A Year in Review – 2021

Welcome to an expanded edition of Left of Boom. In this issue, we’ll discuss our assessment of the threat landscape for the year ahead. I wish to thank my good friend and colleague, James Sporleder from The Regulus Group

Securing the “New Normal,” Reflections on the Threat Landscape for 2022

A common maxim promoted in business schools throughout the country is that the most dangerous phrase in American business is: “But we’ve always done it that way.” This maxim can be applied to security planning as well. I would also put forth a corollary that asserts an equally dangerous phrase in business but that is also particularly relevant in security planning. It goes something like this: “Yes, that’s a possibility, but it won’t happen here.”

Workplace violence happens with alarming frequency. It is imperative organizations be prepared for all forms of threats and must regularly conduct a frank and unflinching examination of the threat landscape and their organization’s ability to detect, prevent, deter, mitigate, respond, and recover from all threats of violence.

To say that the 2020s began inauspiciously might be the greatest understatement of the decade. We faced a worldwide pandemic that radically altered our social fabric, including the very structure of our workplaces. In the United States, we faced an unprecedented rise in partisan political discord culminating with the assault on the United States Capitol on January 6th. As we enter 2022, these issues remain front and center in the American psyche along with:

• A mid-term election cycle likely to be one of the more divisive and contentious elections we’ve seen.
• New variants of the COVID virus continue to emerge injecting further uncertainty and anxiety into return-to-work plans.
• Multiple studies and polls are recording an increase in anxiety, incivility, and other mental health collateral effects from the unprecedented stressors facing our population.

Operational Assumptions for 2022

It’s important we iterate some key operational assumptions that will impact our overall decision calculus as we head into 2022.

Here’s my list for this year.:

WEAPONIZED MISINFORMATION

• Misinformation (political, medical) disseminated through multiple sources will be a primary driver of stressors related to workplace violence, political discord, and civil unrest.

INCIVILITY AS A PRECURSOR TO VIOLENCE

• Normalization of incivility, violent rhetoric and bad behavior will lead to an increase in violent incidents.

CONTINUATION OF THE PANDEMIC

• COVID-19 and related public health measures will continue to have a major impact on the workplace.

ELEVATED RISK OF POLITICAL VIOLENCE

• Political discord and civil unrest will be an enduring threat to organizations especially in the run-up to the 2022 U.S. midterm elections. The threat of continued and escalated political violence remains acute.

MODIFIED/ENHANCED INSIDER THREAT

• Insider threat will continue to be a major concern for organizations. Our increasingly polarized political landscape, as well as COVID-19 stressors and dissent regarding public health precautions, will likely become additional negative motivators that may impact how we actually define insider threat.

SINGLE ISSUE PROTESTS/CIVIL UNREST

• Organizations will be faced with a persistent potential threat from single-issue advocacy groups. This threat is particularly acute in specific business sectors such as healthcare, pharma, “big tech,” and the financial industry. The continued flow of misinformation will fuel threats highlighting the importance of comprehensive and robust crisis communications planning and effective counter-messaging.

CONTINUED ECONOMIC PRESSURE

• Economic stressors such as increasing inflation will place pressure on operating budgets likely reducing funds available for proactive and preventative-centric security measures. The expiration of COVID-related government aid programs and other personal financial stressors will negatively impact the workforce.

ELEVATED AND SUSTAINED CYBER THREATS

• Leading cyber security experts are nearly united in their assessment that organizations will face a growing and persistent threat from a myriad of cyber threats, including DDoS attacks and ransomware. Critical infrastructure facilities face an acute risk.
• Organizations should consider these potential threats when evaluating current crisis management, threat management, and business continuity plans. Let’s take some time to drill into these aspects in some depth.

WEAPONIZED MISINFORMATION

Misinformation (political, medical) disseminated through multiple sources will be a primary driver of stressors related to workplace violence, political discord, and civil unrest. Misinformation on vital issues has become a virulent and pernicious problem worldwide. Both the 2016 and 2020 U.S. Presidential elections were impacted by massive amounts of misinformation from a wide spectrum of questionable data sources ranging from user-driven online conspiracy theory communities such as QAnon to state-sponsored intelligence operations. During the 2016 election, the St. Petersburg, Russia-based Internet Research Agency created thousands of false social media accounts designed to appear as Americans supporting radical political groups and ideology. These false accounts published fabricated articles and disinformation and reached millions of U.S. social media users between 2013 and 2017. Ultimately 13 Russian nationals and three Russian entities were indicted in the U.S. charges of violating criminal laws with the intent to interfere with U.S. elections. Such activity was also widespread during the 2020 election and will likely continue in future elections.

