How to Avoid Intelligence Program Pitfalls

January 4, 2019

The surge in demand for intelligence programs and intelligence-oriented global security operations centers (GSOCs) and virtual security operations centers (VSOCs) has not emerged out of thin air. In fact, it has been driven by changing corporate security concerns, which themselves have been shaped by the fears of corporate leaders. Between 2017 and 2018, for example, PwC’s Annual CEO survey saw geopolitical uncertainty move from being the fifth most critical concern to being the third. And terrorism, typically a threat that is firmly within the physical security realm, has now become the number two fear of CEOs. It is logical, therefore, that initiatives which seek to monitor for, manage, or even predict such risks have become a priority for global enterprises. Unfortunately, with the rush can come many stumbles.

A poorly designed intelligence program can be inefficient, ineffective, or in business terms, a waste of money. What is worse, the complacency that comes from just having a program can be coupled with liability. In 2018, a court upheld a $41.7 million-dollar verdict that ruled against a school system which did not warn students traveling to China about encephalitis. Could travel risk analysis have prevented such a lawsuit? Maybe, but only if it was designed appropriately. There are many pathways toward creating a successful intelligence team, but it is important to also understand a few potential pitfalls:

The Wrong Priorities – Many security leaders have noted that intelligence team responsibilities should be clearly outlined to avoid overreach. From an intelligence practitioner’s point of view, though, the greatest difficulty can be even more fundamental – prioritizing speed, accuracy, or depth of analysis. A large team with several layers of analysts can perform on any requirements, but small teams need clear triage directives. One or two analysts cannot always do it all
The Wrong Location(s) – There are many world-class GSOCs and VSOCs, but also ones that are hampered by a chosen geographic distribution. Some centralized GSOCs are effective as publicity tools for security leadership but are strained by global 24/7 requirements and plagued by retention problems. VSOCs, on the other hand, can run the risk of being local for the sake of local, with no value-add to the intelligence and, instead, a host of setbacks resulting from scattered personnel
The Wrong Technology – No best-in-class intelligence program can operate without technology that acts as a force multiplier on risk monitoring, investigations, visualization or information management. But getting the wrong technology is easier than getting the right technology. A sprinkling of the problems that come up: a system does not save the team time; a system worked better in the demo than in practice; a system is too costly to justify; a system is too artificially intelligent for its own good; a system’s capabilities can be matched by the judicious use of free platforms or standard Microsoft Office products.
The Wrong People – People are an intelligence team’s most important asset and an easy one to get wrong, especially if selection of personnel is tied to a security executive’s or hiring manager’s bias in favor of their own background. Individuals with intelligence community, military or law enforcement experiences are sometimes outmatched as analysts by graduate students with a zeal for connecting geopolitics to business. Conversely, no amount of enthusiasm or abstract knowledge can sometimes make up for the deep networks and location-specific familiarity that experienced professionals bring to the table. Some intelligence programs need one or the other, and some need both.

The good news about these issues and others is that they can be avoided. Three strategies come to mind.

First, security leaders who seek to develop intelligence capabilities should do their best to avoid the rush and take their time. To be sure, attaining analytical capacity is often urgent and “needed yesterday.” In those cases, security teams would do well to externalize their intelligence needs to third-party providers while thinking through their own requirements. This may be costlier but will usually turn out better than cobbling together a Frankenstein program on the spot.

Second, benchmarking is essential because the best way to learn from mistakes is to let others make them for you. If you don’t have intelligence directors or managers in your Outlook, find them and contact them on LinkedIn.

Lastly, a consultant who can help the security team conceptualize and implement the program is also strongly worth considering. An intelligence program is not a product, a person, or a platform – it is an ecosystem that may need an expert architect.

Daniil Davydoff is Associate Director of Intelligence at AT-RISK International and director of social media for the World Affairs Council of Palm Beach. He has been published by ASIS International/Security Management, Risk Management Magazine, The National Interest, The Carnegie Council for Ethics in International Affairs, Foreign Policy and RealClearWorld, among other outlets. His views do not reflect those of his company.

Daniil Davydoff can be contacted on LinkedIn or at ddavydoff@at-riskinternational.com

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

How to Avoid Intelligence Program Pitfalls

Recent Articles by Daniil Davydoff

Will COVID-19 Change Everything? The Case for Being Skeptical

Why You Need TSCM Now More Than Ever

Conducting Due Diligence in Africa: An Interview with Eva Nolle

Don’t Forget Biological Threats

How to Balance Supply and Demand within Corporate Intelligence Programs

Security Magazine

2020 October

How to Avoid Intelligence Program Pitfalls

Recent Articles by Daniil Davydoff

Related Articles

Report Abusive Comment