How to Evaluate Threat Intelligence Providers & Business Solutions
There are significant differences between threat intelligence solutions that every buyer should understand before selecting a provider.
If only we could predict the future, it would be far less difficult to plan for it.
The unpredictable nature of the modern threat landscape makes it much harder than ever before to keep your employees safe and your business running. Take cybersecurity for example. Most organizations know abstractly that cyberattacks could potentially be an issue. But do you know how to spot phishing or malware attempts? Do you understand your risk level for a ransomware attack? Do you have a plan for IT incident response?
Cyber threats are just one of the many potential hazards your business faces. Disruptive events come in various forms and can occur in minutes or over multiple years. And because there is no way—even with the best preparedness plans—for safety and security teams to prevent every threat, business leaders increasingly are thinking about organizational resilience using a different measure of success: speed of response.
When it comes to emergency response, speed is everything. How quickly can you identify potential threats? How quickly can you initiate a crisis communication plan? How fast is your response that ensures your people’s safety?
While there are many ways organizations can improve emergency preparedness—from updating comprehensive preparedness plans to regularly conducting tabletop exercises—the world’s most resilient organizations are constantly looking for ways to accelerate how they detect, validate, and respond to any threat to their people or business.
In this post, we’ll discuss how a modern threat intelligence and risk detection solution can help you identify threats faster—and what to look for when evaluating solution providers.
Examples of the Modern Threat Landscape
Threat intelligence, also referred to as “risk monitoring” or “risk intelligence,” broadly encompasses the practice of using available threat data sources to detect, mitigate, and respond to emerging threats and unfolding events with the potential to impact employee safety or disrupt normal business operations.
The best way to understand your organization’s specific risks is to run a threat assessment. This exercise will give you an idea of the specific risks you need to prepare for. The best approach to understanding the business impact of the disruption is to conduct a business impact analysis. This analysis prioritizes resources and determines the best approach to disaster recovery for your organization.
Understanding your organization’s current risk assessment capabilities will help you find the right risk intelligence system that fits your needs. Here’s how to tell where you stand.
Signs of LOW risk assessment
Companies with low risk assessment capabilities typically err in one of two ways.
Some companies assume too narrow of an impact. For example, if a winter storm is coming through the city of their headquarters, they may tell all the employees who work in that office to stay off the roads and not come into the office. But they may forget about how the blizzard could impact their business travelers who are coming in or flying out that day. Or they might fail to consider the impact on assets—like equipment—that need to be protected from the cold.
Other companies assume too broad of an impact. This is certainly better than the former, but it is still problematic. When a threat emerges, these companies will default to always contacting everyone—no matter which office or department they’re based in. This may seem like “playing it safe,” but the reality is that this poor internal communication practice will cause notification fatigue over time. If your employees are constantly getting alerts for risks that don’t impact them, they will become desensitized to the warnings.
Signs of HIGH risk assessment
Companies with high risk assessment capabilities have processes in place to determine the precise impact of every threat. This allows them to zero in on the specific people and assets they need to focus on. These companies avoid notification fatigue but also don’t let at-risk employees slip through the cracks.
We covered how threat intelligence helps to keep your business running on the level of cybersecurity. But organizational security requires more than just cyber threat intelligence. Here are a few examples of other threats and use cases where a modern threat intelligence product would provide actionable insights and real-time intel:
Security and facility safety incidents
Ensuring safety for your on-premises employees is a clear requirement, but threat protection also extends to any sites where workers are, including remote workers and those traveling off-site. Organizations must account for a wide range of risks that impact facility security and protection—whether they have a single office or a global multi-location business. Examples include:
- Active shooter incidents: Tragically, active shooter scenarios remain a significant threat in the U.S. and other countries. Since 2017, there has been a 96.8% increase in these events and a huge jump in fatalities.
- Workplace fires: According to data from the National Fire Protection Association (NFPA), a fire is reported somewhere in the U.S. every 24 seconds. Of these incidents, approximately one-third of fires occur in or around structures, accounting for significant loss of life and property damages in excess of $12 billion annually.
- Civil unrest and public demonstrations: Between 2011–2018, the global number of public demonstrations and reports of civil unrest doubled, with more than 4,700 non-violent protests and 2,200 riots reported in 2018 alone. And these incidents have only increased since the pandemic.
Health and environmental threats
From chemical spills, dangerous materials, and pollutants to the risk of infectious diseases in a given region or community, employers must continually monitor employees’ working conditions to reduce their exposure to potential hazards. Some of the most common categories of external threats organizations should monitor include:
- Infectious diseases and outbreaks: While the COVID-19 pandemic brought into focus just how disruptive contagious diseases can be to organizations worldwide, it is just the latest example of why pandemic preparedness is essential. As employers and employees alike grow accustomed to the increased risk of airborne illnesses, the ability to rapidly spot potential outbreaks and high-risk areas will continue to grow in importance.
