One of the consequences of the COVID-19 pandemic and the accompanying global economic downturn is that businesses are increasingly becoming targets of online and physical threats. Such attacks can cause great harm to the target, whether it is a company, an executive, or an employee. The question then is: what can companies do to mitigate this risk?
On March 16, Global Guardian hosted a webinar, “Managing Physical and Online Threats: Mitigating Risk in Today’s World,” to address this issue. The panelists included John Wyman, Unit Chief of the FBI’s Behavioral Threat Assessment Center (BTAC); Michael Ballard, Director of Intelligence at Global Guardian; and Michael McGarrity, Vice President of Global Risk Services at Global Guardian. Global Guardian CEO Dale Buckner moderated the discussion. To watch the full webinar, click below or scroll down to view our post-webinar recap.
A 'Challenging, Threatening Picture’
Homicide rates went up at an alarming rate across the United States in 2020. As the world went into lockdown in response to the pandemic and businesses shifted to telework, cybercrime also spiked with scammers targeting vulnerable victims working from home on largely unprotected networks. Wyman described the threat picture as “rapidly evolving and broadening.” He attributed this to a combination of technology, personal ideologies and belief systems, and the actions of foreign adversaries.
As a consequence, he explained, the “attack cycle” has been accelerated —“different threat actors are competing with others for some of that national attention and they can use technology in a way that can drive home their message in ways that they haven’t been able to do so in the past.”
Technology has given people the opportunity to be “inspired, enabled, directed” by foreign and domestic adversaries to conduct attacks, said Wyman. It has also given people an opportunity to learn how to “conduct their attacks and to conceal their activities.”
Attackers motivated by different belief systems and ideologies, conspiracy theories, political unrest, personal grievances, and even personal stressors are increasingly resorting to violence. Wyman explained how his team has seen from research and operational experience that attackers sometimes use their ideology as a “cloak” over their personal grievances and desires to commit acts of violence.
On top of these two factors is the threat posed by foreign adversaries that seek to exploit the ability of technology to “spur action by our citizens [in the United States] in relation to things such as social unrest or even the global pandemic,” said Wyman.
In all, Wyman sees “a challenging, threatening picture.” But, he added, “in the end, the people that conduct these attacks are doing them for their own highly individualized and personalized reasons.”
While acts of violence cannot be predicted, they can be prevented. “One of the best ways to do that is through early recognition and reporting, threat identification, and [to] get as far left of the attack as possible,” Wyman said.
Identifying and Managing the Threat
The panelists suggested the following ways to deal with threats:
- Understand the threats to your infrastructure, people, or assets.
- Identify the presence of what Wyman described as “ideological lightning rods” that are causing potential attackers to focus on your infrastructure, people, or assets.
- Determine if there is an opportunity for a personal grievance to develop in connection with your business. Such grievances, Wyman said, may have been exacerbated by the pandemic. “Real or perceived is the key. It doesn’t have to make sense to us… it’s really what makes sense to the person of concern,” said Wyman.
- Pinpoint online threats. “Individuals who are considering and contemplating violence are going to leak out, oftentimes, information indicative of a potential future attack,” Wyman said. These are not necessarily direct threats, rather they are more nuanced. While online postings often foreshadow a violent act, dealing with this threat requires cutting through the white noise of the internet and honing in on those who pose a threat, said Wyman. “Bystanders,” those around the offender, are critical in this effort. McGarrity said having a system in place in a company where people can report information in a holistic way, whether anonymously or not, is also important. This, he explained, “will really provide the duty of care to all of your employees whether they are in the office or at home.”
- Put in place a system to triage and assess the threat. Wyman said such a system will allow companies to “focus our limited resources on the true threats.” He recommended an “intelligence-driven mindset where we are collecting information and we are connecting the dots.”
- Recognize when the magnitude of the threat surpasses the capabilities of your own team and call in additional help, if needed. The FBI has threat management coordinators across the United States and is standing up threat assessment and management teams that can work with law enforcement partners, but also community stakeholders, including businesses.
- Ensure a “positive handoff” to law enforcement partners. Wyman and McGarrity emphasized the importance of such a handoff with trusted partners; this gives law enforcement the ability to take action and “really supplement your efforts,” Wyman said. (See below for tips on how to prepare a positive handoff.)
Mitigating Online Threats
Cyberattacks are on the rise and new risks are constantly emerging as a consequence of the unprecedented changes in the way companies have been forced to do business during the pandemic. Additionally, the degree of public exposure has become magnified as a consequence of social media. In fact, Buckner noted, in today’s world it is no longer possible to “fly under the radar.” He predicted that the threat picture, as grim as it is today, will only get more complicated.
