What is operational security?

What is operational security?

Operational security is a far-reaching sector in 2021. In the modern world, organisations must be aware of a wide array of threats as ever-evolving technologies facilitate new ways in which people might seek to capitalise on security vulnerabilities.

CORPORATE ESPIONAGE MITIGATION

A particular concern for companies in the digital age is corporate espionage. There are many successful instances of corporate espionage every year which can result in intellectual property being sold to other companies or ransomed back to the organisation on the receiving end of an attack. Either way, businesses can stand to lose large sums of money.

It is therefore important that your employees are educated of the threat corporate espionage can pose as well as the techniques used to carry it out. Social media is omnipresent in our lives and attackers might often seek to utilise it as a way of initiating contact with employees or to gather information about people in the business. As such, it is essential to educate your employees regarding the risks and best practices of using social networking sites, such as how to verify the identity of profiles they connect with, signs of information gathering as well as the ‘dos and don’ts’ when it comes to posting on social media.

Corporate espionage can also manifest as a physical threat and take place right under our noses. If a person has access to any computers or facilities at any of your business’s physical sites, it’s highly likely they can extract sensitive data. Businesses should track and supervise their guests as much as reasonably possible while limiting their access to any potentially sensitive information.

EVENT OPERATIONAL SECURITY

The digital age has brought a swathe of new potential security risks, but pre-existing threats remain. The need for operational security at large-scale events, involving high-profile individuals or significant numbers of people, cannot be overstated.

This involves far more than having security guards dotted in and around the perimeter of your event. The growth of advanced technology can be used in conjunction with your security team to limit the risk of multiple event-security threats such as injury to guests, damage to property, troublesome guests and crowd control as well as physically violent and cyber-attacks. The latter of these are likely to involve a greater deal of sophistication – and therefore planned significantly in advance of the event – meaning that a thorough, coordinated approach to security is required from the planning stages right through to the event itself.

As such, the effectiveness of large-scale event security is multi-faceted, but there is a more simplistic fact that should not be overlooked and that is the visibility of security. Highly sophisticated attacks are likely to be attempted irrespective of the security measures in place. However, these measures will act as a deterrent for any opportunists targeting your event.

INVESTIGATIONS AND TESTING

Many organisations have likely been targets but not all will have suffered a security breach.

For those that have been breached, it is essential to understand how and why there was a breach in order to prevent similar incidents from happening in future. Conversely, organisations that have suffered at the hands of a security breach should not rest on their laurels. Security risks are constantly evolving and businesses should be regularly testing their security measures in order to identify potential vulnerabilities. This allows for any weaknesses to be promptly overcome and reduce the chance of your activities being compromised.

If you’d like to find out more about operational security and how Rose Partners can help your organisation implement it, get in touch with a member of the team today.

Freedom Day – Major Event Planning in the Post Pandemic Environment

The day has finally come upon us where we are able to walk back many of the restrictions of the last 16 months of the covid pandemic. The devastating human and financial toll has been significant and the question remains – will society ever be the same again? Our thoughts are with those who have lost friends and family during this time and continue to be impacted.

As the control measures are rolled back there is an overwhelming sense of society readying itself for coming back together; music festivals, sporting events and more.

It was only last month that Rose Partners was strategically and operationally supporting the G7 Conference in Cornwall. Events such as these are very much part of our core business. Our leadership team has extensive major event experience and have planned everything from the London 2012 Olympics through to football world cups e AGMs in Africa.

However, the effects of the pandemic remain and the impact on hosting major events has been seen in recent weeks and will continue to do so as we go forward. These effects are not just at the tactical and operational level but societal. We only have to look back at the events of the Euro 2020 Final at Wembley where hundreds of England fans overwhelmed an under-resourced security operation. The shameful events of that day were the manifestation of football fans ‘being released back into the wild’, high demand / low ticket availability and a security operation not prepared.

