Preparedness is Key to Mitigating Severe Weather Risks

Severe weather and natural disasters— such as tropical storms, wildfires, tornadoes, earthquakes, floods, tsunamis, and hurricanes— put people and organizations across the globe at risk every year. The level of preparedness and response to these severe weather events can often mean the difference in life or death. In addition, organizations who prepare and respond quickly to weather disasters can prevent loss of revenue and other costs by maintaining continuity of operations.

Advance warning and accurate real-time data about severe weather and natural disaster threats is a critical part of your risk profile. Signal has advanced tools to enable you to stay alerted as quickly and as early as possible to severe weather threats relevant to your people, buildings, supply chain, and other assets. 

Brand reputation is also at stake during a weather emergency. Handled efficiently, it’s an opportunity for organizations to shine and prove their resilience. Handled poorly, the public is unlikely to forgive or forget the organization’s response or lack of response. Clear guidelines and properly gradated alert levels allow you to respond effectively and efficiently every time—no matter what weather emergency comes your way.

Get Notified Early About Severe Weather Threats

Every second counts when dealing with emerging severe weather risks. As our collective ability to track and predict many severe weather events due to artificial intelligence improves each year, the data comes faster, earlier, and in greater quantity. Only when this data is accurately and relevantly mined do you have more opportunities to increase preparedness and speed of response. Otherwise, the overload of information only causes noise.

Signal uses open-source intelligence to monitor what’s important to you 24/7. Customize searches and get notified via SMS and email when vital severe weather information is detected that’s relevant to your organization. Leverage advanced customizable filters to reduce irrelevant noise so that you can focus on the threats that matter to you. Quickly search for real time updates on developing situations or set up complex boolean searches to monitor severe weather incidents, and actively drive prevention. The alternative is to waste an enormous amount of time and money randomly browsing the web and other sources for weather information—usually too late. Such a haphazard approach causes big gaps in risk awareness.

Verify Information to Make Confident Decisions & Act Quickly

Misinformation can cause panic during a severe weather emergency. This misinformation can spread rapidly through both social media and even through more trustworthy news sources during emergencies. Social media posts provide updates to the public which are often helpful; however, citizen-sourced information can also lead to the spreading of falsehoods. It’s important to keep your team ahead of the news— including fake news, and even scammers trying to capitalize on the disaster. To tackle this, the first thing any organisation needs is accurate, relevant, vetted, trustworthy information. 

Signal enables organizations to monitor and manage large amounts of data from a plethora of different data sources across the surface, deep, and dark web. This, paired with advanced filters and boolean logic means that security teams are empowered to identify disinformation, discover patterns, and practically respond to these potential and evolving threats during a severe weather emergency. 

Maintain heightened situational awareness before, during, and after the event.

Increase situational awareness by corroborating and contextualizing severe weather data. Monitor supplier production facilities and transport routes, and continually assess and reassess the evolving threat landscape and update your alert level guidance accordingly. 

Customer Example

During a recent tornado, one customer used Signal to help safeguard a manufacturing facility in the U.S. when a tornado landed near the town where most of their employees were based. Luckily, there were no casualties. The customer used Signal to gain intelligence about:

• The scale of the tornado

• The impact it was going to have on their employees

• The impact it might have on their overall operation

This intelligence was extremely useful to the organization in recognizing threats being proactive. The intelligence helped them to:

• Protect lives (people)

• Protect assets (facilities)

• Maintain business continuity (resilience)

• Protect reputation (brand)

To learn more about preparing for severe weather emergencies, request a full demo

An emergency incident can happen at any time, often with very little warning. If an organization wants to prepare an effective response to an evolving threat landscape and better protect both their assets and employees they need to have efficient mitigation and response measures in place. 

Data and intelligence form a pivotal role in emergency management. They allow security and event management teams to discover threats and accurately assess the associated risk levels. With this knowledge, they can enact an appropriate response to remove employees from harm’s way and prevent potential damages to the organization.

Data Performs a Vital Role in Emergency Management 

Some of the ways data and intelligence gathered using Signal OSINT can be used include:

• Better Situational Awareness. Save time and lives by rounding out your situational awareness with commentary, photos and videos posted online by the public and media.

