Threats to senior executives seem to be escalating, largely thanks to online culture. But monitoring threats against them is an unusually sensitive task – ethically, legally and personally. So how can corporate security teams provide robust protective intelligence, without crossing dangerous lines?
One distraction for Bill Gates in his fight to eradicate global poverty? The Microsoft co-founder and philanthropist has become a target for conspiracy theorists, who believe – amongst other accusations – that there was a sinister motive behind his public health initiatives and that he planned to use the Covid-19 vaccinations to implant microchips into individuals and monitor their movements.
“There have been a few cases where I’ve run into people in public where they are yelling at me that I’m putting chips into people,” he told The Guardian newspaper in September. “That’s kind of strange to see: ‘Wow, those people really exist, it’s not just some robot sending out crazy messages.’”
He is not alone. There are numerous examples of high-profile executives being harassed, threatened and even physically assaulted in recent years, from Qantas chief Alan Joyce who was hit with a pie to the face in Perth in 2017, to Apple CEO Tim Cook, whose stalker entered his home, leaving him champagne and flowers. Meanwhile, earlier this year, the home addresses of eight oil and gas chiefs were doxxed in an online forum by a self-described Anonymous hacktivist accusing their companies of ‘destroying the environment’.
Anecdotal evidence suggests that the threat to senior executives is escalating, largely as a result of online culture. In this era of hyper-personal communication, executives are encouraged to be the public face of their organisation. Social media activity can make them highly visible, more reachable and as public figures, an attractive target.
Add into this mix a febrile political atmosphere and the ability of hostile actors to chat via encrypted messaging platforms and forums – many of which serve to amplify rhetoric and reinforce extreme ideas – and it is clear that the risks of being in the spotlight are increasing.
The challenge for corporate security teams, often already operating with stretched resources, is that understanding the threats facing your executives is unusually sensitive. Individuals’ lives are at stake, and protecting them necessitates corporate involvement in their personal affairs. There are also serious legal, ethical and reputational issues around monitoring hostile actors and their activities online which responsible organisations cannot ignore.
So how can corporate security teams set up a robust protective intelligence programme to identify credible threats in a timely manner, mitigate the risks, and protect their senior people?
At Dragonfly, we believe that an effective solution must follow four key principles. These shape our Protective Intelligence service, a bespoke solution where we monitor, identify and assess threats to your people on your behalf.
1. Human agency at the heart of your efforts.
When hunting threats online, companies often start by turning to a technological solution such as an automated scraping tool, to identify, extract and deliver relevant information.
This alone is inadequate, no matter whether you are trying to protect your people, brand or physical assets. But doubly so, where your people are concerned.
This is because the hostile actors you need to monitor are generally conscious that, when threatening your executives, they are engaging in problematic and sometimes illegal behaviour. They move around the Internet to evade detection; use ‘dog-whistles’ – that is, coded or suggestive language – in order to mask their intentions; and are highly suspicious of others in their environment.
Knowing where to look for these individuals, following them around the Internet and understanding the undertones and implications of their words and actions is nuanced work, which requires human understanding and direction.
An algorithm cannot do this on your behalf. So while automation must be part of your solution, you need human hands to closely direct and manipulate those tools. Equally, you need specialists to sift through the huge amount of noise generated, and process that information by analysing and assessing which threats really matter and which threat actors have both the capability and intent to execute.
How Protective Intelligence helps: This is a human-led solution. Our team of specialists use best-in-class automation to curate relevant information on your behalf from the open, deep and dark webs, applying their expertise to the collection operation. They have the breadth of skills and crucial depth of experience necessary to turn this information into actionable intelligence, saving your team time and effort and providing you with the intelligence you need to make confident decisions.
2. Follow ethical and legal collection policies.
The threat to senior executives comes from fixated individuals and hostile actors. The role of your Protective Intelligence service is to protect your leaders from genuine threats – not to pursue, spy on, entrap or interdict the people involved, or otherwise enforce the law.
This requires a proportionate, reasonable collection plan, which balances your lawful, legitimate right to protect your organisation with your ethical and legal responsibilities.
Similarly, you must take into account the serious compliance and reputational issues that might arise should you, for example, violate Facebook policies or are caught talking to individuals on the deep or dark web – and ensure that your company never crosses those and similar lines.
How Protective Intelligence helps: The team follows strict internal policies in our collection work, ensuring the efforts are proportional, following all relevant laws and regulations (including any specific to your organisation) and minimising your reputational risks. For example, under no circumstances do we engage with users of platforms associated with extremism or terrorism.
3. Respect your executives’ privacy.
One of the biggest barriers to carrying out effective Protective Intelligence for your senior executives is their own understandable anxiety around having anyone collate information about their private lives and having sensitive matters potentially exposed.