- Environmental hazards: From chemical spills and dangerous materials to poor air quality, employers must continually monitor employees’ working conditions to reduce their exposure to potential hazards. The World Health Organization estimates that air pollution causes more than 7 million deaths every year worldwide—with approximately 90% of people regularly breathing air that exceeds WHO guidelines for acceptable pollutant levels. As the world’s population grows, health experts anticipate a higher risk to anyone working in locations prone to smog and other air-quality hazards.
- Natural disasters: From earthquakes and tsunamis to volcanic activity and rapidly developing wildfires, natural disasters can create mass destruction with little notice. More than 1,300 earthquakes with a magnitude of 5 or more have occurred every year since 2000, causing upwards of $3–4 billion annually in economic losses.
Severe weather events
Severe weather poses an ongoing risk to businesses of all sizes—no matter the industry or location. And this risk is growing. Weather-related disasters have increased five-fold in the last 50 years. With a modern threat intelligence solution, business continuity, HR, IT, facility, and other leaders can quickly see when and where significant weather events are happening. For coastal businesses, threat intel may be used as part of hurricane preparedness. Similarly, companies with employees and facilities in the Great Plains may use threat intelligence to initiate emergency communications to employees about tornado warnings, high winds, or other dangerous conditions.
While weather-related information is widely available from sources like the National Weather Service, the National Oceanic and Atmospheric Administration (NOAA), and countless private storm-tracking services, enterprise threat intelligence platforms take this a step further by providing a longer-term view of emerging weather, often providing several days advance warning on large storm systems. Additionally, by connecting weather information to real-time location data, these solutions can pinpoint potential risks—such as the number of impacted employees and facilities within the forecast area—so that businesses can make informed decisions about safety precautions or work shortages.
Organizational Benefits of Threat Intelligence Services
Organizations are challenged with balancing their duty of care obligations and the need to keep operations running smoothly. Considering the many hazards threatening your employees and assets at any given time, around-the-clock manual monitoring of all events would quickly overwhelm your resources.
For that reason, purpose-built security tools like threat intelligence solutions are rapidly becoming the preferred option for businesses that want to improve their safety workflows, increase situational intelligence, and accelerate their emergency response.
Here are a few key benefits of using a third-party threat intelligence solution:
Speed of intelligence
Condensing the time between detection and response is critical not only because of the significant impact on human safety but also for business continuity and protecting the bottom line. In fact, a Forrester study found that organizations that improve emergency response by 30 minutes per incident experience higher revenues. Eliminating many of the manual aspects of risk monitoring, along with a live threat intelligence feed, can drastically accelerate critical event identification, allowing you to initiate an emergency response when seconds count and make informed decisions about mitigation strategies.
Information accuracy
There is no shortage of open source intelligence data about what’s happening around the world. However, making sense of this information and verifying its accuracy are significant hurdles to taking advantage of this intel. The last thing you want is for a major event to go unnoticed—but neither do you want false positives on threats that cause undue panic. Determining the veracity of information is just as important as capturing it in the first place. By using human-vetted threat intelligence, organizations can more easily curate a data feed from thousands of distinct sources, filter out the noise, and pinpoint the most relevant information to their employees and business—all in a matter of seconds.
Faster time to action
As Russian author Fyodor Dostoevsky once said, “intelligence alone is not nearly enough when it comes to acting wisely.” This is particularly true for information that impacts an organization’s ability to protect itself from a rapidly developing threat. By integrating a modern threat intelligence solution with an emergency communication system, businesses can vastly accelerate access to actionable intelligence, ensuring stakeholders and employees are aware of critical events as quickly as possible for effective vulnerability management.
Automatic impact assessments and alerts
Once you’ve solved for how your organization will identify threats and verify the accuracy of information, you need to know where to direct resources. A threat intelligence solution can help expedite this by providing useful threat analysis and a visual depiction of each threat’s impact radius, enabling you to prioritize assistance for individuals and locations most at risk. Some threat intelligence providers even give you direct access to experts and analysts who can talk you through active threats.
By integrating employee data from an HRIS or Active Directory, organizations can tie threat intelligence to static or dynamic locations to know exactly who is impacted—even when employees are traveling or not in their typical work environment.
Questions to Ask Potential Threat Intelligence Providers
Now that we’ve established some of the reasons why organizations might invest in a threat intelligence solution, you will want to understand the differences between various security solution providers.
When evaluating threat intelligence products, here are a few questions to ask to ensure you understand each provider’s capabilities as you assess which best suits your organization’s needs.
Questions to ask when evaluating threat intelligence providers
|
By asking these questions during your evaluation process, you’ll begin to understand how each provider approaches risk monitoring and threat detection, how easily it will integrate with your current security systems, and how quickly critical information can be disseminated to those who need it most.
Stay Ahead of Critical Events
The ability to rapidly identify, verify, and respond to threats should be a central component of every organization’s security operations and emergency preparedness planning.
A comprehensive threat intelligence solution with threat history and integrated analyst access like AlertMedia can drastically improve situational awareness, accelerate response times, and safeguard your people and business from whatever comes next.
To learn more about how AlertMedia delivers fast, accurate, and comprehensive intelligence to thousands of organizations, listen to this podcast with our VP of Global Intelligence or download our product guide.