• Misinformation Management. Catch and manage the spread of misinformation in real-time before it spreads to the public and puts lives at risk, wasting precious time and resource.

• Improved Agency Collaboration. Get a better view of what other agencies are doing during an emergency to ensure you allocate people effectively.

• Geo-targeted Risk Assessment. Keep an eye on areas of interest, such as near a location of an event you’re hosting, and watch for disruptions such as extreme weather or terrorist threats near your offices.

Threats, Hazards, and Risks.

There are three main types of threats and hazards. First, natural hazards. This includes extreme weather such as hurricanes, earthquakes, and wildfires. These can cause extensive disruptions to a business. Such events are often seasonal and organizations should monitor for them during high risk months. 

Secondly, technological hazards. These include power outages and infrastructure failures. For example, your business might be affected by your internet provider going down temporarily, or transport links might be disrupted meaning employees are unable to get to work. 

And thirdly, man-made hazards. These include cyber-attacks and data breaches, terrorist threats or threats against assets or executives. These can happen at any time, however, often you can find indications on data sources such as darknet forums before the event.

The Importance of Assessing Risks Appropriately

The more data and information you have the more accurately you can assess the risk level of an emerging threat. For example, you might use Signal to set up real-time alerts on an evolving threat like spreading wildfires. This allows you to continually reassess and determine in a timely manner when or if you need to take action to ensure your staff are removed from harms way. However, there is a fine balance between under and over protection. 

The Risk of Over-protection

Over-protection is when you initiate responses either too early or too extreme. Erring on the side of caution is always a good idea when it come to protecting employees, however, it can be costly and inefficient. 

Over-protection is often caused by the following:

• Personal interpretation of the threat level.

• Not having enough data to form an accurate assessment.

• Not having enough alert levels to allow a staged escalation of measures appropriate for the evolving risk level.

The Risk of Under-protection

Just as with over-protection, under-protection will inhibit the effectiveness of your emergency management response. This can place employees unnecessarily in harms way and means you will be unable to appropriately respond to a threat. The end result of under-protection is invariably higher than necessary associated costs.

To prevent under-protection there are several things that an organization can do:

• Provide clear guidance on risk levels of certain threats and make the response increase easy to implement.

• Continually assess and reassess the evolving threat landscape and update your alert level guidance accordingly.

Other Emergency Risk Management Considerations

We have already mentioned alert levels a couple of times in this article. This is because having clear guidelines and properly gradated alert levels will allow you to respond effectively and efficiently to crises. 

Additionally, your employees should be aware of your response plans, especially to common threats. For example, if your officers are located in an earthquake prone area, have regular earthquake drills. 

Finally, should an emergency happen you need an efficient way to communicate the danger to your employees and instigate the appropriate response.

Signal and Emergency Management

Signal provides hyper-relevant intelligence on evolving threats as or even before they happen. This allows security teams to maximize warning times and enact mitigating measures.

Immediately, this means better protection for staff. This also has additional longer term upsides. For example, it might allow a security team to detect negative sentiment around the brand which allows them to identify and monitor potential threat actors and prevent a threat from evolving. Or, it could allow for a team to have early detection of a data breach, which according to IBM could save an organisation over $600,000. 

Data Breaches Aren’t Uncommon 

It’s not just small companies with limited security budgets that have exploitable cyber gaps. Often, in fact, large organizations become targets because of the amount and nature of the data that they hold. Organizations in the healthcare sector, for example, have proven time and again to be a popular targets for cybercriminals.

Another example of a large organization being targeted is Experian. Experian experienced a major data breach in August 2020 where over 24 million records were exposed. The attackers impersonated a client and were able to request and obtain confidential data. Experian claimed that no customer banking information was exposed. Even so, personal information like this could be used in a targeted social engineering strategy to then get Experian customers to reveal further sensitive information such as their banking details.

This isn’t the first major data breach that Experian has had. Back in 2015, 15 million North American customers and applicants had their personal data, including Social Security numbers and ID details, stolen. Perhaps because of this prior experience, Experian understands the risks and are adept at dealing with cyber breaches. They claim that the attacker’s hardware has already been seized and the collected data secured and deleted.

