With the Delta variant raging, business leaders might have put their workplace reopening plans on hold. However, health and safety aren’t the only issues they have to worry about. In 2020, vacant offices were gold mines for bad actors. So, what does the “new normal” of COVID-19 mean for physical security threats?
Physical security threats were up in 2020
Indeed, 2020 set grim records for physical security threats. Commercial burglaries were up big in major U.S. urban centres; the city of Philadelphia saw a 134 per cent increase, while New York experienced a 169 per cent jump.
Nor were physical security incidents confined to major metros. Industry data points to a 20 per cent increase in physical security incidents just from the beginning of the pandemic.
Among respondents who used security guards, nearly half (48 per cent) experienced absenteeism; another 44 per cent said that their guards failed to stop a security incident.
The effect of that physical security threat picture was to force companies to take action. More than 40 per cent changed their security strategy since the start of the pandemic.
Companies remain wary of physical security threats
The promise of reopening should seem like a godsend, then. Not so fast.
It turns out that newer polling (July 2021) of physical security directors, physical security decision-makers, chief security officers, chief information officers, chief technology officers, chief information security officers, and IT leaders revealed that 64 per cent of companies were (still) experiencing an increase in physical threat activity. A third said that their companies had received or were actively investigating at least one physical threat per week. Fifty-eight per cent of respondents felt less prepared to handle physical security.
Though vacant buildings fuelled physical incidents last year, the worry now is not being prepared for a reopening that many security officials believe will precipitate more attacks.
Here, three quarters of physical security and IT leaders agreed that physical security threats would increase exponentially as companies began to reopen their facilities. That’s cold comfort.
What security leaders can do about the physical security threats affecting their organisations
In light of these concerns, what can be done to address physical security threats? For starters, organisations need to get smart about how they secure areas and equipment, updating their risk profile as it relates to physical access to prioritised assets.
What that looks like in practice is placing new controls on the management of physical assets. Potential controls could include:
- For physical security perimeter. Security perimeters (barriers such as walls, card-controlled entry gates, or manned reception desks) should be used to protect areas that contain information and information processing facilities.
- For physical entry controls. Secure areas should be protected by appropriate entry controls to ensure that only authorised personnel are allowed access.
- To secure offices, rooms, and facilities. Physical security for offices, rooms, and facilities should be designed and applied.
- For protecting against external and environmental threats. Physical protection against damage from fire, flood, earthquake, explosion, civil unrest, and other forms of natural or man-made disaster should be designed and applied.
- For working in secure areas. Physical protection and guidelines for working in secure areas should be designed and applied.
- For public access, delivery, and loading areas. Access points such as delivery and loading areas and other points where unauthorised persons may enter the premises should be controlled and, if possible, isolated from information processing facilities to avoid unauthorised access.
Despite progress made to end the pandemic, physical security threats aren’t going anywhere. Security leaders who made adjustments to their strategies during the lockdown will need to continue following the latest trends, fine tuning as they go.
Key to that fine tuning, though, is following expert security strategies, such as those in the international standard, ISO 27001. To learn more, download our Guide to ISO 27001: