Inspired by Ryan Long’s excellent presentation at the Close Protection Conference in Las Vegas in December, this blog takes a close look at four key developments intelligence analysts are keeping an eye on in 2017 – and what they mean for executive protection managers.
The Close Protection Conference got off to a great start on December 2, 2016, when Ryan Long (director of global risk intelligence at McDonald’s Corporation, speaking on behalf of the Association of International Risk Intelligence Professionals, or AIRIP) kicked off two days of presentations, panels and networking with a global intelligence brief.
First off, kudos to the conference organizers and to Ryan. Ryan’s brief was thought provoking and far reaching, with plenty of insights into current intelligence developments and how intel analysts and EP managers can improve cooperation – all packed into a 45-minute bouillon cube of a presentation. Conference planners gave us a real-time demonstration of how intel and EP can work together: we started the conference with a no-nonsense intelligence brief that highlighted the most salient risks facing all of us. Thus informed and aided by Ryan’s perspectives, conference attendees were better able to dig into our EP work with a clear-eyed view of the overall risks.
We got the idea for this blog as we heard Ryan speak. There was just too much good stuff in it not to follow up. We decided to try to unpack parts of Ryan’s presentation, especially his four key developments to watch in 2017, and put these into EP perspective. So let’s take a closer look at them – and what they mean as we move into the new year.
Risk development number 1: What does a Trump presidency mean for the world?
No matter who you think should have won one of the most tightly contested US presidential elections in recent history, one thing is certain: We’re standing at the threshold of a lot of uncertainty.
Trump’s campaign included no shortage of rhetoric about significant shifts and even direct reversals of longstanding US foreign policy. Protectionism and populism are on the rise – not just in the US but around the world. International trade treaties face new scrutiny. The Iran deal might be scrapped. Rapprochement with Russia could be a good thing; it would certainly be different. US allies must step up and pay up for military support, or face the possibility of American disengagement from time-honored relationships such as NATO or traditional alliances in the Middle East.
Whether and how some or all of this campaign talk will actually become policy remains to be seen. What does seem likely, and of course predates the 2016 election, is that we are facing uncertain times on the geopolitical stage. The old orders – from the Cold War stand-offs to the post-Berlin Wall era of a single super power – are crumbling. Power vacuums are getting filled in previously unimagined ways. Ambiguity and uncertainty are here to stay – at least for a while.
So what does this mean for executive protection professionals and how we cooperate with our colleagues in intel analysis? Plenty. Here’s our first takeaway based on Ryan’s brief.
EP takeaway number 1: In uncertain, fast-changing times executive protection needs intel analysis more than ever.
General geopolitical turmoil can turn into specific risks for corporations and principals. New hotspots – issue-based and geographic – can and will develop. Being a US-based multinational can be enough to inspire persons and groups of interest to take action against a principal if US policy takes new, unexpected turns.
Practically speaking, this means we need to get much better at aligning intelligence analysis efforts with the overall executive protection effort. Intel must inform more of our protective decisions and it needs to be constantly updated. We expect the trend of growing collaboration between EP and intel analysis to accelerate in 2017, and we don’t expect it to slow down any time soon.
Risk development number 2: The changing nature of (ISIS-affiliated) terrorism in Europe
As Ryan indicated in his brief, ISIS has shifted its strategy from one of gobbling up turf in the floundering states of Iraq and Syria to mass-casualty attacks in the West, primarily Europe.
The nature of these assaults has also changed. What used to be highly sophisticated and carefully planned operations has given way to simple-but-vicious attacks that are hard to predict and prevent and may or not be coordinated by ISIS.
The most recent case in point occurred in Berlin on December 19th when Anis Amri crashed a hijacked truck into a crowd at Berlin’s iconic Christmas Market on Breitscheidplatz square, killing 12 and injuring dozens more. In typical style, ISIS claimed post facto, post mortem responsibility for the terrorist attack because Amri “carried out the attack in response to calls to target nationals of countries in the international coalition”.