COVID-19 public health safety measures worldwide have additionally been compromised by widespread misinformation about the origin of the vaccine as well as the efficacy of new ones. The proliferation of misinformation has had a corrosive effect on our political discourse and undermined our citizens’ faith in its institutions, governmental agencies, and subject matter experts.

Examples:

• Wayfair: Members of the QAnon community capitalized on errors and anomalies regarding the pricing of products on the website of online retailer Wayfair. These conspiracy theorists put forth an online campaign against Wayfair accusing it of facilitating the sexual trafficking of children through their website. These baseless claims caused severe damage to brand and reputation for Wayfair.
• Dominion Voting Systems: Following the 2020 election, Dominion was targeted by election conspiracy theorists claiming that voting machines developed by Dominion had been illegally configured to change votes. These claims inaccurately connected Dominion to the government of Venezuela and in some of the more fantastical claims stated that members of the US military and the CIA were killed in a raid on secret computer servers in Germany that contained evidence implicating Dominion. While these ridiculous claims were quickly proven to be false the damage to the brand and reputation for Dominion was massive.

As technology improves, it will only become more difficult for the average media consumer to evaluate the steady flow of information from multiple sources and to parse out what is misinformation and what is not. Big tech companies have been slow to address this issue out of concerns surrounding perceived censorship. In response to widespread criticism, threats of governmental regulation, and calls for greater accountability, media platforms are now instituting policies to address misinformation and are developing tools to identify and address false information disseminated on their platforms. This has led to a vigorous debate on the role and responsibilities of big tech and spurred the creation of multiple ideologically motivated alternative social media platforms, further complicating the problem by diffusing the overall threat of misinformation across a broader ideological spectrum.

WHAT THAT MEANS TO THREAT ASSESSMENT:

When assessing a potential threat, organizations should consider the impact of misinformation on the employee in question. The current crisis and overall political/social climate may have caused individuals to adopt strongly held beliefs. A threat assessor must understand the underlying thought process behind an ideologically motivated threat. It is important to note that understanding does not equal agreement. Understanding a troubled employee who is holding on to an extreme overvalued belief that is driving negative behavior will help us craft and implement interventions to mitigate this risk.

INCIVILITY AS A PRECURSOR TO VIOLENCE

The normalization of incivility, violent rhetoric, and bad behavior will lead to an increase in violent incidents.

Workplace incivility is defined as “a low-intensity deviant behavior with ambiguous intent to damage the target, in violation of workplace norms for mutual respect. Uncivil behaviors are characteristically rude and discourteous, displaying a lack of regard for others.” An increasing body of research supports the premise that incivility in the workplace is often a precursor to workplace violence. The fact is, the nexus between workplace violence and workplace incivility cannot be ignored. One only must view the seemingly nonstop episodes of violence and incivility on commercial airlines and in retail establishments or view the latest viral “Karen video” circulating on social media to see the magnitude of this problem. These issues will undoubtedly bleed into the workplace in whatever form they may take moving forward.

WHAT THAT MEANS TO THREAT ASSESSMENT:

The goal of a strong threat assessment program is to mitigate the risk of workplace violence by identifying patterns of troubling behavior before a violent event. The more we learn about workplace incivility the more we know these actions are often a precursor to workplace violence. The stress of the ongoing pandemic and other social and political issues appears to have lowered our overall societal perception of acceptable behavior. We should not accept this as a “new normal.” Workplace incivility such as verbal abuse and bullying should consistently be viewed as early pre-incident indicators for potential violence.

CONTINUATION OF THE PANDEMIC

COVID-19 and related public health measures will continue to have a major impact on the workplace. President Biden announced sweeping executive orders to mandate COVID-19 vaccines or testing for a vast number of employers across the nation. These measures were immediately subject to legal challenges and ultimately the United States Supreme Court struck down many of these mandates. This has created a high degree of uncertainty and anxiety among both employers and employees as organizations struggle to determine what mandates will apply and as employees begin returning to physical work sites. As the latest COVID-19 variant surges throughout the U.S., the ongoing debate over vaccine mandates and public health measures continues, injecting uncertainty into an already fluid, dynamic, and stressful situation.

