According to a recent report surveying International Security Management Association (ISMA) members, 60 percent of respondents identified the need to create operational efficiency and optimization as the top priority for the year. Following close behind was the need to improve threat intelligence generation and analysis, cited by 56 percent of survey participants. Improving risk assessment was the third highest priority among this audience. The report outlined that these challenges, along with other obstacles most commonly faced by security teams, are directly linked to business-wide initiatives.
Because security is deeply connected to many aspects of the business, there is a range of drivers impacting this team’s operations and outcomes. These drivers include geopolitical conditions, business continuity, crisis management, real estate portfolio changes, operational growth, technology change, and a new generation of employees who do not recognize risk.
Add to the above challenges, today’s security teams are challenged to accomplish more with less. Less funding, less time, and less headcount leave security teams with a daunting reality. Despite a lengthy list of limitations and considerations, threat and risk experts must still deliver reliable, comprehensive, and timely security intelligence that supports decision-makers in their mission to safeguard their operations, people, and clients.
Despite these challenges, focusing on three key issues – improving operational efficiency, intelligence gathering, and risk assessments – can materially impact the operations security and intelligence teams.
Challenge #1
Teams must be ready to pivot at any given moment depending on the need of the organization.
Request a demo and explore how you and your team will benefit from the most comprehensive strategic intelligence solution on the market today!
Talk to us.
Request a demo
Improving Operational Efficiency and Optimization
Enhancing the performance of any function hinges on the prioritization of operational optimization. In the absence of efficiency, money and time is lost, and employees’ efforts are wasted. This issue is particularly pertinent in the realm of security, where budgets are often constrained, and staff numbers are limited. Operational efficiency emerges as an indispensable factor for achieving success. To tackle these challenges, security functions must focus on:
Team agility: Managing the number of events occurring at any given moment feels nearly impossible for a small team, especially for organizations tracking events in multiple regions or worldwide. However, teams that can swiftly identify and pivot to focus on events most important to their organization will be the ones to successfully deliver critical information to their leadership. To help those struggling with agility and the ability to pivot, here are steps a security team can take to improve their responsiveness.
For starters, teams should always have a credible, reliable source list for all areas that are important to their business. This ensures that when a crisis does occur, the security team is not left scrambling to identify the best sources to gather their intelligence. These source lists should be meticulously maintained and updated, and include a variety of reliable, credible, unbiased sources that offer a range of perspectives.
One of the greatest challenges today is the vast array of threat events coupled with the complexity of those events and the broad reach of impact. This means teams must be ready to pivot at any given moment depending on the need of the organization. For example, if the organization has facilities and employees across multiple countries and/or continents, the security team may need to frequently shift between geographies, schematics, or different types of threats. Or, if the ESG team reaches out to the security operations center to provide some data for a time-sensitive project, the team should be able to quickly pivot priorities to support different objectives and requests. To do this well, the team must be able to smoothly change workloads and projects, as well as easily hand those projects off to a new team as they change shifts with no setbacks.
This is only possible with strong internal communication capabilities. If a team communicates well, it can allocate work seamlessly, reprioritize, and support each other to ensure intelligence doesn’t falter during times of crisis.
Fostering
team agility
1
Leveraging outside experts
2
Managing the Ripple Effect
3
NEXT: Leveraging outside experts
Leveraging outside experts: Just as an organization hires advertising agencies to conceptualize and create new marketing campaigns, organizations should harness security intelligence partners to leverage their expertise. Having support from a third party provides greater bandwidth and the ability to deliver in-location intelligence on events that matter to the organization. This can be beneficial to the internal team, providing them with much-needed knowledge without expending their resources and time. An expanded team also makes it feasible for organizations to pivot when a new crisis emerges – allowing some team members to shift focus onto the new event and know that other regions are not left unmonitored.
Having an extended network also helps when it comes to validating information, after all, relying on news or social media as a sole source is not a good idea due to bias and misinformation. To avoid bias, it is important to consult multiple reliable sources and couple that with your own or the extended team’s expertise on that subject. Being able to draw upon this real-world knowledge can build certainty and confidence in the data received and the strategic decisions being made. With the right partner, an internal security team goes from small and overworked to larger, stronger, and more strategic and agile – without additional headcount.
Having support from a third party provides greater bandwidth and the ability to deliver in-location intelligence on events that matter to the organization.
Fostering
team agility
1
Leveraging outside experts
2
Managing the Ripple Effect
3
NEXT: Managing the Ripple Effect
Managing the ripple effect: When it comes to geopolitical threats, leaders need to consider a comprehensive view of the organization. In almost all instances, events do not happen in a vacuum, and a crisis affecting one region can potentially have a wide-reaching impact, making it important to keep an eye on all people, assets, and operations across all areas.
