Every year, there seems to be an incident that hits the headlines like a ton of bricks. In the first 24 hours of the New Year, New Orleans faced an alleged ISIS sympathizer running down partygoers on New Year’s Eve and then the suspected terrorist event in Las Vegas at the valet of Trump Hotel, involving an exploding vehicle. Early indications suggest that the method and characteristics align with an all too familiar pattern and although the investigation remains ongoing, the general consensus in our industry its your often seen – looks like a duck and talks like a duck so it must be a duck.
After each significant event, both the public and private industries will predictively call out for the need to speed things up, get back in action, and do more of this and more of that. However, as members of the intelligence community will tell you, threats don’t sleep, they don’t slow down, and they don’t stop. We have come to learn that those behind the threats are continually evolving in an attempt to find new ways to make the greatest impact in the menacing acts.
Back to Basics: What is a Threat Today?
“At its core, a threat has always represented an expression of intent to inflict harm, injury, or damage” say leading Cyber Security Expert Harris Schwartz. “This harm can take many forms, whether physical, cyber, reputational, or even emotional, and it emanates from those who possess the capacity and willingness to act on such intentions. Threats serve as indicators of something impending, warning organizations and individuals alike to remain vigilant.”
This understanding is essential because threats oftentimes do not materialize out of nowhere; they follow patterns, leave traces, and offer subtle signals before erupting into full-scale incidents. As a result, both public and private sectors alike must maintain in tune with intelligence and reporting by continuous monitoring systems, robust surveillance networks, and proactive measures to detect these impending dangers. Through early detection and response, threats can be neutralized before they escalate into events that cause irreparable harm.
The evolving nature of threats makes it imperative for organizations to adapt their strategies and approaches constantly. Whether it’s a cyberattack, insider betrayal, or geopolitical unrest, understanding the foundations of what constitutes a threat enables the development of countermeasures tailored to mitigate risks effectively. The ability to interpret these signals, act swiftly, and coordinate across sectors can mean the difference between resilience and disaster.
The Threat Landscape
The threat landscape is certainly not dull or sleepy and hasn’t been for a long time. So what kinds of threats are we talking about here? Both Schwartz and long-time international security expert and Cooke & Associates, Inc. CEO Harry Arruda are regularly seeing the following types of threats:
Cyber Threats: All industries are vulnerable, especially those holding sensitive data, protected healthcare records, and highly sensitive trade secrets. Phishing, Business Email Compromise (BEC), ransomware, and data breaches remain persistent threats. For example, the SolarWinds cyberattack in 2020 demonstrated the devastating impact of supply chain vulnerabilities. Recent data from Cybersecurity Ventures predicts that cybercrime will cost the world $10.5 trillion annually by 2025.
Insider Threats: Public, private, and government agencies, including the military, face insider threats. Employees leaking classified material or committing espionage can cause irreparable damage. Reality Winner’s leak of NSA documents in 2017 is a stark example of this risk. The 2023 report from the Ponemon Institute revealed that insider threats cost organizations an average of $15.38 million annually.
Executive Threats: CEOs, UHNWs, and celebrities often shy away from protection until an incident occurs, such as an attempt on their life or a stalking event involving family members. In 2022, a study by the ASIS Foundation noted a 25% increase in threats against high-profile individuals compared to the previous year.
Geo-Political Risks: Global corporations and governments must contend with geopolitical events that could disrupt economies, shape strategies, and drive global markets. The Russia-Ukraine conflict has shown how geopolitical risks can also lead to cascading effects in supply chains and energy markets.
Terrorism: Terrorism can originate from both foreign and domestic actors. The 2016 Bastille Day truck attack in Nice, France, exemplifies how everyday items can be weaponized. Domestically, extremist groups have carried out acts of sabotage under the guise of ideological motives. The Global Terrorism Index reported that deaths from terrorism rose by 17% in 2022.
Disasters, Disruptions, and Outages: Weather events, acts of God, third-party failures, protests, and demonstrations can bring organizations to the brink of disaster, requiring robust continuity and resilience planning. The 2023 Texas ice storm revealed how critical infrastructure vulnerabilities can lead to significant societal and economic consequences.
Sector-Specific Threats
Healthcare: Ransomware attacks targeting hospitals not only disrupt patient care but can also jeopardize lives when critical systems are inaccessible. The WannaCry ransomware attack in 2017 forced the UK’s NHS to cancel 19,000 medical appointments, highlighting how dependent healthcare systems are on technology. In addition to ransomware, phishing schemes have targeted healthcare providers, seeking to exploit vulnerabilities in legacy IT systems.
Technology: Intellectual property theft and advanced persistent threats (APTs) represent significant challenges for tech companies. The 2020 Microsoft Exchange Server hack exposed sensitive data from thousands of organizations worldwide, showcasing the critical need for constant vigilance and patch management. Additionally, tech firms face threats to supply chain integrity, as seen in the 2021 Kaseya ransomware attack, which affected managed service providers and their clients globally.