Following public health guidelines, which heretofore was most often an afterthought, has now become a defining attribute of many people’s political and cultural identity and the ensuing rhetoric among “sides” on this issue is frequently turning violent. As we enter a contentious mid-term election, these flashpoints will most likely increase in frequency and intensity. Prominent political figures have openly called on citizens to “not comply” with the announced mandates.

WHAT THAT MEANS TO THREAT ASSESSMENT:

The impact of the COVID-19 pandemic and related public health safety measures will be one of the primary stressors for acts of workplace violence in the year ahead. The fact that this matter has been highly politicized serves to intensify the impact of COVID-19 on the workforce. When conducting an assessment of a troubled employee, threat assessors examining potential sources of the threatening behavior should not dismiss the impact of the ongoing pandemic, even if the original employee grievance is unrelated to COVID-19.

ELEVATED RISK OF POLITICAL VIOLENCE

Political discord and civil unrest will be an enduring threat to organizations especially in the run-up to the 2022 U.S. midterm elections. The threat of continued and escalated political violence remains acute.

A recent Quinnipiac poll reveals an astonishing 76% of Americans say they believe political instability within the country is a bigger threat to the United States than external threats such as international terrorism, China, or Russia. While the U.S. continues to reckon with the January 6 assault on the Capitol, the threat of internal political violence has not diminished. Despite abundant evidence to the contrary, tens of millions of Americans still believe that the election was stolen and that President Biden was illegitimately elected. Polling of self-identified Republican voters reveals that 71% of Republican voters still believe that Donald Trump won the 2020 election.

The number of threats to members of Congress rose from fewer than 4,000 in 2017 to 9,600 in 2021; a 240 percent increase in just four years. In recent Congressional testimony, FBI Director Wray stated there are approximately 2,700 open investigations into violent extremism at home, up from 1,000 in the spring of 2020. The latest Washington Post-University of Maryland poll shows 34 percent of Americans say violent action against the government is sometimes justified, more than double of what surveys reported in 2010.

WHAT THAT MEANS TO THREAT ASSESSMENT:

We need no more vivid reminder of the threat of political violence at a national level than the January 6t 2021, attack and occupation of the United States Capitol. As we have seen over the past year elevated levels of controversy and political discord are now present at virtually all levels of government. Seemingly mundane local political functions such as school boards and planning and zoning boards are now faced with increasingly contentious meetings and in some cases direct threats of violence.

Our highly energized political environment has resulted in many people holding very strong opinions on political issues. In many cases, our political views have become key components of our core identity. When assessing threats if there is a political component, threat assessors must explore and attempt to understand the political motivation behind the actions or statements of an individual posing a potential threat. Threat assessors must remain politically agnostic when evaluating threats. It is important to note that understanding another person’s point of view does not equal agreement.

MODIFIED/ENHANCED INSIDER THREAT

Insider threat will continue to be a major concern for organizations. Our increasingly polarized political landscape, as well as COVID-19 stressors and dissent regarding public health precautions, will likely become additional negative motivators that may impact how we actually define insider threat.

Organizations have long been focused on “Insider Threat” as an issue, but this concern has largely been addressed through the lens of information security. The primary focus of insider threat prevention efforts to date has largely targeted malicious actors acting for financial benefit, or in support of hostile foreign intelligence services. However, there have been several recent high-profile insider threat cases within the United States Government where individuals acted as a result of ideological beliefs and motivations rather than as a result of traditional targeting and recruiting by hostile foreign intelligence services or rival corporate entities.

Examples are:

• Steven Brandenburg, a pharmacist employed by a large Regional Health system in Wisconsin pleaded guilty to intentionally destroying hundreds of doses of COVID-19 vaccine because he believed the vaccine was unsafe. Prior to this criminal act Brandenburg told several coworkers that he believed the vaccines to be unsafe.
• Chelsea Manning, a United States Army soldier who leaked classified information to the media after becoming disillusioned with United States military operations in Afghanistan.
• Edward Snowden, a former computer intelligence consultant, released enormous amounts of highly sensitive U.S. classified information to media outlets as a form of protest against what he believed to be illegal intelligence activities conducted by the United States Government.
• Reality Winner, a U.S. government contractor, also released U.S. classified information to the media regarding Russian interference in the 2016 election. Winner released this information because she felt the public had a right to know and did not believe the United States Government would truthfully release the information.