How Much Does the Average Data Breach Cost?

The answer to this question varies between country and is additionally dependent on the sector but in general, can span anywhere from $1.25 million to $8.19 million.

According to the 2020 report from IBM and the Ponemon Institute the average cost of a data breach in 2020 is down 1.5% since 2019 and cost around $3.58 million USD. This works out to be around $150 per record and is a 10% rise over the last 5 years. The report analyzes recent breaches at more than 500 organizations to spot trends and developments in security risks and best practices.

The cost estimate includes a combination of direct and indirect costs related to time and effort in dealing with a breach, lost opportunities such as customer churn as a result of bad publicity, and regulatory fines. Though the average cost of a breach is relatively unchanged, IBM says the costs are getting smaller for prepared companies and much larger for those that don’t take any precautions.

Interestingly, various industries including healthcare appear to be more susceptible targets for attackers. According to the report, healthcare breaches cost organizations $6.45 million per breach, a number that eclipses all other sectors and makes it the ninth year in a row that healthcare organizations have had the highest costs associated with a data breach.

The average cost for per breached healthcare record ($429) is more than double any other industry too and substantially higher than the average, $150, according to the report. Healthcare breaches can often take the longest to identify (up to 236 days) as well.

Data Breaches are Happening all the Time

Data breaches are occurring constantly. Records from large brands with big security budgets and teams as well as much smaller organizations. It’s important that everyone understand the importance of secure digital practices and explores strategies for educating staff to reduce the risk of social engineering tactics.

How do Data Breaches Occur?

Hackers use various strategies to gain access to data. For example, with Experian the attacker leveraged human weakness through social engineering to persuade an employee to give them the data. Other strategies could be exploiting weaknesses such as a misconfigured or unsecured cloud storage. Alternatively a data breach could be the result of a malicious malware or ransomware. 

According to the IBM/Ponemon report around 40% of all incidents were actually due to either cloud misconfigurations or stolen login details. Because of this IBM has urged companies to reexamine their authentication protocol to ensure 2FA is active.

A final note on the ascertaining of data by attackers is around state-sponsored attacks. State-sponsored attacks only make up around 13% of the overall number of attacks according to the report. However, with an average associated cost of around $4.43 million it’s clear that these types of attacks tend to target high-value data and this results in a more extensive compromise of victims' environments.

The energy sector, commonly targeted by nation-states, saw a 14% increase in breach costs when compared to the prior-year period, with an average breach cost of $6.39 million.

How can Organisations Reduce the Cost of Data Breaches?

“The average time to identify and contain a data breach, or the "breach lifecycle," was 280 days in 2020. Speed of containment can significantly impact breach costs, which can linger for years after the incident.” - Source 

By having mitigation measures in place IBM/Ponemon estimate companies can reduce the cost of a breach by an average of $720,000. 

According to their report those companies which had automated technologies deployed experienced around half the cost of a breach ($2.65 million on average) compared to those that did not have these technologies deployed ($5.16 million average). 

Security response times were also reported to be ‘significantly shorter’ for companies with fully deployed security automation – these companies are as much as 27% faster than their counterparts at responding to breaches.

Security tools like OSINT platforms not only enable a faster breach response but a significantly more cost-efficient one as well, which as the security professional shortage persists is of absolute importance.

Final Thoughts

With our increasing levels of digitisation, our growing reliance on the cloud, and the complexity of security systems paired with human error there are more attack vectors than ever before for hackers to exploit. 

A data breach could involve anything from publicly available data being scraped and sold off to spammers, to online banking and credit card information being stolen. The longer a data breach goes undetected the longer the threat actors have to utilize this data causing more harm as time goes on.

Having the right tools and processes in place will allow you to detect data breaches early or even prevent a data breach from happening in the first place. With the steadily rising cost associated with data breaches, this could save an organization millions in the long run.

