Avoiding Security Operations Surprises: The New Threat

In security and intelligence operations, the enemy organizations want to avoid most is surprise. Surprises can cause losses: losses in life, losses in access, losses in revenue, losses in operational agility. In the age of ubiquitous data, it’s hard to believe that anything is unknowable. Yet, as we have recently witnessed in Gaza and Israel, surprise is still a threat, because there is a vast gap between “knowable in theory” and “known when you need to know it”.

Using intelligence, threat, and risk data, analysts can paint a clear picture of the security profile for a specific location at the crucial moment. However, the challenge lies in effectively navigating the millions of data points within which this picture is embedded. To avoid surprises and maintain a proactive stance, it’s imperative to stay ahead of current events and anticipate potential threats.

When intelligence and security teams leverage their data effectively, they will be able to not just react to events happening in real time, but they will have the foresight to know what events might occur. Using data in this way empowers operators to proactively plan to protect their people, assets, and operations. It is one of the most powerful strategies against surprise.

Leveraging the Right Intelligence

Despite the fact that there is an abundance of data available to intelligence and security operations today, there are teams who are still not taking full advantage of information to drive physical and operational security. Other teams, who have discovered the value of data analytics, are primarily using single sources of information or multiple sources that are not integrated into a fulsome security awareness picture.

There are also intelligence and security teams who are trying to capture data from so many sources that they often get stuck in the weeds, overwhelmed by the expansive breadth of information they need to monitor. These analysts and operators are left unable to identify the data that matters to them. In all scenarios the result is the same – teams are not leveraging all the right data, and therefore are unwittingly not able to support the leadership’s ability to make smart decisions protecting life, property and operations.

To help solve this challenge, organizations need to empower analysts with the best tools to ensure they are making data work harder and smarter for them. Tools that should be leveraged center around technologies that make big impacts, specifically Artificial Intelligence (AI) and Machine Learning (ML). But before security teams are able to leverage machines successfully to make data-driven decisions, they must be aware of and then overcome these primary three inhibitors:

Volume. The sheer amount of content available at once is both impressive and overwhelming. Industrial-age processes that require heavy human touch are no longer a valid way to make smart decisions—there is too much data and not enough people.

Variety. Most operation centers today are not taking advantage of the variety of content needed, and available, to make smart data-driven decisions. Too often there is an overreliance on single sources of information like social media that paint only a portion of the picture.

Verify. Determining which data is trustworthy and suitable for decision-making can be a daunting task. The relevance of information isn’t always straightforward; it can be invaluable in one context and irrelevant in another. And while modern day technology, especially AI-driven data analytics, is very useful to the security space, it also introduces new challenges. For instance, poorly integrated generative AI might present misinformation as fact or mix up genuine data. To mitigate these risks, human experts must be intricately involved in both the development and implementation of cutting-edge technology, ensuring a rigorous verification process to distinguish fact from fiction.

Security leaders must be proactive in crafting strategies to address these challenges. It’s essential to understand that technology is not intended to replace human analysis. Instead, the true strength lies in the synergy of human expertise combined with the rapidity, sorting, and analytical prowess of machines. This fusion is what makes today’s security and risk intelligence capabilities so potent.

Regardless of the scale – be it global, regional, or local – the need for precise content and analytics to safeguard an organization’s operations and its people is paramount. The potential for leveraging this intelligence has never been higher. Modern security and intelligence strategies must be anchored in sophisticated multi-variant data analytics to cater to the demands of global postindustrial operations.

Three-Stage Plan for Data-Driven Security Operations

Data is abundant, and taken all together, largely meaningless. What intelligence and security teams do with it is the real value, and knowing when that data is valuable is priceless. Detailed below is a three-stage plan that addresses the challenges listed above and will help security teams discover the best data to help them protect their people, assets, and operations.

Stage One: Alerting

In the vast sea of data, there is a signal that can drive awareness of looming concerns, along with enough noise to overwhelm nearly any attempt to parse that signal out.

In a single day, the amount of social and news media that could affect operations of a single location is in the millions. Add to that more continuous data from IoT devices and the problem quickly surpasses human scale solutions.

At this stage, the goal is twofold:

  • building systems to identify patterns that point to risks and
  • selecting the right kinds of data to feed into those systems

The second part is easier to tackle first. What data really matters? Plainly stated, there is an overreliance on social media right now. It is understandable that this is a natural first foray into data-driven security because the needed search and sorting tools are easy to find, but too many operations are using social media as their primary, and in some cases only, mass market data source. While incredibly important to understanding breaking events, local and regional attitude and brand management, social media can be a biased data source and can skew security operations.

Instead organizations should be striving for a system of integrated social media, news media, IoT, security and web cameras, crowd sourced data and even data from satellites, such as imagery and radio frequency signals. This is what can supercharge global operations and create an intelligence-driven security operations center. Using a system or platform that automates the integration of security related content with artificial intelligence models that enable officers to have persistent knowledge of potential threats to operations will drive smarter decisions and save resources.

