisational success. As we step deeper into 2025, companies are reimagining how they attract, assess, and retain top talent. Recruitment is no longer just about filling seats; it’s about building future leaders-ready teams.

Traditional hiring practices often prioritise CVs, application forms, job titles, and formal qualifications. But these alone don’t tell the whole story of who a person is or what they’re capable of becoming. At the heart of effective recruitment lies a simple truth: the right people aren’t always the ones with the longest CVs, but those with the strongest values.

When recruiting, three core qualities should be emphasised: communication, professionalism, and decision-making under pressure. These aren’t just skills, they’re essential behaviours that reflect how someone operates in real-world situations. But beyond those competencies, looking for the right calibre should include those who are eager to learn, self-aware, reflective, motivated by personal growth, and guided by values, not just ambition.

Life experiences can be as valuable as job experience. Whether someone has navigated challenges, community projects, cared for family, travelled, studied independently, or reinvented themselves, those journeys shape resilience, empathy, and resourcefulness.

These strengths should be recognised, by not just asking. “Where have you worked?”; instead ask, “What have you learned? How have you grown? What do you value?”. This approach shifts recruitment from a checkbox exercise to a thoughtful conversation, aiming to understand the person behind the profile, their story, their mindset, their potential. Of course, experience and skills still matter, but the right attitude, character, and willingness to grow often outweigh a “perfect CV”. Some of the most successful candidates can come with non-traditional backgrounds allowing them to thrive because they align with a company’s culture and values.

Building a diverse and inclusive security industry

Equality, Diversity, and Inclusion (EDI) is no longer a “nice to have” or an internal checkbox exercise, it’s a mindset and a culture. It’s a long-term investment in your people and by extension, your brand, your customers, and your future. Companies that embrace inclusive hiring practices and build truly diverse teams are not only doing what’s right ethically, they are also unlocking better performance, innovation, and trust. The most successful hiring strategies today revolve around employer branding, personalised candidate experiences, skills-based hiring and a diverse skill set from situational awareness and de-escalation skills.

Inclusive hiring practices, blind resumé reviews, diverse interview panels, and equitable job descriptions aren’t just fair; they yield stronger teams. As when people feel included, valued, and supported, they don’t just stay longer, they perform at a higher standard. This is especially critical in service-oriented roles, where trust, communication, and professionalism are key.

The security industry has long been male- dominated. Modern recruitment strategies should actively seek to diversify the workforce, welcoming women, LGBTQ+, minorities, and neurodiverse individuals into roles at every level. A diverse team not only reflects the communities they serve, it enhances decision-making, creative thinking and team performance.

Recruitment in security is evolving just like the threats professionals are hired to deter. By adopting forward-thinking hiring practices, investing in training, supporting inclusive innovation, promoting diverse leadership and valuing personnel as an essential part of organisational success, companies can build security teams that are not just capable, but exceptional.

Building a diverse and inclusive security industry isn’t a one-time initiative, it’s a long-term cultural shift. It requires commitment from leadership, community engagement, and accountability and transparency to ensure a secure future is an inclusive one.

Investing in Learning & Development

In security, the role of people is just as critical as the systems, policies, and technologies in place. While surveillance cameras, access control, and risk protocols are essential, they are only as effective as the individuals trained to use, understand, and act on them.

As with many things in life, a balanced and varied approach can often lead to optimal results, by creating diverse pathways to learning and development and cultivating a diverse range of security professionals, from all walks of life and experiences.

Companies should strive for all colleagues, from entry level through to management and beyond, to develop themselves through blended learning. Promote diversity, by showing individuals there are new and alternative routes and pathways to formal qualifications or professional development, and encouraging and supporting them all to follow them. Embracing these different routes to education allows us to bring in “life experiences” as part of the development life cycle and therefore achieve true diversity – the practice or quality of including or involving people from a range of different backgrounds. These include:

• Security Apprenticeships such as Level 2 Professional Security Operative, Level 3 Security First Line Manager, and the new Level 4 Protective Security Advisor.
• Short Courses – regulated courses from SIA Refreshers and First Aid courses to Health and Safety and Fire Safety, as well as in-house, bespoke, and specialist webinars and networking.
• Scenario-based training such as handling escalations, and active threat situations
• Regular up-skilling on tools like CCTV systems, access control tech, and incident reporting software, plus legislation and regulation updates.
• Leadership and communication workshops for front-line supervisors.
• Cross-training to improve coordination with facilities, HR, emergency response, and external agencies.
• Values-based training to reinforce professionalism, inclusion, and ethics.
• E-Learning – this should not just be a “tick-box exercise”, rather a component of the wider learning culture. Short, sharp and focused learning for outside the classroom setting.

As security becomes more integrated with technology and workplace culture, the most valuable asset continues to be people – trained security professionals who understand their environment, lead with integrity, and act with confidence in uncertain situations. We’re not just training for today’s threats; we build teams that can handle tomorrow’s. And that starts by hiring the right individuals, developing their capabilities, and fostering a culture where learning never stops.

Comprehensive learning for real-world readiness

The effectiveness of security professionals hinges on their preparedness, expertise, and ability to adapt to diverse situations. In the security industry, one of the most powerful ways to achieve this is through targeted, high-quality training. The goal should be to equip every security professional with the skills, knowledge, and confidence to respond decisively to incidents – managing challenges dynamically while maintaining service excellence.

Providing rich, meaningful learning experience that combines technical skill-building with personal and professional growth ensures all are not only operationally ready, but also supported in their wellbeing, personal ambitions, and sense of belonging.

Core security knowledge areas

These cover the fundamental concepts and practices necessary to protect people, property, and physical assets from threats like unauthorised access, theft, vandalism, terrorism, and natural disasters. A few to highlight include:

• Situational Awareness – Staying alert, observing surroundings, and assessing dynamic environments to identify potential risks and take proactive measures.
• Radio Communications – Using radios and communication tools clearly, professionally, and effectively to ensure accurate, timely information exchange.
• Report Writing – Producing clear, factual, and well-structured incident reports that uphold accountability and legal compliance.
• Conflict Management – Applying techniques to de-escalate confrontational situations safely and professionally.
• Emergency Response – Acting promptly and calmly in a range of emergency scenarios, following protocols, and making sound decisions under pressure.
• Relevant Legislation – Understanding the legal frameworks that govern security work, including the rights and responsibilities of security professionals.
• Uniform Standards – Maintaining a professional appearance that reflects our values and inspires public confidence.
• Professional Conduct – Demonstrating integrity, accountability, and respect in all aspects of duty, both independently and as part of a team.
• Chain of Communication – Following established communication lines to ensure clarity, consistency, and efficiency in information flow.
• Chain of Command – Respecting operational hierarchy, recognising roles and responsibilities, and escalating matters appropriately.

Building a stronger future together

By fostering continual growth in core competencies and providing a supportive, inclusive environment, security professionals will be well-prepared to meet today’s challenges and tomorrow’s opportunities. By investing in people’s wellbeing, inclusion, and development, we are not just building skilled security professionals, we are strengthening our community and safeguarding our future.

Whether patrolling a facility or overseeing global security operations, every professional in the security industry contributes to a shared mission: safeguarding people, property, assets and peace of mind. With clear career pathways, a growing demand for skilled personnel, and ever-evolving challenges, security offers a rewarding and essential career across industries and sectors.

A workplace should be more than just a place to work, it should be a community where individuals grow, thrive, share ideas, and feel valued and included. It should be dedicated to building a culture that reflects values and supports every individual on their journey to success. That means putting equal emphasis on individual wellbeing, inclusion, and personal development, ensuring that everyone can perform at their best while feeling a genuine sense of belonging and purpose within the security industry and their career.