Supply chain operations can be vast and while globalisation and digital technologies are making the world a smaller place in many ways, they are simultaneously increasing the number of potential vulnerabilities that security teams and supply chain managers need to monitor. Current threats to the logistics sector range from piracy, which has been experiencing a resurgence in recent years, to terrorism, to DDoS attacks, malware or data breaches.

The range of potential threats is exacerbated by the particular vulnerabilities of the supply chain and the sheer size and scope of the operations involved. For example, around 90% of the entirety of global trade flows through only 39 bottleneck regions. An effective attack on any of these 39 traffic heavy logistics hubs would have far-reaching and knock-on consequences impacting billions of dollars worth of trade. 

One example is the Hong Kong - Shenzhen freight cluster where nearly 15% of both container and air freight traffic moves through. Additionally, there is a selection of geographic chokepoints such as the Panama Canal or the Strait of Malacca where a successful attack could effectively halt a vast amount of freight.

If this wasn’t enough digitisation has increased the number of threat vectors that logistics companies need to consider. This increase in vulnerability needs to be addressed with effective security measures such as real-time data collected through Open Source Intelligence (OSINT) software.

How Can Transport and Logistics Companies Secure their Supply Chains?

Ensuring secure passage 

One of the key concerns, and one of the oldest, that logistics and transport companies have to contend with are the tangible and physical security threats; terrorism and piracy being the obvious examples. Organisations need real-time information to carefully and continuously assess the threat level, implications, and risks surrounding these physical security concerns.

Using these analyses organisations can then determine strategies to mitigate these threats as well as determine contingency plans for worst-case scenarios. They will need to be able to adapt and respond quickly to events as risk levels change. Supply chain managers across all industries will need to take into account higher transport costs, longer travel times, and potential problems meeting schedules when alternative transport routes are used

Fundamentally these risk management strategies hinge on having all of the information available on emerging and current threats. To be able to respond in a timely fashion it is absolutely necessary for supply chain managers and security teams to have the most up to date data. Being caught unawares could have far-reaching and even devastating consequences. And in some cases, business models based on time-critical deliveries may be squeezed out of the market. 

Keeping cyber space safe 

Cyber security is a secondary consideration for many logistics and transport companies. However, it is a security concern that should be receiving increasing levels of attention as “cyber criminals are evolving their tradecraft with new innovations and increasingly automating their attacks”, according to the 2020 Global Threat Intelligence Report (GTIR) by NTT Ltd. 

You only have to look back to 2017 for a clear example of what can happen should a logistics operator be caught unaware by malware. In this scenario the shipping giant Maersk had their IT systems taken out by a vicious malware called NotPetya. With roughly one container shipping into port every 15 minutes you can imagine the logistical nightmare that ensued as the company was forced to turn to manual processes to keep things moving. It was estimated that the delayed operations, lost revenue, and the process of completely rebuilding their IT systems cost Maersk upwards of $300 million.

NotPetya, developed by the Russian military, was targeting businesses in Ukraine – but the malware quickly got out of hand. Soon it was spreading around the world, taking down networks and causing billions of dollars in damage and lost revenue. Meaning, in this scenario, Maersk was simply collateral damage.

Despite this, according to The State of Logistics Technology Report 2019 by EFT, “the logistics industry is still not seeing security as a primary part of business operations” even with clear examples of what can happen. In this report, researchers surveyed more than 500 industry professionals with questions relating to cybersecurity and found: 

• Only 35% of solutions/service providers have a Chief Information Security Officer (CISO) in place;

• Only 43% of shipping companies have a CISO;

• Only 21% of logistics companies believe they even need a CISO.

Transportation is already heavily reliant on Information Communication Technology (ICT), and virtual threats are growing in frequency and complexity. For this reason, cyber threats are an increasingly worrisome problem across multiple industries. Additionally, for transportation and logistics cyber attacks as part of an attack designed to induce physical damage is an additional attack vector of increasing commonality.

OSINT Software for a More Secure Future

Some organisations operate with hundreds of individual suppliers. Disruption to any of these suppliers anywhere along the supply chain could have costly ramifications. Maersk is just one example of this, operations weren’t returned to normal for nearly two weeks, and even with employees across the company going above and beyond to maintain operational efficiencies, losses for customers and themselves quickly climbed into the millions.

