ASIS Europe, renowned as Europe's premier event for cyber and physical risk discussions among established and aspiring security leaders, provided an ideal platform for Securitas to participate and showcase our expertise. Hosted in Vienna, Austria, on March 21st, ASIS Europe 2024 attracted nearly 1,000 security leaders, advisors, and innovators from global organizations such as Microsoft, Amazon, Google, BMW, Mastercard, European Union, Meta, and the United Nations.
Here, Mike Evans, Director of the Risk Intelligence Center (RIC) at Securitas, delivered an insightful session on the Innovation Track stage, focusing on the rising trend of organizations investing in Risk Intelligence for their security programs. Evans emphasized the importance of not merely 'investing' in intelligence but 'integrating' it effectively, echoing a common critique of security programs.
According to Evans, having an 'analyst' or a dedicated 24/7 team trained in OSINT (open-source intelligence) and relying on alerts from vendor platforms does not guarantee effective intelligence operations. The real value lies in mastering the fundamentals.
To address this, Mike Evans outlined three essential steps to establish a strong foundation:
1. Ask the right QUESTIONS
To ensure effective intelligence gathering, Intelligence Requirements must be defined. These requirements encompass the questions that need to be answered, the problems that need to be solved, and any gaps in the overall understanding.
Engaging stakeholders across all levels, and functions, of the organization is crucial. This includes strategic decision makers, tactical managers, and frontline operations, to determine what information is needed to protect the organization. And it includes going ‘beyond’ the traditional physical security team, to engage with other protective services such as cyber (CISO- Chief Information Security Officer) and fraud, but also other business functions, such as HR, Brand and Communications, Legal, and Procurement/Third Party. By broadening the scope beyond traditional security threats, the organization can safeguard and facilitate business operations.
Formalizing Intelligence Requirements in an Intelligence Requirements Register helps secure stakeholder buy-in and raises awareness of the objectives and the potential return on investment. For instance, effective risk intelligence saved one manufacturer nearly 2.5 million euros in just two weeks.
Remember, when it comes to intelligence collection, the quality of the questions asked directly impacts the quality of the outcomes.
2. Use all available INFORMATION
Moving on to using all the available information, where understanding the distinction between data, information, and intelligence is crucial. Data comprises raw, unstructured observations, while information is processed data in a usable format. Taking this one step further, Intelligence provides actionable insights, including the 'so what?' and 'what if?' scenarios.
To effectively use available information:
- Map out all sources, both external and internal, to uncover valuable insights. Don't overlook internal data sources, including security operations, and other business functions as mentioned earlier, as they can provide significant risk management opportunities.
- Employ both passive (automatic) and active (manual) collection methods to gather information. Combined, passive collection enables speed, scale and scope, and active collection empowers specificity and early warning for emerging indicators of a threat.
- Go beyond ‘basic’ geographic alerting, by leveraging OSINT, open-source intelligence, techniques like keyword monitoring and geofencing, and human insights and expertise (HUMINT- human intelligence) for tailored intelligence needs. By ‘tasking and asking’ relevant stakeholders and sources, one can enhance the understanding of potential risks and threats.
3. Turn analysis into ACTION
One crucial aspect often overlooked by organizations is the translation of ‘analyses into actionable steps, by missing opportunities to integrate intelligence into everyday operations.
Decision-makers often face challenges in interpreting intelligence, including understanding its implications for their organization, determining appropriate actions, and addressing additional concerns.
To bridge this gap and make intelligence actionable:
- Identify decision making processes across the organization, including routine operations and strategic planning, and integrate intelligence into these areas, to ensure it reaches those who ‘need to know'.
- Implement standard operating procedures, playbooks, and templates, for issuing intelligence and executing action plans, clarifying the purpose, audience, and workflow.
- Provide actionable insights by addressing the 'so what,' 'what if,' and 'what can be done about it', employing decision-making trees and workflows to guide responses. Strike a balance between raising alarms and providing assurance, fostering confidence in decision-making while remaining vigilant to potential risks.
By following these best practices, Mike Evans contends that organizations can maximize the value of risk intelligence in their security programs, leveraging insights to enhance awareness, provide effective advisory support, and ultimately gain a competitive edge.