From hiring and vetting to uniforms, training, and the accumulation of valuable institutional knowledge, the costs of bringing someone on board go far beyond the initial salary; each new hire represents a significant investment. That’s why short-term thinking in recruitment is a fast track to wasted time and money. A strategic, long-term approach not only protects that investment but amplifies its return.

Georgina Martin

Head of Talent Resourcing

CIS Security

The post The changing face of professional security appeared first on City Security Magazine.

In today’s digital landscape, cybersecurity has evolved beyond the confines of IT departments to become a cornerstone of business resilience and success. Organisations must recognise that cybersecurity is not merely a technical concern but a strategic imperative that safeguards operations, protects reputation, and ensures long-term viability.

CIS Security aims to exemplify this approach by integrating cybersecurity into its core business strategy. The company acknowledges that significant investments in cybersecurity alone are insufficient if not guided by a coherent, risk-based strategy tailored to address specific vulnerabilities.

By conducting thorough risk assessments, potential threats unique to its operations can be identified and targeted measures to mitigate them implemented.

This dynamic approach to cybersecurity is further supplemented by regularly updating the strategies used to respond to the evolving threat landscape. This includes investing in security solutions, conducting regular audits, and engaging with external experts to bolster internal capabilities. Such measures not only protect the organisation but also reinforce trust with clients by demonstrating a steadfast commitment to data security.

The right cybersecurity strategy involves a comprehensive understanding of organisational risks, a culture prioritising security, and the agility to respond to emerging threats. CIS Security’s proactive stance serves as a model for integrating cybersecurity into the fabric of business operations, ensuring resilience and sustained success in an increasingly digital world.

Understanding risk: the first step

A robust cybersecurity strategy commences with a precise and comprehensive risk assessment. Organisations must diligently identify their most valuable assets – such as customer data, intellectual property, and critical operational systems – and understand their vulnerabilities and potential threat actors targeting them.

This process is not a one-time task but an ongoing exercise. As organisations evolve, so too must their understanding of the shifting threat landscape. Regular, rigorous risk assessments are essential to ensure that security measures remain relevant and effective. Without continuous evaluation, security strategies risk becoming misaligned, potentially exposing critical areas, and increasing susceptibility to cyber threats.

Proper risk management ensures that security investments are strategically deployed, focusing on areas where they can have the most significant impact, rather than being misallocated to less critical zones. This strategic allocation not only optimises resource utilisation but also enhances the organisation’s overall security posture.

By embedding regular risk assessments into their operational framework, organisations can proactively address vulnerabilities, adapt to emerging threats, and maintain robust defences against the ever-evolving cyber landscape. This proactive approach is vital for safeguarding both the organisation’s assets and its clients’ data.

Embedding a culture of awareness

While technology plays a significant role in cybersecurity, the human element remains paramount. Human error is a leading contributor to data breaches, often exploited through tactics such as phishing attacks, inadequate password practices, and unintentional data mishandling.

Cultivating a culture of cybersecurity awareness is vital for bolstering defences. Relying solely on sporadic training sessions is insufficient; instead, security consciousness must be integrated into daily operations and workplace culture. Leadership supports this integration by emphasising the importance of cybersecurity through consistent communication, practical advice, and relatable examples that connect with employees in their everyday responsibilities.

To ensure cybersecurity remains at the forefront of our employees’ working day, we implement ongoing training that includes regular simulated phishing emails. These exercises are designed to test and reinforce our staff’s ability to recognise and appropriately respond to phishing attempts, thereby reducing our vulnerability to such attacks. Employees who interact with these simulated threats receive immediate feedback and additional training to address any gaps in understanding.

This proactive approach enhances individual awareness and strengthens our overall security posture. By understanding the “what” and the “why” behind security protocols, our workforce is better equipped to adhere to best practices, significantly reducing the organisation’s exposure to common attack vectors. Ultimately, this leads to a more resilient and security-conscious organisation.

Preparing for the inevitable

In the current landscape, organisations must acknowledge that no defence is impenetrable. Cybersecurity incidents are not a matter of “if”, but rather “when”. Therefore, organisations must be prepared to respond swiftly and effectively when breaches occur.

A comprehensive incident response plan is crucial for this preparedness. Such a plan should clearly delineate key roles, escalation procedures, communication strategies, and recovery protocols. Additionally, these plans must be rigorously tested through realistic scenario exercises to ensure readiness in the event of a real incident. Regular drills help identify potential weaknesses in response strategies, allowing organisations to refine their procedures continually.

Being well-prepared minimises disruption and reputational damage while allowing organisations to recover more rapidly from incidents. Those who take pre-emptive action and develop a clear response plan will be in a significantly better position than those who scramble in the wake of a breach without a concrete strategy.

Leveraging managed security services

In today’s complex digital landscape, many organisations find it increasingly challenging to manage their cybersecurity needs solely with internal resources. Factors such as a shortage of skilled professionals, the rapid evolution of cyber threats, and stringent regulatory requirements can overwhelm in-house teams. Consequently, organisations often seek external expertise to bolster their security posture.

Managed Security Services Providers (MSSPs) offer a comprehensive solution to these challenges. They provide continuous monitoring, expert incident response, and access to advanced threat intelligence, significantly enhancing an

organisation’s ability to detect, respond to, and adapt to emerging risks.

Key benefits of partnering with an MSSP

One primary advantage of engaging with an MSSP is access to specialised cybersecurity expertise. Building and maintaining an in-house security team with the necessary knowledge can be resource intensive. MSSPs employ professionals proficient in various areas of cybersecurity, ensuring organisations benefit from specialised knowledge without the overhead costs.

Additionally, MSSPs assist organisations in adhering to industry-specific regulations, such as GDPR, by implementing necessary security controls and conducting regular audits. This proactive stance not only mitigates risks but also reinforces trust among stakeholders.

Furthermore, MSSPs offer scalable solutions that adapt to changing requirements, ensuring continuous protection as businesses expand and enter new markets.

Selecting the right MSSP

Choosing an appropriate MSSP is crucial for effective cybersecurity. Organisations should consider the following when evaluating potential partners:

Technical expertise: Ensure the provider possesses the necessary technical skills and certifications to address specific security needs.

Industry knowledge: Select a provider with experience in the organisation’s sector to address unique challenges and compliance requirements.

Reputation and reliability: Assess the provider’s track record and client testimonials to gauge their reliability and effectiveness.

Service Level Agreements (SLAs): Review SLAs to ensure they align with the organisation’s expectations for response times and service availability.

Cybersecurity as a strategic enabler

Cybersecurity has evolved beyond a mere defensive measure to become a strategic enabler that fosters innovation, growth, and resilience. It is no longer sufficient to view cybersecurity as a standalone function or a reactive expense; it must be integrated into the very fabric of an organisation’s operations and culture. This shift in perspective is essential for organisations aiming to thrive in a landscape where digital risk translates directly into business risk.

A robust cybersecurity framework enables organisations to innovate confidently, knowing that their digital assets and customer data are protected. It fosters trust among clients and partners, which is crucial for long-term business relationships and growth.

Moreover, a well-implemented cybersecurity strategy enhances operational resilience, ensuring that organisations can swiftly recover from disruptions and continue to deliver value to their stakeholders.

Senior management play a pivotal role in embedding a cybersecurity ethos throughout the organisation. Their leadership and commitment are crucial in establishing a culture where cybersecurity is viewed as a shared responsibility and a core component of business success. By leading by example, adhering to security protocols, participating in training, and prioritising cybersecurity in decision-making, senior leaders set the tone for a security-conscious culture.

