Whether you’re establishing a protective intelligence program from scratch, or re-evaluating the way your team’s resources are currently allocated, it may be helpful to step back from the day-to-day issues within your programs and think more strategically.
In many organizations, security leaders are too busy fighting literal and figurative fires to consider how they might be able to prevent the fires, or notice them before they become a serious problem. Unfortunately, in some organizations, it takes a tragedy (or two) to inspire change, or to move away from the idea that “it’s always been this way”. But it doesn’t need to be this way. Taking time to think strategically about the threats you may face can give you an advantage in preparing to understand, identify, monitor and mitigate those threats, before they become a fire or a tragedy.
Here are some questions to review when building or enhancing a protective intelligence program to proactively identify, assess, monitor, and mitigate threats to your organization.
First, understand your holistic threat landscape. What specific threats does your organization face? What are the top strategic threats to your company? Do those threats change based on external factors, like geography or time of year? Which threats are most likely to have a prolonged or substantial impact on personnel and operations?
Once you’ve identified the types of threats your organization faces, think about the likelihood and severity of each threat. List them and assess impact. For example, the murder of an executive is probably very unlikely, but in the event it happened, it would cause a substantial negative impact to the brand and organization. Don’t forget to consider the threats that may not have a substantial physical impact, but could cause significant or lasting harm to your organization’s brand, image and reputation.
Determine the best ways to identify new and emerging threats that could impact your organization. What are the most effective ways to uncover new and monitor existing threats? Can technology solutions assist in monitoring?
Once you’ve spent some time thinking strategically to identify a wide range of threats that could impact your operations and personnel, it’s time to think more tactically. Think about the most likely sources of those threats and the best ways to track those sources. Is the information already being collected, or will you need to design a process for collecting and analyzing it? How should that information be shared among the security team and others in your organization? Think about the best processes to share and store that information, including both new and historical data. Wherever possible, depict the threat landscape on a single “pane of glass” to make the information most accessible to everyone with a need-to-know.
In the same way technologies like cameras and license plate readers have enhanced physical security in recent years, new technology is making it possible to monitor for many types of adverse intelligence and threats globally, on a 24-7 basis. These solutions can provide a wide variety of information, including social media monitoring, the Dark Web searches, tracking the security environment in specific locations, and updates on breaking events, giving your team better visibility of your organization’s larger operating environment, regardless of location. These tools can also help to analyze and track the data your programs collect, connecting the dots of both current and historical data points, making it easier for your team to see the full threat picture and share that information with others in your organization. Using technology to accomplish these tasks can help your security programs scale more efficiently to better address threats, while potentially freeing existing resources to focus on more critical tasks.
What knowledge, skills and abilities will your team need to learn or hire to monitor and mitigate the identified threats? How will your programs and staffing needs change in the next year? In the next five years?
Prioritize your needs by considering the threats that have both the highest likelihood and impact. Think about the steps your team can take to most effectively understand, monitor, and mitigate these threats. Change doesn’t always need to be dramatic to be effective — it can mean hiring an analyst to capture and analyze data from internal and external sources, or tracking metrics to demonstrate the security team’s value to the rest of the organization. Consider if other departments within your organization may have resources that can be used to supplement your efforts.
Once you’ve addressed any current shortfalls in the skills on your team, it’s important to think strategically about what your team will look like in the future. Even though it’s impossible to identify many of the threats your organization will face in five years, try to create a staffing and organization plan that your team can use as a starting point to grow to match the changes and challenges you anticipate. Be sure to incorporate the thoughts and plans of others within your organization to understand how and where growth and change is most likely. Once the baseline is in place, the specifics can shift as the threat environment and your operations change over time.
What metrics will best demonstrate the value of your programs and the impact of your work?
Success for a physical security practitioner usually means making sure nothing happens. This can make it very difficult to find the best metrics to track that will measure the success of your programs and justify new investments to ensure nothing happens in the future. Think about each program individually and the specific ways each program can demonstrate its success. For example, programs like executive protection can measure the number of threats detected on a specific platform and how quickly the team was able to identify the source, or the number of new investigations opened in a given time frame.
Download our Protective Intelligence Toolkit: Operational Templates for all the tools you need to develop or enhance your security program.