As Ryan points out there are a number of reasons that these attacks occur more in Europe than elsewhere. He also expects them to continue and become even more severe. But does that mean that corporations should eliminate travel to the European Union, a market of 500 million people? Obviously not.
Ryan asks corporations to learn how to deal with emotional decision making based on misperceptions of risk. The fact that there was a massive terror attack in Paris in November 2015 does not mean that everyone should eschew travel to France and the rest of Europe. Life and business must go on, not be put on hold. The question facing corporate decision makers should not be “whether” to go to Europe, but “how”. Secure travel logistics and executive protection have important roles to play here.
EP takeaway number 2: Executive protection teams need to integrate intel into secure travel logistics and employ solid, on-the-ground measures to mitigate risk and be prepared to respond to emerging incidents wherever they go
As attacks in Berlin, Paris and Brussels amply demonstrate, ISIS-inspired terror attacks can occur almost anywhere. A fanatic, a truck or a gun, and an opportunity are all it takes – and there are more than enough of these throughout Europe and the rest of the world.
Our clients need to travel. So we need to make it easy for them to maintain safety, productivity and peace of mind while on the road. To do this most effectively, executive protection providers must make intel an integrated element of secure travel logistics. Intel should be the basis of advance location work, not a “nice to have” add on.
We can use intel to inform our strategies and tactics. See for example Ryan’s excellent “EP/INTEL Risk Assessment Worksheet” for a practical example of how this can work. When intel informs executive protection, we’re on our way toward a rational, reliable approach to risk mitigation instead of a knee-jerk emotional one.
We predict that risk intelligence analysis will become increasingly important in secure travel logistics in 2017 and beyond. It’s already happening in our most comprehensive programs, and we believe it will become more commonplace in more programs, for more people and for more companies moving forward.
We’re also convinced that rapid, coordinated EP and intel responses to emerging incidents will be key. We happened to be with a client in Paris during the November 2015 terror attacks, and we experienced first-hand how intel and our operations center enabled our EP team to help the client make informed decisions based on available information – and to make the best of a very precarious situation as all its people remained safe.
Risk development number 3: Brand and reputation concerns continue to rise for the C-Suite
What’s a typical Fortune 500 company’s most valuable asset? Plenty of annual reports respectfully note that it’s “their people”. Others might think it has more to do with patents or some other kind of secret sauce. But take a look at Forbes’s most recent list of the world’s most valuable brands.
Four of top ten corporations on the list have estimated brand values that exceed annual revenues. Most of the 100 on the list are household names around the world. All have multi-billion USD brand valuations and corporate revenues.
Ryan notes that the risks facing brands and corporate reputations are ever-increasing. The impact of damage results in significant share price fluctuations. The probability of short-term or lasting brand damage has increased exponentially in our connected, social-media-driven world. The reputations of highly prominent CEOs are intricately linked to those of the brands they evangelize and shepherd. What takes years to establish can be undone in days.
EP takeaway number 3: We must get better at including “reputation” alongside physical security, peace of mind and productivity when designing and implementing executive protection programs
Ryan points to four concrete ways that we as EP professionals can up our game to include reputation protection:
- We need to be better at advance planning. Understanding potential reputation risks and mitigating these in a timely way through effective procedures enables us to pre-empt – rather than react to – assaults on our protectees’ reputations. Once again, an ounce of prevention is worth a pound of cure. Put another way: forward thinking that includes and incorporates intelligence analysis specifically targeting threats to reputations and brands are a necessary component of executive protection programs.
- Social listening and other forms of proactively monitoring what’s being said about our principals are a must. This allows us to identify everything from persons and groups of interest to emerging trends, and should always be a part of comprehensive protective programs.
- We need to understand how brands and reputations work – and about the forces that impact them. Security professional know a lot about crisis management but not many of us know the ABCs of marketing and PR. Especially in this age of near-instant social media proliferation, we need to change this. We need to better understand the intricacies of reputation management. Not that we have to be experts in this, but we need to know how best to cooperate with those who are. See point 4.
