Preparing today's security leaders for the threats of tomorrow

Former Starbucks security executive Francis D'Addario discusses the challenges facing contemporary CSOs

“We talk about how technology brings the deck of distance, it really also compacts your ability to analyze and use intelligence in a way that’s beneficial,” added D’Addario. “We now, through the World Economic Forum and others, have a really good understanding of what risks are and what the economic consequences of risk are. We understand that a food crisis in another part of the world can affect the general stability of governments; we understand that the fiscal crisis of collapse can crack the economics of nation states and regions; and, we understand that socio-political changes up to and including war, revolution and terrorism are things that we have to deal with and have very real world consequences for the supply chain and confidence on the movement of goods and information.”

Additionally, D’Addario believes that security practitioners need to be good students of the successes and failures of their colleagues in these aforementioned threat environments.

“How are other people dealing with it? What is the consequence of their intervention, their timing, their people, processes and technology applications?” he asked. “At the end of the day, what’s the bottom line for the organization? Is it confidence? Is it financial gain? Is it the capability of stewarding finite resources in an NGO and being able to inoculate everybody in the world?”

While the capabilities of security technology such as video surveillance and access control have grown by leaps and bounds and everyone recognizes the benefits of a truly integrated system, D’Addario said that security leaders sometimes have a tendency to take their “risk hat” off when they’re looking for the perfect solution to address their needs and forget about the potential liabilities.

“We’re not asking ourselves, ‘what are the risks to my network of this particular peripheral?’ In the old days, the chief information security officers and chief technology officers would say everything is buttoned down, but nothing was integrated so it was a hassle for the consumer to use,” D’Addario said. “As you’re developing integration, you’ve got these sorts of opportunities to be able to disadvantage the network, be able to pick up protected data off of those networks, etc. Having smart devices that really give us the analytic capability of true access control, just-in-time needed analytics and management information to run and enable a business, we have to make sure that those features are not opportunistically available to people that would wish to harm us or rip us off.”

The recent data breach at retail giant Target has also raised awareness among CSOs about the need to balance protecting traditional physical assets with securing information that organizations now collect in cyberspace. According to D’Addario, the key to striking the right balance is “narrowing to the critical few.”

“If you know you have supply chain in 31 countries, but the supply chain is disparately under five percent in 30 of those counties and 17 percent from one country, spend your time on your biggest supply chain arena,” he said.