Businesses go to great lengths adding layers of security to keep their employees, customers, and organization safe. According to Gartner’s data on IT industry metrics, companies spend an average of 6 percent of their IT budget on security each year.

Access control, video surveillance, fire protection, and cybersecurity precautions usually lead the way; however, safeguarding physical keys and employee-used devices is often ignored as a fundamental element of security. As such, most businesses overlook adding them to their security program, but physical key security and device management should be a priority. Not necessarily because of the value of the key or asset, but because of what the key or asset has access to or authorizes. That’s the greater value, and potentially the greater risk, to an organization.

Craig Newell, Traka Americas ASSA ABLOY’S vice president of business development, sat down with GSX.org host Chuck Harold to discuss Traka’s involvement in Global Security Exchange 2021, taking place 27-29 September in Orlando, FL.

The two discussed how Traka works to understand an organization’s needs and implement a key or asset control system that gets to the heart of each risk and challenge a security and facilities team will face in 2021.

Check out the video to hear more about how key and asset management can extend the reach and value of a physical access control system by:

1. Taking inventory
2. Driving operational efficiency
3. Bridging offline with online security
4. Auditing the process
5. Providing accountability and control

We’ve been through a storm of critical events this past year. There’s a proliferation of data on everything from changing weather patterns to fires, chemical spills and cyberattacks. However, without understanding how these threats will potentially affect your operations, that data is useless.

Thanks to AI and machine learning, validated data can now be correlated with a company’s operations, enabling security professionals to see how employees, customers, suppliers and physical assets will be impacted, in time to make a difference and mitigate damages. This is how mere data alerts are transformed into true actionable intelligence during a critical event – so you can make better decisions and manage risk.

Let’s take a look at five of the top trending risks businesses face today and how AI-powered risk intelligence makes it possible to manage these risks and improve resiliency.

1. Cybersecurity

Ongoing incidents of hacking into U.S. government systems show that no organization is immune to cybercrime. Risk intelligence provides pertinent information about an attack, such as the type of threat, the scope and how it might impact your operations. You’ll be able to respond swiftly, activating the appropriate crisis management team and informing employees and executives about what they need to do to manage the risk. 

2. Post-Pandemic Recovery

The new model of work combines different percentages of remote, in-office and hybrid schedules. To make way for this shift, direct investments into digital transformation are projected to total $6.8 trillion  by 2023. Right now, it’s vital to ensure business continuity and resiliency so the next crisis doesn’t derail progress. This necessitates timely and accurate risk intelligence to tell us what’s happening, collaborative incident management to get everyone on the same page and robust, global communications to keep everyone updated.

3. Infodemic Misinformation

More than 1.1 million articles contained misinformation about the pandemic from January to May 2020, according to a study by Cornell . And COVID isn’t the only topic where this is happening. If your risk intelligence doesn’t filter for valid sources, your data is open to infection by rumors and speculation. AI and machine learning weed out invalid sources, so you’re armed with reliable information. You can focus on protecting your people, places and property and notify employees about the truth using critical communications – before they fall prey to speculation.

4. Severe Weather

Whether it’s a hurricane, wildfire or flood, severe weather events are becoming more frequent and less predictable, not to mention more costly. During the first half of 2021, there were eight weather/climate disaster events in the U.S., with losses exceeding $1 billion each. Fortunately, security and emergency teams can leverage the power of risk intelligence to identify threats using leading global sources like the World Meteorological Organization (WMO) and FEMA. Armed with relevant, actionable data, your organization is better equipped to keep employees safe and informed, and able to take proactive steps to protect facilities and vital business operations.

The Big Picture

By going from mere data alerts to true actionable intelligence, AI-powered risk intelligence enables organizations to respond quickly and effectively to critical events, mitigating the damage and improving resiliency. The trending risks we’ve discussed here are part of the larger, ever-expanding risk landscape businesses must face – the elephant in the room, if you will. To finish eating it, we must break it down into manageable bites. Risk intelligence filtered by AI and machine learning gives us the means to consume everything on our plate while saving room for more, because more is always coming.