Security investments provide a payback not only in terms of loss prevention but also by enhancing supply chain performance. When it comes to security and supply chain management, it’s especially important to look at future scenarios and manage security proactively. Reacting to crisis situations is not enough. Companies have to find the right combination of preventive and reactive measures to achieve the optimal level of supply chain security. 

Executives should keep an eye on so-called wildcard events too. That means looking at the possible financial impact, the relative vulnerability of their business model and their company’s ability to react to low-probability, high-impact events. 

How Signal is Already Helping Secure Logistics Supply Chains

Signal Open Source Intelligence software allows you to gather hyper-relevant real-time data giving users a clear oversight of their often vast supply chain operations. 

This means they will have details of potential disruptions or cyber-attacks before, or as, they are happening allowing them to implement their contingency plans in a timely fashion and prevent unnecessary financial losses.

Corona Virus has for many been a rude awakening. Companies have been left scrabbling in an attempt to put in place contingency plans and deal with the spread of misinformation, all whilst facing tumbling share prices.

COVID-19 is the most recent global incident, it’s not the first and it won’t be the last, however, it has thrown into harsh light the realities and weaknesses that surround many organisations international structure. Our increasing levels of globalization throw local isolationist policies out the window and if a company wishes to maintain economic growth changes in the way that they manage their response to global incidents is needed. 

In the wake of a global incident, corporations need fact-based reliable information from official sources and they need it fast. The smart adoption of technology can help facilitate the means for companies to protect their teams and assets as well as mitigate potential damages to the business.

Dealing with Misinformation: Disruption is the new normal.

The rapid spread of news and information online has sparked a recent increase in global headlines highlighting critical outbreaks. International concerns can cause loud and distracting noise when trying to identify specific data.

On top of this, panic has followed in the wake of COVID-19, stocks have plummeted to levels that haven’t been seen since 2008, people are rushing to stores to stock up on necessities. This panic has been spread and amplified by both a lack of preparation for a global crisis of this nature, as well as an amount of misinformation spread rapidly through both social media and even through more trustworthy news sources. 

To tackle this, the first thing any organisation needs is accurate, relevant and trustworthy information. You don’t want to be relying on secondary, potentially egregious sources, not only because it will take longer to uncover news forcing, but you also won’t know how reliable that information is. Sad as it may be to admit, many media outlets aim to sell news, and facts aren’t necessarily lucrative, spectacle sells. 

Using an open-source intelligence (OSINT) software like Signal you can create a custom real-time stream from official sources such as the World Health Organisation, or the CDC to get reliable information and updates fast. Easily sift through unwanted information to detect only the most valuable in an outbreak.

Better situational awareness for a more efficient response

Increased situational awareness allows companies to proactively respond to crises. It allows them to get accurate information first, and create actionable and effective strategies based on reliable data to efficiently counter emerging threats.

As well as having multiple sources, companies can use OSINT tools to identify trustworthy and “official” statements and sources and tailor their live stream searches around those. This is often where the news breaks first and will give an unbiased account of the facts.

Examples of responses to COVID-19 can be seen from several large companies including Facebook and Amazon. In areas where there are outbreaks, such as Seattle, they have closed down offices and asked employees to work from home. They have also both cancelled  conferences which would have drawn thousands of people together with potentially disastrous results - instead they are looking at creating a virtual experience instead. This is just one example, of how companies, armed with accurate information can then use available technology to facilitate preventative measures mitigating the threat of the outbreak.

How OSINT software can help

Improve employee safety

Knowing how to respond and then implementing an effective response without causing further panic or further spreading misinformation allows organisations to effectively protect their staff in and outside of the office. 

For example, knowing how COVID-19 is spread as well as understanding the the severity and location of the outbreaks means you can form effective localised preventative measures without causing undue widespread panic or unnecessarily harming your business.

Better executive protection

Executives travel, and travel entails risk especially with an evolving international crisis of this nature. In this scenario, for example, it would be sensible to protect these executives by taking simple precautions such as delaying trips to areas with severe outbreaks such as China or Italy.