Their involvement goes beyond symbolic gestures; it requires active engagement in shaping and promoting cybersecurity initiatives. This includes allocating resources for advanced security technologies, comprehensive training programmes, and robust policies that protect both the organisation and its clients’ data against evolving threats. Such proactive measures not only mitigate risks but also reinforce trust among stakeholders, demonstrating a commitment to safeguarding digital assets.

Steve Downs

Technical Development Manager,

CIS Security

www.cis-security.co.uk

The post Choosing the right cybersecurity strategy appeared first on City Security Magazine.

London, UK – March 4, 2025 – CIS Security, one of the UK’s largest and most respected providers of security services, is delighted to announce Neill Catton’s promotion to Chief Executive Officer (CEO). This transition marks a significant milestone in the company’s continued growth and commitment to excellence within the security services sector.

Carl Palmer, Executive Chairman of CIS Security, commented on this strategic promotion: “We are thrilled to announce Neill’s promotion to CEO. Over the years, Neill has been critical to CIS Security’s success, demonstrating exceptional leadership, vision, and a deep understanding of the security landscape. As Managing Director, he played a pivotal role in driving our expansion, enhancing operational efficiency, and ensuring the delivery of top-tier security services to our customers. I have full confidence that under Neill’s leadership, CIS Security will continue to grow and innovate as we prepare for the years ahead.”

This has also given the opportunity to promote seven key members of the Operations Team, creating two new Managing Directors of Operations and five Operations Directors. This further demonstrates our commitment to a high level of management contact, fewer customers for each Director, and, therefore, greater personal attention and added value.

Neill Catton’s career at CIS Security has been marked by his unwavering dedication and strategic foresight. As Managing Director, he successfully led the company through periods of significant growth, further cementing CIS Security’s position as the UK’s sixth-largest provider of security personnel. His appointment as CEO signals a forward-thinking approach to navigating the evolving security landscape, enhancing the company’s focus on innovation, technology, and customer satisfaction.

“I am honoured and excited to take on this new role,” said Neill Catton. “CIS Security has always prided itself on its people, values, and ability to adapt to the ever-changing security environment. With the support of our brilliant, talented team and unwavering investment from our shareholders, we will build on our successes and continue to lead the way in providing industry-leading cutting-edge security solutions.  I would like to add that my title may have changed, but the hands-on, accessible approach to our colleagues and customers will not.”

The promotion of Neill Catton to CEO comes as CIS Security is focused on further expanding its service offerings and enhancing its capabilities to meet the demands of a rapidly evolving security industry. Under his leadership, the company will continue to invest in technology, develop colleagues, and maintain its reputation for delivering exceptional security solutions across a wide range of sectors.

Carl Palmer concluded, “The future of CIS Security is bright, and Neill’s leadership will be a cornerstone of our continued success. We are excited to embark on this new chapter and look forward to achieving even greater heights in the years ahead.”

For media inquiries, please contact communication@cis-security.co.uk

The post CIS  Announces Promotion of Neill Catton to CEO in Strategic Move for Future Growth appeared first on City Security Magazine.

Joe Easterbrook, former City of London Police Inspector, now Building Security Manager for CIS Security has carried out a SWOT analysis on how to manage protest – looking Strengths, Weaknesses, Opportunities and Threats.

It’s funny how life can bring you full circle…

With a warrant card, my role during City protests was always to safeguard the public, communicate with any affected buildings to minimise disruption, and occasionally, remind protesters that whilst a passionate demonstration is one thing, spray painting a building is something very different. Fast forward 12 months and I am now a security manager for one of those very same buildings which sometimes draws the attention of protesters. And while the uniform may have changed, the task is essentially the same and therefore, as challenging as ever.

So, what’s it like preparing for and managing protest activity in the Square Mile? Tricky!

Protests can be pre-planned (good), but they can also be spontaneous (not so good). It’s one of the more interesting security considerations, and is often about managing expectations, navigating legal frameworks, and working together to maintain building safety.

To try and understand the landscape better, I’ve completed a short SWOT analysis of my views.

Strengths

As clichéd as it sounds, one of the key strengths in managing protest activity in the City is the power of communication. As a police officer, I was always encouraged to steer clear of WhatsApp Groups to share information and intelligence, but as a security manager they’re critical. These groups allow people across different buildings and security companies to exchange real-time information on potential threats linked to protests.

Practically speaking, I’ve been fortunate to receive several ‘heads-ups’ from colleagues in other buildings, which have afforded me the time to adjust building posture/measures in a bid to offer some form of mitigation.

In addition, forums such as the City of London Crime Prevention Association play a vital role. Intelligence is shared by the police, emerging threats are discussed, and both pre- and post-meeting coffee afford the time to connect and talk through plans with fellow security professionals.

Ultimately, it’s partnerships that help us anticipate and understand protest activity better. Whilst I remain somewhat biased, the City of London Police are also key to this, not just in terms of enforcement, but their proactive engagement with building security teams.

Tools such as CityINTEL allow the police to brief on protest strategies, movements and tactics to help preparedness, often in real time. It’s a fine line between preventing incident(s) at protests and facilitating the peaceful right to do so.

Weaknesses

Of course, even with all the communication and collaboration, there are weaknesses.

One of the big challenges is the legal landscape around protest activity. Despite my background, and now as a security manager, I still find myself ‘googling’ pre-protest to ensure that I’m up to speed with any changes or relevant case law.

The key issue is understanding the difference between civil and aggravated trespass. I look at it like this – civil trespass refers to someone unlawfully entering a building with no intention of disrupting activities/operations, whilst aggravated trespass is causing that disruption, whether it be by obstruction or intimidation.

It becomes even trickier when you consider the threshold for police intervention, or even that for building owners. The law tends to favour peaceful protests, and many are aware of their rights. Hence, when faced with a well-organised group, whose activities are within such thresholds, it can be frustrating and often a delicate balance to maintain.

Opportunities

The best opportunities for dealing with protests lie in collaboration. The cost of additional security officers, for instance, is always a huge consideration. At some point increased security measures, whether it’s bringing in more officers, incorporating search regimes or introducing visitor protocols, becomes unsustainable.

No one wants to spend more money on security than is necessary, especially when the risk of escalation is low. But with the rising uncertainty of protests, the ambiguity of targets, and direct-action tactics, the reality is, sometimes it’s needed.

It’s not just about preventing protesters from gaining access to buildings. It’s about mitigating the long-term costs associated with disruption. This can lead to lost working hours, physical damage, or reputational harm.

Threats

While many protests remain peaceful, we’ve seen a shift toward more disruptive, and sometimes aggressive tactics. Some groups have moved more towards occupations, paint spraying, and damage to property.

The rise of direct-action affiliate groups means that we’re often dealing with highly organised and resourceful people. Coupled with the increasing use of technology, every protest now has the potential to become a social media spectacle.

Uploaded footage could be more damaging than the actual act(s) of protest. In response, we must adapt. The City of London Police and security managers must stay ahead, anticipating these changes, and respond proactively, together. Where possible, buildings/companies/clients should aim for a common approach.

The post SWOT analysis: managing protest appeared first on City Security Magazine.

The top security providers in the UK offer a diverse and sophisticated range of services designed to address the multifaceted nature of modern security challenges. Here’s a guide on what to look out for when procuring security services.

From deploying highly trained security personnel to implementing cutting-edge technology, these companies are equipped to provide comprehensive security solutions that align with each customer’s property and infrastructure landscape.

Understanding the accreditations that set the best security services apart

One important factor that sets the best security services apart is their accreditation status. Accreditation serves as a mark of quality and reliability, reassuring customers that the service they are using meets high standards of professionalism and effectiveness.

