An emergency incident can happen at any time, often with very little warning. If an organization wants to prepare an effective response to an evolving threat landscape and better protect both their assets and employees they need to have efficient mitigation and response measures in place. 

Data and intelligence form a pivotal role in emergency management. They allow security and event management teams to discover threats and accurately assess the associated risk levels. With this knowledge, they can enact an appropriate response to remove employees from harm’s way and prevent potential damages to the organization.

Data Performs a Vital Role in Emergency Management 

Some of the ways data and intelligence gathered using Signal OSINT can be used include:

• Better Situational Awareness. Save time and lives by rounding out your situational awareness with commentary, photos and videos posted online by the public and media.

• Misinformation Management. Catch and manage the spread of misinformation in real-time before it spreads to the public and puts lives at risk, wasting precious time and resource.

• Improved Agency Collaboration. Get a better view of what other agencies are doing during an emergency to ensure you allocate people effectively.

• Geo-targeted Risk Assessment. Keep an eye on areas of interest, such as near a location of an event you’re hosting, and watch for disruptions such as extreme weather or terrorist threats near your offices.

Threats, Hazards, and Risks.

There are three main types of threats and hazards. First, natural hazards. This includes extreme weather such as hurricanes, earthquakes, and wildfires. These can cause extensive disruptions to a business. Such events are often seasonal and organizations should monitor for them during high risk months. 

Secondly, technological hazards. These include power outages and infrastructure failures. For example, your business might be affected by your internet provider going down temporarily, or transport links might be disrupted meaning employees are unable to get to work. 

And thirdly, man-made hazards. These include cyber-attacks and data breaches, terrorist threats or threats against assets or executives. These can happen at any time, however, often you can find indications on data sources such as darknet forums before the event.

The Importance of Assessing Risks Appropriately

The more data and information you have the more accurately you can assess the risk level of an emerging threat. For example, you might use Signal to set up real-time alerts on an evolving threat like spreading wildfires. This allows you to continually reassess and determine in a timely manner when or if you need to take action to ensure your staff are removed from harms way. However, there is a fine balance between under and over protection. 

The Risk of Over-protection

Over-protection is when you initiate responses either too early or too extreme. Erring on the side of caution is always a good idea when it come to protecting employees, however, it can be costly and inefficient. 

Over-protection is often caused by the following:

• Personal interpretation of the threat level.

• Not having enough data to form an accurate assessment.

• Not having enough alert levels to allow a staged escalation of measures appropriate for the evolving risk level.

The Risk of Under-protection

Just as with over-protection, under-protection will inhibit the effectiveness of your emergency management response. This can place employees unnecessarily in harms way and means you will be unable to appropriately respond to a threat. The end result of under-protection is invariably higher than necessary associated costs.

To prevent under-protection there are several things that an organization can do:

• Provide clear guidance on risk levels of certain threats and make the response increase easy to implement.

• Continually assess and reassess the evolving threat landscape and update your alert level guidance accordingly.

Other Emergency Risk Management Considerations

We have already mentioned alert levels a couple of times in this article. This is because having clear guidelines and properly gradated alert levels will allow you to respond effectively and efficiently to crises. 

Additionally, your employees should be aware of your response plans, especially to common threats. For example, if your officers are located in an earthquake prone area, have regular earthquake drills. 

Finally, should an emergency happen you need an efficient way to communicate the danger to your employees and instigate the appropriate response.

Signal and Emergency Management

Signal provides hyper-relevant intelligence on evolving threats as or even before they happen. This allows security teams to maximize warning times and enact mitigating measures.

Immediately, this means better protection for staff. This also has additional longer term upsides. For example, it might allow a security team to detect negative sentiment around the brand which allows them to identify and monitor potential threat actors and prevent a threat from evolving. Or, it could allow for a team to have early detection of a data breach, which according to IBM could save an organisation over $600,000. 

A supply chain risk can vary broadly, from volatile global politics to natural disasters, from terrorism to DDoS attacks or data breaches. A disruption anywhere along the supply chain could have serious ramifications for business continuity potentially costing an organisation millions. Additionally, the size and scale of operations means that there are often numerous vulnerabilities. 

