Do you believe in progress? Or to put it more personally, that life is getting better, that your children will have a better, or at least as good, a life as you? For whatever reason, many people no longer believe that; if they have the time or the energy to give it thought. Better men than me have written books about why that is, or whether it is in fact true, and in any case it’s off the point. It may only be with age or experience, but you cannot escape the nagging feeling that everything is not necessarily rational, or sensible, generally and in the field of security management. Yes, any number of bright ideas and welcome initiatives are coming to pass, such as the national business crime centre, as launched at New Scotland Yard last month (page 18).
Meanwhile, however, the National Health Service, which has been going a while, has no way of knowing its losses to theft and fraud, as trainer Jim O’Dwyer of AEGIS points out (page 30). If you don’t know the problem, how can you do something about it. The NHS’ fraud and security management service, though, as we’ve reported, has had the security side of its work cut. And Wannacry (page 54) hit UK hospitals hardest, or at least most publicly. As one Home Office speaker told an ATM and cyber security event last month, Wannacry was a wake-up call; not least for Government. But again, hasn’t the civil service noticed that computers have been coming in for the last few years, and that they come with risks too?
I suppose the excuse could be that the NHS is very large, and change is happening so fast, even if you do get a grasp of a problem, in half a year it’s different again. All the more reason for policy, procedure, codes of conduct; some framework, however you want to term it or frame it, so that people know what they should and shouldn’t do (as a corporate speaker told the excellent Security Institute conference, page 42). As I keep hearing, cyber-security is not (or at least not only) an IT problem; and 80 per cent of all cyber-crime could be prevented with simple IT house-keeping such as keeping up to date with patches. Sound advice, although I thought cyber-crime was hugely under-reported, so how do police come up with such a suspiciously round figure. That said, electronic security installers and users have to accept that the cameras and recorders they are handling are IT products, that come with the same cyber risks (page 58) as a laptop or smartphone.
Last month on the radio I heard of a Somali woman settled in Leicester whose five children had gone to university. One of them, who had studied public health, was, she related, now working in security. The implication – by her and the reporter – was that the graduate was ‘only’ doing security and not a graduate job he had hoped for. Maybe; or maybe not, if he made it a career, whether as manager, planner, risk-surveyor, and so on. Maybe he took the wrong course in the first place, or need not have gone to university at all. So many old certainties – of bobbies on beats, banks offering a job for life – are melting. Private security is, we can agree, part of the flow.
