In the last decade, security has become a multi-platform, multi-channel concern for businesses. Gone are the days when the only threats to a bank could be warded off by an armed guard standing in front of a bank vault to intimidate and dissuade potential robbers. Also gone are the days when protestors worked their personal connections to organize physical demonstrations. Today, activists and demonstrators are more sophisticated, using social and digital media to gain supporters and document their activities.
This is good news for security teams. These nefarious online posts, comments and calls for action leave a digital trail of evidence that allows some potential threats to be mitigated before they materialize into physical attacks.
In the digital era, security personnel have to open their eyes to all possible angles and avenues to thwart potential threat actors. Whether a disgruntled employee is sharing a series of posts in an online forum to rally supporters, or venting his or her frustrations on a personal blog, these threats leave a similar trail. But, if such online activities are not detected, or worse, ignored, they have the potential to become full-blown business-changing incidents.
Training for Threat Mitigation in a Digital Age
When it comes to physical threats, most event organizers, venue owners and management teams at top companies and public locations have been trained to be on the lookout for suspicious characters. If they see someone in the crowd acting strangely, they know something could be afoot. They will act to investigate and neutralize the potential threat as soon as possible, exactly as they’ve been trained to do.
The same techniques should be applied to digital hackers and scammers. But identifying suspicious or threatening online activity is, unfortunately, a more difficult problem, as the breadth and scope of online forums and social domains is enormous, in fact, expanding every day. Unlike security teams at physical locations, cyber threat experts aren’t looking for specific appearances of the threat actor, but rather for online messages, website comments, tweets or other activity that indicate aggression or threats against the companies, brands, employees, executives or other leaders.
For example, the “Occupy” protests that notoriously spread after the first 2011 demonstrations on Wall Street were largely spurred on by activists using Twitter, social media and other outlets to promote ideas that led to thousands of grass-roots advocates joining their cause, sleeping in tents on the streets of major cities and disrupting the lives of many people within those areas. While not all of these Occupy demonstrations served as major risks to local city dwellers, some demonstrations did threaten to get out of hand, and city leaders needed to be prepared for whatever happened. Certainly, as the Occupy movement gathered momentum, security and law enforcement teams worked together to establish online monitoring. By following the conversations that were happening online, they could respond accordingly, to mitigate some of the risks – to city residents or protesters themselves.
Special events, including product announcements, shareholder meetings, sponsored sporting events and press conferences, to name a few, are frequent targets for protests and other activist activity. Even seemingly “everyday” happenings, like road races, parades or charity events can become the focal point of a public threat. All of these classes of activity have a similar profile – they are “public events” and they will garner media coverage on their own. The activists and fanatics seek a public stage – they are much more likely to go where the cameras will already be present. Forward-thinking security teams will be monitoring online forums and social media for early evidence of possible third-party actions against a company or sponsor.
Identifying Where Threats Live and Hide
In today’s hyper-connected, hyper-social world, virtual and physical threats can come in all shapes and sizes. They range from an individual trying to organize their followers to protest a product, service or company based on their personal beliefs or experiences, to specific harassment or physical threats made against prominent celebrities.
Activists, fanatics and disgruntled insiders seek the spotlight – they are often found making public statements, before, during and after an event. These comments might appear on Facebook, on a newly created page, to followers on Twitter, across Google+, Pinterest, Instagram or even on a blog. Wherever it may be, early detection of threatening activity is key. In the weeks and months before a physical event, security teams should monitor all of these online locations around the clock. Just monitoring Twitter or Facebook is not enough, as activists may choose any site to be their forum of choice.
Beyond activist, fanatic and insider activities, where the goal is getting publicity for a cause, cybercriminals are also at work looking to prey on the innocent members of the public who might be attending the event. Through email schemes, backed by rogue websites and social media promotions, cybercriminals will launch a barrage of attacks, including counterfeit ticket schemes, meet-the-celebrity cons and merchandise fraud. The cybercriminals are usually very sophisticated and extremely secretive, but their online scams and cons are easy to detect – if you are looking for them.
Monitoring Threats 24/7
Not surprisingly, securing the online component of a physical event is an enormous task. Most security teams will outsource Internet monitoring to a trusted partner. That way, they can leverage the partner’s external listening expertise to provide actionable intelligence across a broad set of online channels. Without access to the online monitoring technology or platform provided by a trusted partner, it would be nearly impossible to sift through the online noise to identify real potential risks.
But, with such a partnership in place, the on-site security teams can focus on what they do best, planning for every possible contingency, and mitigating risks and threats when they arise. By adopting an approach that gives full attention to discovering, analyzing and mitigating online threats in the months and weeks that precede a physical event, security teams will have left no stone unturned, while they work to ensure the safety and the integrity of their event.