Identifying Risks Before They Become Threats: Q&A with Lukas Quanstrom, Ontic CEO
Lukas Quanstrom, Co-Founder and CEO of Ontic, shares how organizations can adopt a proactive security approach to prevent crises.
It sounds like sci-fi, but there really is an effective way to predict critical events before they occur. It’s called protective intelligence, and it could be the key to elevating your organization’s emergency preparedness.
In a recent episode of The Employee Safety Podcast, Lukas Quanstrom, Co-Founder and CEO of Ontic, joined host Peter Steinfeld for an engaging discussion about risk and emergency preparedness. Ontic’s Protective Intelligence Platform helps make businesses safer by providing intelligence to security teams so that they can take informed action to protect their people, property, and reputation. At Ontic, Lukas leads a team of technologists and security experts to develop best-in-class software used by leading brands and educational institutions to help clients keep their people safe.
During the discussion, Lukas shared how organizations can predict critical events before they occur, ways to actively manage known threats, and why adopting a proactive security approach helps prevent crises. You can listen to the full episode below.
Q&A With Lukas Quanstrom, Co-Founder and CEO of Ontic
Ontic’s Protective Intelligence platform allows physical security leaders to take a proactive approach to safety. Can you explain what exactly “protective intelligence” means?
Protective intelligence is an investigative and analytical process used to proactively identify, assess, and mitigate threats to protectees. The concept has been around for a while now, but it’s still relatively new in the world of corporate security, where teams have focused more on reactive threat management and less on getting ahead of threats before an incident occurs.
How can organizations predict a critical event before it occurs?
We believe that by adopting a proactive security approach, you can collect pre-incident threat indicators to gather critical knowledge needed to prevent bad things from happening. These pre-incident indicators come in many forms: perhaps it’s a threatening letter, a dark-web post, or an employee tip.
All of these deserve what we would consider active management. Ontic is so helpful to our clients today because the volume of data to assess is exploding across multiple mediums. The amount of data to investigate has created several challenges for those in the protective intelligence field today.
What about once a threat has already impacted a business? What should employers do to manage known threats actively?
Once a potential threat has been identified, the next step is to research the threat and apply data from sources like public records, social media, and the darknet so that you can learn as much as possible about the identified threat. Next, you should assess the threat to determine the severity and the risk it poses to your organization by leveraging professional threat assessment knowledge methodologies like Sigma or WAVR-21. Then, continue monitoring the threat for new public records and activity from your IoT devices while getting real-time notifications and alerts that might indicate any change in that risk profile.
Often, threats turn out to be false alarms and not prove any real danger. How do you detect which threats pose the greatest risk to employee safety or the business?
It can be challenging, but prudence dictates taking threats seriously until vetted thoroughly, especially today. We see it in the political landscape, the racial and inequality landscape, and the employment landscape. As simple as it sounds, you don’t know what you don’t know.
This is where organizations need the help of a platform like Ontic that helps clients conduct thorough investigations that help with analysis so that volume and time aren’t roadblocks to efficiency. You never know when threat actors may come back around—it could be six months, or it could be a year. That’s why prudence dictates taking everything seriously until you’ve vetted it thoroughly.
Arming your people with knowledge and facts is very helpful, and a product like AlertMedia is a great asset for effective mass communication.Lukas Quanstrom Co-Founder and CEO
When it comes to tracking potential risks, what is the difference between proactive and reactive monitoring?
Proactive monitoring is hunting for unknown threat actors using an open-source intelligence solution, like social media listening or central awareness. For example, if you’re proactively monitoring a known person of interest, you may be looking for suspicious patterns or anomalies in their behavior or alerts on their criminal activity.
If you are reacting to incidents from unknown threat actors—whether they are suspicious or direct threats—you are logging incidents to connect the dots at a later date, where there may not be a clear pattern today.
Why are organizations more concerned about employee safety now, even with a large percentage of employees working from home?
Threats have been pushed away from the office, which is typically a more secure location. Security teams are now stretched monitoring hundreds, maybe thousands of staff spread across less secure turf. Some organizations have even gone to the length of geofencing every employee’s residence to understand risk in those areas. The scale is enormous.
The threat landscape is not a physical threat landscape alone; we also have to consider less secure networks and different devices that our employees are using. There is much to consider for security teams tasked with helping keep their people and assets safe.
Keeping employees informed can be challenging in today’s age of dispersed teams, notification fatigue, and uncertainty. How can organizations best communicate clearly during times of crisis and confusion?
Threat fatigue is a real issue, and it’s hard to separate fact from fiction many times. However, I think being brutally honest with your staff is the best way to message information, even if it’s negative information.
Sometimes it’s hard to sugarcoat facts, and in my experience, people appreciate the candor. Arming your people with knowledge and facts is very helpful, and a product like AlertMedia is a great asset for effective mass communication. Not every single threat needs to be shared, but as it relates to business continuity and employee safety, teams need to be informed.
Going back to physical security, we’ve recently seen several significant events between the situation at the U.S. Capitol building and the tragic bombing in Nashville during the holidays. How can adopting a proactive approach to security help prevent crises like the one we’ve just seen?
We have a couple of podcast episodes where our host Fred Burton discusses the incidents that occurred at the U.S. capitol building and Nashville. We find that physical security alone is never enough—it takes intelligence collection and constant monitoring of a situation.
That protective intelligence model is rarely used by police departments, who have a security mindset centered on reaction. The U.S. Capitol attack was one of the worst protective intelligence failures we’ve ever seen. The threat [signals] were there but discarded. We still don’t know why. The protective intelligence model is the initial line of defense in an organization’s physical security, but it is only one piece. There is a lot required to keep people safe.
What is something people can take action on today to help them improve their company’s safety culture?
If leadership makes safety a priority, everyone else will take it seriously. For example, if the CEO doesn’t wear their badge to swipe in, no one will think it’s important. Safety starts at the top. If this isn’t happening at your organization, make your voice heard. I don’t think there’s a better time, to be quite honest. The risks are far too great not to do the work required ahead of a tragic event.
Portions of this transcript were edited for clarity or brevity.