A one-dimensional, internet-centric approach to security could leave us economically and militarily vulnerable. So what’s the answer? Peter Cochrane says it needn’t be heavy-handed.

Everyday I seem to receive briefings or articles on the topic of security with an almost exclusive focus on the internet and electronic aspects of the personal, the corporate and the organisational. From the laptop and PC through Wi-Fi, wired LANs, servers, ISPs, networks, mainframes and storage, the concentration of interest is in viruses, worms, Trojan horses and all forms of cyber-attack.

It would be easy to end up thinking these are the only aspects of security that really matter. And it is not just the tech community propagating these briefings and articles. The wider management population also shares the same view. In my view, there is much more to this topic and we need to take a far more holistic approach.

The past 20 years have seen companies migrate from 100 per cent in-house employees, who did everything from gardening and food to production. All had references and were vetted before they were engaged and soon had an inherent loyalty to the company for their employment and benefits.

Today the situation has changed with almost everything being outsourced. Most organisations no longer enjoy 100 per cent containment and the loyalty it buys. It is now the norm for the restaurant, cleaning, gardening, building maintenance and site security to be managed by external agencies under some service level agreement. This trajectory is part of a wholesale migration to the fabled virtual company with large numbers of temporary employees and an outsourced front and back office, with all technical and support services overseas.

While there are tremendous economic gains to be made by outsourcing and virtualising, we should also recognise the gradual erosion of employee loyalty for those remaining at the core of the company. Pay and treatment disparities, plus the continuous threat of reorganisation and pending unemployment, provide constant destabilising and discontentment. But even more worrying, keeping the overall organisation secure can become a nightmare.

While huge savings have accrued through outsourcing and the dispersion of organisations across the planet (by exploiting lower labour costs and wider accessibility to educated and capable people) security and organisational defence has become far more difficult. But it goes much further. The wholesale closure of industries driven out of a country or region by cost reduction now sees an exposure that includes an inability for a nation to feed itself and provide its own clothing, energy, fuel oil and the majority of the technology on which it is increasingly dependent.

This all means that high on my list of parameters for making company decisions is the political stability and integrity of regions, governments and companies. When considering the prospect of outsourcing as a means of leveraging business by further reducing operating cost we really must include the downside risk. If history has taught us anything, it is that the unthinkable almost always happens. Outsourcing anything to an unstable region is risky.

The aggressor in any war or criminal activity generally has the upper hand in terms of surprise: being able to spring an attack from a direction the victim is not even looking and may not even be aware of is hugely advantageous. This is made infinitely easier for the aggressor if they can subvert an organisation by working on the inside as an employee, sub-contractor or outsourcing agent. They can gather all of the information, data and intelligence they require to inflict huge damage at some point and time known only to them.

Every major virus and worm attack costs the global economy around $2bn. The cost of malicious activity inside large corporations tends not be revealed or advertised for fear of destabilising the customer base. This is especially true in the banking and insurance sectors where there is a time-honoured tradition of presenting a public face of infallibility and total security. It is also true of network operators and many providers of information services. But the reality is $10bn per year is being lost by electronic and physical attacks by people who are working on the inside.

Democracy and democratic organisations are the easiest targets of all. They tend to operate with