Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

'We just call it security': Symantec's global CSO on merging cyber, physical and employee security

George Nott | Aug. 30, 2016
Cyber security, physical security and employee safety are as one for Symantec

When terrorists attacked central Paris in November last year, the city was plunged into a state of panic and confusion.

Symantec, which has an office in Avenue de l'Arche office just 12 kilometres from the Bataclan concert hall where the most deadly of the attacks took place, immediately feared for the safety of its employees.

Thanks to a global security policy, headed by CSO Tim Fitzgerald, the firm was able to account for every worker within three hours of the attacks. For those that needed it, transport was arranged to take employees and their families away from the affected areas. In the days following communication was maintained and counselling provided if needed.

It’s a security policy that has provided evacuation plans and emergency lodging to Symantec employees following the mass shooting in San Bernardino, California, the major fires in Dubai, and terror threats at Munich train stations.

Cyber security, physical security and employee safety are as one for Symantec. As Fitzgerald puts it: “We just call it security”.

The result is hugely beneficial for employees in times of need. But it’s proved a win for Fitzgerald and his team too.

Human element

Whether it’s being fooled by phishing emails, being sucked in by scams or not changing passwords, employees are often seen as the weakest link in any company’s cyber security defenses. Telstra’s CISO Mike Burgess and ANZ bank's global head of information security Steve Glynn call workers the “human firewall”.

“When we talk about the human element in security,” explains Fitzgerald who has been, in his words, ‘defending the defender’ since 2014, “I think we still talk about humans at the control point as opposed to the human experience. We’re trying to take this a step further and make this about a relationship that we have.

“My job is primarily cyber but it’s a space where CSOs and CISOs often overlook the human element. We over rotate on the technical part of the job, we forget ultimately it’s people and their ideas that we’re protecting. The one human error is generally more damaging to us than systemic failure and control.”

Although part of the reason Fitzgerald has taken on physical security and employee safety is because it ‘landed on his desk’, he nevertheless saw the 'opportunity and potential'.

“Security can be viewed, to its detriment, as people who set rules, things to be avoided and not followed. We tried very hard culturally to make sure we are not viewed that way. Part of the way we do that is by trying to interact with people on a personal basis. The physical security space gives us an opportunity to do that in a way that cyber doesn’t always.”

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.