The irony is that the purpose of Protective Intelligence is only ever to protect their privacy and prevent vulnerabilities which are already in the public domain – whether they realise this or not – from being used to hurt them. By resisting these protective measures, the executives may be opening themselves up to much more significant damage at a later date.
An effective threat-hunting service must recognise and respect the tension for those it helps, operating with discretion, sensitivity and caution.
How Protective Intelligence helps: One of our first steps when working with your executives is always to ensure they understand the rationale for Protective Intelligence and the process we use, which helps diffuse suspicion and build trust.
The Protective Intelligence team is a closed unit within Dragonfly, with layers of internal protection to safeguard against any details being leaked.
Everything in our service is designed to make your senior executives comfortable. For example, even the most high-profile CEOS are likely to want to read reports that concern their personal safety. Therefore, the reports are written in a format which you can share easily and confidently with them. The language is accessible and the tone is sensible, calm and non-alarmist. Security jargon is out of the question.
4. Treat executive protection as a strategic matter.
It is tempting to see executive protection as an independent strand within your security operations. But our experience suggests otherwise.
Hostile actors are often on an escalatory path. Their interest sometimes starts with a grievance against the brand or assets, perhaps trying to get into your headquarters or damaging property. They can then sometimes move on to target individuals who represent the brand at a later stage, and even move into the fixated individual space.
Since threats to brands and individuals can be interlinked, you must take a holistic view of your threat landscape. The need to monitor for hostile actors begins even before your brand comes to prominence and is under threat – even if there is, as yet, no sign of threats to individuals. Frequent horizon scanning will help you identify emerging threats that might grow into an interest in your CEO. And you can understand your executives’ vulnerabilities online and reduce them, before hostile actors start looking for them – as Protective Intelligence head, Michael Lubieszko, explains in his piece on Counter Intelligence.
How Protective Intelligence helps: The first step in our work together is to deliver your Initial Threat Assessment, which describes your organisation’s complete threat landscape, including threats to your senior executives. This allows you to see the larger picture and make connections between different types of threats you face, as well as deepen your understanding of emerging threats which may eventually affect your people.
When we later deliver your ongoing Protective Intelligence service, we continually revisit contemporary and emerging threats to your sector, brand and people, giving you visibility of what may be coming over the horizon.
With all four elements in place, you have all the intelligence you need – and can legally and ethically use – to protect your people in a proactive, timely manner; minimise reputational damage to your company; and reassure the rest of your team, who may become anxious if threats are directed at individuals in your organisation.
Case Study: Executive needed additional security around his home
For example, one company in the healthcare industry came to us after its profile grew, following the release of a new medication. We regularly report on one of their best-known senior executives, who sits on the board of a second organisation which constitutes a second threat vector.
We identified that he had become a target of interest to an individual whose track record showed he had attempted to enter another person’s home. As the senior executive’s address had been doxxed, it was reasonable to assume that the individual could find it. This allowed their organisation to take additional security measures around his home, protecting both the stakeholder and his immediate family.
In another case, a company in the food industry was concerned that several of its senior executives might face personal threats. Our Protective Intelligence service monitored their threat landscape, and assessed that there was no significant threat to the majority of these individuals.
This has not only provided assurance both to the organisations and executives concerned, but has allowed the security team to focus its time and attention on threats that matter more to their company. And we can make the same difference to you, too.
Book your Executive Protection Discovery Session
Do you need to understand more about the contemporary and emerging threats facing your executives, but are not sure where to start? If so, we’re delighted to offer you an Executive Protection Discovery Session with our Head of Protective Intelligence, Michael Lubieszko.
During this one-to-one exploratory session, which is complimentary to SIAS subscribers, Michael will work with you to identify essential steps you can take to improve your executive protection process.
Together, we will:
- Review your current approach to executive protection to identify key gaps and suggest potential solutions
- Map out what a robust executive protection intelligence cycle might look like for your organisation – sharing the most important lessons we’ve learned working with corporate intelligence teams just like yours
- Pinpoint the single most important intelligence product you need in place to protect your executives
- Identify concrete steps you can take immediately, to bolster your understanding of the threat faced by your key people
At the end of the session, we will also explain how we can help you monitor, identify, analyse and assess threats to your senior executives through our Protective Intelligence service. If this is of interest, we’ll discuss the next steps. And if you prefer to manage your intelligence process yourself, we’ll still leave you with excellent advice on how to protect your people.
>>> Click here now to request an Executive Protection Discovery Session <<<
Photo: Aerial view of a motorboat circling in the ocean. Image by Felix Cesare via Getty Images.