OnSolve® looks forward to talking to you more about this topic at the upcoming 2021 Global Security Exchange Conference. Stop by booth #733 to learn more about how the OnSolve Platform for Critical Event Management can help you manage risk and build resilience for the remainder of this year and throughout the next.  

By Sam Joseph, Co-Founder and CEO, Hakimo

The physical security threat landscape has undergone considerable changes over the past few years. COVID-19 has led to increased crime rates, insider threats are at an all-time high, and labor costs have risen sharply. Things have reached a point where physical security can no longer be just confined to gates, guards, and guns. Continuing the status quo is not only impractical but also makes the enterprise vulnerable to new threats.

Fortunately, there have been some recent technological advances that the security industry can leverage to overcome this crisis. The most important one is artificial intelligence (AI), especially around computer vision and deep learning. Today,  AI can analyze any piece of video and understand the context therein — in most cases better than a human. A second technological advancement has been around data analytics. We now have tools that can analyze billions of events in real-time, correlate different datasets, and provide actionable insights into them. When these advancements are applied to enterprise security, many long-standing problems can be solved and many new efficiencies can be uncovered.

Solving false alarms and tailgating in GSOCs

Two problems are endemic to any enterprise Global Security Operations Center (GSOC): access control false alarms and tailgating. With the steadily increasing labor costs, GSOCs can no longer afford to “just throw more people” at the first problem. Worse, GSOCs missing real breaches due to alarm fatigue have become commonplace in the industry with increased crime rates during COVID. Regarding tailgating, the security technology industry has been battling this problem for many decades without much success.

Both these problems can be solved by leveraging AI and analytics. For example, Hakimo does AI processing on the video corresponding to every door alarm and automatically resolves false alarms without any human intervention. The same principle is used for tailgating detection. In fact, Hakimo’s tailgating detection algorithms have a false-positive rate of less than 1% which is not only the best in the market but also beats the performance of traditional hardware-based systems (such as laser beams) by a significant margin.

Going from massive amounts of data to actionable insights

Physical security systems have been generating massive amounts of data: an access control system at even a mid-sized enterprise company generates hundreds of millions of events every year. This data has been sitting idle for all these years because there were no practical tools that could be used to make sense out of this data. Things are changing now. Modern data analytics tools such as Hakimo Insights can parse through billions of events and point out specific anomalies and actionable insights. For example, we could now detect an employee badging in at an unusual door or at an unusual time (a potential indicator of insider threat, which has been an important recent security challenge as mentioned in the beginning).

These data analytics tools can not only add value to physical security teams but also enable those security teams to give value back to other teams within the broader organization. For example, a tech company’s GSOC recently used modern data analytics tools to track building utilization over time. That data was then transferred to the facilities team who decided which building to downsize and which buildings to expand.

Enabling the convergence of cyber security and physical security

One hallmark of bringing these new technologies into the physical security world is that it accelerates the convergence between cybersecurity and physical security. Convergence—the idea that cyber and physical security teams should work hand-in-hand instead of being siloed out—is the future of security, and many organizations are rapidly embracing the idea after realizing its clear ROI.

There’s also a clear pattern between the emergence of Hakimo-like tools and the emergence of some specific cybersecurity tools more than a decade ago. In the late 2000s, cybersecurity systems were generating so many alerts that humans were not able to keep up with them, just like today’s GSOCs. This then led to the invention of platforms such as SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) which streamlined and automated the processing of those alerts. Tools like Hakimo are bringing such smart automation tools now to physical security.

To conclude, the physical security landscape is undergoing tectonic changes that lead to serious challenges for security teams. Technology is the answer to those challenges, and security teams that don’t adopt technology will not be able to overcome those challenges and thus will be incapable of surviving the recent changes. On the other hand, teams that leverage technology can use the same challenges as a driving force that transforms them into a more efficient, effective, and converged security organization.