In the UK and Ireland, several key accreditations differentiate the best security services. Notably, the Security Industry Authority (SIA) Approved Contractor Scheme (ACS) is a significant accreditation for firms offering manned guarding, door supervision, close protection, CCTV surveillance, and critical holding services.

This accreditation indicates that a security company complies with industry standards and is committed to customer service and continuous improvement. Security firms with these accreditations demonstrate a strong commitment to providing services that consistently meet customer and regulatory requirements through an effective quality management system.

The British Standards Institution (BSI) also provides specific standards for security services, such as BS7499 for static site guarding and mobile patrol service, highlighting operational and best practice guidelines.

Firms that achieve these standards are recognised for their commitment to operational efficiency and best practices in security provision. Together, these accreditations are crucial in identifying top-tier security services, assuring customers of their professionalism, reliability, and adherence to stringent standards of operational excellence and customer care.

Synergy in safety — exploring key partnerships and collaborations that enhance security measures

The security services industry in the UK and Ireland has significantly shifted towards strategic partnerships and collaborations that enhance service delivery and client satisfaction. These partnerships usually involve security service providers, technology companies, law enforcement agencies, and industry-specific associations.

These collaborations foster a shared exchange of information and resources, improving security. Joint training exercises and shared intelligence can help anticipate security threats more accurately and respond to incidents more effectively.

Lastly, affiliations with industry-specific associations are crucial for staying abreast of best practices, regulatory changes, and emerging threats.

How cutting-edge technology is revolutionising security

The advent of artificial intelligence (AI), the Internet of Things (IoT), and other digital innovations is at the forefront of this transformation, offering unprecedented capabilities in threat detection, surveillance, and risk management.

Artificial intelligence has become a game-changer for security services. AI algorithms can identify patterns and anomalies that may indicate potential security threats, from unauthorised access attempts to suspicious online activity that could signal cybersecurity risks. This proactive security approach allows immediate action, minimising potential damage.

Integrating IoT devices into security frameworks has significantly enhanced surveillance and monitoring capabilities. Cameras and sensors, when connected to the internet, can provide real-time data to security teams, offering 360-degree visibility of physical and digital environments. These devices can detect motion, recognise faces, and even identify objects, contributing to more secure and controlled premises.

Drones can be deployed quickly in response to alarms or incidents, giving security teams invaluable insights into situations as they unfold. Cybersecurity technologies have also advanced, with sophisticated encryption methods, firewalls, and intrusion detection systems protecting sensitive information from cyber threats. The development of blockchain technology further enhances digital security, providing tamper-proof records of transactions and interactions.

This digital transformation is not only increasing the effectiveness of security measures but also introducing new, more customisable, and scalable service delivery models. In conclusion, cutting-edge technology is transforming security services in the UK and Ireland, making them more intelligent, agile, and capable of addressing the complex security challenges of the modern world. As these technologies evolve, they promise to further elevate the standards of protection, privacy, and peace of mind for businesses, governments, and citizens.

Smart shopping for safety

Procuring the best security services across the UK and Ireland requires a thorough understanding of one’s specific needs and the landscape of available security solutions. The initial step should involve a comprehensive assessment of an organisation’s or individuals’ potential threats and vulnerabilities.

This assessment will help identify the types of security services needed, whether it’s manned guarding, electronic surveillance, cyber security, or a combination thereof. Next, it is essential to research and identify security service providers who not only have a strong presence in the UK and Ireland but also hold impressive track records.

Before making a final decision, it’s advisable to request proposals from several providers to compare their service offerings, technology solutions, and pricing. It’s also beneficial to engage in detailed discussions about their approach to security, their experience in similar sectors, and their ability to tailor their services to fit unique needs.

Ultimately, the goal is to forge a trusting partnership with a security provider that understands the specific challenges and requirements and can deliver high-quality, reliable, and responsive security services.

People and equality

The focus on people’s welfare underscores the industry’s commitment to protecting physical assets and safeguarding the mental and emotional well-being of its workforce. Initiatives aimed at reducing workplace stress, offering support for mental health issues, and ensuring fair treatment affirm the industry’s recognition of its employees as its most valuable asset.

Equality, Diversity, and Inclusion (EDI), alongside people’s welfare, have become cornerstones of the security industry in the UK and Ireland. Security firms increasingly invest in EDI initiatives, acknowledging the intrinsic value of a diverse workforce, understanding that varied perspectives and backgrounds enhance problem-solving capabilities, creativity, and customer service. This shift is not merely about compliance with laws; it’s about recognising the strength of diversity and its direct impact on operational success.

Security firms prioritising EDI and people’s welfare tend to foster a more motivated, committed, and satisfied workforce, which is paramount in a field where the human factor is critical. This evolution reflects a broader societal shift towards greater inclusivity and wellbeing-focused practices, positioning the security industry as a leading example of progressive workplace culture in the UK and Ireland.

Janice Abbs

Head of Bids, Brand & Communications

www.cis-security.co.uk

The post A guide to procuring the best security services  appeared first on City Security Magazine.

In today’s interconnected and digitalised world, the importance of a robust security strategy cannot be overstated. In this article, we will explore the key components of an effective security strategy and provide guidance on how organisations can develop and implement one.

The evolving threat landscape

As technology continues to advance, so do the threats that organisations face.

From cyber-attacks and data breaches, to insider threats, alongside the physical threat from protest, anti-social behaviour, crime and terrorism, the landscape is constantly evolving.

Developing a comprehensive security strategy is crucial for protecting assets, people, reputation, and sensitive information while maintaining customer trust, and ensuring business continuity. It is paramount to an organisation’s overall resilience.

An approach for success

At the outset, to ensure the best chance of success for your security strategy:

• Get buy-in from all levels of your organisation. Security is everyone’s responsibility.
• Communicate your security strategy clearly and concisely.
• Regularly review your security strategy – including your risk assessments, security and response plans.

• Make security an ongoing process, not a one-time project.

Remember that we are in a customer-facing industry and therefore need to allow normal business to continue.

What do you need to protect?

The foundation of an effective physical or cyber security strategy lies in understanding the unique threat and risks and vulnerabilities that an organisation faces. Therefore, the first element in the development of a security strategy is to understand your environment:

• Identify what you need to protect this could be your data, systems, infrastructure, physical assets, or even people.
• Assess the threats you face: consider internal and external threats, such as cyber-attacks, natural disasters, human error, terrorism, and criminal activity.
• Evaluate your vulnerabilities: Identify weaknesses in your systems, processes, and controls that could be exploited by attackers.

This threat modelling phase will:

• Identify assets and define the security objectives.
• Identify threats and define agreed priorities.
• Analyse vulnerabilities.
• Create mitigation or safeguards to protect identified risks.

A threat modelling report will create a priority of actions, and define an appetite towards physical, cyber, and reputational risk.

It is strongly recommended that this element of the processes is recorded and agreed.

A thorough risk assessment

Conducting a thorough risk assessment is the next step in identifying and mitigating potential risks and their potential impact on the business. This process involves evaluating the organisation’s assets, assessing potential vulnerabilities, and estimating the likelihood and severity of various risks.

By gaining a comprehensive understanding of the threat and risk landscape, organisations can prioritise their security efforts and allocate resources effectively and can tailor their physical and cyber security measures to mitigate specific vulnerabilities.

The assessment and recording of the likelihood and potential impact of various risks, such as theft, vandalism, natural disasters, unauthorised access, protests, terrorism or cyber-attack, is imperative.

Developing a security strategy

The combination of the threat modelling and risk assessment will provide the foundation for the security strategy, as at this point the budget available could become a defining factor.

