“If your company is not utilizing social media platforms for threat monitoring, chances are the security team is missing out on a huge aspect of the company’s overall threat landscape, particularly as threats are not just physical anymore,” says Kara Gronborg, Crisis 24 Analyst III supporting the National Football League (NFL).
While the practice of monitoring social media is not new, the need to monitor for threats on social platforms has picked up momentum due to recent tragedies. A March 2019 mass shooting at two Christchurch, New Zealand mosques was filmed and streamed in real time via Facebook. This tragic event not only sparked a wide discussion on the role that social media plays, but put a focus on the use of social media threat monitoring to preempt violence.
In December 2021, a wave of school-shooting threats circulated on TikTok and other social media channels, with many videos showing a text warning of a bombing or shooting on December 17, 2021. Although the threats weren’t credible, many districts and law enforcement agencies took the threat seriously, canceling classes and bolstering security.
Whether you’re operating a sports league or a Fortune 500 company, social media threat intelligence serves as the security team’s eyes and ears to the outside world, says Travis Johnson, West Region Intelligence Lead and Super Bowl Command Center Manager at the NFL. “If you’re monitoring correctly and have all your ducks in a row, it can help your organization get ahead of a problematic situation that could put the company’s reputation at risk.”
The use cases are endless: loss prevention, asset protection, fraud prevention, executive protection, brand protection (or public relations), event security, cybersecurity, intellectual property, crisis/disaster response, business continuity, and more. Using social media to monitor threats can help better inform crisis response plans and reduce reaction time for security operations.
By setting up custom search queries for intelligence related to counterfeiting, for example, organizations can identify false advertising campaigns, analyze the impact or security exposure, search for and track the promotion or sale of the counterfeit materials or services, and continue to follow the threat for further investigation, Gronborg says.
“We are not only identifying and investigating threats or security risks, but also helping the organization save money. We are showing security is not just a cost center for the organization,” Johnson says.
Alan Saquella, Instructor of Global Security and Intelligence at Embry-Riddle Aeronautical University — College of Business, Security and Intelligence and past corporate security executive, suggests security teams can further leverage the power of social media threat monitoring to monitor insider threats. “When an employee is terminated, this person can become a great risk, especially if they were terminated due to workplace violence,” Saquella says, recalling an incident where a former employee of a company he worked for came back nine months after being terminated with violent intentions.
“With the additional help of Topo.Ai, LifeRaft Navigator, Dataminr and other vendors, we can sift through millions of data points faster on social media, act immediately and activate plans and procedures to respond to the threat found online,” Saquella explains.
In 2020, leading up to the anniversary of the August 3, 2019 mass shooting at an El Paso Walmart, the Federal Bureau of Investigation (FBI) arrested a 29-year-old man for making several active shooter threats aimed at El Paso-area Walmarts. The man had posted photos of guns with text on social media, including “#watchoutwalmartimcoming,” “#droplikeflys...,” “#watchoutwalmartsimcominginstrong” and “#bullywithafully,” according to FBI officials and court documents. During his arrest, the FBI seized multiple firearms, including a machine gun and ammunition.
Having the ability to monitor active shooter threats, suicide attempts or other violent incidents on social media adds significant value to the business. With the technology, security teams can gather the intelligence needed to assess the motivation of the person behind the threat, the credibility of the threat, and if the threat maker has the capability to carry out the threat, explains Guy Grace, Chair of the Partner Alliance for Safer Schools (PASS) Advisory Council and former Director of Security and Emergency Planning for Littleton Public Schools.
After investigating the incident promptly and efficiently, security teams can take appropriate action, deploy a multidisciplinary threat assessment team to evaluate the threat and bolster security measures to ensure the safety of assets, personnel and facilities. “As a former security director, it helped us save lives,” Grace says.
If used appropriately, social media threat monitoring will save lives and mitigate threats. However, social media threat monitoring does bring up data collection and privacy concerns.
Adequate safeguards should be in place to prevent misuse of the technology and ensure data privacy, individual privacy and free speech are maintained. “Be transparent and show the community that the organization is monitoring reasonably and legally to ensure the safety of your constituents,” Grace says. “If we don’t define how and why we are using it and how it will benefit the community, it can backfire on us.”
Saquella recommends that security teams have a clear strategy and framework in place when it comes to data collection and utilize as much open-source intelligence (OSINT) — derived from data and information available to the general public as possible.
How to Reap the Benefits
Technology improvements of threat monitoring platforms in recent years, allow security teams to automatically monitor and collect data from social media and other online sources while providing actionable intelligence and real-time alerts.
With billions of social media posts online every day, monitoring platforms help security operations center (SOC) teams filter through the most relevant data, saving time, resources and expenses. “The platforms have empowered our day to day security operations, expanded coverage of the threat landscape, and added a layer of verification to monitoring, which is fantastic,” Gronborg says.
Johnson agrees, adding that the willingness of vendors to partner and integrate has been a game-changer for security teams around the world. Not only do partnerships and integrations provide a powerful joint solution, but they also cut down on the complexities and costs often associated with purchasing multiple security solutions. “It benefits us, the user, especially when corporate security needs to justify a large budget and get leadership buy-in,” Johnson notes.
To maximize the benefits of social media threat monitoring, however, security leaders need to pair technology with expert human analysis as well as collaborate with other departments. After all, true holistic risk management and threat mitigation is a shared vision and an organization-wide responsibility. “Social media doesn’t pick everything up. The biggest security system we have is staff, stakeholders and our community,” Grace says.