As security strategies become more complex and digitized, it makes sense for large organizations to hire a third party to overcome expertise gaps and resource constraints. Security service providers are an attractive option to replace or complement in-house teams.
Many service providers specialize in different technologies and solutions for clients—from security camera technologies to remote guarding. Some also offer risk assessments, which ensure that a customer’s unique requirements and vulnerabilities are understood and addressed.
Beyond traditional security technology, software that gathers and exposes open-source data is becoming more valuable for assessing physical risk, especially as public web spaces are often the earliest source of immediate threat alerts and adversary planning.
As a security service provider, how can you leverage security technology to access this data and provide strong risk assessments for your customers?
Physical security requirements are evolving fast
Physical security services and requirements have changed rapidly since the outbreak of COVID-19. Both security services’ and their clients’ priorities have changed, and many security challenges are now addressed remotely.
According to a 2020 report by Genetic, the top three concerns for security service companies are employee and visitor safety, physical security threats, and remote security management. Remote workforces have left facilities more vulnerable to break-ins and vandalism. And organizations must monitor supply chain safety and assess on-premises foot traffic and physical distancing.
COVID-19 has also heightened information security risks as adversaries exploit social unrest and remote workforces through phishing, ransomware, and other online attacks. Since physical security technology relies more on digital systems, organizations must also consider cyber threats in their physical security posture.
In recent years, online networks have also been leveraged to plan physical attacks against target organizations and personnel. Beyond cyber threats, monitoring online chatter is necessary to stay ahead of threats posed by radical individuals or groups who may target an organization’s assets.
Security teams certainly have their hands full in the post-pandemic world. Not only must they deal with new security concerns and consider cyber-enabled threats—they must do so remotely. Security teams are also increasingly challenged by efficiency. According to Brivo’s 2020 Halftime Report, 42% of physical security professionals see increased convenience as their biggest priority—and 62% are challenged when it comes to gathering security data and extracting insights efficiently.
Accurate risk assessments help avoid damages
Enterprises may be unsure of how their current security planning and technology holds up to these new challenges. They rely on security service providers to assess which of their assets are at risk, how they are likely to be compromised, and which security solutions are best suited to their needs in 2021 and beyond.
Without providing timely, accurate risk assessment, service providers can create blind spots in their clients’ security posture. As security threats evolve quickly, there is more room for oversight—especially as emerging risks now often hide within sources not previously considered for physical security assessment.
For example, risk assessments can incorporate online sources, like social media data, to evaluate vulnerabilities. Imagine that radicalized users are planning an attack against your HQ on a web forum—or that an executive’s home address and family data was leaked on a paste site. Without a risk assessment to understand their weak spots, organizations may face avoidable damage to their personnel and physical assets—as well as reputation damage, financial loss, and data compromise.
Physical security alert identified by the Echosec Systems Platform.
Why your risk assessment service needs online data
How can you, as a security service provider, develop effective risk assessments for your clients?
Assessments must be supported by clear data and insights unique to the target organization. This includes information related to their existing security infrastructure and any vulnerabilities to their people, information, property, and reputation. While this is often gathered through client communications and surveys, access to publicly available information (PAI) greatly improves the accuracy and breadth of your risk assessment and helps avoid blind spots leading to damage. What does this look like?
Compromised physical security information on a social networking site
PAI includes sources like social media sites (both mainstream and less-regulated), as well as deep and dark web content. These sources can uncover:
- Conversations or data leaks compromising an organization’s physical security. This could include groups planning attacks or insiders leaking infrastructure maps and other security system information. This activity occurs on less-regulated or anonymized networks like imageboards and dark web forums.
- On-the-ground alerts coming from in or near critical locations. Geotagged data often reaches social media faster than other alerting systems for locating break-ins, foot traffic patterns (for contact tracing), active shooter scenarios, and other incidents.
- Data leaks or cyber risks that could compromise physical security systems. Deep and dark web forums and paste sites often host the earliest indicators of a data breach.
Specialized security technology is required to locate this information on the web (much of it is unindexed) and generate key data analytics for risk reporting. By investing in online data discovery solutions, security service providers are better positioned to understand a client’s risk profile and deliver more customized solutions.
According to industry data, physical security priorities are swiftly changing and organizations need to adapt fast. As a security service provider, your customers are looking for innovative security technology to protect their vulnerable assets in the post-COVID era.
PAI sources are becoming more relevant for detecting targeted physical and digital risks. Service providers must invest in technology-enabled data access to ensure their clients get comprehensive, accurate assessments in this new landscape. This will help organizations avoid risk oversight that impacts the security of their people, information, infrastructure, and reputation.
Are you a security provider offering client risk assessments?
Find out how you can provide a more competitive offering.