America is at a security nexus. Critical infrastructure is deteriorating, private information is becoming less private, and the threat actor profile is increasingly difficult to pinpoint. At the same time that uncertainty is escalating, collective trust in traditional sources of security (i.e., police, the government) is waning and shifting to new targets.
It’s true that the security environment has been evolving for 20 years already, but we see that transformation is happening more dramatically than ever, both in speed and scope. Where protection once focused on people and places, it has broadened to include assets, systems, and information – while each simultaneously is facing more complicated threats on its own.
When we stack all of these factors, it becomes apparent that the security environment as a whole is in a state of dramatic change. Every sector, industry, business, government entity, and individual is a possible target and must accept they have a role to play in the provision of security.
The security market is now defined by information overload, hyper-empowered individuals, a rapidly shifting threat landscape, and a quest for knowledge.
Put simply, vulnerability is a universal reality. Each advance in the operating environment creates new exposure for assets, people, and information. The challenging pace and predictability of change in knowledge, technology, and innovation are transforming the protection environment and shaping the future of security.
Cultivating a predictive mindset and flexibility begins with understanding drivers of change. These are multi-dimensional forces or compounding factors that create the groundswells that then become trends. By using ALTERNATE FUTURES® scenario planning, we can zero in on those drivers and trends to understand why change happens so we are better equipped to act in a fluid environment. This complex, detailed exercise considers potential impacts, vulnerabilities, and necessary responses for any force of impact, as particular as a business decision or as broad as a global economic trend.
Organizations must harness real-time data and predictive analytics to develop a proactive security posture that is capable of scaling to address the changing security landscape.
The convergence of change drivers and groundswells highlight the need to approach security in a way that is flexible and customizable. That may take a more sophisticated set of resources than currently exist inside the organization. Already, transactional, non-state, and semi non-state actors vie to compromise an ever-evolving array of assets. Authority, threat uncertainty, and market expectations are increasingly complex and global. It's no wonder that organizations and individuals are looking externally to find resources that can protect their most valuable assets.
Organizations must understand the public’s expectations of the role they play in the protection landscape.
Where we once looked to the federal government, reliance increasingly is on global corporations and technology startups for security. Lines of authority and public perceptions of trust are blurry. We feel a need to understand who is “responsible” for security and have a (cautiously optimistic) expectation that there are no gaps in the security we’re given. Rather than a single provider, the focus is moving toward partnerships between government and private sectors, state and federal government entities, and international public and private sector partners.
Organizations must prepare for collaboration in physical and non-physical spaces and across various industries and sectors.
The increasingly complex and uncertain nature of threats and vulnerabilities, compounded by the rapid introduction of new technologies will continue to accelerate the diffusion of knowledge. A collaborative security posture is more capable of vigilance. We have begun to see how continuous sensing and monitoring brought about by the Internet of Things is increasing data collection and integrating trusted data sources with technological advances to establish a more holistic, adaptive, and reliable approach to security.
Despite such significant progress, the reality remains that public perceptions of security outweigh the actual status of security. Too often, reputation gets credence over demonstrated capability or competence. Even the most highly skilled security providers must communicate value and worth alongside their capacity to remain relevant and differentiated.
Whether you are a supplier or consumer, the lens through which you view traditional notions of security needs to widen.
Within this scenario where vulnerabilities and threats are continuously emerging, and a collaborative approach to protection are the new norms, organizations should consistently investigate what change drivers and their various possible implications mean in the immediate environment and foreseeable future. Consider the consequences of the evolving climate and how it should shape your approach:
- Are you making efforts to understand what is driving the market?
- How are you defining your role and articulating your particular value?
- Have you considered ways to leverage sensing and collecting capabilities?
- Are you scalable, flexible, and proactive with protection and resiliency efforts?
- How do you collaborate with cross-industry and sector partners to augment your offering?
- Are you exploring new technologies that allow you to take a more holistic and adaptive approach to security?
The convergences of market uncertainties, innovation-born vulnerabilities, amorphous threats, and a changing security marketplace will (or should) continue to shape the operating environment for every organization. The ones that accomplish resiliency will be those able to clarify key drivers and link them to impacts on the broader industry, the organization, customer behaviors, workforce challenges, potential for disruptors, and more. In doing so, these organizations will transform their security mindset to take a proactive approach to current and future operating challenges by integrating traditional and new protection resources.
It’s time to strengthen organizational resilience in the face of broadening and unexpected threat by taking a broader approach to security.