Sam Joseph is the Co-Founder and CEO of Hakimo, a technology company that makes smart software for enterprise physical security monitoring. Visit Hakimo at Booth #1869 at GSX 2021 to learn more about Hakimo’s products.

By Fred Burton, Executive Director, Ontic Center for Protective Intelligence

Reflecting back on my decades of experience in the protective intelligence field, I have consistently seen programs that were lacking one key and very important ingredient: threat assessments. Even the times a program had both, they were often displaced in silos and not shared across teams or with other key players, like HR or Legal. I’ve seen this happen for a range of reasons, but primarily because there hasn’t been a tool that seamlessly integrates the two components, and not everyone recognizes the value, nor understands how to integrate the models.   

This is precisely the reason why Ontic recently acquired SIGMA Threat Management Associates.  Our collaboration brings Fortune 500, emerging enterprises, education and government organizations the ability to unify the threat assessment practice with technology, creating a single platform for managing threats, workflows and assessments. 

What is a threat assessment?

Threat assessments are foundational tools protective intelligence teams use to establish the threat posed to a specific person, company, event, location, or facility. Threat assessments are conducted to create as complete a picture as possible of the threat landscape, such as factors that could bring hostile attention to the subject, any current threats, the universe of potential threats, and threat actors, as well as the general threat environment.

By identifying, analyzing and describing the existing threat level, assessments help you understand the threat landscape and are useful tools for determining the appropriate security measures needed to protect against the identified or potential threats. Not one style fits all, therefore, security processes and procedures must also be implemented in accordance with corporate or personal risk tolerance, as well as lifestyle, corporate culture, business operations and budgetary considerations. 

It is also important to recognize that while threat assessments provide a foundational understanding of the threat, they are not static. They must be responsive, living documents that reflect changes in the potential target’s situation and environment.  In a perfect world, baseline threat assessment should be updated quarterly, with full, ground-up re-assessments annually.  

Elements of threat assessment

While these examples are specific to a person, they can also be applied to a company, event, location, or facility. Here are four key elements to consider: 

1. Subject profile – If they are well known and have controversial business dealings or social activity they are far more likely to attract the attention of threat actors and are more easily recognized as they proceed through their normal daily activities.

2. Documented and potential threats – Known and documented threats also play an important role. Such threats should include persons of interest (POIs) such as abnormally angry customers, disgruntled former employees, unstable individuals who have an abnormal focus of interest in the company or executive, including family members. The communications of such individuals should be monitored and curated for future reference.

3. Physical environment – Assess the subject’s work and home environment, where the company operates, and areas that must be regularly traversed to get from home to work or are otherwise frequented. It is important to gain an understanding of the criminal, civil and natural disaster threats and vulnerabilities associated with those locations.

4. Current security measures – This would include security training provided to the subject, a driver or a protective detail. This should also account for residential security, estate staff and physical security measures in place at the office. The security measures in place can then be weighed against the assessed threat level to determine if they are sufficient and appropriate.

Digitizing your threat assessments

The physical security industry has experienced a massive shift in the last couple of years largely fueled by new responsibilities driven by Covid health and safety and a complex threat landscape, as a result of political turmoil and social unrest.

Now more than ever, corporations need technology solutions that not only provide a comprehensive view of the threat landscape and surface critical knowledge but also guide action — specifically, the identification of threats, gathering of information, assessment, creation and implementation of plans for addressing threats.  

SIGMA’s Workplace Threat Assessment Module, integrated into the Ontic Platform, can help visualize and guide decisions around identifying incidents of concern; gather the necessary information through investigative research and interviews; assess the level and urgency of the threat; and guide the appropriate actions to manage and mitigate the threat.

To keep up with the future of protective intelligence and threat assessment, we must strip away the disparate data sources and manual processes and adopt technology that allows us to do all of this in one single pane of glass. 

Interested in learning more about the role threat assessments play in helping security teams see the complete picture of the existing risk level? Visit Ontic at Booth 933 at GSX 2021, or check out this Ontic whitepaper: The Role of Baseline Threat Assessments in Protective Intelligence.