It is not always the decisions we make that we later have to justify, it is those decisions or actions we choose to ignore or fail to consider that have a greater propensity to cause liability at a later stage.

Establishing clear security objectives and policies is essential for guiding the development and implementation of a physical and cyber security strategy.

These security objectives should align with the organisation’s overall aims and objectives and address the identified risks.

In defining your security goals:

• Decide what you want to achieve with your security strategy.
• Set realistic and measurable goals that align with your overall risk tolerance.

Once set they should be communicated effectively to all stakeholders within the organisation.

The establishment of a well-defined security policy will then serve as the cornerstone of an organisation’s security strategy.

A policy outlines the rules, procedures, and guidelines that employees and stakeholders must follow to ensure the protection of information and physical security expectations.

The security policy should cover various aspects, including data protection, access controls, incident response, and acceptable use of technology. It is imperative that we regularly update the security policy to adapt to emerging threats and changes in the business environment.

A security framework

At this stage of the process, you may consider choosing a security framework. Security frameworks provide best practices and guidelines for managing security risks.

Popular frameworks include:

• National Institute of Standards and Technology (NIST).
• ISO 27001.
• Protective Security Management Systems Authority (PSeMS), produced by the National Protective Security Authority (NPSA): an emerging management system which considers a Plan – Do – Check – Act approach, which is certainly worthy of consideration when developing a security strategy.

The selection of a framework can help you structure your strategy and ensure compliance with relevant regulations.

Using a Deter – Detect – Delay – Mitigate and Respond formula for a security plan will go a long way to ensuring that all reasonable mitigation is considered and the plan can be implemented successfully especially when this is combined with access to a comprehensive and accurate intelligence feed.

The implementation stage will cover a multitude of areas. By prioritising access control, surveillance, perimeter security, alongside continuous training, response planning and regular auditing, organisations can create a fortified environment that protects their physical assets and personnel. Each of these is outlined below:

Access control

Controlling access to physical spaces, sensitive data and critical systems is fundamental to a robust security strategy. Implementing access controls ensures that only authorised individuals have the necessary permissions to access specific resources. This includes user authentication mechanisms, role-based access controls, and encryption technologies.

You can implement access control measures, such as electronic key cards, biometric systems, or traditional locks and keys, to restrict entry to authorised personnel only. Consider implementing layered access controls for different areas based on the sensitivity of the information or assets stored within.

This may include technical controls (firewalls, intrusion detection systems, encryption), administrative controls (security policies, training programmes), and physical controls (access control systems, security cameras).

Surveillance

Surveillance systems are invaluable tools for monitoring and securing physical spaces. Install high-quality CCTV cameras strategically to cover critical areas, entrances, and exits.

Implementing surveillance systems not only acts as a deterrent, it also provides valuable evidence in the event of an incident. Regularly review and maintain these systems to ensure optimal performance.

Perimeter security measures

Securing the physical perimeter of an organisation is crucial for deterring and preventing unauthorised access.

Install physical barriers such as fences, gates, and bollards to control entry points.

Additionally, consider implementing technologies like intrusion detection systems to alert security personnel of any breach attempts.

Regularly inspect and maintain perimeter security measures to address vulnerabilities promptly.

Training for everyone

Continuous employee training should form part of any successful security strategy as human error remains one of the leading causes of security breaches, especially in cyber-attacks where the initial target is the human operator. Educating employees, not just security personnel, about best practices is essential for creating a security-conscious culture within an organisation.

Regular training sessions on topics such as phishing awareness, password hygiene and social engineering, alongside personal security and matters as simple as tailgaiting, can empower employees to recognise and avoid potential threats.

Continuous education ensures that the workforce remains vigilant in the face of evolving security threats. Identification and recognition of potential threats through behavioural detection, hostile perspective, baseline behaviours and anomalies are essential as part of the security strategy and subsequent plans and objectives.

Training security personnel

Well-trained and vigilant security personnel are the front line of defence in any physical security strategy.

Provide comprehensive training on security procedures, emergency response protocols, and effective communication.

Additionally, empower security personnel to use their initiative in taking measures to identify and address potential security threats.

Incident response plan

No security strategy is complete without a well-defined incident response plan. This plan outlines the steps to be taken in the event of a security incident, such as a terrorist, criminal activity, protests, data breach or a cyber-attack. It includes procedures for detecting, reporting, and responding to incidents, as well as communication strategies for notifying stakeholders.

The incident response plan includes:

• What you should do if a security incident occurs.
• Steps for identification, containment, eradication, recovery, and reporting.

Regularly evaluate and update your incident response plan to ensure its effectiveness.

Audit, assess and test security

Regularly auditing and assessing the security posture of an organisation is crucial for identifying weaknesses and ensuring compliance with security policies.

Conducting penetration tests, vulnerability assessments, and security audits can help identify potential vulnerabilities and weaknesses in the system.

Regularly audit and assess the effectiveness of physical security measures. This may involve conducting simulated security drills, reviewing access logs, and assessing the overall security posture.

Use these audits to identify areas for improvement and address any emerging vulnerabilities, as addressing these issues promptly enhances the organisation’s overall security resilience.

In conclusion

Developing a security strategy is an ongoing process that requires an initiative-taking and adaptive approach. By understanding the risks, establishing comprehensive policies, implementing robust controls, and fostering a culture of security awareness, organisations can create a resilient defence against evolving threats.

As technology and political ideology continues to advance, so must our security strategies to safeguard against potential adversaries.

Developing an effective physical security strategy requires a holistic approach that combines risk assessment, clear policies, and the implementation of robust security measures.

Remember, there is no one-size-fits-all approach to security. The specific steps you take will vary depending on your unique needs and environment.

By following these general principles, you can be well on your way to developing a strong security posture.

Dave Cox

CIS Security

www.cis-security.co.uk

The post Developing an effective Security Strategy appeared first on City Security Magazine.

The information gathered and gained within the hostile reconnaissance (HR) process is the key to the success of a threat. We must apply a mix of knowledge, skill set, and professional bravery to understand, prevent and, most importantly, learn from those that carry out HR.

As a practitioner in all things ‘hostile’, I believe it’s important to separate the theoretical understanding of hostile reconnaissance (HR) and move it into the realm of reality.

It’s my view that we often fail to see the true reality of the ‘opposition’ threat and fail to prevent further actions or consequence. Hostile Reconnaissance is a live beast: it moulds to site and people vulnerabilities, and it has to be placed against the strong facts as we know them.

It about understanding the true threat is around our people and places at this exact moment.

How can we identify a true threat, if we don’t believe that?

When we review incidents of crime, terror and foreign state activity, we must not continue to strip out the HR as just a learning point: it must not be consigned to the bin of history and lost opportunities.

As a UK Government SME (subject matter expert) within the worlds of Hostile Activity, Detection and Threat Mitigation, I know that many mistakes have been made and many mistakes continue to be made. My concern is that we are blind to the threat. With this understanding, I recommend an approach that addresses these questions:

• How do we apply the clues and markers that readily identify hostile activity and the associated HR?
• How do we truly attempt to understand the motivation of the threat? Do we ever attempt to think like a hostile operator?
• How do we develop an understanding of the world around us in enough detail?

This is a world of varied threats: Foreign State Actors (FSA), Organised Crime Groups (often proxy for the FSA world), political protest, targeted high-value crime and conventional crime. All play by a similar set of rules – rules that we fail to fully understand.

