Managing a corporate security team can involve jumping from crisis to crisis, leaving you with no time to proactively address the threats that really matter to your organisation. An Initial Threat Assessment can break the cycle - and help you regain control.
Every weekend, a protester stands outside the headquarters of a high-profile non-profit, and shouts through a megaphone for up to eight hours a day. The organisation’s security team was, naturally, anxious about the most visible threat to a key location. But they were initially unsure whether the protester was dangerous or harmless.
Dragonfly provided an assessment of the individual’s intent, his capability to physically harm the staff or the premises, and whether the hostility he was generating online posed an additional threat. This considered assessment allowed the NGO’s security team to better understand the contemporary and future threat he posed and make internal decisions around how to deal with him. They decided that while Dragonfly should continue monitoring him, he did not merit their own, continual attention.
It’s a common situation. Working to protect your organisation, it’s easy to get distracted by the threats demanding the most immediate attention. These are often the threat actors who are shouting the loudest (in this case literally!), rather than more pernicious threats bubbling away quietly in the background.
It feels like you’re continually fighting fires, dealing with urgent threats which ultimately are not that significant. Meanwhile, you risk missing potentially serious issues. And you’re not spending your time, energy and attention where they matter most.
Threat-hunting requires a strategic approach
The problem is looking for threats without real strategy, focus and direction. The net is cast impossibly wide, especially when you rely solely on an automation tool, which may throw up thousands of keywords and mentions of your company’s name. The result is overwhelming amounts of noise from threat actors, without any hierarchy of importance or sense of where the threats you see fit into your wider landscape. Distraction by minutiae is inevitable. Where do you begin?
To be able to consistently focus on the threats that matter most to your organisation, it’s not enough to have in place better mechanisms to sift through and assess information – although that’s always part of the process. Rather, you need an approach that allows you to discern the real threats from those that are shouting the loudest much earlier in your process.
First, develop a complete understanding of all the threats facing your organisation, so you have the full picture. You can then make more considered decisions about where you want to direct your resources and which threats you want to monitor, understand and analyse in more depth in future. Going forward, your focus will be tighter and more focused on the threats that matter. You will be less likely to miss major contemporary and emerging threats, because there will be fewer fires to fight.
A “security health assessment”
It’s the same approach taken by responsible doctors, who periodically give their patients a head-to-toe health assessment.
This thorough check-up allows them to uncover serious problems early, decide which problems to monitor and to treat, and ensures they do not miss serious illnesses. The value becomes clear when you compare this approach to that of less rigorous practitioners, who treat their patients faithfully whenever they present in clinic, but never take a holistic snapshot of their health. They could easily focus on a succession of sore throats without ever noticing their patient’s impending heart failure.
That’s why, at Dragonfly, this “security health assessment” – our Initial Threat Assessment – is the first step we take whenever we start working with a new Protective Intelligence client.
We start with a broad collection plan, pointing our resources in different directions to ensure that we capture the full spectrum of threats to your organisation. Then, our intelligence analysts assess the nature, credibility and severity of these threats.
How an Initial Threat Assessment works
The Initial Threat Assessment document you receive maps out the contemporary and emerging threats faced by your brand and people. This is a completely bespoke report, whose focus and themes depend entirely on your threat profile and interests. For example, for some clients, we might look at the ideological grievances they face. For others, we might look at threats across geographies, fixated individuals, online versus physical threats and more. In addition, we always examine threats to your senior executives.
But this is not simply a long list of actors, grievances and groups which have you on their radar. You receive a comprehensive threat assessment that provides detail on the most severe threats facing you and your organisation, or issues that may cross your threshold of interest. We assess other relevant factors, such as which threats are sustained vs those that are reactionary, or which threats are online vs those that are real-world – and which cut across both.
And the document provides forward-looking assessments of emerging threats and how they might develop, to aid your planning process and ensure that you recognise new threats and their significance early on – because you were anticipating them.
The assessments are presented visually as well as through the written word, allowing you to see trends quickly, as well as to explain them easily to senior decision makers.
For example, a visual representation of threats against a ficticious healthcare company, across the ideological spectrum:
Or a representation of the threat of real-world action against the manufacturing facilities of a global – and again fictitious – company:
When there is no threat, we tell you so. For example, a recent client was certain that their senior management team faced significant threats from activists online, but we were able to demostrate that this was not the case for the majority, providing both peace-of-mind and preventing them from expending resources unnecessarily. We also highlighted genuine threats against two members of their senior management team, which they were not previously aware of.
“We knew our risk profile was changing, but didn’t have the lay of the land”
This process offers an invaluable opportunity to test your assumptions about threat and see whether they are legitimate, or whether there are other previously unknown or under-estimated threats which should be much higher on your agenda.
But the key reason the Initial Threat Assessment is useful is that it allows you to see your security issues as a complete picture, rather than in disparate pieces. As one of our clients, a senior security specialist, told us, it is much easier to identify emerging threats when you have a comprehensive map of the thematic threats you face.
This macro view is not just useful knowledge; it transforms the efficiency of your operations, because it allows you to stop fire-fighting, and make considered, proactive choices about where to focus your time, resources and effort. As a result, it creates a calmer work environment, as you are better able to plan ahead and take more confident decisions.
Adjusting to an evolving threat landscape
As the name implies, though, an Initial Threat Assessment is just that – the first step in a comprehensive threat-management plan. It acts as a baseline from which we work collaboratively with you to curate your bespoke Protective Intelligence service, where we monitor, identify, analyse and assess threats on your behalf.
And it is in no way a static document. Because your threat landscape constantly evolves, we continually engage with you to review your threats and understand any developments that change your risk profile. When these change, so does our baseline assessment, and the service you receive. Over time, you may decide to focus on new threats that have emerged or grown in significance since we began working together. Or you may choose to continue revisiting old ones, if they still matter to you.
For example, the protester shouting at the NGO’s headquarters for up to eight hours a day?
After several months of monitoring, Dragonfly’s specialists alerted their security team that he had begun posting violent threats against their Chief Executive online, which were gaining wider traction. He was no longer ‘noise’ but a credible threat with the intent and capability to do harm, and once again merited their attention.
This time, however, focusing on him was a deliberate, strategic choice – not a distraction.
Book your complimentary ‘Filter the Noise’ strategy session
Like many corporate security professionals, you too may find it difficult to sift through the sheer volume of information generated by hostile actors, leaving you struggling to identify credible threats in a timely manner and too often, distracted by urgent but ultimately insignificant ‘noise’.
If so, we are delighted to offer SIAS clients a complimentary ‘Filter the Noise’ strategy session with our head of Protective Intelligence, Michael Lubieszko.
During this valuable session, Michael will work with you to identify concrete steps you can take to refine your current intelligence process, helping you to focus on the threats that really matter to you and to extract value from the data you’re collecting.
Together, we will:
- Review your current intelligence process to identify any gaps and suggest potential solutions
- Map out what an ideal intelligence process looks like for your organisation
- Discuss how to apply the whole of the intelligence cycle to your security problems – sharing the most important lessons we’ve learned working with corporate intelligence teams just like yours
- Pinpoint the single most important intelligence product you need in place to stop fighting security fires, and instead be more informed about the threats and decisions you need to take
At the end of the session, we will also explain how we can reduce the noise on your behalf, monitoring, identifying, analysing and assessing threats to your organisation through our Protective Intelligence service. If this is of interest, we’ll discuss next steps. Or if you prefer to manage your intelligence process yourself, we’ll still leave you with excellent advice on how to protect your people and your brand.
Click here to book your ‘Filter the Noise’ strategy session now