Imagine a scenario many security practitioners are familiar with: A bizarre post on an obscure social media account surfaces. It could be construed as a threat against a company executive. But it's unclear. To further complicate the situation, a different executive at the organization has recently been under public scrutiny, and the security team has been swamped monitoring related issues.
So what does an investigator do with a single ambiguous social media post when their workload bandwidth is already thin? It can't be ignored, but as it stands, that post is only a single data point — a basis for concern, but maybe not for any action.
What's needed are multiple sources of data collected and connected to assess and confirm the risk more accurately. In these situations, Google was once a revelation, and it's still significantly better than piecemeal, manual research processes. But search results displayed in a list need helpful context, and only a few people get beyond the first page — not to mention the copious amounts of information that don't appear in a typical Google search. It's not enough.
Emerging tools empower investigators with a more comprehensive view of potential threats in an overwhelming information landscape. This shift in available resources and technology is gradually reshaping the investigative process, highlighting the importance of critical thinking and analytical skills.
A new frontier of information
For years, businesses from all sectors have contended with a rising tide of data — new types and sources. Security leaders are accustomed to saying that "data is the new oil," highlighting how data is one of the crucial economic inputs for organizations. And for corporate security, it's been a double-edged sword.
On one hand, there are new ways to obtain information. Records once only available in courthouses are now digitized and available with a few mouse clicks. Social media and other sources of open-source intelligence can also be powerful investigatory tools.
On the other hand, the murky corners of social media have made the casual yet frequent issuance of menacing remarks nearly routine. The same digital revolution that has helped accelerate investigations has also propelled the number of threats to stratospheric levels.
The velocity and volume of risk of these signals will only increase. The challenge for investigators is separating the signals from the noise and misinformation from fact.
The threat environment requires tools that collect and connect multiple data sources simultaneously and publicly available social media accounts to the more extensive post history to use that information to find a real name and connect that name to the property, court records and adverse media.
An emerging class of security software platforms are purpose-built for these needs, providing a connected view of real-time and historical data to streamline corporate security operations, and confidently inform business decisions.
So, how will this emerging class of tools change how corporate security investigators and researchers work? Human intuition and experience — as well as ethical considerations — remain crucial to the decision-making process.
For one thing, when robust data is available instantaneously, security researchers can quickly triage risk — deciding which threat actors don't have the means to carry out an attack and which should be taken seriously.
But we'll also see these professionals shift from reactive to proactive approaches. Security professionals will have more opportunities to conduct risk assessments for travel and facilities security, more advanced planning for executive protection, comprehensive intelligence gathering ahead of protests and demonstrations, and more cooperation with local authorities.
Ultimately, the ability to conduct integrated and investigative research across multiple domains can elevate the security professional. The modern investigator becomes a data gatherer and a discerning analyst, equipped to assemble the puzzle pieces swiftly and accurately, effectively sifting through potential threats to separate signals from the din.