What we know

Strong, but true assumptions remain the core of our baseline understanding. We know that all persons and groups carry out HR prior to the outcome they wish to achieve. These periods of hostile observations can be as compressed as multiple times over 20 minutes or stretched out over weeks or months and even revolving campaigns. Without the information that they gain within their activity, they can’t be successful. If we accept this, then we should also accept that we have all of the advantages against the ‘opposition’. We control the castle.

Mapping the threat

Threats to people and places takes many forms. From the physical – the targeting and attack of site users – to the more strategic cyber and organisational penetrations that see significant if not extreme organisational attack and everything in between. They can all have a tangible effect on business as usual.

Mapping the threat remains key to learning the lessons of the past. If we understand that a venue/person/event is potentially vulnerable to hostile activity, then it is possible to both identify with high certainty where this activity will take place and actually predict the ‘event’ itself. This mapping should happen, but often it doesn’t. Humans fear risk, we fear committing to a statement. I believe we should not miss this critical step. The mapping of the threat must include the possible related HR; it is a predictable process in all of its stages: on-line, physical and insider leakage. It’s also highly predictable that it won’t be seen. If we know where to look, why to look and when to look, we will see everything and we would stop most things happening. Significant hostile activity mapping has taken place over many of our private sector and governmental key sites, but in my view it is neither predictive nor anything more than a general cover-all.

Understanding the detail of the threat

The ability to understand the detail of the hostile activity threat and related HR is a critical part of effective hostile reconnaissance. What motivates a specific individual, group or country signposts both what their HR will look like and how it will materialise on the ground.

It is a game of detail – the clothing, the movement, the reaction, the appetite for risk: they all feed into how we perceive and deal with threat. No one group, one country or one person are the same – we are humans, our activity is unique and should be seen as such.

How we perceive the threat

Perception of threat remains the greatest of friends to the hostile operator – it is the cloak of invisibility that allows for constant, directed and highly effective HR against many people and places. Generally, we perceive threat based on gender, ethnicity and over-all appearance. We fail to understand the heuristics and biases of our own lives lived and the structure of our minds that this has created. Our opposition seeks to take advantage of this and nearly always places its appearance of hostile operator in direction contradiction of what we would expect to see as a threat. So most hostile activity is neither difficult nor ineffective, because we don’t see them in the first place.

Developing a skill set to prevent hostile reconnaissance

Skill set development is key in the ability to truly identify, pressurise and prevent those carrying out HR. It is an art to identify hostile threat, it is a constant process of mistakes made and a commitment to learning from those mistakes. Rather than the promotion of hostile activity after the fact (and many events fit this profile), we should be obsessed with countering this activity in the first place.

As we stand, we are losing against the opposition

Opposition is the true word that we must use. Rather than an obsession with good and evil (that always depends on individual perception), I believe we should see the countering of HR as a high-stakes game. Remove emotion, remove what we think we know and begin to apply the fundamentals of mapping, threat perception and skill set development – and we can start to begin to win. Because, if done right, this is both an achievable and highly actionable outcome. I’ve always believed that the motivation to protect is greater than the motivation to harm – that is our advantage if wish to counter HR in all of its forms… and the associated outcomes.

Simon Riley

CIS Security Specialist Trainer and UK Government SME

The post Hostile Reconnaissance: Learning the lessons appeared first on City Security Magazine.

The process of security design involves systematically planning, implementing, and managing security measures to protect assets, people, and information within a given environment. Understanding the environment is critical to ensuring that the security being suggested, whether physical, technical or deployment of officers, will be effective and efficient.

Overall, these options when employed, either in isolation or combined, need to make sure deterrence, detection and reporting are the main aims.

The following steps are an overview of what is involved in the security design process.

Define Security Objectives

Begin by clearly defining the security objectives and goals of the project. Understand what needs to be protected, the potential threats, and the desired level of security. This is where intimate knowledge of the environment is essential and also identifying the risk appetite from key decision makers; this can set initial thresholds and offer an understanding of costs and any restrictions. Better to understand this from the outset than later in the project or on completion. This also means that “value engineering” can be avoided in the overall design and implementation of the security being proposed.

Risk Assessment

Conduct a comprehensive risk assessment to identify potential threats, vulnerabilities, and risks associated with the environment. This step helps prioritise security measures. Although an obvious element, I am sure we can all give examples of glaring holes or issues in inherited security systems that cause issues, have obvious weakness and are generally detrimental to overall security integrity.

Regulatory Compliance

Ensure that your security design complies with relevant laws, regulations, and industry standards. Different industries and locations may have specific security requirements that must be met. It also dictates the level of security you need and can assist in realistic costs and specific needs. As an example, if HVM does not need to meet PAS 68/69 criteria, then establishing a good alternative will save considerable amounts of money. It is also important to ensure that any insurance requirements are met; the appropriate security rating (SR) levels may be dictated by insurance policies. Secured by Design (SBD) is an excellent reference point, as is the National Protective Security Authority (NPSA) to recommend appropriate assistance and standards.

Security Policies and Procedures

Develop security policies and procedures that outline the rules and guidelines for implementing proposed security measures. These policies should cover areas like access control, incident response, and employee security awareness. Where this needs to be emphasised is the application and adherence to these. There is no point in having them in line with appropriately designed security and then have them ignored through convenience, bad practice, or apathy. They also need to be drilled and tested at regular intervals.

Access Control

Determine who should have access to various areas, systems, and information. Implement access control measures, which may include key card systems, biometric authentication, or password policies, to enforce these restrictions. Too often we see blanket access to appease clients, operators and others that have no real need to be in certain areas or have that specific access. There are many instances where control of keys, passes and other elements is given through perceived entitlement. This leads to difficulties in auditing and an additional risk in terms of cost in replacing or managing lost security passes etc.

Physical Security Measures

Implement physical security measures such as locks, fences, bollards, and barriers to protect assets and facilities. Although this seems to be a very obvious thing to mention, it is often overlooked or the most basic measures are implemented. Examples I have seen range from chipboard to cover gaps in fencing that is a supposed “temporary” measure, and heavy duty padlocked gates that can be climbed over or under. I am sure we have all seen these!

Surveillance and Monitoring

Deploy surveillance systems (e.g. CCTV cameras) to monitor and record activities in critical areas, with suitable operations/control room or process to manage this. I could write forever on the issues of surveillance, poor practice, inappropriate and ineffectual examples, often led by architectural plans and the aesthetic as opposed to if it will actually work as designed. Too often, security is not consulted when these systems and operational controls are implemented or designed. I am forever reviewing systems with blind spots, poor control facilities and, quite frankly, pointless waste of money on elements of the installation.

Network and Information Security

Design and implement cybersecurity measures to protect digital assets and sensitive information. This includes firewalls, intrusion detection systems, encryption, and regular software patching. I am not an expert in this field but again, it’s important in the security design element that the integration of security technology and systems (e.g. access control, alarms, surveillance) does work cohesively and provides a comprehensive security solution. The added element is that the human aspect must be aware of the threats, social profiling and other concerns that can let the technology systems fail.

Security Training and Awareness

The last sentence in the previous paragraph is vital: train employees and users on security best practices and protocols, ensure that the security culture is enforced and supported from the highest levels down through to the frontline users. By encouraging a culture of security awareness and reporting suspicious activities, supported with training, and instilling the confidence, frontline staff are not then questioned as to why they had the audacity to verify a pass or check ID.

This is vital in ensuring effective security is part effective and part of the security culture. Especially after you have spent considerable time, money, and resources on designing and implementing a system in the first place.

Incident Response Plans and Testing

Develop a detailed incident response plan that outlines how to respond to security incidents and emergencies. These, as previously mentioned, need to be regularly tested to evaluate the effectiveness of your security measures through vulnerability assessments, penetration testing, and security audits. Make necessary adjustments based on the results. These tests also need to be applied to emergency drills and responses.