As we look forward to the rest of the year and into 2022, event organisers will need to develop robust and resilient strategic plans for major events. The ‘pingdemic’ will undoubtedly impact law enforcement as it will affect event security providers. The pent-up demand for social interaction, the restarting of company and government events and the desire to ‘get back to normal’ will generate unprecedented demand on event safety and security.

COP 26 represents the next major shop window for event security and the eyes of the world will be on Scotland, not only to deliver outcomes that will deliver meaningful targets and plans to tackle climate change, but the smooth functioning and operational delivery of a flagship event will be vital to its success.

Key success factors to planning and delivering such an event are, but not limited to,

  • Threat led planning – truly understand through intelligence and threat assessing how the risks will manifest that could impact your event. COVID-19 will be on your risk register
  • Detailed planning – from the strategy to the risk mitigation plan. The planning must include a ‘plan b’ not only for managing the strategic threats to events but also the inevitable impact to the workforce of COVID-19
  • Crisis management – creating robust resilience within your planning and creating contingencies
  • Rehearsals – bench test all your plans with all parties involved through table top exercises and ensure emergency services are engaged
  • Strategic engagement – strong relationship management and interaction with law enforcement

Rose Partners is a trusted provider to government and blue-chip companies alike for major event management. From strategic inception through to delivery, we have a highly experienced leadership who have built high performing teams to execute on the most complex of events.

Protecting yourself from the Pegasus Spyware

In the last 24hrs international media outlets have been reporting extensively about the Pegasus Spyware investigation. The media is reporting that rights activists, journalists and lawyers around the world have been targeted with phone malware sold to authoritarian governments by an Israeli surveillance firm.

Pegasus is a form of malware that is designed to infect mobile devices. Originally developed by NSO (an Israeli technology firm), the software has been sold to foreign governments in order to monitor the phone activity of its targets. Through a simple text message, or WhatsApp call the malware can infect a phone. Harnessing zero-day vulnerabilities (security holes in the code of the software on phones that the manufacturers don’t know about yet) the malware, once installed is able to remotely control and manage your phone. It can turn the microphone on, download all of your data and information and access your location information. Essentially, it has access to everything you do on the phone. And it’s not easily detected.

So what can you do to protect yourself?

Deleting all of the apps on your phone that you don’t need is a good start. Essentially, any app on the phone can be exploited. And make sure all apps and the core iPhone/android software is always fully up to date. If you have a fleet of phones used in your company, setting up an MDM (Mobile Device Management) solution can help. Through this management software, you are able to restrict the apps that can be downloaded from the App and Play Stores.

And then finally, you have software on your computers and servers to protect against malware and viruses, so why wouldn’t you do the same on your phones? There are antivirus tools that you can run on your phones that will detect and eradicate most malware. But these are unlikely to detect Pegasus Spyware. Ideally, you would have a proactive MDR (manage, detect and respond) solution deployed on all of your devices, from PCs to mobile phones. These solutions are monitored 24 x 7 from our SOC (Security Operations Centre) for any malware or security breach and are immediately investigated and correctly addressed.

Previously these solutions have only been accessible to enterprise-sized clients, however Rose Partners is now offering a comprehensive visibility and aggregated threat detection solution to all clients which ensures your data and information remains secure. Our scalable solutions seek to address the needs of the SME / family house / HNW clients, through to larger organisations who need a more managed solution. Rose Partners has long been at the leading edge of securing our clients, both virtually and physically. We understand the absolute need to protect what’s important to you and ensuring your data remains secure is our primary objective.

Blog: Managing threats from within

In the latest Rose Partners blog, our CEO Adam Honor explains the dangers of insider threats with an example we can all recognise.

Many of us have fond childhood memories of reading Roald Dahl’s Charlie and the Chocolate Factory. There is a particular passage in one of the preliminary chapters that bears relevance today in how we manage the risks posed by the insider threat within our companies:

Grandpa Joe – ‘You see, Charlie,’ he said, ‘not so very long ago there used to be thousands of people working in Mr Willy Wonka’s factory. Then one day, all of a sudden, Mr Wonka had to ask every single one of them to leave, to go home, never to come back.’

