Knowing Is More Than Half the Battle

Protective Intelligence Technology Can Turn Data Into Insights and Action

Thomas Kopecky headshot
Thomas Kopecky is co-founder and chief strategy officer for Ontic.

Physical security teams are in a state of telemetry overload. From CCTV cameras to access control systems to the vast number of public records databases used to investigate threat actors and persons of concern, teams have more data and more information at their fingertips than ever before. The visibility of information has become a commodity. Intelligence, however, is at a premium.

The challenge for security teams is sifting through the mountains of information to connect the dots, even as more dots are added every day. In the aftermath of a mass shooting or a workplace violence incident, we often learn that the perpetrator signaled their intent to do something well before they actually committed the act. This means that timely, effective analysis has the potential to prevent assaults.

To minimize the risk that a significant danger is missed, companies are adding new threat intelligence monitoring and alerting solutions for both physical security and cybersecurity programs at an unprecedented pace. These solutions affect not only corporate security but other important teams such as human resources, legal, compliance and IT.

Most companies do not have a comprehensive strategy for analyzing and reporting security information across business units, so it is no surprise that managing this data has been one of the single greatest challenges for security, compliance and risk professionals.

Many of the solutions that have been adopted are not well connected. At best, analysts and security teams still need to toggle between various screens in search of the information they need. At worst, analysts are not even aware that certain solutions already exist within their companies, and often they miss out on critically important information that is located right on the same floor.

Emerging technology that integrates threat data to streamline the management process is vital to an organization’s security strategy, allowing executives and analysts to detect, deter, disrupt and defend against hazards that present a clear and present danger to life safety, infrastructure, networks and brands.

Scaling Threat Identification

Telemetry overload occurs with all sorts of data points, but some of the most difficult signals to track are threats arising from social media and open source intelligence. Although indicators may be present and detectable, the enormous volume of data makes it extremely difficult to manage and make sense of.

The viral nature of social media means that negative information about a company can quickly become amplified. CEOs are often pressured to speak out on hot button issues, which can inflame opposing sides. What can companies do when caught in a social media firestorm? How might they prepare for threats against executives or protests at company locations?

Most companies with executive protection teams have strategies to track people who make violent threats. It is not uncommon for companies to rely on time-consuming manual processes and implement a “heads down” approach to investigating and analyzing threats. We often find, however, that those strategies do not scale for the speed and volume in which data is generated.

Context is key, and nothing can replace the human element. But more than ever, security teams need to leverage technology that can streamline and expedite the collection and monitoring of information. This involves not only listening for keywords that indicate threat actor activity, whether overt or veiled, but also gaining greater visibility into the geo-location data of a threat. This is important to know if, for example, an executive is publicly scheduled to visit a particular location, and it is enormously beneficial if the security team needs to plan for protests at offices or plants.

Tracking, Measurement and Reporting

Purpose-built protective intelligence technology facilitates communication and collaboration throughout the enterprise. Security can and should work across the organization to get a comprehensive picture of the risk landscape. Some of the tools that risk management, cybersecurity and even human resources teams have may integrate with physical security platforms. Many of these tools are extremely useful when monitoring for threats and prescribing an investigative process once a threat is detected.

Technology can help teams resolve issues in minutes, rather than hours. It is critical that organizations find systems that help teams do more with less. It is equally important to generate metrics that measure activities, develop baselines, and document improvements over time. Physical security teams might benefit from replicating metrics used by their colleagues in cybersecurity – like the mean time from risk detection to remediation. It is also possible to work with colleagues across departments to identify ways security can be improved to generate cost savings.

An in-depth intelligence monitoring program should be able to do more than just collect information. It should also document trends and escalations in activity, as well as alert to incident types or clusters of incidents by geography. Automation can save time, and documenting these successes can help security be viewed as business-critical, rather than as a cost center.

Working With the Latest, Most Accurate Data

Anyone with significant experience in physical security has relied on time-consuming manual processes, such as hunting down disjointed information from numerous sources, writing and sharing printed investigative reports, or even taking the time to catalog all the information required to piece together a BOLO report. Given the volume of information, a 100% manual approach is no longer feasible and cannot guarantee that security professionals are working with the latest, most accurate data.

Protective intelligence technology streamlines processes and synchronizes the work of field teams and global security operations centers. Now, every team member has access to the critical data they need to make informed decisions. Collaboration tools often exist within these platforms, so the trail of activity and communication is visible to everyone. Working with the latest, most accurate data can be the difference between success and failure, and in the security realm, failure can have major consequences.

The Force Multiplier

Technology has streamlined the work processes of almost every industry, but physical security has been among those that have been more resistant to change.

For security teams, the ability to ingest and analyze data at a scale that matches the threat environment is mission-critical. They must be able to assess risk and manage threats faster, more accurately and more proactively. By eliminating manual processes, security teams are able to better protect employees and assets and can spend more time doing the high-value, proactive work for which they are trained.