Documentation, Recording, Monitoring and Maintenance

Maintain thorough documentation of security policies, procedures, configurations, and incident reports. This documentation is essential for compliance and continuous improvement. They are also needed as potential evidence in any investigations post incident. Ensure that users have access to these processes in simple and digestible formats, especially when responding in anger, as it were. Continuously monitoring security systems, updating software, and regular scheduled maintenance ensures that security measures remain effective and up to date. These may be driven by legislation and codes of practice and conduct. They should make up a key part of any overall security strategy and operational plans. While very few people enjoy the admin side, it is a critical part to ensure the security planning and execution to remains.

Review, Adaptation, Communication and Reporting

Periodically review and adapt your security design to address changing threats, technologies, and business needs. Security is an ongoing process that requires continuous improvement. Threat landscapes change and as we have seen in recent years, risks, and their complexity, change, which may mean what was in place originally is no longer effective or sufficient. Establish clear communication channels for reporting security incidents and sharing security updates with relevant stakeholders, external partners suppliers and ultimate end users; this has to be part of the security design. In any crisis or incident the communication element is often the first to fail.

By following these steps and maintaining a proactive and adaptive approach to security design, organisations can create a robust and effective security framework that mitigates risks and protects valuable assets. As these steps are an overview it is important that the correct level of expertise is applied at a more granular level. Detailed assessments should include; Crime Prevention Through Environmental Design (CPTED), Threat and Vulnerability reviews and focused crime statistics and patterns. These add to the known and likely threats so you can design out crime from the outset and not have to retrofit post incident. Retrofit is always less effective and more expensive. As an overview, consider the following in your design process (drastically simplified for the purpose of this article):

Natural Surveillance 

Ensure that spaces are designed to maximise visibility, reducing areas where criminal or hostile activity can occur unnoticed.

Territorial Reinforcement

Clearly define and delineate property boundaries to establish a sense of ownership and territorial management. Control the movements and prevent desire lines and spontaneous pathways and traffic.

Access Control:

Implement measures such as controlled entrances, gates, and fences to regulate who can enter your controlled areas and how.

Maintenance and Management:

Keep the environment well-maintained to signal that it is actively cared for and monitored.

Environmental Design Considerations:

Lighting, landscaping, and architectural features can enhance security. Where you have seating, cycle storage etc, these can be designed to be crime deterrents.

Community Engagement:

Engage with the community and gather their input on security concerns and preferences.

A sense of ownership and involvement in the security design process can foster a safer environment.

In summary, correct planning and application to security design will make a huge difference to the integrity of the environment that is being protected. Work with planners, designers, and architects; push for what is needed at the right time to prevent value engineering and poor decision making, or at least financially driven decision making where cheap is seen as best. Successful security is a partnership approach and it is essential for open partnerships with clients, police and other service partners that planning must be seen as a vital keystone to ensure success.

Jon Felix BSc(Hons) MDIP MBCI MSyl M.ISRM

Risk and Threat Advisor

CIS Security

www.cis-security.co.uk

The post The Process of Security Design – the steps to success appeared first on City Security Magazine.

We often hear terms like Artificial Intelligence and biometrics in conversations across the security arena, but how close are we to seeing these technologies disrupt the market and become more widely used?

I have been very fortunate to work within the security industry since leaving university in 2002. I have worked on some prestigious projects: Westfield London, Heathrow Airport, and numerous other key projects.

This is the first time in my career that science fiction is more than a fantasy and the age of robotics, artificial intelligence and use of biometrics is soon to become the norm.

Innovation at pace

Technological changes are occurring at such rapidity. Twenty-four years since the turn of the millennium, we are facing a historic change in the way we secure our premises and how we protect our communities. What was once only science fiction is now becoming a reality and having a major impact in the security industry. Being a more widely used form of security will lead to it becoming more affordable as new companies will enter the market, like the winners of the 2021 Architizer A+Product Awards, Swiftlane.

Swiftlane, a company based in the Silicon Valley, Northern California, is really disrupting the access control market in America, using facial recognition technology in the mass marketplace. This is definitely a company to watch.

Environmental concerns are making us all look at our own carbon footprints. ESG is playing a significant role in all our business objectives.

The use of mobile credentials and biometrics will help in the fight against reduction of plastic usage and strengthen our robust ESG due diligence approach.

Facial recognition technology is being incorporated in the security systems we are currently using; the next phase is to demonstrate more sleek, integrated cameras. This type of technology is available, and AI and Biometrics will become a viable option in 2024.

CIS and partners have been exploring how we can use the technology to benefit the environment and the user experience.

Here is some of the innovations we will be looking to implement next year:

Facial recognition in access control

No longer do we need to install additional facial recognition device hardware onto speed lanes. There are systems available now with facial recognition cameras integrated into the turnstiles installed within a closed network. They follow the same rules as for CCTV footage: the image rights will be owned by the software licence holders. This will avoid any data protection concerns and can form part of employee terms and conditions, very much similar to CCTV policies. Even though there are many variations of AI algorithms which facial recognition technology uses, all of them follow these authorisation steps.

There are huge benefits of integrating a facial recognition system:

• Quick access into the secured area at all times
• Impossible to share access credentials with others
• Hands-free and seamless entry
• No special training required for users
• Easy to use
• High level of accuracy
• Environmentally friendly

Mobile credentials

We have seen a massive upturn in the number of requests to implement mobile credentials for access control, as well as other services on a mobile phone. As well as gaining access, our clients want to use a mobile phone to book in visitors, receive notification of post or packages, and send messages with the latest security broadcast and general offerings from local businesses.

MyTag have accepted my challenge and are developing an app aimed at the end user that will incorporate all their suite of products. This will be known as MyBuilding App and will provide our stakeholders with a one-stop solution for their daily requirements when at work. It will also be available in public-facing locations where it will include offers and travel advice on shopping centres and tourist attractions.

Temporary security solutions

Securing premises at short notice can be a real challenge. And while not all businesses have the budget for permanent security in temporary situations, they do have an obligation to provide safety and security for their employees and corporate assets. Temporary security solutions are not always fit for purpose and have been a long way off hardwired permanent security systems. But there are now solutions available that allow for rapid deployment.

These rapidly deployable kits provide features like:

• Access control
• Intrusion detection
• Video management technology
• Corporate network connectivity

Gone are the days when you would have to spend a large amount of money to retrofit a space only to rip and replace in a few months or run the risk of not having proper physical security measures in place.

Advances in robotics

Exciting innovations are expected in 2024 in robotics. I have seen one system that features a one-of-a-kind flying robot. This will bring huge enhancements in remote monitoring of premises. It harnesses the power of robotics paired with AI to provide a pioneering indoor flying platform for intelligent monitoring of smart buildings.

The drone sits on a tile that is fixed to the ceiling. Once docketed, the drone acts as a 360 degree camera that can be added to your building CCTV platform. The drone is self-flying, through sensors and preset routes, all patrols are autonomised and there is no human intervention required once the eye in the sky drone has been mapped and navigation has been commissioned.

This system can be integrated into other systems within the building like the intruder alarm or access control systems. If an alarm activates, the drone will complete a patrol to investigate and will livestream the outcome of the patrol. With in-built heat detection, indoor robotics will make patrolling plant rooms and data centres efficient and set your mind at rest.

CCTV and AI empowering security

The increased use of security systems to monitor premises and the advances in AI technology allow for a more robust approach. CCTV systems can now be trained to identify unusual patterns. For example, the formation of a crowd in an unusual location could lead to early identification of criminal activity.

