BSAT: The Ultimate KILL SWITCH

Chakradhari Rowe
Founder Tango Six O’ Clock LLP.
(A Rotarian, Solutionist, Instructor & Architect – Protection & Counter Terrorism)

‘100% Security is a MYTH!’ – This quote hit me in the first few pages of ISA’s security bible that I was training in. At this point, I felt it was a printing mistake but halfway through my training, I knew the bare fact that it was not. Irrespective of the security measures in place, there will always be a vulnerability that the adversary will identify, isolate, and attack. These days, it’s a common sight where critical installations, banks, medical facilities, and corporations are being hit by threats; and these are both in a physical and virtual space. This article is about the security of the ‘big’ but through a ‘microscope.’

What you see when you look through a microscope is the basic building blocks of matter – the atoms. In this case, it’s the workforce – the one who is at the helm of maintaining systems, processes, and procedures that keep the Security Architecture (SecArch) together, preventing any possible breach. In any given situation, even the lowest cadre of the workforce interacts with this architecture, and can be a possible cause to weaken it and create a vulnerability that will be exploited – both knowingly and unknowingly. A case in point is Citibank, where an ‘employee’ mistakenly transferred $900 Million instead of the intended $8 Million. (https://shorturl.at/8TmGp).

Need for a BSAT (Basic Security Awareness Training Program)

The need for a BSAT that is designed to educate every single human element interacting with the SecArch of a given facility is felt today more than ever. However, this solution should not be a one-size-fitsall approach. Every facility needs to include the key elements of their security preparedness in sync with their requirements. This program should be one that educates the workforce on how the individual contributes to the strengthening of the SecArch.

The modus operandi & the weakest link Physical or virtual, every attack on an installation has at its core, the voluntary or ignorant involvement of a human element – ‘insider threat as we call it.’ But often, the term insider threat is associated with the voluntary involvement of this element. In my opinion, it must be both. No adversary can pull off a big heist all by themselves; and every single human element will be used as the designated weakest link to create the hole in the system.

Remember Canada’s largest Gold Heist in recent history? Two Air Canada employees (Insiders) were involved (https://shorturl.at/K3CIq).

Countering Voluntary Involvement

These human elements know the system, and due to the inside view, they are in a better position to exploit its vulnerabilities. In most cases, their malicious actions and behaviour go unnoticed due to the lack of security awareness of their peers while they are at their malicious best. However, by introducing the BSAT, everyone in the workforce can be made aware of ways to identify and report such behaviour before it’s too late.

Countering Ignorant Involvement

This is a process where ignorant, security untrained, and innocent workforce is taken advantage of, to create the necessary vulnerability in the SecArch. Simple examples could be the sharing of passwords, sharing of access cards, sharing of critical info (which is not perceived as critical by the ignorant), carrying of each other’s items/ devices through access-controlled zones, or even social engineering tactics (when personal info is shared with colleagues out of ignorance of outcome) etc. These instances can be easily countered when the workforce is educated in the BSAT.

5 reasons to deploy a BSAT into your SecArch

Omnipresent security

When you train your workforce in BSAT, which includes the basics of both physical and virtual security, you are transforming human elements in your organization into security personnel of sorts. The objective is to identify and notify basic security breaches or suspicious behavior that might lead to bigger security events. There can be no substitute for such a deterrent mechanism to maliciousness.

Get a workforce with firm compliance

I didn’t know, I wasn’t aware, and the likes are classic excuses for deniability. Once BSAT’ed, this excuse goes right out of the window. The accountability of every single human element on the ground is given the mandate to no longer use ignorance as an alibi; and due to this very virtue, the responsibility assumed by each is at its highest level.

End of PoSH-related issues

According to reports, 70% of women do not report harassment in India. 35% have faced sexual harassment in the workplace. The possibility of using such a case (genuine or otherwise) to create vulnerability for the company cannot be denied. With a BSAT in place, not just women but also men understand the vulnerability in their working relationship and make sure such vulnerabilities are nonexistent.

An investment with high returns

Investing in your workforce, especially their security is one of the best ways to show them that ‘you care.’ If your team designing the BSAT can include topics like Counter Crime Education, Travel Security, and Financial Security in the module, you could be saving the day for your employees. You could make sure your employees are not just secure on your premises, but also off it. You don’t have to, but remember the point to genuinely show you care.

Create a corporate security culture

Remember, 100% security is myth. However, for a security cultured organization, this myth can be kept at a safe distance. For a malicious mind, nothing can be more frustrating than being in the purview of 100 pairs of eyes who are trained to spot maliciousness. With the implementation of BSAT, your company can become the most ‘un-preferred’ place for maliciousness and the most ‘preferred’ for employees.