Open Source Intelligence (OSINT) is an invaluable tool for both security teams and supply chain managers. It allows them to gain oversight over often vast and complex supply chains, monitor risks and threats, and gather real-time data that is essential for coordinating an effective response. 

Many supply chain risks and threats are in association with fears around break downs within logistics operations or supplier disruptions. Additional concerns also relate to financial and legal exposures, uneven market demand for product, mounting competition, and natural disasters.

Protecting Business Continuity from Supply Chain Risks

Even as product complexity expands supply chains continue to stretch into developing countries where labour and natural resources are plenty, but the infrastructure is undeveloped or insufficient. Meanwhile, advanced planning and sourcing practices which aim to maximize efficiency and minimize costs, stretch operations to a point of fragility. 

Any disruption can result in organizations and consumers worldwide feeling the impact via loss of suppliers, delayed or destroyed goods, product release delays, and ultimately, customer dissatisfaction and brand damage.

To mitigate the damage of potential threats, both physical and cyber, specific resources need to be designated with the goal of maintaining business continuity in the face of disruptions. One of the most essential resources for security teams and supply chain managers alike is relevant insights and intelligence to assist in assessing potential supply pitfalls. 

Key Supply Chain Disruptions to Monitor with OSINT

Traffic

Even something as seemingly mundane as traffic can cause havoc with supply chain management as supply chains are heavily reliant on good transportation networks. Security professionals and supply chain managers need to know fast if key transportation networks are endangered.

For example, if a freight hub such as Hong Kong International Airport which sees nearly 3.7 million tons of freight through its gates each year were to encounter a serious disruption the ramifications would be far reaching. It’s not just physical disruptions though that teams need to monitor as cyber attacks can have equally far-reaching consequences.

Weather

It’s hard to predict where and when a tornado, hurricane, severe thunderstorm, or debilitating snowstorm will hit. However, in certain parts of the world such as Southeast Asia, these severe weather events occur more seasonally. 

For example, in 2015, the top 4 typhoon events in Southeast Asia caused an aggregate of over $33.5B in damages, more than 138 days of recovery time, and impacted nearly 7,000 supplier sites. In response to the increased risk of extreme weather events organizations must confront the complexity of their operations and improve visibility to go beyond just their immediate vendors. 

Only when an organisation has a complete picture that incorporates the variety of potential risks and has invested in specific responses and contingency plans can it adapt as needed to mitigate the impact of extreme weather events and maintain strength in the marketplace.

Mergers and acquisitions

A single organisation may work with hundreds of independent suppliers from all over the globe. It’s important to have clear oversight of their operational capabilities as well as retaining an awareness of how global events such as extreme weather or in this scenario a merger or acquisition might affect their output. 

What organisations cannot do is assume the best case scenario. Like other threats mentioned in this article, this supply chain risk is exacerbated by the scope of the operation. A single delayed part, for example, could bring assembly lines to a halt causing a build-up of undelivered orders ultimately resulting in dissatisfied customers and a long-term loss of revenue. 

With potentially hundreds of suppliers and thousands of parts it’s not practical to maintain frequent communications with every single supplier, nor is it possible to manually oversee the entirety of the supply chain. 

Fire and the Unexpected Physical Disruptions

While some events can be predicted and planned against, others can’t. A fire in a warehouse for example. Or as we have seen recently COVID-19 which has caused havoc across supply lines with factories either temporarily shutting down or reducing the scale of their operations with limited workforces.

Such unexpected crises can have a big impact causing costly delays. Organisations need up to date and real-time information on all their respective suppliers if they are to react fast and mitigate the potential financial impact of these supply chain risks.

Cyber Threats

There are multiple threat vectors that cyber attackers could target. And as operations get more complex and they focus increasingly on utilising technology for increased efficiency, these vulnerabilities become progressively more concerning. Attacks could take the form of anything from customer data breach, to leaked information pertaining to sensitive company data or even as in the case of Maersk, a rogue malware completely taking down an organisations IT systems.