Educational Institutions: Increasingly targeted by cybercriminals, schools face phishing scams, ransomware, and data breaches that expose student and staff records. In 2022, the Los Angeles Unified School District suffered a ransomware attack that compromised sensitive data and disrupted operations, underscoring the vulnerability of educational institutions with limited IT budgets. Beyond cyber threats, physical security remains a concern as schools contend with active shooter risks and the need for advanced security measures.
Large-Scale Events: The 2013 Boston Marathon bombing demonstrated the necessity of integrated security measures for major public gatherings. Events like these require multi-agency coordination, real-time intelligence sharing, and comprehensive threat assessments to mitigate risks. Additionally, large-scale events face cyber threats, as seen in the 2018 Winter Olympics, where a cyberattack disrupted internet services and event operations, emphasizing the importance of digital as well as physical security.
Best Practices to Counter Threats
Establishing robust practices to counter threats is essential for organizations aiming to maintain resilience in an unpredictable world. Effective threat management involves a combination of preparedness, technological integration, and collaborative efforts. By adopting these best practices, organizations can mitigate risks, protect their assets, and ensure continuity during crises.
- Training and Exercises: Conduct regular drills for cyberattacks, insider threats, and terrorism response.
- Update SOPs and Plans: Continuously revise operating procedures to match the evolving threat landscape.
- Specialized Training: Leverage third-party expertise for targeted training.
- Investigation Teams: Establish teams to proactively investigate and address threats.
- Threat Intelligence Platforms: Use technology to analyze and mitigate risks in real time.
- Behavioral Monitoring: Implement programs to identify and address suspicious activities.
- Incident Response Teams: Prepare teams for rapid deployment during crises.
- Advance Assessments: Conduct thorough risk assessments before travel or events.
- Travel Security Measures: Provide protection for executives and staff during travel.
- Public-Private Collaborations: Foster partnerships for shared intelligence and resources.
- Use of Frameworks: Implement the NIST Cybersecurity Framework to streamline risk management.
The Role of Effective Communication
Communication is the backbone of any effective threat response strategy. Clear, timely, and accurate communication ensures that stakeholders are informed, coordinated, and prepared to act. Whether managing a cyber breach or responding to a physical threat, communication channels must be established and maintained to minimize confusion and maximize efficiency. Sharing information, no matter how small or insignificant it may seem, is vital. Even the smallest detail could provide crucial context or a missing piece of the puzzle for other teams or organizations.
Effective communication is critical in managing threats and responding to incidents:
- Establish Clear Channels: Define protocols for internal and external information sharing.
- Crisis Communication Plans: Develop scripts and strategies to address stakeholders during emergencies.
- Training Programs: Train teams on clear, concise, and accurate communication methods during crises.
- Real-Time Updates: Use secure platforms to share updates instantly with relevant parties.
- Examples of Success: The response to the 2018 Hawaii false missile alert showed the importance of clear communication to reduce public panic.
Public-Private Partnerships
Since 9/11, public-private partnerships have played a vital role in addressing and mitigating modern-day threats. By fostering collaboration, these partnerships have bridged the gaps in resources, expertise, and intelligence, creating a unified front against evolving risks. Leveraging the strengths of both sectors ensures a comprehensive approach to threat detection, prevention, and response.
“Deep collaborations between the public and private sectors are indispensable in combating today’s complex threats. Shared knowledge, resources, and expertise lead to stronger, more effective outcomes,” says Harry Arruda, international security expert and CEO of Cooke & Associates, Inc. “Such collaborations are especially critical in areas such as cybersecurity, executive protection, disaster recovery, and counterterrorism.” Case studies have shown that public-private partnerships enhance outcomes across the board. For instance:
- Information Sharing: Develop secure systems for exchanging intelligence on emerging threats.
- Joint Exercises: Conduct combined training sessions to improve coordination and response.
- Resource Sharing: Leverage private sector technology and expertise to bolster public sector capabilities.
- Case Study: The Financial Services Information Sharing and Analysis Center (FS-ISAC) serves as an excellent example of successful collaboration between banks and law enforcement.
- Cross-Sector Partnerships: Disaster recovery efforts during Hurricane Katrina highlighted how private contractors supported public emergency services.
Future Trends and Emerging Threats
As the world continues to evolve, so too do the threats that organizations and individuals face. Emerging trends in technology, geopolitics, and societal behaviors are shaping a new threat landscape that requires innovative approaches to mitigation. Here are some of the most pressing trends to watch:
AI-Driven Attacks: Artificial intelligence is no longer just a tool for good. Adversaries are leveraging AI to carry out sophisticated attacks, including highly personalized phishing campaigns, identity spoofing, and automated disinformation campaigns. For example, generative AI can produce convincing fake emails or deepfake videos used in social engineering schemes. The growing accessibility of these tools increases the threat’s scope and complexity.
Supply Chain Vulnerabilities: The interconnected nature of global supply chains has introduced new risks. Cyberattacks targeting suppliers can have a cascading effect, impacting thousands of downstream organizations. The 2021 Kaseya ransomware attack highlighted how small vulnerabilities in third-party vendors can lead to widespread disruption. Additionally, geopolitical tensions—such as trade disputes or regional conflicts—can exacerbate supply chain vulnerabilities, causing delays, shortages, or operational standstills.