However, simply adding more data does not equal enhanced security. Analysts of all stripes, from military intelligence to business to security operations, find themselves overwhelmed with the sheer volume of data that is available. As noted earlier, it is very common for operations to get bogged down by the very data that could empower them. As with many other uses of big data, it takes well-trained machines to identify the data that matters, and fast enough to make that data useful.

AI and ML, specifically anomaly detection algorithms and risk models, enable one officer to do the work of ten by driving them to the most important content and help them look where they didn’t know to look.

Automated natural language processing (NLP) and generative AI enable operations to instantaneously prepare reports that would take hours or days using traditional methods. Today, these artificial intelligence algorithms are being utilized across all types of business intelligence processes. They are revolutionizing intelligence-driven security operations with speed and accuracy, just as they are driving financial investment decisions.

Security operations will see efficiencies and cost reductions as they integrate technologies that can now parse through and sort data at lightning fast speed into their operations, but there is absolutely still a role for humans in the process. While AI technologies are able to do things that humans never can, they are also extremely adept at manipulating data in negative ways, too. Today’s technologies can make false information appear as fact and humans must remain part of the process to vet, verify, and keep technologies honest.

Stage Two: Drill Down

Red flags are vitally important, but alone, they are like a trigger without ammunition. Analysts need the tools to investigate situations these red flags point to. This is where social media is particularly unreliable on its own. For example, a dozen tweets about an earthquake in the region of a strategic asset is valuable, but the people tweeting about this event do not necessarily share an organization’s interest in that asset, and therefore their view of the situation should not be the sole source for data.

This is less of a big data challenge and more a challenge of immediate access. How can an intelligence analyst find the exact data they need quickly? The drill down time is entirely a factor of knowing how to find the feeds that will confirm the status of what matters to a specific organization. By mapping feeds that are locked in place and using geospatial intelligence to pinpoint movable sources, analysts can dispense with nearly everything that is irrelevant and focus their energy and time on the handful of sources that might prove useful.

Once the right data is culled and sorted, human analysts step in to make this data really valuable. Analysts offer something that machines can’t – they apply real-world understanding and historical knowledge to the data that has surfaced. Analysts can verify which intelligence is relevant, and which is noise. And offer the much-needed nuance and context to transform data from information into valuable intelligence.

Stage Three: Foresight

Beyond pulling and sorting data based on subject matter, AI can be used to also monitor for changes in peoples’ sentiment and emotions. When analysts review this additional layer of information, combining it with historical data and their on-the-ground insight, they can deduce insights – including what might come next.

Sentiment analysis involves the use of natural language processing and machine learning algorithms to identify and categorize emotions expressed in textual data. It allows us to gauge the prevailing sentiment – positive, negative, or neutral – in news and social media responses to events and across regions.

Emotion analysis takes the textual data and delves deeper into the specific emotions present within the text – joy, anger, fear, or sadness – to provide much more directional context around how people feel about the content. Together, these two analyses provide a comprehensive understanding of the impact events are having, yielding important information to assess next steps

By analyzing the sentiment and emotion of news articles, social media posts, and public responses, security and intelligence teams can identify patterns and trends that reveal the reception and impact of specific messages and what that might mean for their organization’s operations. This information can be instrumental in its positive impact to a proactive security strategy and help operations centers stay ahead of events and disruptions. This step of moving beyond addressing the current challenges, but leveraging intelligence to forecast what might be on the horizon is critical. Security teams must take this step in order to best aid their organizations and help decision-makers stay not just on top of, but ahead of possible issues.

The Technology is Available Today: Use It!

The tools used in this three-stage strategy are not science fiction. AI tools are both mature and ready to be applied to all sorts of industries and businesses to help security teams operate more effectively and efficiently.

AI can detect patterns that have gone unnoticed by experts, because people simply don’t have the ability, time or resources to sift through billions of pieces of available data. Again, it must be kept in mind that AI is not a replacement for a trained security or intelligence analyst – as humans can provide context and verification of data – but the technology helps cut through the plethora of data and drives them to the most relevant information. Well-trained machines can also leverage past events and understanding of on-the-ground dynamics to inform analysts of activities that may have gone unnoticed. Even better, platforms, algorithms, and advancements in emotion and sentiment analysis are able to alert to new problems as – or before – they arise.

Today’s global workplace and virtually connected world produces too much information at too fast of a pace to be monitored by humans alone. While relying on technology as the primary or singular source of intel can be detrimental, there is a solution – a partnership of humans and machines. This duo creates a powerful combination and is what will undoubtedly help security operations avoid their most feared enemy – surprise – while mitigating many other risks and threats along the way, making a dramatic difference in security outcomes.

Book a demo to see Seerist’s threat intelligence tools in action or follow us on LinkedIn to learn more about how Seerist helps you stay ahead of the curve.

Read more of the good stuff.

Sign up for Seerist Insights!

Our website uses cookies. By agreeing, you accept the use of cookies in accordance with our cookie policy.  Continued use of our website automatically accepts our terms.

Close Popup