Related: Securing the Supply Chain: The Role of OSINT in Logistics

Conclusion

New demands and pressures are constantly stretching supply chains and forcing supply chain managers and security teams to adapt. The stakes are high and security is a critical factor. Major concerns such as an unstable global economy, aggressive market competition, extreme weather conditions, demand volatility, and production failures place revenue growth, reputation and overall business operations at great risk. 

Understanding the nature of potential vulnerabilities and keeping current on disturbances that can impact processes can help teams better handle and mitigate problems related to global supplier concerns, brand protection, and financial risks.

Open Source Intelligence monitoring solutions like Signal enables teams to gain a clear oversight of the entirety of their logistical operations. This means they have details of potential disruptions or cyber-attacks before, or as, they are happening, allowing security teams and supply chain managers to implement their contingency plans in a timely fashion and prevent unnecessary financial losses.

In an increasingly digital world, there is scope for fake news publishers to make a huge social impact as well as large profits through the spread of disinformation. Accordingly, this is a problem that has and will continue to grow. The spread is compounded by our very human natures which compel us to engage with inflammatory content and often share before we’ve had time to fact-check and verify.

The spread of disinformation is problematic on a number of levels, it can impact a brands image, spread harmful or misleading medical information - as we’ve seen throughout COVID-19, or even undermine democracy itself as was seen in the 2016 US elections. Ultimately, to combat misinformation organizations need to be equipped with the right tools and understand both what they’re looking for, and the reasons for spreading misinformation.

The High Cost of Fake News

There are serious potential ramifications for the unchecked proliferation of misinformation which can impact both B2C and B2B organizations. For example, a competitor or disgruntled customer or employee could hire or create a fake news publisher to damage your brand image for purposes of revenge or to gain a competitive market advantage. 

These adversarial news generation sites could easily generate a huge amount of very believable content, syndicate across a number of channels, and promote heavily through social media, potentially through the use of bots. Overwhelmed companies would face a significant challenge when developing a response to counteract these examples of bad “press” and it would be necessary for those targeted organizations to have real-time actionable data at their fingertips.

How do you Spot a Bot?

Anonymity

Real people sharing real stories will have full accounts, normally with a photo of themselves. These people will have friends, followers, family and likely engage largely with their friends content. The opposite is fairly true for bots. Bots, by their very nature don’t have identities which often results in bot accounts appearing to have a highly anonymous approach.

This could be evidenced in the lack of information they share, or perhaps they use a generic profile picture like a well-known landmark.

Activity

The frequency of their postings as well as how successful those posts are are good indicators of a bot. For example, you might come across an account with only one post and no followers yet that post has thousands of shares.

Content

The people that create bots have an agenda. Whether that’s to drive traffic to a website, generate income, spread political disinformation, etc. Whatever, their reason, the bots will be used to achieve it which means all their posts will have a common theme such as inflammatory political context.

Stolen photo

It’s not uncommon for bots to steal profile pictures. A quick test can be running their profile picture through Google image finder to find the real owner of the image.

Related: Responding to Global Crises like COVID-19 with Increased Situational Awareness

A quick checklist for botnet detection

Bot accounts used in one network or campaign usually have several of the below listed features in common:

• Multiple accounts with similar names or handles;

• Accounts were created on the same date;

• Each account is posting to the same sites, or even the exact same links;

• The same phrasing or grammatical error appears across each accounts;

• They all follow each other and/ or share each other posts;

• They use the same tool for link shortening;

• The bios have similarities;

• Profile pictures are generic or identifiably not them (easily searchable through Google).

Obviously, just because some accounts have similarities doesn’t mean they are all bots, however, it should certainly raise some eyebrows in suspicion especially if you have  four or five accounts with several of these signs.

Fake Accounts vs. Account Takeovers

We outline above a few of the tell-tale signs of a bot. There is an additional tactic that is commonly used to amplify the distribution of fake or inflammatory content and this is through an account takeover. 

For this approach botnet operators perform credential stuffing attacks on social media accounts and then use the accounts they gain access to, to share information through direct messaging or by sharing content. Additionally, a compromised account could theoretically mean sensitive information is exposed and executives or organizations as a whole could suffer reputational damage or financial loss.

