Enterprise Security and the tragedy of Orlando
On hearing about the horrific events last weekend in Florida USA, I was saddened first and then struck by the bitter irony that these murders occurred in Orlando. Maybe it’s just me, but I was reminded that the magical central character played by Tilda Swinton in the movie Orlando transitions his gender and Orlando, Florida, USA the home of Disneyworld is billed as the happiest place on earth.
Whether or not the tragic and horrific murder that occurred in the Pulse nightclub in Orlando on 12 June is a hate crime on the LGBT community, a terrorist attack by a radicalised individual, or both, is probably a matter of semantics. I can’t see why it can’t be both, but it is definitely something that will be skewed by various political agendas. Indeed, that started happening the following day!
Despite the fact that the Omar Mateen wasn’t on a shift at the time, the Orlando shootings are a security failure that has impacted the reputation of his employer. For G4S, Omar Mateen’s murderous attack in security risk terms seems like the classic nightmare – a ‘black swan’ event. The high consequence of this low likelihood event is that one of their 600,000 employees killed en masse, with a resultant 5 percent fall in share price at time of writing. With a market cap of almost $4 billion (USD) G4S value has decreased by $200 million as a result of this event. Whether or not it has long term implications is not easily foreseeable.
There are increasing indications that Omar Mateen was unstable. His ex-wife apparently left him after four months and an ex-colleague reported that he was prone to outbursts of anger. The FBI investigated Mateen as well, but they only seemed to be looking for signs that he had been radicalised, not that he was psychologically stable or had anger management issues. None of this seems to have triggered significant investigation by G4S.
This should be of significant concern to security professionals. Bloomberg reports Mateen was first recruited in 2007. On employment he apparently passed a psychometric test called the Minnesota Multiphasic Personality Inventory. He was apparently rescreened by his employer in 2013 and continued to work until his death. Mateen also held Florida state security and firearms licences. But somehow the indicators, which seem with hindsight to have been clear, that Mateen was no longer suitable for employment as a licenced armed security guard, do not appear to have triggered internal ‘aftercare’ or due diligence processes.
More concerning is that this may be a systemic failing. In 2009, another employee of G4S, Danny Fitzsimons killed two other staff in Iraq. One of them was an Australian, Daniel Hoar. In 2015, the UK Coroner’s inquest released its findings. Coroner Joanne Kearsley found that Fitzsimons’ employer did not make sure that he was adequately vetted before he killed his fellow employees. Coroner Kearsley reportedly said that the killing was ‘a defining moment globally in the security industry’.
Unfortunately, we may find that Coroner Kearsley’s words are equally applicable to the killings in Orlando.
In any case, these events provide significant food for thought for enterprise security professionals. Organisations do not sit in isolation, they are part of the society in which they operate, whether this is online or in the real world. Marketers tell us that their companies’ employees are “part of the community”, which is true, but this highlights the fact that there is not a hard perimeter for an organisation, if there ever was. It is an increasing expectation of our societies that organisations take care of the bodies and minds of people that work for them. Organisational resilience comes from companies recognising this and truly caring, because in the end it affects the bottom line.
ENTERPRISE SECURITY AND THE TRAGEDY OF ORLANDO