When did your business last undertake a security risk assessment? How do you evaluate threats or vulnerabilities? Are there any gaps in your security measures? Do you have full confidence in the security technologies that your business employs? Omar Abu-Rish explains why, as threats continue to grow and evolve, today’s organisations need intelligence on all of the risks which might impact their day-to-day operations.
In today’s complex security landscape, with businesses facing an ever-increasing array of risks and threats, it’s important to step back and ask yourself some serious questions like those outlined. From crime and disorder, violent extremism and activism through to fire risk, data leakage and cyber theft, understanding the threat landscape within and outside of your organisation represents half the battle.
No matter what type of business you run, or the vertical sector in which you operate, it’s absolutely true to state that ‘knowledge is power’ and, indeed, vital when it comes to protecting the organisation’s people, property and assets.
As businesses grow, so the risks posed to them increase still further. That being the case, it’s essential to regularly take a step back and review in some degree of detail whether or not your security solutions on site are pre-empting these threats and are perfectly ready to respond should the worst happen.
For genuine and tangible peace of mind, organisations should be moving away from purely reactive security – a label often ascribed to security in UK plc over the years, given its tendency towards conservatism with a small ‘c’ – and focus more on an integrated and fully predictive security solution.
The foundation of predictive security stems from digitisation. There’s now an opportunity to gather and use large amounts of data from internal sources and combine these with external information including crime statistics and advanced analytics that can ultimately assist businesses to predict and then prevent criminal activity before it’s allowed to happen. This goes right to the very heart of predictive security – mitigate risks before they become threats and act in real-time to protect your organisation when needed.
Effective corporate risk management should follow a three-step process: evaluate, analyse and then plan. In the first instance, we need to use risk-based methodologies, detailed operational analysis and a Best-in-Class evaluation platform in order to evaluate the current security service.
Second, combine on-site equipment – such as security sensors and surveillance cameras – with historical and real-time data as well as external crime and incident data sources with a view towards analysing and defining the business’ unique risk profile.
Finally, by actively combining protective security services with the very best of today’s intelligence technology, you can then plan and implement a total security solution purpose-designed to keep your organisation safe.
Security intelligence services
Billions of people worldwide have access to the Internet which they use as a platform for communicating and socialising. From a security perspective, there has been a greater focus on online platforms over the last few years in order to help combat potential new threats.
Law enforcement agencies have used open source investigation for years, gathering valuable intelligence from online platforms in a bid to keep members of the public safe from harm. Of late, the security business sector has itself recognised the value of open source investigation and duly established its own in-house intelligence teams.
From a business perspective, understanding and responding to online data of this nature can seem daunting, if not impossible. After all, if we look at social media as just one source of information, there are millions of posts shared every second right across the world. Social media platforms are a primary source of communication for many, meaning that there’s an enormous amount of information and intelligence to monitor. Blogs, websites and community pages can also be valuable sources of intelligence.
Open source intelligence has made it possible to access previously unknown or unmonitored information. That being the case, we can now be more proactive with advanced, real-time analysis and plan for more complex security breaches.
How can organisations looking to protect themselves keep up-to-date with the sheer volume of information, though? Few businesses have the right skills, time or capacity to monitor the many thousands of data signals with which we’re all bombarded on a daily basis. What, then, is the solution?
Specialist intelligence teams can analyse and interpret this data, as well as other valuable sources of information, in order to identify any threats or suspicious activity that may lead to business disruption. Highly-skilled intelligence analysts are right at the heart of these teams, bringing with them a wealth of experience through similar roles performed with the police service, the military or Government.
Being readily able to capture and analyse vast amounts of information in real-time or tap into services that can provide such intelligence for you is now critical to the security of your operation. Cutting-edge technology also plays an important role.
For example, our own Securitas Intelligence Unit makes good use of an industry-leading, cloud-based open source listening platform with real-time access to multiple Internet data streams. Using this, we can monitor occurrences and advise our clients on unusual or concerning activity.
Intelligence services in action
Recognised the world over as representing the pinnacle of motorsport, F1 is a showcase for automotive engineering excellence, design innovation and unrivalled driving skill. Up to 195,000 fans attend each race on the annual F1 calendar, with 1.76 billion watching live at home. F1 enjoys an estimated global fan base of no less than 500 million-plus.
When it comes to security, each F1 race venue is unique with the promoter responsible for arranging on-the-ground operations and security. In 2017, F1 undertook a comprehensive review of its event security operations which involved running a thorough corporate risk management workshop. Then, early last year, F1 signed a three-year contract for global corporate risk management services with a dedicated security advisor.
A bespoke risk management tool and risk assessments have been specifically created for F1 to reflect the unique threats faced at each Grand Prix location. Risk levels are assessed by combining the likelihood and impact of threats and hazards observed. This information is then shared via an online dashboard, which is part of the risk management tool, such that F1’s management can log-in at any time to monitor and review the risks and threats identified.
At the same time, recommendations and Best Practice solutions are put forward with a view towards closing gaps in security and fully mitigating risk.
Given the dynamic and transient nature of travel to the various race locations, it’s a priority for F1 to provide its staff with critical information as they do so, thereby always ensuring their safety and security. To achieve this, F1 receives pre-travel threat assessments on the risks members of staff may face as they enter each new country and environment.
During live Grand Prix proceedings, a team of highly-skilled intelligence analysts, all of whom are experts in investigating open source intelligence, will continually monitor for any emerging threats.
As you can imagine, crowd safety and event security is of paramount importance at each Grand Prix. F1’s intelligent and preventative approach towards security helps to mitigate risks and provides assurances that its own people, the fans, race venues and the F1 brand itself are in safe hands.
The security needs of businesses are evolving. We’re also facing a new reality that requires an holistic approach to security. Reassuringly, despite new threats and an ever-changing security landscape, data-driven insight and innovation means that we’re now more tuned-in than ever before to both internal and external threats.
Security solutions can now be designed for clients which combine corporate risk management with security intelligence such that we can proactively mitigate risks before they become threats and act determinedly in real-time when and where needed.
Omar Abu-Rish is Security Operations Centre Excellence and Insight Manager at Securitas UK