The Noggin Blog

Data from the Global Peace Index shows that civil unrest doubled over the course of the 2010s. Think only high-profile venues need to be concerned? All organisations need to prepare. Not sure how to develop your civil unrest action plan, though? 

What’s the value of international standards in the age of COVID-19? Well, in the case of information management system standard, ISO/IEC 27001, the standard prescribes baselines for securing information assets. If you haven’t noticed, those information assets are increasingly under threat with the sharp rise of cyber attacks.

So, what should Security teams know about the best-practice standard?

Buildings, sites, plants and equipment, materials, and other physical assets remain some of the easiest targets for malicious actors. And when surveyed, security professionals usually despair of their organisation’s inability to protect them.

Why’s that? Under-investment in physical security management has left these larger, (usually) older assets dangerously vulnerable to compromise. What can be done? Well, Security Operations Centres (SOCs) give organisations a chance to improve their operational security posture and better secure people and property. 

It’s obvious that COVID-19 has shifted the focus of physical security management. Guards, formerly responsible for managing physical threats to people and assets, are now being asked to step into a safety protection and promotion role.

How are they faring? Well, the recent hotel quarantine incident in the Australian state of Victoria suggests that the transition hasn’t been seamless. What could help improve the quality of physical security management in the age of COVID-19?         

The near-unprecedented wave of cyberattacks on corporate and governmental systems has been an underreported story coming out of the COVID-19 crisis, with alarming business continuity implications for organisations still battling the fallout from the pandemic.

Already in March of this year, online threats had risen by as much as six times their February levels. Hacking and phishing attempts alone were up 37 percent month on month.

The surge would only accelerate. By June, reporting would find a staggering 400 percent increase in cyberattacks.

Even before the COVID-19 crisis struck, the consensus was that protective security technologies still had a long way to go to ensure maximal security, in a timely manner, for people and physical assets.

The reason? Hardware-intensive physical security management equipment had proven unable to keep up with the physical security threat as it had evolved.

Now, that threat is even more mobile, rendering traditional equipment even less effective. Why?

We’re proud to announce that our Noggin 2.0 integrated safety and security platform is now available in the AWS Canada Region, in addition to other generally available Noggin 2.0 zones around the world. Launched in December 2016, the Canada Region enables AWS customers in Canada to store data locally and address regional data compliance requirements.

For many organizations, COVID-19 has meant a halt to on-premise operations and the introduction of broad work-from-home policies.

Sure, that pivot has been key to business survival. But it does carry serious risk, including a greater opportunity for physical security incidents from less oversight. How to mitigate that risk with a remote, fragmented staff? Best-practice security standard, ISO 27001 offers some clues.

On the heels of a successful audit of its Noggin 2.0 platform under the Information Security Registered Assessors Program (IRAP), the integrated safety and security management technology provider passes another stringent security audit, designed to protect the confidentiality, availability, and integrity of information.

Why’s a place of mass gathering so difficult to pin down, even for owners and operators? The answer is more complex than you’d think. For one, place of mass gathering is a risk designation, extrinsic to the core function of the venue. Qualifying a venue as a place of mass gathering is its (high) potential to inspire terrorist attacks, which it becomes by concentrating large numbers of people.

IRAP enables Australian government agencies and bodies to store and run highly sensitive data at the Protected security level.

--

In 2018 corporate security incidents came for everyone. Unfortunately, 2019 proved no better. But despite the fact that corporate security incidents invite public scrutiny more swiftly than ever, the number of organizations with an appropriate (security) crisis management and communications plan remains stuck around the 50 percent mark worldwide.

Security incidents have become increasingly common in schools and universities. And bomb threats, in particular, are on the rise. Just look at the data.

It’s always been common for practitioners to treat safety and security as different properties – not just entities requiring different systems but distinct vocabularies and frameworks, as well. But increasingly the question is asked, how tenable is continuing to silo safety and security management? The answer: not tenable at all.

What integrated safety and security management capabilities do you need?

As many of you know, we decided, after a short sabbatical, to revive our User Conference initiative, so as to share best practices in safety and security management that we’ve learned over time, best practices which have also informed the development of our next-generation product, Noggin 2.0.

As a Safety leader, you’ve probably built a strong portfolio in the organisation. So too has your counterpart in Security. And now both of you see key safety and security priorities, like keeping employees safe at work or mitigating threats to facilities and people, reflected at the highest levels.