Searching through CCTV footage can also be enhanced using software that allows the operator to request the cameras to search across the system on their behalf, e.g., locate all people wearing a red coat or a hat. The improvement in technology has led to CCTV cameras being able to slow down the shutter speeds for anyone seen running, ensuring the best possible picture quality for an absconding assailant.

The power of AI used to empower security monitoring and deployment will help the industry to reach heights that have only been seen within governmental organisations and lead to a more proactive approach and a reduction in reactive after-the-event investigations.

Ensuring technology is right for your organisation

How do you know if any of the above technology is suitable for your building operation? Can you ensure that the systems that you are installing in your building will be the best solution? This is where the process of security design takes shape. It is critical to involve security experts to systematically plan, implement, and manage security measures to protect assets, people, and information within a given environment.

To ensure that the security proposed will be effective and efficient, it is essential to understand the environment, not only physical security, but also technical security and deployment of officers.  The main goals of these options, when used independently or in combination, are deterrence, detection, and reporting.

Pioneering the future

Forward-thinking security providers are looking beyond physical security with officers monitoring multiple CCTV screens and carrying out patrols. They are focusing on customer service that is tailored to each customer’s requirement, threat intelligence, enhanced security monitoring systems, and data-driven risk mitigation. Paper-based systems have been replaced with electronic logbooks and databases, which allows for trend analysis, leading to a proactive security solution.

A consultancy approach to security design elevates companies pushing their affiliate systems. A holistic approach to security design based on risk mitigation across physical, technical, and operating policies will lead to the end user acquiring a customised security system and service. There are so many systems available it can get confusing for inexperienced individuals. Having independent thinkers and system designers working to your requirements, that are data driven, will ensure your money is being put to best use.

Robotics in security are not here to replace humans, but to increase awareness and presence in areas that need closer monitoring. Unsafe spaces for humans, like roof tops and plant rooms, can be patrolled by drones and robots, keeping our security teams safe. The use of heat detection in plant rooms and integration to business management systems will ensure early warnings are in place where untrained humans may not recognise impending danger.

The use case for biometrics is increasing and we are finding more reasons why a biometric lead operation within security is becoming an urgent requirement. The use of biometrics nullifies security access breaches and data breaches, as passwords become less required. Environmental impact through less use of plastic and the high level of personal security using biometrics like facial recognition, fingerprint, palm prints and retina scans are all strong reasons why technology use is on the increase.

Change is inevitable and the partnership approach between technology and security officers is an essential consideration to those responsible for security design and installation.

Now is the time to consider the blue sky thinking: what apps, platforms and systems will work best? You are spoilt for choice. Speak to your trusted providers, and start to look beyond the limits of what fits the aesthetic, and involve your security teams at all planning and installation stages.

The options available now mean that security operators don’t have to inherit a system and make it work or make do. We can be the answer to the most effective system to protect your people, assets, and reputations.

Kuldeep Kainth

Head of Innovative Solutions

CIS Security

www.cis-security.co.uk

The post Is 2024 the year for blue sky thinking about security technology? appeared first on City Security Magazine.

Powerful Artificial Intelligence systems should only be developed once we are confident that their effects will be positive and the risks are manageable, particularly given their potential to increase the sophistication of cyber attacks.

Ransomware Sophistication

DD0S / MITM / SQL Injection / Zero-Day Exploit / DNS Tunnelling / BEC / Cross-Site Scripting. Up to 80% of those of you reading the words above probably do not know what these represent, mean or can even achieve.

These are in fact, at present, the most effective and circumventive cyber-attack methods used to cripple and destroy organisations, both reputationally and financially. For almost three days, the global operation of JBS – the world’s largest meat processor – was hobbled by a ransomware attack targeting their IT systems, just weeks after the May 2021 Colonial Pipeline incident – where a more advanced ransomware attack took down a key oil artery on the US east coast.

The perpetrators of the JBS attack have long been known to cyber security experts. Since February alone, the REvil group has been connected to almost 100 targeted ransomware attacks.

Extortion and ransomware attacks have soared in popularity in recent years, partly because the business model works. In the Colonial Pipeline attack, attributed to a group named DarkSide, the company paid £3.1m to regain access to its own infrastructure.

The Role of Artificial Intelligence

Artificial Intelligence (AI) is changing the sophistication of attacks, paving the way to a new era of cyber manipulation, allowing defenders to scan networks automatically rather than manually in search for weaknesses and fallibility, thus allowing threat actors to launch attacks that evade traditional security measures. In the Colonial Pipeline case study, the AI Elliptical Curve encryption used was simply unsurpassable; as such, the ransom was paid within a matter of hours!

Artificial Intelligence Milestones

In March 2023 the tech firm OpenAl launched, its chatbot, Chat GBT-4, the most powerful AI currently available on the market.

This has already sparked massive controversy as more than a thousand AI experts combined efforts and put their names together to the Future of Life Institute, a Silicon Valley research agency which believes in protecting the world against existential risk.

They said that if we do not do that, then the out-of-control race to develop and deploy ever more powerful digital minds, that no one, not even their creators, can, understand, predict or reliably control, could lead to catastrophic outcomes.

These powerful AI systems should only be developed once we are confident that their effects will be positive and the risks are manageable, the risk in this case commonly being recognised as “The Alignment Problem”. The alignment problem highlights and discusses the central idea that once you create a system that is intelligent enough to improve itself, then it can quickly Improve itself to go from merely human level intelligence to god-like intelligence. This creates a “flywheel effect”, whereby changes and improvements happen at an unquantifiable rate which render AI to not be as compliant or concurrent as our design expectations.

Steve Bosniak and Elon Musk are amongst the signatories demanding a voluntary hiatus in the development of giant AI systems, which they described as any AI more complex than GBT-4 (the high-water mark of AI creation). Moreover, if it is not voluntarily entered in to, then government should enforce it.

There is no easy way of encouraging every government in the world and a huge number of extremely powerful corporations to voluntarily limit their powers. This does not tend to be a virtue that humanity prevails in; however, there are exceptions, with the most obvious being the Nuclear Non-Proliferation Treaty of 1968, which has immensely limited the spread of nuclear technology. The flipside to this is that until very recently, nuclear technology has been solely the purview of governments. Essentially, it is not something you can embark upon in your living room and that is not true of AI, where all you fundamentally need to programme AI is computing power and some graphic cards.

Misinformation

Image generating systems, like Midjourney, are extremely good at producing plausible fake imagery, thus entering us into a new world where seeing is not necessarily believing.

This is as far as imagery is concerned; for text however, we have a world where a machine can generate 5 million pieces of plausibly human-written unique text in nano seconds. This would suggest SPAM and misinformation will evolve to a higher level of sophistication, making it impossible to tell it apart from human-created real material.

The Future

If, like me, you were born in the early eighties, there have been some significant sweeping changes in our lifetime, such as the World Wide Web and the iPhone. I was born in a world where these creations were science fiction, and yet today they are in my pocket.

Automation is already beginning to change the landscape in the world of physical managed guarding. We are observing huge successes in roving drone patrols, asset tracking, dynamic dashboards and vistor management systems, negating the need for large teams of operatives. We will inevitably reach a saturation point where AI succeeds PI (Physical Intervention).

There will be some incredible, positive and groundbreaking moments in the future with AI and getting there will undoubtedly make our world seem very unusual and turbulent. However, governance is key to this radical flywheel technological change and developments must be assessed meticulously so that we can accept and manage the risk that follows.

Gavin Gilbert

CIS Security, Contract Manager

cis-security.co.uk

The post Artificial Intelligence – how to protect the world against an existential risk appeared first on City Security Magazine.