For example, if a country is experiencing unrest due to an election, the security team needs to evaluate all possible post-event repercussions and disruptions – will there be protests in support or against the newly elected official? Will this trickle to other cities or regions? How will the organization assist employees directly impacted by the unrest? Or what does this mean for operations, such as transportation of goods or getting access to supplies for manufacturing?
The security team holds information and knowledge other departments do not have, and this information can be a huge asset during strategic planning across the whole organization. For example, partnering with the finance team as they assess investments for the coming year, working with the comms team to monitor online threats to the company’s reputation or physical assets, or implementing processes and policies for employee travel with the HR team. Best practices should be ensuring that security is well-grounded in the goals and objectives of each function in the organization so they can become a valuable extension of those teams. When the security team has an in-depth understanding of the organization, they can effectively consider how a single effect will impact the big picture.
The security team holds information and knowledge other departments do not have, and this information can be a huge asset during strategic planning across the whole organization.
Fostering
team agility
1
Leveraging outside experts
2
Managing the Ripple Effect
3
NEXT: Challenge #2 – Improving Intelligence Gathering in a Complex World
Challenge #2
Improving Intelligence Gathering in a Complex World
Thanks to technologies like Artificial Intelligence (AI), Machine Learning (ML), and Natural Language Processing (NLP), humans are no longer the only means for monitoring events around the world. Machines can do this work at speeds humans could only dream of – freeing up hours of an analyst’s time. That said, machines can’t operate alone and humans need to stay involved to monitor, verify, and improve the way the technologies work. This partnership between people and machines is improving the work of the most effective security operations teams.
As teams increasingly leverage this new technology, and the technology rapidly becomes more powerful, there are three areas of focus that they should maximize to improve intelligence gathering in a complex world:
Data intake and evaluation: For security operations, technology is the efficiency game-changer. People once had to manually sort through news articles, blogs, social media, and chat rooms to find data, and then input that data into charts and graphs to identify trends. Now, analysts are served up reports by machines, opening up time to verify events, evaluate trends, and read historical context to consider what might come next. This is an invaluable opportunity for security teams to move from a reactive to a proactive strategy.
For security operations, technology is the efficiency game-changer.
Data intake and evaluation
1
Making alerts work harder
2
Verifying events
3
NEXT: Making alerts work harder
Making alerts work harder: Many tools generate rapid alerts, but it is key for security teams and executive leadership to remember that faster does not always mean better. The right security and risk intelligence tool focuses on both the speed and quality of alert content. The key to effective alerts is customization based on an organization’s operations, employees, and assets.
For example, if an environmental organization has employees and facilities based in Paris, they will want to stay informed on events occurring in this city. However, if an alert is set up simply as “protests + Paris,” they can be inundated with any type of protest happening in Paris even if it’s irrelevant to the business. This continues to waste the team's time as they sift through irrelevant notifications.
However, changing search parameters using custom keywords or topics that specifically focus on environmental, climate protests or activism, can keep teams from becoming overwhelmed with the quantity of alerts received and help ensure that valuable intel is not overlooked in the deluge of notifications.
The key to effective alerts is customization based on an organization’s operations, employees, and assets.
Data intake and evaluation
1
Making alerts work harder
2
Verifying events
3
NEXT: Verifying events
Event verification: There is a lot of mis- and disinformation being shared via blogs, social media, and even heavily biased news outlets. Machines alone cannot determine what is false and what is fact, especially when advanced technologies, like generative AI, are potentially adding to the sources creating misinformation and portraying it as fact. The increasing importance of verifying events cannot be overstated.
If a team accepts alerts at face value, they could easily share inaccurate information with decision-makers. Security teams need to take the online narrative and weigh that against information that is verified from local sources in order to get an accurate understanding.
The increasing importance of verifying events cannot be overstated.
Data intake and evaluation
1
Making alerts work harder
2
Verifying events
3
NEXT: Challenge #3 – Improving Risk Assessments
Challenge #3
Improving Risk
Assessments
In addition to monitoring for risks and threats that can harm the business, a security team must also be proficient in sharing intelligence with the organization’s leaders. To ensure timely communication of emerging risks and threats to decision-makers, a well-defined plan and strategy are essential. Security teams must grasp the specific events that stakeholders deem urgent for immediate notification, along with their preferred communication channels, while also identifying those events considered of lower priority.
To help navigate the sometimes-tricky path of risk assessments, here are three key tactics that work hand-in-hand to ensure security teams deliver the right information to the right people at the right times.
