Some of the areas where intelligence has the most tangible, demonstrative value to an organization is for decision-making regarding operational continuity from political unrest, geopolitical issues, conflicts or pandemics, as well as business expansion and support. “In 2008, for example, having reliable and credible intelligence allowed Baker Hughes to make business decisions to start up operations in Iraq. COVID is another great example of the value of intelligence,” Tosh says. “During the peak of the pandemic, our [Global Intelligence & Travel Security Operations Center] GITSOC played a significant role — through up-to-date information on travel restrictions and country border closures — to support our employees returning back home safely and securely.”
Intelligence is an incredibly broad term here, but purposely so. In the context of security functions, intelligence comes in many forms and, ultimately, is about informing stakeholders on what is important to the specific business, agency or organization. “To say, ‘Well, this is what we understand is happening,’ is only part of it; I would argue that the value is in understanding the impact or potential impact,” Houston says.
Organizations gather intelligence from a number of sources, including on-the-ground internal and external employees and stakeholders; open-source information such as news, weather information and social media; subscription and other targeted information and analysis services; and peers and partnerships from working groups, industry associations and public/private agencies. What individual security teams and organizations collect depends on their resources, maturity and needs.
For organizations looking to increase or grow their intelligence, security leaders offer the following tips:
*Click the image for greater detail
1. DEVELOP A MODEL RELEVANT TO YOUR ORGANIZATION.
Houston says that organizations must develop a model or process for gathering, analyzing and disseminating intelligence with flexibilities built in. “Information can help answer a question or be a base for a decision. With that information, it’s then about identifying those risks to determine what mitigation measures we have in place to address them,” Houston says.
Gathering the information is a part of that model of intelligence, but so is the analysis of the information. “That piece of how can we interpret or assess this intelligence is much more important than getting the intelligence,” Tosh says. “Only through intelligence and proper analysis are we better informed in our posture to provide our leadership with an understanding of existing or potential risks, as well as where and how we can respond to a situation or do business in a particular area.”
A vital part of this step is ensuring that the ways information is obtained, gathered and analyzed are all relevant to the organization. Without relevancy, a well-meaning intelligence program falls apart, security leaders say.
“There are certainly tools that can help you figure out how to apply X, Y or Z to your organization, but in my opinion, it’s really about understanding where your business is headed, what your organization is doing, and the goals they are trying to achieve,” Hollandsworth says. “Once you understand that, you can filter through the waves of intelligence coming in and then apply what is most important based on the business and where it wants to go; that is going to be different for every organization.”
2. VARY YOUR INTELLIGENCE.
Another component of a successful intelligence program is ensuring the variety — and credibility — of intelligence coming in. For Baker Hughes, Tosh says the company’s GITSOC and security function use a combination of on-the-ground intelligence, collaboration and information sharing with other departments and company stakeholders, open-source information, subscription services, and networking with industry groups and peers to inform the company on risks, potential threats and decision-making. “I believe it’s vital to have multiple streams of intelligence to make good decisions,” he says.
But, he adds, it’s up to the security team to determine and ensure the credibility of that intelligence. “The credibility piece plays a vital role; without that credibility, we could place employees or operations in harm’s way, and that’s not what we are here to do,” Tosh says. “In my experience, a lack of credible information can make a difference between life or death.”
In addition to software, subscription services and open-source information, Hollandsworth says that security leaders can beef up their intelligence by developing relationships inside and outside the organization, including federal and local agencies and professional networks.
Inside the organization, communication and relationships with sales, legal, marketing, operations and others can give security teams insight into current and future plans for the organization and how security functions can enable those plans.
“There is a lot of information out there that is free, including leveraging your contacts,” Hollandsworth says. “It’s certainly a good way to start if you are just beginning to enhance your intelligence, and if you are going to make a big impact within your organization, you have to develop and expand those internal and external partnerships.”
3. BE OPEN AND FLEXIBLE.
Of course, expanding your sources of intelligence gathering can lead to the complexities of information overload, Houston says. “You need to look at the sources of information and where that information is coming from, even if you don’t agree with that information,” Houston says. “Eventually, that information will filter itself, and it’s surprising to see how quickly you can see information validated or not.”
Just as critical as information filtering, Houston says, is ensuring that your team looks at incoming information with an open mind and without preconceived judgment. “You have to be careful. We need to look at information as it is and not look for information that is going to answer a question in one way that we want the question answered,” he says.
Houston adds that organizations need to have an open, unbiased analysis built into their intelligence model from the start. “If the security environment you are looking at changes, you have to be willing to adjust your model and look at other sources of information; you can’t be wedded to one source [or idea] because that wouldn’t do a service to ourselves.”
After the intelligence process is assessed, one of the often-overlooked components of any intelligence program is ensuring that your team has the business acumen to translate intelligence to other stakeholders. In other words, if you can’t explain the intelligence — and its corresponding analysis, potential repercussions, and mitigation measures or investments — to the appropriate stakeholders within the organization, the value proposition may be lost.
“There’s value in the raw information, but you cannot put a price tag on the value of someone taking that information and explaining the impact,” Houston says. “It’s that perspective of being willing to develop a trend or understanding of that information that has the value.”