Standard security protocols, such as having unique passwords for all your online accounts, should help individuals avoid becoming victims of these tactics. 

The Importance of Verifying Information

The best way to check the accuracy of a source is to check it against another source.

However, this does raise another question. What if those other sources, those source which are supposed to independently verify the truth are working with the information source you’re fact-checking. Or what if the facts in the source are. largely correct but the story is spun to support one side of an argument. This might ring with scepticism and conspiracy, however, it is a point worth making, with whom do you place your faith and at what point do you stop questioning the validity of information?

Identifying Click-bait

Click-bait titles are purposefully crafted to evoke a powerful response from the readers. The reason for this is it encourages people to share the post, often without even reading the text. Less reputable news sites are occasionally guilty of this tactic, twisting the truth in their titles to get a response and increase their reach. However, it is also a tactic employed by botnet operators to maximise the reach of fake news. Signs that this might be the case are as follows:

• Does it evoke a strong emotional reaction?

• Is the story utterly ridiculous - or does it perfectly confirm your beliefs?

• Are you going to spend money because of it?

• Does it make you want to share it?

What’s the Bigger Context

Understanding the context behind a piece of news can help you determine how much, if any, of the story is true as well as lead you to a better understanding of what the publishers end goal is.

• Who’s providing the information?

• What’s the scale of the story?

• If there’s an “outrage,” are people actually upset?

• How do different news outlets present the same story?

Understand their Angle

Just because something is misleading or even incorrect doesn’t mean it’s without use especially in a security context. In fact, understanding the reason behind the content might give insight into potentially harmful tactics targeting your organization and better allow you to create an effective response.

When determining what their angle is ask the following questions:

• Are important facts getting left out or distorted?

• What’s the larger narrative?

• What if you are actually wrong? Your previous opinion on a subject might have been formed by a different piece of fake news.

• Why did they share this story?

Determining Truth from Fiction Online with Signal OSINT

How companies utilize technology and adapt to the shifting threat landscape will determine how effectively they are able to mitigate the threat of disinformation.

Signal enables organizations to monitor and manage large amounts of data from a plethora of different data sources across the surface, deep, and dark web. This, paired with advanced filters and boolean logic means that security teams are empowered to identify disinformation, discover patterns and botnets, and practically respond to these potential and evolving threats. 

Additionally, Signal enables security teams to detect data leaks. This data may be used in credential stuffing attacks and poses a severe security risk. Identifying data leaks early is essential for mitigating the threat of credential stuffing and in this case preventing harmful misinformation from being spread through or by an organizations workforce.

All organisations want to keep their employees safe, this goes across the supply chain and up to top executives. Whether they’re protecting them from the likes of terrorism, upset customers, natural disasters or road accidents, these risks are heightened when employees and especially executives travel.

Whilst threats to travel security are not limited to highly unlikely events, many serious threats like the sudden eruption of a volcano, or terrorist are, thankfully, things that most travellers never have to worry about. However, if COVID-19 has shown us anything it’s that no matter how unlikely a situation may be, they are still a possibility and could escalate incredibly quickly.

Businesses have over the last years begun realising the importance of reducing travel risks especially for executives where the potential of risk is increased and the potential cost heightened. In a 2017 study by Business Travel News of 229 travel buyers and managers and corporate safety and security managers, it was found that “65% said their companies' attention to traveller safety and travel risk management has increased over the past three years.” Ignoring the risks that travel holds could be an expensive mistake.

4 Essentials to Consider for a Effective Travel Security

1. Reliable Intelligence 

2. Education

3. Briefings

4. Planned Response

Reliable Risk Intelligence

Situations can change rapidly and relevant timely intelligence in an evolving situation is vital if an accurate risk assessment is to be provided. 

Without an accurate risk assessment and a detailed understanding of the potential local risks, a security team cannot make a properly balanced decision regarding operation security. It is incredibly important then, not just for teams to perform risk assessments before travel but to continually monitor local situations so that should things change the security team can react accordingly and take appropriate actions.

