In the age of cyber attacks, adoption of Resilience, Deterrence, Intelligence and Mitigation (RDIM) mechanism is the way forward to ensure physical security of financial institutions, writes Rohit Shukla, Chief Security Officer, IDBI Bank
With issues like cyber security emerging on the scene, it is easy to forget that the primary threat for any financial institution is to its physical security. A physical attack is not only the easiest way to obtain an institution’s valuable assets and its data, but it also attracts terrorists, which a slow-moving, secret cyber-attack simply cannot prevent.
With fast expansion of physical sites of the industry in the form of new branches and ATMs, concerns about their security have become all the more pertinent, as it may not be financially viable to ensure blanket security cover for every site.
So, the need of the hour is that of a hybrid strategy for the security systems that would protect such institutions. An apt strategy to tackle the menace would be RDIM—Resilience, Deterrence, Intelligence and Mitigation mechanism.
Resilience & Deterrence
Under the mechanism, certain security measures should be in-built in the system to ensure that every site can withstand a physical attack and remains capable of resuming its function after an attack incurring minimum damage. Some of these strategies are physical and some more normative.
For instance, physically the site must be located in busy areas, close to law enforcement agencies, architecturally designed not to allow quick-paced movement, should have multiple ingress points etc. Similarly, normatively, such sites should stress on minimisation of cash transfer, create multiple strong points for storing cash and cultivate a culture of description amongst its employees, thus making it hard for a casual observer to learn its functions through surveillance.
For deterrence, sites should employ a mixture of real and fake security measures to deter the would-be attackers, yet be cost-effective. These might include dummy surveillance cameras, fake weapons and boards, which claim security measures that may, in fact, not be in place.
Intelligence & Mitigation
Employees of the sites should be provided extensive training to provide counter-surveillance against any potential assailant. The greatest preventive measure against an attack is alertness and looking out for surveillance. Surveillance is an integral part of the planning process for almost any type of attack. The primary objective of surveillance is to assess a potential target for value, security measures and vulnerabilities. It is one of the weakest points in an attack cycle and the one which can be easily detected.
Given that surveillance is a complex tradecraft requiring years of practice and training, the would-be attackers are almost always bad at it, making it easy to identify them. While there are several complex principles involved in detecting surveillance, in its core, it simply means looking out for a person, who doesn’t belong, doing things that he shouldn’t be doing.
Finally, if an attack happens, the security system should be able to mitigate the damage. Accordingly, the site should have appropriate elements like ‘safe rooms’ for the employees and customers to hide in. Further, they should be trained in appropriate responses in case of an attack as well as in the leadership techniques to calm the customers.