 ‘But why?’ asked Charlie. ‘Because of spies.’ ‘Spies?’

‘Yes. All the other chocolate makers, you see, had begun to grow jealous of the wonderful sweets that Mr Wonka was making, and they started sending in spies to steal his secret recipes. The spies took jobs in the Wonka factory, pretending that they were ordinary workers, and while they were there, each one of them found out exactly how a certain special thing was made.’

In short, Mr Wonka was being ripped off by an aggressive insider threat agenda driven by the competition. His tradecraft, trade secrets and IP were walking out the door and being replicated by the unscrupulous competition. In response, Wonka sacked everyone, closed the gates and employed an army of Oompa Loompas.

Wonka was clearly not running a robust Operational Resilience / Security function that had a controls-based framework to secure his assets, ideas and intellectual value. Nor did he recognise the talent of the staff, a business’s most valuable asset, and the role they can play in managing an insider threat program.

What is an insider threat?

The CERT definition of an insider threat is ‘the potential for an individual who has or had authorised access to an organisation’s assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organisation. This definition covers:

  • Malicious and non-malicious (unintentional) insider threats
  • Cyber and physical impacts

From this definition, it is clear that even employees and contractors with the best of intentions can become an insider threat, simply by clicking on a hyperlink that injects malware into the OT or enterprise network. According to the Ponemon Institute’s 2018 Cost of Insider Threats report the average cost of insider-caused incidents was $8.76 million in 2017 – more than twice the %3.86m average cost of all breaches during the same year across the globe.

Oliver Wyman’s The Increasing Threat from Inside report states that nearly 75% of companies believe they have appropriate controls in place to mitigate insider threats, yet more than 50% of companies had a confirmed insider attack in the past 12 months.

Why would someone seek to carry out an insider attack?

There is no straightforward answer to this question with there being numerous and complex potential motives. However, there are some indicators of potential insider threats:

  • Ethical flexibility
  • Reduced loyalty
  • Entitlement – narcissism – ego
  • Introversion
  • Greed / financial need
  • Intolerance of criticism
  • Self-perceived value exceeds performance
  • Vulnerability to blackmail
  • Pattern of frustration and disappointment

How can we prevent the loss of trade secrets?

Managing insider threat is a complex, multifaceted and cross-functional exercise that will reach into most, if not all, functions within your company. Having a ‘policy and standards stack’ is not enough. There is difficulty in spotting the threat, which is why there is a premium placed on process and education, over that of technology.

Implementing an effective insider risk program requires a design tailored to the specific culture, processes, and risks of your organisation. It starts with the identification of the risk exposure and the business impact of the risk. Once the “crown jewels”, the most important assets (physical and/or virtual) and associated insider risks are identified, a pilot can be designed to mitigate these risks. It is important to start small and focus on a clearly defined high-risk employee sub-group to work through the organisational issues that need to be solved.

Il Common Sense Guide to Mitigating Insider Threats (fifth edition published by the CERT Insider Threat Centre) offers a guide to best practice. Some of the key practices from the document include the following points, and the first point is arguably the most important:

  • Know and protect your critical assets
  • Create a culture of awareness throughout the company. Develop training from the Board level down. Create focused leadership sessions that enable leaders to identify the insider behaviours
  • Develop the governance framework to formalise an insider threat program
  • Develop repeatable and reportable processes that capture suspicious behaviours from the point of hire to fire
  • Have a social media monitoring program
  • Create a culture of ‘it’s OK to say’
  • Create a robust access rights management process for data and systems
  • Close the doors to unauthorised data ex-filtration
  • Monitor and control remote access
  • Extend your controls and awareness to third parties
  • Enforce separation of duties and least privilege