For example, as COVID-19 was evolving into a global pandemic security teams needed reliable information from trustworthy sources to allow them to properly understand the potential risks it posed as well as to navigate through the plethora of misinformation being spread. Teams using Signal OSINT were able to get this information and take preventative actions, putting secondary measures into place should the situation evolve. In this particular example, extreme action was needed. The security teams first suspended all executive travel to badly affected areas and as the situation evolved into a more serious global crisis they evacuated executives and employees who were overseas, before entirely suspending further business travel.

Without the proper information, the best course of action cannot be pursued. Situations change rapidly and timely intelligence will provide detail on current and future anticipated threats. 

Staff Education

As part of an effective travel security program staff need to be aware of the potential dangers and have the tools and knowledge to minimise and mitigate personal travel risks. Risk can be dramatically reduced with good basic personal security methodology which is often the most cost-effective and efficient way to improve the safety of employees abroad.

Part of this education must be an ongoing effort to share with the relevant parties this real-time information from data sources gathered through tools such as Signal.

Debrief

With properly trained staff, the individuals travelling should be aware of the environment, threats and risks that they are entering. On top of this, as we mentioned above this information sharing should not stop at the briefing, but as the threats evolve the relevant individual needs to be kept up to date so that they can change their behaviour if necessary.

A Planned Response

The fourth aspect of an effective travel risk management plan is having planning a response to all possible crises. In certain locations, some aspects and threats are more prevalent. 

For example, emergency services might be lacking or public transport might be more dangerous. In these cases, proper plans need to be put in place. For the latter, you might arrange a rental car for your executive, or a driver, if the road laws are known to be difficult. These preventative actions remove several potential threats which would be far more costly for the business than the cost of something like a driver.

There must be a pre-identified and rehearsed service in place to ensure an effective and timely response to an emergency.

Three main parts to an effective response include:

1. Prevention – The best security avoids or prevents threats from becoming risks. A good benchmark is to be able to identify the exact location of your employees and be able to effectively communicate with them within 15-20 minutes of an incident occurring.

2. Crisis Management –  If a crisis does happen, the first thing you need is an effective communications channel. Through this, you need to be able to quickly implement plans and processes to manage the evolving crises.

3. Evacuation or Hibernation Plans – If a situation escalates beyond a certain point it may be that security teams need to implement and evacuation or hibernation plan. Which will either have the executive returned home, or hibernate in-situ until the situation changes. An example of a necessary evacuation plan being implemented would be in response to the Corona Virus. With only a little warning it became apparent to those organisations who had teams or individuals in Wuhan China that they needed to get them out of their fast. This situation then escalated rapidly to become a global crises.

Challenges

Travel security and executive protection comes with a number of challenges. It doesn’t look good to put a large amount of money into executive protection, however, there needs to be a balance to avoid potential risks. If an executive is attacked, or involved in an accident whilst abroad then shareholder value may drop, potentially for days, and sometimes the pressure in these scenarios can have negative effects long after the incident.

A situation can change rapidly, requiring a different response even as soon as hours later., which is why having real time intel of an event is so crucial. With the right systems in place and the right tools in the security teams toolbox, threats can be identified, monitored, and effective preventative measures and contingency plans put in place. All of this acts to protect both the individuals and the company involved.

The Role of OSINT in Managing Executive Safety During Travel

The modern workforce is more decentralized than ever. As employees travel or work remotely, it is important to know about potential issues that could impact their safety and security. Signal can assist with early warnings of:

• natural disasters in or near destinations;

• potential travel disruptions;

• terror attacks;

• security threats;

• political or economic indicators.

Signal Open Source Intelligence software allows you to gather real-time data. More importantly Signal allows users to tailor their feeds to get customised data relevant to their particular situation.  Which means instead of having to monitor every part of the web manually you can instead get customised filtered alerts. 

On top of this, Signal risk intelligence software enables users to monitor the surface, deep, and dark web. Many dark web forums don’t allow strangers to access their sites and require authenticated logins which makes it even harder to gain access on to these sites and monitor potential risks that occur in these places which security teams need to be aware of such as data breaches, threats of physical attacks and terrorism.

Learn more about how Signal can improve your executive protection…