Increasing Security By IntelligenceBy Dave Webb | 27 May 2020
How to increase security with an intelligence program
Increasing security by Intelligence
The complexity and volume of today’s security threats requires a more proactive approach for effective prevention and mitigation. Forward thinking security teams realise the importance of understanding the intentions and capabilities of threat actors long before they arrive at the front door. Enhancing security using Intelligence as far out as possible is critical to protecting an organisation’s most important assets (employees, visitors, clients, property, brand, and intellectual property). Whether the threat involves a physical or cyber-attack, incorporating an intelligence program as part of the wider security has proven to not just limit the element of surprise, but proactively keep assets protected by providing actionable threat information that is collected, analysed, and distributed in a timely manner.
Most organisations have physical (fences, doors, guards, access control) or cyber (firewalls, antivirus/anti-spyware software, employee training) barriers to prevent entry and stop threats from gaining entry/access. Implementing an intelligence program as an additional layer of security allows an organisation to extend its security further than ever before.
A company/organisation security intelligence program utilises people, processes, and technology to collect and respond to information obtained through various sources including the organisation’s security team, employees, open source intelligence, internal trend and data analytics, and outside partners such as the Police. Every intelligence program will be different based on an organisation’s size, industry, culture, infrastructure, operations, and public-facing profile, but all programs should be capable of providing customised, predictive, and actionable information to mitigate risk.
In addition, in recent years flowing several high-profile terror attacks there has been increased collaboration and information sharing between the public and private sectors. Governments are more willing to provide intelligence to the private sector and embrace the value that private sector intelligence programs can identify emerging threats in different industry sectors.
With that backdrop in mind, several key areas should be considered when implementing an intelligence program in your organisation.
A. Driven by intelligence requirements: Intelligence needs differ by company or organisation. The best security intelligence programs provide decision makers with tailored information that is timely, relevant, and actionable, reflecting security and business priorities. Intelligence enables the security team to maintain an advantage over adversaries and should facilitate informed business decisions. An organisation’s security program should have a thorough understanding of business operations, and the team should routinely engage with others in the business.
B. Dovetail with the security intelligence policy: Just the mention of the word ‘intelligence’ can raise concerns from leaders within a company given legal and privacy concerns along with cultural/operational regulations. It is critical to establish a policy that governs the boundaries of the intelligence program. The policy should define the necessary approvals in conjunction with legal, HR, employee relations, compliance and the risk management team and other stakeholders. In addition, developing a communication strategy early in the process is critical to ensure that everyone that needs to know about the program is engaged.
C. Grounded in proven processes in order to gather, analyse & disseminate intelligence: An intelligence program should pull from a broad range of intelligence sources, providing actionable, customised intelligence in alignment with requirements. Intelligence processing should be based on a plan that emphasises standardisation, prioritisation, and clarity. A plan is a useful tool to help determine and prioritise the intelligence questions to analyse, products to produce, suitable methods for distribution and required approvals.
D. Create a programme from a strong base utilising the right people/technology: Having the right team and equipment reinforces the effectiveness and successful adoption of the program. Enabling your team with the proper training and investments in technology will enable them to spend less time on researching, collecting, processing, and formatting intelligence allowing them to focus more time identifying, understanding, and responding to threats.
E. Continuously improving: Effective intelligence programs continuously improve and evolve, relying on established metrics. The security team must ensure the metrics focus on quality over quantity and incentivise the creation of actionable intelligence, treating users of the intelligence as customers. Good metrics will inform which practices to keep and which ones to remove. Continual feedback and a clear process for improving the process and output will result in a more effective program that addresses the evolving threat landscape.
In summary – businesses and organisations today are facing increasingly complex threat environments. Extending security by establishing an intelligence program enables organisations to stay one step ahead of threats and often helps inform strategic and operational decision-making.