Banking show security bypassed with a smile
Sibos 2006 organisers had probably spent more on security than any other exhibition I have been to; however, all it took was a friendly gesture from one security guard to create a gaping hole in the security infrastructure.
My first thoughts when walking into the main hall at the Sydney Exhibition Centre in Darling Harbour last week were "this is where the money is at".
The exhibition space had spotless cream carpets and the hall was filled with ridiculously expensive stands belonging to the largest banks and financial institutions on the planet. Milling around the stands, I could see the cream of the crop -- when it comes to IT in finance -- making deals and discussing the latest advancements in payment technologies.
In order to get as far as the exhibition space, delegates first had to get past airport-style metal detectors and a manual bag check.
Not expecting to have to deal with such obstacles, I approached the exhibition entrance and, with my jacket in one hand and my bag in the other, fumbled around trying to gather all the metallic objects from my person.
The security guard standing at the metal detector helpfully held my jacket while I put the last of my metal objects into a little black plastic tray. I walked through the gate -- without any beeps -- and then set about re-inserting keys, change etc. into their original pockets. As I was doing this, the security guard handed my jacket back to me with a big smile on his face. He didn't put the jacket through the security gate or check to see if it had any hidden weapons.
So all the money spent on metal detectors and security guards was effectively useless when my jacket, which could have contained "bad" metal objects, completely bypassed the security check.
As it happened, it made no difference because I wasn't there to cause any trouble. However, if I had hidden something undesirable in my jacket, exhibition security would have failed miserably.
Often, being seen to take security seriously is far more important than actually doing so. Administrators, companies and governments do this on a regular basis.
For example, if a company notices that some "trusted" employees' computers are being used to access unauthorised documents or files, what should it do?
I remember a few years ago being told that if all the computers had a password protected screensaver, there would be far less chance of a "bad" employee being tempted by an unprotected desktop.
It's this kind of policy, which plugs up gaping holes and costs virtually nothing to implement, that should be prioritised.
In the case of the Sibos, hiring fewer but better trained security guards would have made the exhibition safer. But when security budgets are so big, who cares about the little things?