In line with current government recommendations all employees should be practicing social distancing and where possible managing meetings with video conferencing technology. Adapting in the face of an emerging threat such as COVID-19 allows companies to reduce the risks that they face and better protect their staff from exposure. 

Supply chain management

Those businesses that are built on the foundations of large and complex international supply chains have to question their structure and practices. What is the backup plan? How do you mitigate the threat to a potentially compromised supply chain? And perhaps, more importantly, how do you protect those staff and assets that are involved? 

First, you need actionable and accurate information in real time allowing you to fully understand potential risks and issues and only then can you form an effective plan of action.

Summary : The Importance of Accurate Real Time Data

Coronavirus is the only the latest example of a disruptive global crisis and it won’t be the last.

Due to the rise of unofficial media sources which can easily disseminate news through the internet, especially social media platforms, there is a lot of potentially unreliable information being consumed. Fact-checking can be immensely time-consuming and many people don’t bother, which is how false information propagates. As an organisation though this misinformation can be as harmful or even more harmful than the reality. Getting ahead of and tackling false news becomes an important task.

In terms of dealing with a global crisis such as COVID-19, think about spreading fact-checked sources through internal communications to allay fears spread through potentially incorrect or misleading media. This will also show employees that you are on top of the situation encouraging trust in the organisation and your official response.

To truly and effectively mitigate the threat of global incidents, how companies utilise technology to adapt to the scenario will make a huge difference. Ask yourself: Does your business offer flexible working practices? How can your business support workers if they need to self-isolate? Do you need your executives to attend events in physical locations or can business be done virtually? And as a final consideration - a side effect of these changes - how might these adaptations become more normalised to improve employee efficiency as well as supporting a healthier work life balance?

Resources 

• https://www.who.int/

• https://www.cdc.gov/
  
  

When Nur Islam became frustrated over a routine withdrawal at a Commonwealth Bank branch in Melbourne on November 18 2016, he poured petrol onto the carpet and set the building on fire, injuring himself and dozens of others.

The $2.5 million building in Springvale was soon destroyed.

Some of the first alerts to Commonwealth Bank’s staff, executives, owners, patrons and passers-by came from social media posts and ‘What we know so far’-style updates from online newspapers, full of urgent bits of information.

Lives were irreversibly changed that day; millions of dollars in insurance had to be paid out; injured staff had to be compensated and healed. Commonwealth Bank also had to protect customers’ sensitive information while ensuring communications around the attack were accurate and helpful.

 Get Faster Responses to Developing Danger

Part of Signal’s job is to aggregate online notifications around threats to buildings and the staff inside which affect business and personal safety in various ways.

Signal monitors online traffic, from social media to news to emergency alerts to the dark web, and can be set to notify any business instantly about:

• Fire and weather emergencies that might spill over into my building.

• Political events happening, from nearby terrorism to far-away occurrences

• Issues at airports, from terrorism to flight delays to blizzards

Signal lets users with large assets, distributed workforces and global reach especially large corporations and top banks in Australia, NZ and the US, pre-empt, prevent and develop strategic responses to emerging situations.

Watch The Web and Respond Faster

Signal Open Source Intelligence assists a business’s 'Duty of Care' by:

1. Letting you be the first to know – saving precious minutes

2. Covering many platforms – enabling you to monitor local and global events through news, social media and emergency services

3. Increasing situational awareness by corroborating real-time visual data

4. Monitoring community chatter and reputation in the incident aftermath

Signal lets you monitor everything affecting your organisation’s real and potential crises, staff safety, supply chain, fraud risks, cyber security and reputation – not to mention threats to your buildings whether from humans or hurricanes.

Signal has a global customer base that includes major corporations across finance, retail, pharmaceutical, and technology industries who utilize Signal to stay aware of potential threats to safety and security.

In Australia and New Zealand, Signal uses heightened situational awareness and real-time intelligence to monitor, gather, and analyse potential risks then make informed decisions to speed incident response time while reducing overhead costs.

Don’t let a failure to watch the web cost your company.

www.GetSignal.info or email info@signalpublicsafety.com