Security Intelligence: What does it mean, and what can it do?

Intelligence has such a key role in decision making, yet the word itself can simultaneously mean so much, and so little to individuals and companies. The meaning of intelligence depends greatly on the services and contexts provided. Like using our eyes to see, what we look at informs our understanding of our environment.

What you and your business choose to look at will shape how you understand your environment and, similarly to real (in)sight, the quality of your vision will impact how you interpret it.

The different kinds of security intelligence can be summarised as follows: partnership intelligence; Insider threat intelligence; digital footprint intelligence; and risk intelligence.

In this blog we will be talking about Security Intelligence. We won’t delve into the technical and exciting areas like SOCMINT (Social Intelligence), OSINT (Open-Source Intelligence), IMINT (Image Intelligence), or SIGINT (Signals Intelligence). We’ll focus on the core aspects of Security Intelligence: understanding the services that respond to an organisation’s security needs; why they are needed; how they work; and what they mean.

So, what is Security Intelligence?

Here is the TLDR; (Information + Context) + Industry Expertise = Intelligence 

Intelligence is a familiar concept to most people, whether you have studied at any level, you have engaged in intelligence gathering to some extent. Students take knowledge from lessons, study new information and identify context to provide insight aka intelligence.

It provides a 360-degree view of risks and environmental considerations. From footprint reviews to horizon scanning, from building your organisation’s security posture, to ensuring that your business partners meet the same security standards.

How might this intelligence be delivered?

Due Diligence (DD) – (Supply Chain/Grants/Partnerships)

• Analysis of partners (essential for your know your customer (KYC) compliance).
• Reviews of managers within an organisation, identifying all previous affiliations.
• Identifying integrity issues.
• Searching court, police, and international sanction lists.
• Tracing operational track record and changes in primary activities.

Sectors such as the financial sector depend heavily on due diligence to ensure that a level of reasonable care is exercised in the course of doing business. This falls under know your customer (KYC) and know your business (KYB) anti-money laundering legal obligations on businesses. [1]

The role that due diligence plays in combatting fraud demonstrates how it provides a cornerstone for informed decision making and risk mitigation. Whether engaging in partnerships, mergers or acquisitions, a comprehensive due diligence process ensures that businesses thoroughly assess and understand potential risks and opportunities. Through meticulous examination of legal, regulatory, operational, and reputational track records, businesses are better able to respond to uncovered liabilities, identify associations and validate the overall integrity of their counterparts. Such processes are vital for financial services or for organisations whose funding could be severely impacted by damage to their reputation, such as businesses that depend on government grants.

Ultimately due diligence empowers businesses to make well informed decisions, protect their interests and safeguard long-term success in an increasingly volatile business risk environment.

Pre-Screening and Verification (PSV) – (Workforce and Resilience)

• Employee background checks.
• Confirming qualification certificates.
• Confirming identity and background experiences.
• Identifying employee digital footprint (additional reputational risk management)
• Checking databases and sanctions lists
• Scans of global media to identify mentions.
• Mitigating risks to business reputation.

Pre-Employment Screening and Vetting (PESV) procedures or Primary Source Verification (PSV) checks are an essential component of risk mitigation. For businesses whose staff are likely to access sensitive information, facilities, or positions of authority this is especially important.

Verifying a prospective employee’s qualifications, background and employment history intends to assure that your staff are qualified with verifiable records of integrity. This process is designed to safeguard your businesses’ assets, its reputation, and its credibility. These checks, which help to build assurance with clients and partners alike are identified as ‘good practice’ measures by the UK government, but they also serve to address legally required checks including right to work and criminal record checks.

Adopting thorough PESV and PSV checks from the outset is also accredited with providing flexibility to businesses, as due diligence allows for confidence when granting staff access to customer and client data covered by general data protection regulations.

Overall, Pre-Employment Screening and Vetting performs the role of a nutritionist for your business, reviewing those entering your business and ensuring that the values and objectives of your organisation are shared from the bottom up and not simply invigilated from the top down.