- Cross-functional collaboration to identify and mitigate reputational risks are a necessity, not a luxury. Plenty of corporate departments are concerned with brand and key stakeholder reputations. Corporate communications and PR, marketing, external affairs, risk intelligence and security all have a hand in the game. EP professionals do, too. We need to break down the silos that can separate us, and make sure we get better at improving how we communicate and coordinate concerning threats to brand and C-suite reputations.
Risk development number 4: An increase in cybersecurity risks and challenges
Hardly a day goes by where we don’t hear about new cyber attacks, major server hacks, pernicious threats and outright cybersecurity disasters – and get suspicious-looking emails in our own inboxes.
Ryan noted in his brief that cybercrime is moving into the big league. The WEF considers it to be one of the greatest threats facing businesses everywhere. It may cost companies up to USD 2 trillion by 2019. And many of the high net worth principals that we protect are prime targets – in addition to the corporations they head.
Ryan also outlined some of the key threats and what we can do about them.
The threats are real and growing. The impacts can be devastating to bottom lines, R & D secrets, reputations and practically all other aspects of corporate life. We won’t go into all of this in this blog, as IT and cybersecurity experts cover this terrain better than we can. We will, however, take a closer look at what we as executive protection professionals can do to address this escalating risk.
EP takeaway number 4: EP professionals must do their part to mitigate cybersecurity risks – especially concerning secure travel and residential security
We’ve written on some of these issues before, but that was back in 2015 and things move fast. Ryan gave an excellent overview of concrete cybersecurity tips for traveling executives and EP teams. We’ve added a few ideas (in parentheses) to Ryan’s list below.
- Update all your software: This will prevent attackers from taking advantage of known vulnerabilities.
- Fortify all passwords: Make them difficult to guess, use different passwords for different programs, don’t choose options that allows computer to remember. (Change them often, too. You might want to check out password managers such as LastPass, Dashlane, or 1Password to help out.)
- Disable remote connectivity: This includes Bluetooth and other wireless technologies.
- (Beware of cloud storage: Yes, cloud storage is incredibly convenient. However, by having your data hosted on a remote server, the responsibility of keeping that data safe relies almost entirely on the cloud storage provider. It’s a tremendous risk to take. Individuals who wish to store sensitive data in the cloud should choose services that fully encrypt their files both locally and remotely, such as SpiderOakor Wuala. There are also programs—such as Boxcryptor—to encrypt your Dropbox/Onedrive folders before they’re uploaded to the cloud.)
- Encrypt all files: Prevent unauthorized people from accessing data even if they do get hold of it. (Using an encryption app such as Signal for text messages is also a good idea.)
- Maintain physical access to your devices at all times.
- Avoid connecting to public Wi-Fi networks (EP teams can provide secure Wi-Fi on the go.)
- Scrutinize email attachments before opening.
- Do not allow foreign electronic storage devices to be connected to your computer of phone.
- Clear your internet browser after each use; delete history files, caches, cookies, and temporary Internet files.
- Change passwords for all devices when you get home, including voicemail.
- Scan devices: Have your IT department check for malware.
Next steps: Let’s keep the conversation moving
In closing we want to thank Ryan again for his excellent brief and for allowing us to talk about parts of it here.
Ryan and AIRIP are showing the way toward better integration between risk intelligence analysis and executive protection. And while we’re tipping our hats, we want to be sure to give a shout out to AIRIP. This organization has made huge strides in professionalizing the risk intelligence industry, and it is a great example to those of us who attended the Close Protection Conference where Ryan gave his brief. We hope the International Protective Security Board will be able to emulate at least part of AIRIP’s success, and do for the executive protection industry what AIRIP has done for the risk intelligence industry.
Here’s to better collaboration between intelligence analysis and executive protection in 2017!