In addition to the above, there are key success factors for an effective insider threat program. Understanding what contributes and supports success is fundamental in measuring and reporting progress. Whilst these factors are numerous, the five listed below highlight why success is not just about controls:

  1. Governance and organisation: Clear articulation of the oversight and agreed operating model
  2. Execution and program management: Processes and controls that cover the end-to-end lifecycle of insider risk management in line with the organisation’s risk appetite
  3. Data, technology and tools: Foundational capabilities that support the management of insider risk
  4. Information sharing: Effective cross-functional interaction model to address legal, ethical, cultural and privacy concerns, and understand what is required to “get to agreement”
  5. Continuous improvement: Mechanisms to integrate learnings from past events and to evolve the program in line with the changing risk exposure

Conclusion

An insider threat program is crucial for any organisation. Designing and implementing an effective solution is vital to securing a business’s most valuable assets. There is an upward trend of insider threat occurrence and its prominence and relevance mean it simply cannot be ignored. Implementing the right program will yield clear benefits and positive results. Take a proactive approach to managing insider risk – start small, but start now. Create a program based on a culture of honesty, integrity and ethics. Employees will identify with these values and as a result, will embrace the insider threat program and its ultimate aims and objectives.

In the real world, the management and mitigation of insider threats are as pertinent now as they were then. However, we now have the benefit of well -processes, training and awareness tools and ‘surgical technology’ that can reduce the accidental or deliberate loss of value from our companies.

Remember: it’s OK to say. It’s something I encourage my colleagues to do every day. I’ll leave you with that ‘ear-worm. You’re welcome!

Tarhouna Mass Graves, a reminder of conflict but a symbol of progress

Tarhouna Mass Graves: a reminder of conflict but a symbol of progress

The people of Libya have been through turbulent times since the end of Muammar Gaddafi’s rule in 2011. The country is building its capacity and capability across the board following a range of conflicts over the course of the last decade. Unfortunately, legacies of those conflicts still remain, such as the mass graves discovered in Tarhouna, a town located 90km southwest of Tripoli.

The graves were discovered when the area was recaptured by government forces in June 2020. Tarhouna had previously been a stronghold for forces commanded by Khalifa Haftar during a 14-month campaign to capture the capital. Since the discovery of the graves, more than 120 bodies have been exhumed including men, women and children.

Rose Partners’ team headed up by Niamh Smith, who has a wealth of experience in disaster victim identification, played a mentoring and training role with the Ministry of Interior and the Libyan police, which have been carrying out forensic and criminal investigations. Niamh and her team were given extensive access to the graves and associated sites relevant to the criminal investigation.

‘They’ve been working consistently to carry out test digs on the site since last summer and have been recovering bodies regularly,’ Niamh said. ‘From Rose Partners’ perspective, we’ve been working on the criminal aspects in terms of who committed the atrocities, as well as the identification of the deceased.

‘We would attend the graves regularly, as well as having access to the sites as part of the mass graves responder courses we developed.’

The situation regarding the mass graves has drawn significant international attention, with the United Nations calling on the Government of National Accord to secure the sites, identify the victims, establish the causes of death and return the bodies to their next of kin.

It is therefore imperative that identification and investigation processes and facilities are of the highest standard, so as not to jeopardise any future convictions.

‘The Libyans are very keen themselves to be on a professional par with other countries,’ Niamh added. ‘They’re very aware there are certain standards they need to meet, but they’re constantly pushing and trying to improve.

‘The police genuinely want to do an excellent job for the people of Libya. It’s about increasing their knowledge and capability so they can run at a standard they’re happy with.

‘It would be a very satisfying end goal for them to be self-sufficient and in line with their international partners, being able to train their own people and, in some cases, have their advice sought by other nations.

‘The mass graves situation is an example of an area in which if, as unfortunate a circumstance as it would be, other countries could potentially turn to the Libyans for assistance in how to deal with this sort of event.

it_ITItaliano