In a world where news travels at the speed of a post, stakeholders and business leaders expect immediate, informed responses, putting pressure on corporate security teams to preemptively manage situations and stay ahead of the public narrative before it’s shaped by social media chatter.
To be in sync with your enterprise — strategically, operationally, and technologically — corporate security teams need to have a strong process for receiving, processing, and vetting incoming social media alerts. The threat intelligence landscape has evolved, and software solutions have become integral in helping security teams navigate the torrent of social media investigations.
In this article, we’ll explore the evolving role of social media in threat and security investigations, showcasing real-world scenarios where social media played a pivotal role in crisis and threat management. You’ll walk away with an understanding of the power of proactive measures and immediate action and how robust procedures and advanced tools are essential in safeguarding lives and assets.
The evolving role of social media in threat and security investigations
Today, approximately 4.7 billion people worldwide use social media, sharing details of their lives in near-real time. Since Twitter and Facebook’s emergence in 2006, followed most recently by TikTok in 2016, social media has significantly influenced corporate security expectations. These platforms have become standard sources of information for Global Security Operations Centers (GSOCs) across various industries and corporate security teams of all sizes and experiences.
Social media offers security teams a 360-degree view of emerging events, providing on-the-scene insights crucial for swift responses. In urgent situations, it’s often the quickest way to gather essential information at the start of an investigation. But it’s safe to say the volume of signals generated rapidly becomes unmanageable for the average security team.
One key advantage of using social media for investigations is access to real-time alerts, granting security teams valuable time to assess situations before they reach the media. However, this rapid flow of information demands that corporate security teams accelerate their pace of response.
To use social media data efficiently for corporate security operations, many companies are refining their processes to include social media as a critical source. This puts less emphasis on organizational structure and more on established procedures. With technological advancements, such as threat intelligence feeds and comprehensive threat protection software solutions that help centralize threat and POI data, teams can more easily discern relevant information amidst the noise and quickly determine which social media activity warrants investigation.
Here’s a look at how some GSOCs have successfully integrated social media into their operational processes.
Case study: Social media’s role in crisis, incident, and threat management
Consider the story of a global financial services company with a net income of over $3 billion and employing tens of thousands in 30 countries. Their dedicated corporate security team, composed of 75 to 100 people plus contractors, has protected the company’s reputation and employees for over 20 years.
You may recall that in October 2017, news of shootings at a Las Vegas music festival first broke through social media. Using a social media aggregation platform, the financial services company’s GSOC was alerted to trouble within minutes of the first shots being fired, over 20 minutes before being reported on the news.
An event analysis was triggered, and a rigorous process was followed to distribute information to local sources as quickly as possible. Using maps, the team determined if any employees were traveling in the area. The team then distributed a “spot report” to top-level stakeholders, including the Las Vegas regional manager, all before the incident appeared on the news.
The spot report was critical to providing an authoritative view of the situation to eliminate the risk of misunderstandings, discrepancies, and confusion. After the spot report was published, analysts did a deeper dive into the situation, providing updates as events unfolded. Finally, with the situation fully vetted, the GSOC issued an emergency notification to employees in the area.
Proactive measures and immediate action: A case study from Brussels
When it comes to incident response, smaller security teams have the same scope of responsibility as large teams. Consider the story of a global hospitality company with thousands of properties across the globe. They have a 25-person security team responsible for meeting the demands of a rapidly growing business. This team has been working together for about ten years.
An alert from their social media investigations platform informed the team of a bombing at the Brussels airport 10 minutes ahead of the news media. This critical lead time allowed the team to do more research to corroborate and contextualize the event.
During the research, the team sent alerts to their local property managers and their European security director. As more details painted a clearer picture of the event, the team sent an email to key stakeholders so they could carry out their own notification procedures. This included the PR crisis team, fire and life safety team, medical personnel, and the claims and insurance team. Wide distribution keeps key stakeholders in the loop to maintain awareness and perform their own processes as necessary, supporting a coordinated response across the enterprise.
Later that morning, the same procedure was followed when a second attack occurred at a Brussels subway station.
Read: Avengers, Assemble! Roles and Responsibilities of Your Incident Management Team
Safeguarding lives and assets: The role of robust procedures and cutting-edge tools
By having strict procedures in place for vetting social media investigation data, each of these companies was able to capitalize on early information to help ensure the safety of their employees, guests, and properties.
Security teams can extend the utility of their social media intelligence beyond situational awareness. Both companies recorded the incidents in a database for future reference to help them improve their processes. Social media content also helps teams understand how information travels during common high-risk events. In addition, corporate security professionals are using historical social media data as a source of real-life scenarios for training.
The future of social media investigations with Resolver’s Threat Protection
Social media is here to stay, and the growing number of users is proof. To keep pace, GSOCs are challenged to find the best tools to sift through the mountains of data for relevant insights and have a straightforward process in place for vetting the data. The process must clearly delineate the steps of how and when to communicate, who receives communications, and what they need to know.
As technology evolves, advanced solutions like Resolver’s award-winning Threat Protection software pave the way for more streamlined and effective social media investigations. With such tools, teams can integrate threat intelligence feeds directly into their operational workflow, enhancing their ability to filter through noise and act on credible threats quickly and decisively.
Corporate security teams equipped with the best social media services and processes will be in the best position to respond in ways that better protect property and lives. Leveraging sophisticated solutions like Resolver’s Threat Protection software, they can respond to incidents with agility while anticipating and mitigating risks before they escalate.
Discover how Resolver’s Threat Protection software can transform your team’s capability to handle crises:
- Real-time data aggregation: Quick collection and analysis of data from various social media platforms.
- Advanced analysis tools: Sift through the noise to identify relevant information, enhancing decision-making speed and accuracy.
- Automated processes and workflows: Ensure a coordinated, swift response across all levels of the organization.
- Integrated geolocation features: Assess and ensure the safety of employees and assets in real time.
- Dashboards and reporting features for post-event analysis: Utilize comprehensive reporting and analytics for ongoing learning and strategy refinement.
Interested in seeing how Resolver’s Threat Protection software and services can revolutionize your security operations? Watch a short, no-commitment video walkthrough to experience the impact of integrating advanced threat intelligence, expert services, and case and investigations management into your process.