Focus on physical security controls in ISO 27001

Serious about securing your valuable assets, digital as well as physical? Well, international standards prescribe baselines for securing those assets. The ISO 27001 information security management systems standard, in particular, focuses on securing information assets.

Everyone knows Woolworths. It’s no overstatement to say that Woolworths is synonymous with the Australian supermarket. After all, the mega-retailer accounts for some 80 percent of market share, a fixture in Australia’s (and New Zealand’s) cities, towns, and rural communities.

The premier, comprehensive homeland security event in the nation, the 2019 National Homeland Security Conference brings together an impressive array of homeland security professionals. 

Take a look at the figures. Eighteen percent of all violent crimes occur in the workplace. Victim deaths are especially high in retail.

Security operations centers offer some pretty clear business benefits: improved situational awareness and visibility, reduced long-term security costs, and less operational security siloing. But despite the manifold benefits, SOC adoption isn’t universal. Far from it: in fact, according to EY’s Global Information Security Survey, 2017-2018, just half (or so) of all surveyed organizations have an SOC. What’s going on with the rest?

The ever-increasing threat level at major events puts even more pressure on organizers to ensure event security. To learn what some of the leading security professionals are doing to combat the growing threat, we recently attended the 3rd Venue Security & Safety Summit, which tackled key themes like planning and preparing for the unexpected, preventing and protecting against internal and external threats, designing and applying real-time response procedures, as well as building risk management into business continuity and disaster recovery.

From profits to press to badly-need infrastructure projects, major events can bring any number of lasting benefits to organizers and host sites. Conversely, the risks of running a major event are acute and variegated. So too are the penalties for botching it: public opprobrium, reputational damage, possibly even legal challenge and regulatory blowback. For organizers, effective all-hazards planning is the only solution to help mitigate topline risk and keep attendees safe. But with so many variables involved in major-event management, it’s easy to ask, how to get started?

By now, we know the grizzly details of the March 15 terror attacks at the Al Noor Mosque and Linwood Islamic Centre in Christchurch, the deadliest mass shooting incident in New Zealand history. All told, fifty people were killed, and scores injured at the hands of a self-described white supremacist.

A run-through of what happened

How prepared are organizations to tackle critical issues and major crises? That’s the question we at Noggin and our partner Deloitte have been posing to invited guests in our inaugural series of breakfast seminars, exploring the theme of overconfidence and crisis preparedness.

We’re just days out from the 3rd Venue Security & Safety Summit, set to be held this March 26 and 27 in Melbourne. The event brings leading security professionals together to discuss how the implementation of effective and practical strategies of prevention, preparation, response, and recovery helps ensure operational continuity and sustainability. And the best part is Noggin will be there, with an exhibitor’s table right in the thick of things.

Physical security incidents cause staggering levels of material damage and cost organizations big bucks. In the construction industry, for example, businesses lose between $300 million and $1 billion every year due to the theft of equipment and other high-value materials, according to data from the U.S. National Insurance Crime Bureau. 

In March 2018, the Australian Parliament passed the Security of Critical Infrastructure Act. As you probably know, the Act majorly ramps up state scrutiny of so-called critical infrastructure assets (ports, as well as electricity, gas, and water entities), by attempting to improve cooperation and collaboration between government bodies and the owners and operators of those assets. To do so, the Act compels asset operators and owners to relay detailed operational information (as well as relevant updates) to a government authority.

Factors driving the push for critical infrastructure security reform in Australia

2018’s Security of Critical Infrastructure Act didn’t come out of a policy bubble. The fact is we live in a globalized world; cross-border trade is the norm. The benefits of high levels of integration to comparatively open economies like Australia have been obvious for some time now, specifically in the realm of foreign direct investment (FDI).

Government bureaucracies get a bit of a bum rap; too often, people perceive them as stodgy and resistant to change. But just like the majority of big private actors, federal governments around the world have undertaken pretty substantial digital transformation projects, adopting the latest in digital technology to make their processes and agencies more accessible to the people.

 
Airporters of the world! We’re only a few days away from the Third Annual British-Irish Airports Expo, the singular event where suppliers and providers showcase their latest cutting-edge solutions and industry-propelling concepts. We’re excited to announce that Noggin will be there too, bringing the latest in crisis management technology, Noggin Crisis, across the pond to London and right into the airport space.