The Tribune

Almost two years later and there is seemingly no end in sight to the COVID-19 pandemic; the fifth such declared event since 1918. This particular one, though, harnesses the power of the Internet to drive its messaging. The media impact, notwithstanding the global spread, has been immediate and consistent. Perhaps the coverage has done more damage than the actual virus, but that is another story.

The novel coronavirus was initially named 2019-nCov, and then renamed SARS-CoV-2. This is not new, but represents a viral strain that has been a part of the ecosystem for more than 60 years. Only with the first outbreak of SARS in 2003 did this strain begin to get any attention, as it was seen to have deadly impacts for humans. The documentation surrounding the study of this virus can be traced back to 1965. However, I am confident that, like most crime that goes undetected for long periods, the 1965 date is only one of discovery, not the arrival.

From its discovery in Wuhan, China, in late 2019, this COVID-19, Omicron and every variant hereafter is here to stay, as such creating a new normal. Normality, in case you did not know, is relative to where you are. It has become, in many instances, a moving target so you must be flexible and adaptable in readiness, response and recovery strategies. In the corporate arena, that normality is dependent on several variables such as resources, skill sets, regulatory oversight and the like. As such your risk appetite and tolerance should be adequately delineated to ensure that the appropriate effort is directed to the right place. This is a genuine effort also known as risk management, and attempts to make sense of the unpredictability of real world events, which is easier said than done.

In my lifetime as a security and risk management practitioner, I can only recall the September 11, 2001, terror attacks as having a comparable global impact on how we do business, live and travel. The adjustments we all had to make are very evident 20 years later. We willingly undress, allow trained strangers to touch our body parts, search our bags and expertly determine that five ounces of lotion is safe, but eight ounces is a security risk? Go figure

The events leading up to 9/11 gave us clear indicators of the need to ‘sweat the small stuff’. The attacks on the World Trade Centre and Pentagon were executed by low-key operatives who hijacked commercial airliners with box cutters. Essentially, they manipulated a system, that for 30 years prior, was looking for more overt devices, such as firearms or bombs. In 1993, the attack on the World Trade Centre came from a van filled with explosives. Who would have thought that less than ten years later the training ground would have been the US and it would come from the air?

So, what is the lesson here? As you embrace your operations with the intention of making up for impacted performance over the last 18-22 months, note the unusual and inconsistent behaviour of customers and staff alike. Do not sacrifice potential gains by ignoring real threats. The data is there. More important, determine what are your break points or, as they say, what are your single points of failure. Depending on your company and its operational footprint, there may be multiple critical componentss. Learn them, define the threats and establish contingencies that a six year-old can implement.

In this digital age, this monitoring must extend to online transactions and interactions. Your catapult to fame via Tik Tok and Instagram comes with a price. You are now international, and this new-found fame will attract both friend and foe. Regular reviews of your digital transactions must go hand-in-hand with your physical systems review. Many companies bolster one aspect and delay the other. In the past, I have been engaged by clients who were very proud of their cyber security controls, but failed to deploy physical controls or adequate access rights.

The ‘devil is in the details’, as the saying goes. It always amazes me how the little things make the biggest impact. But yes, the little things can also be positive even if they appear negative in the first iteration. Too often we overlook or ignore the little signs of exposure, but seem surprised when the large incident that brings our systems and operations to a standstill occurs. The small cracks and behavioural differences mean something. Our efforts to gain additional revenue or market share are placed at risk, notwithstanding the clear signs of system and operational deficiencies. Continuous improvement is the standard for a comprehensive management system, as systems must be seen as fluid and constantly changing.

It has been more than two years since we last wrote in this space, we have dusted off the cobwebs and are committed to helping navigate the complexities of asset protection and loss prevention management. Times have indeed changed, but we must adapt and adjust. Until next time, have the warmest, safest and securest New Year.

NB: Gamal V. Newry is the president and senior consultant for Preventative Measures. He brings over 35 years of insight and experience as it relates to crime and security risk management. Comments, inquires and questions can be sent to info@preventativemeasures.org