There was a time when only the military had to concern itself with scanning the horizon for potential dangers. But in our current period of an ever-expanding set of global threats, most organizations would benefit from developing a system for actively monitoring potential threats to their operations and assets.
Related on MHA Consulting: Driving Blind: The Problem with Skipping the Threat and Risk Assessment
The Need for Threat Intelligence
Traditional business continuity methodology leans heavily on the threat and risk assessment or TRA, in which the organization identifies potential threats and ranks them in terms of likelihood and potential impact.
We at MHA are big believers in the value of TRAs. They help organizations anticipate, avoid, and prepare for impacts, saving money and improving resiliency.
However, there is a case to be made that assessing threats on an annual basis is no longer sufficient. In recent years, we have entered a uniquely tumultuous period, one characterized by weird weather, global conflict, and heightened supply chain vulnerability, among other challenges.
In this new environment, the old approach—identifying the top ten threats then waiting for something to happen—is no longer adequate.
Most organizations today would benefit from developing a capability that has previously been of concern only to the military: the ability to continuously monitor the horizon for threats to the organization’s people, processes, facilities, and technology.
In other words, a threat intelligence capability.
Defining Threat Intelligence
What is threat intelligence? Simply put, it refers to the process of gathering and analyzing information about potential risks and threats that could impact the organization’s operations, assets, and overall resilience.
Threat intelligence takes place in real time. The monitoring and assessment are frequent, wide-ranging, proactive, and engaged.
Threat intelligence empowers organizations to proactively identify, assess, and mitigate risks associated with threats of all types, thus helping them protect their assets, reputation, and business continuity.
The reason for monitoring threats is to enable the organization to take educated actions to avoid them or mitigate their impact.
The threats identified might be in your own city or region or originate halfway around the globe.
Here are some examples of the kind of threats organizations should be on the lookout for:
- Threats posed by individuals or groups with malicious intent. Could include anything from the angry spouses of employees to disgruntled workers to trolls on social media attacking your reputation to domestic political extremists to terrorist groups located on the other side of the world.
- Threats related to natural disasters such as hurricanes, earthquakes, floods, wildfires, heat waves, and pandemics.
- Threats related to environmental hazards that might occur in the vicinity of the organization’s facilities: train derailments, plant explosions, chemical spills.
- Threats posed by cyberattacks: ransomware, data theft, and the rest.
- Threats affecting access to one’s facilities caused by road construction, accident, or political unrest.
- The threat of utility or network outages.
- Threats to the organization’s supply chain, whether as a result of pandemic, political tension, the blockage of a key global shipping chokepoint, or what have you.
Threat intelligence is the art and science of creating a system and network for gathering, analyzing, sharing, and acting on information pertaining to these kinds of hazards in real time.
Developing a Solid Threat Intelligence Capability
How can your organization improve its threat intelligence capability? By creating a funnel.
The information must be collected from many sources and channeled to a central point, a threat intelligence center. There the data is synthesized and analyzed, with the most salient threats being brought to the attention of key decision-makers.
At the funnel’s narrow end, representatives from departments such as business continuity, security, facilities, operations, manufacturing, and finance analyze and sift the information received. They also make regular status reports to senior management (whether it’s to say, “Nothing’s happening” or “We need to keep an eye on X”).
The broad end of the funnel should take in information from a variety of sources, ranging from human tipsters to government websites. The following are a few of the sources organizations can look to for raw intel about the threats they face:
- Federal government websites such as those of the National Weather Service, National Oceanic and Atmospheric Administration, National Hurricane Center, U.S. Geological Survey Earthquake Hazards Program, and Department of Homeland Security.
- Websites for state and local public safety, transportation, and emergency management agencies.
- Reliable news-gathering organizations.
- Human tipsters. Employees, neighbors, customers, delivery drivers, vendors. Organizations can benefit by telling their employees, “If you see something, say something.” Threat intelligence centers should be prepared to receive information through every possible vector (phone call, email, etc.) and treat tipsters with respect.
- Private companies providing threat intelligence. These range from companies providing specialized satellite and weather service to full-service threat intelligence firms that monitor and provide regular updates concerning any threat that might affect any of the organization’s facilities, anywhere in the world.
The good news about developing a solid threat intelligence capability is, it’s pretty easy to do.
At the current time, the threat landscape is unusually challenging. However, quality, detailed, real-time information about the threats our organizations face has never been easier to come by.
Scanning the Horizon to Protect Your Organization
In today’s turbulent times, it is essential for organizations to develop a robust threat intelligence capability. While traditional methods like annual threat and risk assessments are valuable, they no longer suffice in the face of increased global instability and the rise in extreme weather.
Threat intelligence involves continuously scanning for potential risks and threats in real time, enabling organizations to proactively identify, assess, and mitigate risks. By establishing a funnel system to gather information from multiple sources, organizations can synthesize and analyze data to highlight the most significant threats. With the abundance of easily accessible real-time information, building a solid threat intelligence capability has become more feasible than ever before.
For more information on threat intelligence and other hot topics in BCM and IT/disaster recovery, check out these recent posts from MHA Consulting:
- Early Warning Systems: Giving Your Organization a Heads Up
- Weird Weather: How to Be Resilient In a Time of Climate Chaos
- Driving Blind: The Problem with Skipping the Threat and Risk Assessment
- Weighing the Danger: The Continuing Value of the Threat and Risk Assessment
- A BC Consultant’s View of the Risks of Generative AI