The sheer volume of information generated by hostile actors can be difficult to sift through. For most organisations, the first solution is usually a technological one. Head of Protective Intelligence, Michael Lubieszko, explains why this is not enough to deliver actionable intelligence - and what you need in place instead.
The volume of data generated every minute is staggering. In 2020, across a 60-second period, approximately 41 million messages were shared by WhatsApp users, 347,000 stories were posted on Instagram, and 150,000 messages were shared by Facebook users. The latest estimate suggests 2.5 quintillion bytes of data is created each and every day - and 90% of the world’s data has been created in the last two years alone.
But data alone has no inherent value to corporate security professionals. It needs to be transformed into insights to realise its full potential. So how do you leverage these rich seams of data to spot contemporary or emerging threats against you and your organisation, and how do you do this with a high degree of confidence and agility in order to deliver the intelligence necessary for your executive board to make effective strategic decisions?
In essence, how do you consistently sift through the noise to find what matters to you?
Data is… just data
Your first solution is likely to be a technological one. The marketplace is awash with automated scraping tools that promise to identify, extract and deliver information. And many of them do this job well, plugging in pre-determined boolean regular expressions to drag back information from myriad sources or through cunning exploitation of API accesses.
But a technological solution alone is not the panacea it purports to be. Crawlers will break. They need perpetual maintenance to adapt to changes in HTML structure, content layout or API access. And ultimately, some websites simply don’t want to be scraped.
Even if you do deploy an automated scraping tool, you must be fully aware of its limitations in the same way that the Butler Review stressed the importance of understanding the limitations of intelligence. Despite presenting a smart interface, the data scraping can still be blunt and unwieldy and require a huge input of time and resources in order to bring back relevant information.
Regardless of the level of skill wielded, a data scraping tool still does not provide anything other than data. And that data still then needs to be transformed into insights and actionable intelligence in order for it to assist with decision-making. For you and your team, this can be a time-consuming drain on resources.
The limits of human input
If technology isn’t the solution, how about a team of geopolitical analysts? Academic understanding of terrorist groups, their targets, tactics and inner workings has never before been so comprehensive, thanks partly to the volume of material actively shared by these groups and actors across social media platforms. But a contextual understanding of geopolitics does not always translate exactly to the specific threats facing you and your organisation and ultimately the end product that you place in front of your decision-makers.
And someone still needs to collect and monitor the data. The simply unimaginable volumes cannot be confidently exploited by a team of analysts alone.
So, how can you sift through the noise effectively and efficiently and unlock the value in that data?
A hybrid solution
The solution is straightforward: to hunt down, assess and monitor threats against your organisation effectively, you must combine human agency and world-class automation. The automation allows vast amounts of data to be collected quickly; and a team of expert analysts can transform this raw information into actionable intelligence on your behalf, saving you time, cost and resources.
At Dragonfly, we call this Protective Intelligence. This bespoke, human-led solution delivers actionable assessments that help you understand and mitigate your specific threat landscape.
The blended approach of human agency and automation is inherent in, and guides, all stages of our process. And it’s all underpinned by robust intelligence methodology, extensive subject matter expertise and practical experience of assessment gained from working in police, government and military intelligence communities.
For example, we use world-class automation tools to mine data, which - combined - are often beyond the reach of even well-resourced organisations. But our team of intelligence analysts defines bespoke collection requirements, applying human expertise to the process in order to produce more relevant results. One client in the extractive space, for example, asked us to monitor threats against more than 15 physical locations. We used our geolocation capabilities to direct our collective resources to cover those sites, and working with the client deliberately targeted forums and channels frequented by extremists who were of most interest to them.
Our team then provides the assessment, the “so what” which no computer can give you. This includes evaluating context and determining source reliability before applying structured analytical techniques to assess the intent and capability of threat actors, and how different scenarios could progress in future. So the reports you receive don’t present disparate information, as you get from a web crawler; instead, they deliver the actionable, timely, forward-looking insights you need to take well-considered operational decisions.
The intelligence you receive is easy to understand, firmly grounded in context, and deliberately written to inform your decision-making process. We tell you only what matters to your organisation, working with you to understand what you want to know.
Get the precise intelligence you need to protect your organisation
As your threat landscape and needs evolve, we adjust, so we are always aligned on what is considered “noise” and what intelligence meets your reporting thresholds. For example, after delivering a baseline assessment, we stopped regular reporting on the actions of a protester demonstrating regularly in front of the headquarters of a global NGO, as at the time he did not pose a credible threat. However, we continued monitoring him to ensure our assessment remained valid, and when his activities became more sinister, we alerted the organisation so they could take decisions about how to handle him and his new threat vector.
And if you’re really pressed for time? Every report starts with an intelligence summary, highlighting the key points, so you can not only access them quickly but also convey them easily to senior decision-makers.
All this saves you time because you or your team no longer have to do the collection and analysis yourself. Rather, you can focus on taking proactive operational decisions and more strategic issues. You save on costs, accessing a rich array of world-class tools and a highly skilled team with immediate effect.
Most importantly, by combining automation and human agency, we can reduce 2.5 quintillion bytes of data to the precise intelligence you need to protect your people, your brand and your assets, to the exclusion of all else. Finally - you’ve sifted through the noise.
To find out more about how Dragonfly's Protective Intelligence service can help you, get in touch with our specialists today.
Michael Lubieszko is Head of Protective Intelligence at Dragonfly.
Image: Aerial view showing abortion rights activists gathering outside the Argentine Congress in Buenos Aires. Photo by Emiliano Lasalvia via Getty Images.