Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

More measured, less arbitrary

published on 2023-10-06 08:14:21 UTC by Rebecca Knowles
Content:

SJUK speaks to industry stalwart, Guy Mathias FSyl, F.ISRM about the changing nature of corporate security and the language we use to describe it.

Guy Mathias is a leading security and risk expert with an extensive background in and commitment to organisations supporting the corporate sector. He has chaired the Pharmaceutical Industry Security Forum, the Security Institute Validation Board and the UK Security Comonwealth. He is also a former Board Director (Strategy) of the Security Institute and chaired the validation board for five years

Guy is a longstanding member of ASIS and the Risk & Security Management Forum and continues to sit on the board of the UK Security Commonwealth. He currently chairs the Food & Drink Security Association and the Cross-sector Safety & Security Communications (CWSC) for the Eastern Region.

By day, Guy is Director, Risk & Operations at Suntory. With brands such as Lucozade, Ribena and Orangina in its portfolio, Suntory is a large food and drink beverage organisation employing over several hundred staff across sites in London, Gloucestershire and Dublin.

“The role is classified as Risk & Operations Director and that encompasses four disciplines – corporate security; risk, as the name implies; operations, as the name implies; and covering off the corporate insurance requirements, so there are four very distinct elements that go within the job title,” says Guy.

He is also Suntory’s GB&I Management Lead for Global Business Resilience , which means that on top of those four disciplines, “if we have a major problem, or crisis to deal with, it falls to me to deal with it. So, take something like the COVID-19 situation – for the best part of 18 months I chaired the Incident Management team.”

“Policing” or “managing” ?

In the early days, Guy and his teams were viewed as the “corporate security police”. He says it’s since become much more about “trust facilitation, so “yes” rather than no, or perhaps qualifying the no with a “you may not want to do that because…”, “you might like to do this instead.” My view is that everybody in the global organisation has security and risk responsibility.” More so since the introduction of hybrid working, says Guy, adding that the challenge is to endorse security into the consciousness of individuals in global organisations.

I ask Guy if “Corporate Security” is the same in all industries, or if there are elements that are unique to certain sectors. “I can answer that in two ways,” he says: “there are transferable skills. I’ve moved from pharmaceuticals into food and drink. The phrasing is always around fast-moving consumer goods companies, well I’m in that territory now. I think some of the principles apply, but do the different sectors have different issues to deal with? Yes. For a long time, food and drink were not seen as part of the critical national infrastructure, but with the cost-of-living increase and food security concerns, it is now.

Guy continues, “I think there are uniform problems across sectors. If you take the CSSC, we’ve got the six counties on the East which is the region I chair. You would argue that the UK is broken into many different sectors – nuclear, retail, transportation, oil and gas, and bizarrely, shipbuilding. We don’t do a lot of ship building in the East, but we do have a large coastline and one of the issues around that could be flooding, hence the importance of working with the Environment Agency.

“What are the commonality pieces around those sectors? I would argue insider threat, supply chain threats, to whatever the terrorist threat is to the UK. What else? I think the ability to react to social media issues that we have now; we’re in a world whereby extremism on protest of activism is widespread. It’s not a narrow window anymore, everybody in the UK potentially would want to get their old-fashioned placard and stand and protest about something.”

In September, the Government said the “UK’s over-delivery on reducing emissions provides space to take a more pragmatic, proportionate, and realistic approach to reaching net zero, while maintaining all our international commitments.” The ban on the sale of petrol and diesel cars will be moved back to 2035, it said, and new policies forcing landlords to upgrade the energy efficiency of their properties will be scrapped. The move has caused an outcry among the population, with angry exchanges taking place on social media and this could well lead to further in-person protests and threats to national and corporate security.

“How do we react to that? Because whereas it would have been seen, certainly 20 years ago, as relatively niche, the preserve of predominantly, a young, active protest group, now got the demographic is everybody,” says Guy.

There has also been an exponential rise in the rates of shoplifting and violence against shopworkers. “Stores are experiencing losses that they can ill afford. That’s where membership bodies, such as the Food & Drink Security Association can help. At meetings, we’ll ask, what’s your best practice?  What is your response to the escalation in shoplifting and violence, what measures are you taking?

“I think there is a purpose for member bodies to act as conduits for best practice. So, somebody in a leading UK supermarket may be having problems with getting a mob of people coming in and blitzing a store or stores, while a bar in London might be struggling with something similar. It’s about making a connection – by talking to each other, can we provide intelligence or data that might help with the situation? Some of that might be commercial advice in terms of security where we act in an advisory capacity, or it might be we spot certain trends, such as the way in which the cost-of-living crisis is affecting some areas more than others. 

“Understandably, many people genuinely are hard pressed to put food on the table. Subterfuge trade is a real problem. Car boots are an obvious one, but it could just be an individual who steals a couple of boxes of product that’s in the back of the convenience store and tries to sell the products at a cheaper price to people living on their street.”

A day in the life of…

I ask Guy what a typical day looks like. Perhaps unsurprisingly, there isn’t one.  “I’m very lucky, I’ve always had a very varied day. In my world, I always seek to be as proactive as I can be, which means being as risk averse as possible; planning, making sure that we’ve tried to second guess and pre plan and think about all the elements that go into running a risk register.”

In terms of corporate security, risk management and security are not two separate things, they are intertwined. “When I think about job descriptions, there’s a divergence – cyber security, so called physical security, but there is a point at which they come back together and manifest into “risk”. If I was writing a job description to employ somebody now, I would be looking to employ a Security Risk or Risk Security Professional. We need to be less arbitrary.”

More UK Security News.

Article: More measured, less arbitrary - published about 1 year ago.

https://securityjournaluk.com/more-measured-less-arbitrary/   
Published: 2023 10 06 08:14:21
Received: 2023 10 06 08:25:45
Feed: Security Journal UK
Source: Security Journal UK
Category: Security
Topic: Security
Views: 1

Custom HTML Block

Click to Open Code Editor