Risk Appetite: The first thing an organization needs to do when working to improve its risk assessments is to determine its risk appetite. Defining this becomes tricky, as each leader likely has their own perception of what is considered a risky environment. For example, a leader sitting in a stable jurisdiction might view a protest outside one of their manufacturing locations as a high risk, while someone living and working in a volatile area views that as a low-risk, common occurrence. To effectively address this challenge, security teams must engage in discussions with all leaders and stakeholders to determine acceptable events versus threats.
Understanding risk appetite should be the first step in every security plan, even before setting up alerts, as it sets the baseline for the team’s activities. In some cases, leaders don’t yet have a defined risk appetite. This is when the security team needs to guide the leaders, talking through various scenarios to identify the risks and threats that would put the organization’s people, assets, or operations in jeopardy.
Understanding risk appetite should be the first step in every security plan.
Confirm the risk appetite
1
Establish security benchmarks
2
Create a communications plan
3
NEXT: Establish security benchmarks
Benchmarks: Once the risk appetite is established, it’s time to set benchmarks. To start this process, security teams need to work with leadership to define risk levels. Once the risk levels are established, the teams need to identify the point in time when an activity becomes a risk to the business.
For example, a small protest outside of a building might rank at a “1” on the risk rating scale, while a citywide protest might be identified as a “7”. If leaders agree they want to be notified of all events ranking a “5” or higher, the security team would move forward with communications for the citywide event, but not the small-scale one.
Security teams need to work with leadership to define risk levels.
Confirm the risk appetite
1
Establish security benchmarks
2
Create a communications plan
3
Next: Create a communications plan
Planning and Communication: The final tactic for enhancing the risk rating process involves refining workflows, reporting, and communications for the broader organization, particularly its leaders and key stakeholders. To effectively manage security risks, the security teams should have a clear understanding of the information that leaders require both on a regular basis and during a crisis. This would involve identifying the specific data and insights that leaders need to know concerning the overall threat landscape. By providing regular, informative reports, both leadership and the security team can work together to address current threats and prepare for future uncertainties.
Often leaders appreciate receiving concise reports that communicate the impact an event will have on the business, as well as learning about the progress and successes of the security team over a set period of time. Learning the keywords, the jargon, and the format that best resonates with leaders is an important part of this process.
The final step to honing the risk assessment process is implementing tripwires and the necessary protocols during a crisis. A disruptive event causes enough chaos on its own; deciding on a plan of action shouldn’t be part of it. Each department should have created scenarios for every possibility related to each of those tripwires and specific actions that take place in case of every eventuality. These plans should consistently be reviewed, shared, and updated amongst leadership and department heads.
Learning the keywords, the jargon, and the format that best resonates with leaders is an important part of this process.
Confirm the risk appetite
1
Establish security benchmarks
2
Create a communications plan
3
As the geopolitical risk landscape continues to change, the job of security and intelligence operations is increasingly difficult. Teams are tasked to protect more people, more assets, and more facilities. Oftentimes these people, assets, and facilities are located across the globe, with different political regimes, unique sets of threats, and varying levels of risk tolerance. Put simply, managing security intelligence for a global organization is no small feat. It is an around-the-clock job, with a lot on the line. At all times.
With so many elements at play, it is much more important for security teams to have a strong foundation and a solid set of processes established. While unforeseen roadblocks and complications are a certainty, operational efficiency, intelligence gathering, and risk assessments should not be issues holding a security team back.
From fundamental optimization tactics to innovative technologies, it is possible to eliminate these top three pain points. More than that, these shifts can elevate the performance of a security team – helping security intelligence professionals do their jobs smarter, faster, and more accurately.
It's time for organizations to strengthen their security and intelligence operations, and there is no better opportunity than now.
Overcoming Challenges to Maximize Security Success
9 Steps to Overcome the Top Challenges Impacting Security Operations
Planning and Communication: The final tactic for enhancing the risk rating process involves refining workflows, reporting, and communications for the broader organization, particularly its leaders and key stakeholders. To effectively manage security risks, the security teams should have a clear understanding of the information that leaders require both on a regular basis and during a crisis. This would involve identifying the specific data and insights that leaders need to know concerning the overall threat landscape. By providing regular, informative reports, both leadership and the security team can work together to address current threats and prepare for future uncertainties.
Often leaders appreciate receiving concise reports that communicate the impact an event will have on the business, as well as learning about the progress and successes of the security team over a set period of time. Learning the keywords, the jargon, and the format that best resonates with leaders is an important part of this process.