5G and IoT Risks: As 5G networks and the Internet of Things (IoT) proliferate, the attack surface for cybercriminals expands dramatically. Vulnerabilities in connected devices, from smart home appliances to industrial sensors, provide new opportunities for exploitation. A compromised IoT device could serve as a gateway to infiltrate larger networks, potentially disrupting critical infrastructure like power grids or healthcare systems.
Deepfake Technology: Advances in AI-driven deepfake technology have escalated concerns about its misuse. These highly realistic videos or audio clips can be used for misinformation campaigns, reputational damage, or even blackmail. For instance, a deepfake of a CEO could be employed to manipulate stock prices or spread false information during a crisis.
Biological and Pandemic Threats: The COVID-19 pandemic underscored the global vulnerabilities to biological threats. Advances in biotechnology and synthetic biology could be exploited by malicious actors to develop new biological weapons. Furthermore, misinformation and disinformation campaigns during pandemics can exacerbate the public health crisis, creating challenges for containment and response.
Space Security Risks: With the commercialization of space and the increasing reliance on satellites for communication, navigation, and defense, the potential for space-based threats is rising. Cyberattacks on satellites or collisions caused by space debris could disrupt critical infrastructure on Earth.
Climate Change and Natural Disasters: The increasing frequency and severity of climate-related events—such as hurricanes, wildfires, and flooding—pose direct threats to infrastructure and communities. Organizations must consider how environmental changes could exacerbate geopolitical tensions, resource scarcity, and forced migration.
Ransomware-as-a-Service (RaaS): The commodification of ransomware has created an underground economy where even low-skilled actors can launch devastating attacks. RaaS platforms provide tools, training, and support for would-be hackers, making cybercrime more accessible and widespread.
Quantum Computing Risks: While still emerging, quantum computing could potentially render current encryption methods obsolete. If adversaries gain access to quantum technology, they could decrypt sensitive information, exposing trade secrets, government data, and personal information.
Social Media Manipulation: The manipulation of social media platforms continues to be a significant threat. False narratives, coordinated campaigns, and bot-driven disinformation can influence public opinion, destabilize societies, and even interfere with elections.
Energy and Infrastructure Risks: Critical infrastructure like power grids, oil pipelines, and water systems are increasingly targeted by cyberattacks. The 2021 Colonial Pipeline attack demonstrated the potential for disruption when these systems are compromised. As the world transitions to renewable energy, vulnerabilities in new technologies must also be addressed
Conclusion
Both Schwartz and Arruda believe that the challenges posed by today’s complex and ever-evolving threat landscape demand proactive and collaborative efforts. Whether mitigating risks from cyberattacks, addressing insider threats, or preparing for geopolitical unrest, organizations must remain agile, informed, and resilient. By leveraging modern technology, fostering public-private partnerships, and prioritizing effective communication, we can anticipate and respond to threats before they escalate into crises.
Preparation, vigilance, and collaboration are not merely options—they are imperatives. In a world where threats know no boundaries and evolve at an unprecedented pace, the strength of our collective response will determine the safety and security of our organizations, communities, and future. Now is the time to embrace these strategies and solidify our defenses against the unpredictable challenges that lie ahead.
About the Authors
Harris Schwartz is a long-time international cybersecurity expert and distinguished security and risk executive. With a career spanning corporate, information, and cybersecurity, Harris has developed and implemented robust security, risk, and investigative programs for organizations across diverse sectors, including financial services, retail, pharmaceuticals, media, entertainment, and healthcare. Harris has held pivotal leadership roles at leading organizations such as Wipro, Aon, and Nippon Telegraph & Telephone (NTT) Security Advisory Services, where he spearheaded global Executive Risk & Advisory services, including virtual CISO programs. His extensive experience also includes senior security positions at Levi Strauss & Company, Safeway-Albertsons, and The Walt Disney Company. Renowned for his expertise in constructing and advancing global security frameworks, Harris specializes in areas such as cyber threat intelligence, data protection, privacy, insider threat management, and supply chain investigations. As a trusted advisor and Fractional CISO, Harris continues to help organizations navigate and defend against an ever-evolving threat landscape.
Harry Arruda is a recognized international security expert and industry thought leader with over three decades of experience in executive protection, corporate security, and risk mitigation. As the CEO of Cooke & Associates, Inc., Harry has transformed the company from a local investigative and security firm into a globally recognized leader in executive protection, corporate security, and public safety support. Under Harry’s leadership, Cooke & Associates delivers innovative, customized risk mitigation solutions with a concierge level of service that sets it apart from larger competitors. Harry’s extensive expertise includes managing complex security programs, designing comprehensive security strategies, and leading initiatives that optimize efficiency while mitigating risk. His career spans work with organizations ranging from mid-sized companies to global enterprises with over 15,000 employees and operations across 40+ locations. Harry also serves as a board member on the ASIS International Technical Committee for Executive Protection Standards and is a sought-after mentor and speaker, sharing insights on leadership, security innovation, and the future of the industry. Through his strategic vision and commitment to excellence, Harry continues to elevate the executive security profession and inspire the next generation of leaders.