One of the services Global Guardian provides its clients is to help them manage online threats. It does this by, among other things, monitoring social media and the dark web—a repository for social security numbers, credit card information, credentials, etc., that have been stolen in large data breaches, and a platform for nefarious activities—to determine if an incident of online harassment has the potential to escalate into a threat to life. Once identified, Global Guardian monitors the perpetrators of these threats to ensure its clients’ safety.
“If you’re not in the dark web, you are not truly looking into the threat actors that are out there,” said McGarrity. While acknowledging that hate is not a crime, he added: “You still want to know if someone hates you because, frankly, that’s a data point” for corporate security.Global Guardian also assesses the online exposure of its clients by the clients themselves—often done unwittingly through social media posts. Ballard cited the example of a client whose personal information was breached and posted on Stormfront, a neo-Nazi online forum. In this case, Global Guardian profiled the targeted family, identified security weaknesses, deleted the family’s Facebook account, and monitored the individual who posted the information on Stormfront to ensure they did not pose a physical threat to the client.
Mitigating Physical Threats
Physical threat mitigation is intertwined with intelligence, said McGarrity. “If you are really doing it well, your intelligence is feeding your operations; you are scaling your resources, your strategies to mitigate that risk.” But, he added, physical measures such as guards, cameras, and remote surveillance also gather intelligence which should be fed back into the mitigation effort.
McGarrity pointed to the threat posed by “keyboard warriors” who can instigate a physical attack. “You want to get out to that threat to identify and understand it… so you are best informed whether it is a conspiracy or it’s a single actor and what their true intentions are,” he said.
It is the ability to identify whether the source of the threat is a “keyboard bully or is this actually going to cross over from an online threat to a physical threat” that is “the secret sauce,” said Buckner.
When there is a threat to life, McGarrity said it is essential that law enforcement immediately be informed. He also recommended reaching out to social media companies in such instances. Over the years, he said, social media companies have become more active in addressing threats posted on their platforms. In order to mitigate physical threats, McGarrity suggested several measures to include physical protection, leveraging technology through remote monitoring and assessing whether a “knock and talk” by a security agent with the threat actor could mitigate the threat. McGarrity advised a careful assessment of the risk before taking such action in order to avoid inadvertently triggering an incident.
What’s At Stake?
Online threats can affect brand reputation, said McGarrity. They can also result in serious financial and physical harm.
In terms of corporate security, McGarrity said there is an increase in demand for threat mitigation action as a consequence of the pandemic. With many people currently working from home—not necessarily within commutable distances from their offices—“you now have C-suite executives and principles moving into resort type areas that may or may not have the infrastructure to properly secure them,” said McGarrity.
Buckner suggested companies minimize exposure by “divorcing” physical assets from corporate executives. He noted, for example, that corporate jets are increasingly being put in holding companies away from company headquarters.
An Ideal ‘Warm Handoff’
A corporation’s chief security officer, human resources director, and chief information security officer have to be tightly integrated to deal with threats, said Buckner. But once a company identifies the seriousness of the threat it faces law enforcement should be brought in.
McGarrity advised documenting the threat in an email or a tip line in order to give a “warm handoff” to law enforcement. Doing so “memorializes” the incident and “puts [law enforcement] on the hook to do something,” he said. This information should also be provided to authorities in instances where the person being monitored is already the subject of an investigation, regardless of whether or not the actions in both cases are related, he added.
Wyman recommended some ways companies can ensure law enforcement has enough to build on in the event of a threat. These include:
- Gather as much information as possible about the source of the threat.
- Identify if there are any personal connections between that individual and the company. “Is there a personal grievance that is driving them?... That’s an indicator,” said Wyman.
- Monitor for activities that go beyond online threats to become a physical threat.
Most of all, trust is key. Wyman said corporate security directors should develop relationships with FBI threat management coordinators. “That is a good relationship to have,” he said. Further, Wyman suggested companies can work with the FBI threat management coordinator to identify FBI agents and prosecutors who are comfortable working stalking cases which can be unique in the way they are investigated and prosecuted.
In the end, “risk is something that’s always going to be out there… You are never going to get rid of it,” said McGarrity. The question is, he added: “What are you doing to navigate that risk?”
McGarrity suggested identifying risks that are up front and getting ahead of threats that are over the horizon. “You want to have a proactive mindset, not just a reactive” one, he said.
STANDING BY TO SUPPORT
The Global Guardian team is standing by to support your security requirements. To learn more about our threat management and customized security services, click below or call us at + 1 (703) 566-9463.