Digital Footprint Reviews (DFRs) – (Threat vector analysis and advisory services)

• Cyber vulnerability reporting.
• Breached credentials and personal data.
• Breached commercial data.
• Clear and Dark web content analysis.
• Assessment of available information and attack vectors.

Digital Footprint Reviews (DFRs) are heavy hitters among the security intelligence services. Digital Footprint Reviews can be quite intensive, taking a number of days for a solo analyst to complete. The primary objective of a digital footprint review is to provide you and your organisation a thorough, bespoke risk assessment that informs strategic decision making. By looking at your business’ record across clear web, dark web, social media and software vulnerabilities, a multi-risk vector review of your organisation can be provided. We reconstruct your digital profile through the eyes of a malicious actor in a comprehensive, immediately actionable report; tailored for senior stakeholders and business leaders.

Reviewing your digital footprint provides an organisation with a starting position to begin building lasting digital resilience. Brand monitoring and protection is addressed across several online platforms, including individual stakeholders where requested. This is an essential step to protecting the members of your organisation, particularly those who may be targeted by hostile actors due to their pre-existing public profile.

Cyber security status review is a key feature of a digital footprint review. Scans of software vulnerabilities including website domains and linked IP addresses are paired with assessments of exposed credentials and unauthorised access points. The recommendations provided within the DFR empower organisations to turn their cyber security posture from reactive to proactive.

Fraud detection provided by DFRs provides organisations into a direct insight into how hostile attackers are currently targeting their members of staff. Patterns indicative of fraudulent activity will be identified. This can range from the early signs of identity theft to identifying phishing scams.[2] This provides a point of development for bespoke cyber hygiene and online safety training.

You could say that Digital Footprint Reviews represent someone looking over your shoulder so that you can focus on what is ahead. This service is a strong step forward for any organisation looking to improve its security posture, plus supporting compliance with legislation such as the Data Protection Act (2018), Network and Information Security Regulations (2018), the Computer Misuse Act (1990) and the European Union’s incoming Digital Operational Resilience Act (DORA).[3]

Threat Intelligence:

• Country risk reporting
• Incident reporting

Finally, intelligence as seen in the movies can be deployed to develop situational and environmental risk assessments. A specialist intelligence team is capable of absorbing all of the above-mentioned analyses and pairing them with industry expertise, global developments, technological advances and knowledge of threat actors in your region.

This allows us to assess recent developments and their potential business implications in the bespoke context of your environment.

In conclusion, the meaning of intelligence can vary, however, when focused onto a specific subject, intelligence begins to provide real developed insights.

In due diligence processes, intelligence becomes a recurring assessment of your partner organisations, verifying compliance with your values and objectives. In a similar way, pre-employment checks on staff safeguards the credibility and credentials of your organisation; mitigating insider threats.

Reviews of your digital footprint and your business environment provide an assessment of your risks by gathering your information in the same way that a hostile actor would. A measure that allows you to follow an evidence-based approach to improving security around confirmed vulnerabilities.

Risk intelligence provides a complimenting forward look, identifying trends and developments specific to your context; allowing for security measures to become tailored to your organisation’s operations and daily requirements.

Each of these services gains a snapshot of the conditions an organisation is operating in; providing insights that security measures can be built around.

Due to the volatility of modern business environments and challenges to multilateral trade, security intelligence teams are increasingly moving towards continuously provided insights. This trend suggests that intelligence teams are moving towards managed services. This change has the potential to transform the meaning of intelligence for organisations.

Managed intelligence services have the potential to take the insights from the services that currently exist and allow organisations to track progress, identifying structural weaknesses over extended periods. If current intelligence services are paired with managed service capabilities, the meaning of intelligence is likely to change; a recurring form of risk assessment that is evidence-based and referenceable over time, meeting the assurances businesses need to navigate the risks of multilateral environments without compromising on efficiency and integration.[4] [5]

To find out how Toro can support you with your business intelligence, speak to the team.