Utilizing Intelligence to Extend the Security Perimeter
The sophistication and volume of today’s security threats requires a more proactive approach for effective deterrence and mitigation. Forward-leaning security teams realize the importance of understanding the intentions and capabilities of threat actors long before they arrive at their doorsteps. Extending the perimeter of security as far out as possible is critical to protecting an organization’s most important assets: employees, guests, customers, property, brand and information. Whether the threat involves a physical or cyberattack, incorporating an intelligence program as part of perimeter security has proven time and again to not just limit the element of surprise, but proactively keep assets out of harm’s way by providing actionable threat information that is aggregated, analyzed and disseminated in a timely fashion.
Most organizations’ perimeters likely have physical or cyber barriers to entry, such as fences, doors, bollards and firewalls, that help stop threats from gaining access. Implementing an intelligence program as an additional layer of security allows an organization to extend its perimeter further than ever before. Companies such as Disney, which welcomes millions of guests to its parks across the world each year, have embraced the importance of perimeter extension through an intelligence program, incorporating a multi-layered approach to security.
A corporate security intelligence program utilizes people, processes and technology to collect and respond to information obtained through various sources including the organization’s security team, employees, open source intelligence, internal trend and data analytics, and outside partners such as state, local and federal law enforcement. Every intelligence program is inevitably different based on an organization’s industry, size, culture, infrastructure, operations and public-facing profile, but all programs should be capable of providing tailored, predictive and actionable information to mitigate risk.
In addition, since 9/11, there has been increased collaboration and information sharing between the public and private sectors. Governments are more willing than ever before to provide critical intelligence to the private sector and embrace the value that private sector intelligence programs can offer in order to paint the clearest picture of emerging threats in different industry sectors.
With that backdrop in mind, several key themes should be considered when implementing an intelligence program in your organization. Intelligence programs should be:
- Driven by intelligence requirements that meet the needs of key decision makers: Intelligence needs differ by company or organization. Best-in-class security intelligence programs provide decision makers with tailored information that is timely, relevant and actionable, reflecting security and business priorities. Intelligence enables the security team to maintain an advantage over adversaries and should also facilitate informed business decisions. An organization’s security program should have a thorough understanding of business operations, and the team should routinely engage with others in the business. As an example, cruise line executives at Disney had a targeted need to understand which ports they should avoid due to a heightened risk of violence or other threats. The Disney intelligence program was able to provide these business leaders with valuable, customized intelligence which helped guide which ports of call the ships would visit.
- Guided by a corporate security intelligence policy: Often just the mention of “intelligence” may raise concerns from some leaders within a company given legal and privacy concerns and cultural or operational norms. It is critical to establish a policy that governs the boundaries of the intelligence program. The policy should define the necessary approvals and guardrails in conjunction with legal, human resources, employee relations, compliance and risk management partners and other stakeholders. In addition, developing a communication strategy early in the process is critical to ensure that everyone that needs to know about the program is engaged before moving forward.
- Grounded in proven techniques and processes to gather, analyze, and disseminate intelligence: An intelligence program should pull from a broad range of intelligence sources, providing actionable, customized intelligence in alignment with requirements. Intelligence processing should be based on a production plan that emphasizes standardization, prioritization and clarity. A production plan is a useful tool to help determine and prioritize the intelligence questions to analyze, the type of products to produce, the appropriate methods for dissemination and required approvals.
- Built upon a foundation of the right people and technology: From my time leading the FBI’s Intelligence Program across 56 field offices and headquarters, I determined that having the right team and tools underpinned the effectiveness and successful adoption of the program. Empowering your team with the proper training and investments in technology will enable them to spend less time on researching, aggregating, processing and formatting intelligence and allow them to spend more time identifying, understanding and responding to threats.
- Continuously improving: Highly effective intelligence programs continuously improve and evolve, relying on established metrics. The security team must ensure the metrics focus on quality over quantity and incentivize the creation of actionable intelligence, treating users of the intelligence as “customers.” Good metrics will inform which practices to keep and which ones to eliminate. Constant feedback and a clear process for improving the intelligence process and output will result in a more effective program that addresses the evolving threat landscape.
Businesses today are facing increasingly complex threat environments. Extending the perimeter by instituting a corporate security intelligence program enables companies and organizations to stay well ahead of threats and often helps inform strategic and operational decision-making.