In this blog, a Fivecast Tradecraft Advisor discusses the threats and challenges associated with a continuously growing online landscape, and how robust intelligence strategies and solutions can mitigate the challenges of identifying threat actors online.
For protective security teams across the government and commercial sector, it’s hard to think of the internet and, more specifically, the advent of social media as anything other than a nightmare. Not only does social media allow organizations and/or protectees to share seemingly innocuous information, pictures, and videos that can help threat actors identify offline patterns of life, the sense of anonymity the internet gives users causes some to make outrageous threats or statements on social media they would never say in person. These threats, while often made behind a screen, can quickly escalate into real-world risks, prompting physical security responses such as increased security personnel, rerouted travel, or facility lockdowns. Even when the threats seem implausible or exaggerated, they must be taken seriously and investigated thoroughly to ensure the safety of people and assets.
READ OUR OSINT FOR PROTECTIVE SECURITY INDUSTRY BRIEF
Identifying Security Threats
Manual collection and analysis of online content is increasingly impractical for protective security teams due to the overwhelming volume of online chatter. The challenge isn’t just in uncovering the risk amongst the noise, it’s doing so fast enough to inform physical security decisions. When threats aren’t identified early, teams are forced into reactive security measures such as deploying additional guards, modifying access controls, or coordinating with law enforcement, often without the benefit of prior intelligence. This is an expensive and time-consuming task at the best of times, and having to do it on the fly only makes matters worse. This cuts across protective security use cases – whether you’re dealing with executive protection, facility, asset, IP, and employee protection, or event security. In recent years, protective teams have seen a rise in threats that begin online but culminate in physical confrontations, protest, or targeted harassment at corporate offices or private residences.
One of the most important things a protective security analyst needs to do is determine who is making a threat and use that information to start building out a threat profile. Understanding the threat actor’s intent and capabilities is critical not just for online monitoring, but for anticipating physical actions such as stalking, facility breaches or coordinated disruptions. This analysis can and should include a look at the poster’s other activity online, along with a look at any potentially problematic relationships – whether those are with local criminal groups, violent extremists, current and former employees, or any other groups, entities, or individuals that could speak to their intent, capabilities, and access.
This, of course, may sound simple on the surface but it can often be even more time-consuming than the seemingly endless process of manual data collection. This is especially true in cases where the potential threat actor’s identity isn’t immediately obvious, due to a screen name that clearly isn’t the poster’s legal name, strict privacy settings, or conflicting or obviously false information on their page.
Even when the screen name isn’t a legal name, though, an investigator can often learn much from it – whether it’s a nickname, a reference to a person, group, or ideology that someone likes, or even something completely random. A random or obscene screen name, for instance, may not lead an investigator directly to the poster’s identity – but it can be a sign that the poster is security conscious, and created the account with the specific intention of saying things they don’t want traced back to them.
Leveraging OSINT for Protective Security
Despite the challenges of leveraging online content for protective security efforts, the unique information and indicators that threat actors leave behind online offer protective security analysts the opportunity to identify and mitigate threats before they escalate. In order to take advantage of these opportunities, though, protective security teams must overcome major volume challenges. This is where and why many protective security teams have turned to OSINT tools like Fivecast ONYX which mitigates the volume challenge by removing the data collection burden from users, allowing them to focus on using robust, AI-enabled analytical capabilities to sift through masses of potentially relevant data more quickly and efficiently than ever before. These capabilities are especially valuable when assessing whether an online threat warrants physical intervention, such as adjusting executive travel plans or upgrading facility security. This allows analysts to spend more time using their expertise, and less in the boring, rote work of scanning and recording all potential threat comments or content. This, in turn, makes online threat identification and vetting faster, more reliable, and less painful for the analyst team and results in more efficient offline decisions being made about physical investigations and security measures, saving the organization time, money, and effort all while enhancing the security of their executives, facilities, employees, and IP.
Whether you’re protecting executives, facilities, or high-value assets, integrating OSINT into your physical security strategy is no longer optional – it’s essential. To learn more request a demo from our experienced Tradecraft team.