WHAT THAT MEANS TO THREAT ASSESSMENT:

Security professionals, threat assessors, as well as information technology security professionals should reassess their definition of what constitutes an insider threat.

Ideologically motivated acts of industrial sabotage or espionage may become more common. Those business sectors at the forefront of ongoing societal debate and controversy such as the pharmaceutical industry or “big tech” may find themselves particularly vulnerable to an ideologically based insider threat.

SINGLE ISSUE PROTESTS/CIVIL UNREST

Organizations will be faced with a persistent potential threat from single-issue advocacy groups. We have observed a significant rise in anti-government, grassroots organizations becoming more vocal, active, and violent. They tend to be vehement in their dislike of “medical tyranny” and “mandates” and strongly advocate for “health freedom.” Such threats are not limited to the healthcare sector as other industries, such as the pharmaceutical, financial sectors, have also found themselves being targeted. Perennial “hot button” issues such as abortion, voting rights, and racial justice have all been the source of recent protests. The ongoing societal debate over the role of law enforcement will also continue to generate protest activity as prosecutions for police misconduct move through the court system. Future police shootings will also likely spark a new round of protests. While such protests will most likely target governmental facilities and entities, organizations should prepare for extant threats to their staff and facilities located near protest sites. Organizations should review shelter-in-place and evacuation plans as needed and should also consider temporary alternate venues for critical operations during crisis recovery.

WHAT THAT MEANS TO THREAT ASSESSMENT:

We strongly recommend our clients regularly monitor the “pulse” of local and regional groups for external organizational threats. This includes general civil unrest, demonstrations, or protests by advocacy groups. It can be either physical (such as an on-site protest or an attempt by a group of individuals to breach security), or it can be virtual (such as a malicious social media campaign designed to harm a business’s reputation or a Zoom meeting takeover).

CONTINUED ECONOMIC PRESSURE

Economic stressors such as increasing inflation will place pressure on operating budgets likely reducing funds available for proactive and preventative-centric security measures. The expiration of COVID-related government aid programs and other personal financial stressors will negatively impact the workforce. As inflation continues to rise, pressure on organizational budgets will only increase. These economic stressors will be exacerbated as COVID-19 relief programs, such as eviction moratoriums and other forms of financial assistance, expire. There’s also been strong media coverage of what is often called the “Great Resignation,” as workers leave the workforce either through early retirement or to pursue alternative avenues of employment. It remains to be seen how viable these choices may be. Additionally, multiple studies have shown that most American workers have significantly underfunded their retirement accounts so those workers choosing early retirement may soon experience financial stress. Workers who’ve left the workforce for self-employed ventures or other non-traditional forms of employment may face financial headwinds in the current economy.

WHAT THAT MEANS TO THREAT ASSESSMENT:

Security programs, in particular threat assessment programs, are particularly vulnerable to corporate cost-cutting measures. Prevention programs are hard to justify during times of austere corporate funding due to the lack of visible results. Collaboration with other organizational offices, such as HR, will be imperative to develop meaningful metrics that can address the safety and security of the work environment in more indirect ways such as the rate of employee turn-over or the results of a workplace culture survey. These instruments can help to bring forward those who might be struggling and moving from stress to distress.

LEVATED AND SUSTAINED CYBER THREATS

Leading cyber security experts are nearly united in their assessment that organizations will face a growing and persistent threat from a myriad of cyber threats, including DDoS attacks and ransomware. Critical infrastructure facilities face an acute risk.

Cybersecurity experts faced significant challenges during the past year dealing with the impact and aftereffects of cyber security events such as SolarWinds and Log4j. The proliferation of work from home has only increased the cyber vulnerabilities and made the jobs of cybersecurity experts more difficult as they address an ever-expanding set of threat vectors.

The threat of ransomware has exploded over the past year. BitSight, a cybersecurity ratings company that analyzes companies, government agencies, and educational institutions released some startling information related to the rise of ransomware attacks in a recent report, showing that from 2014 to 2019 attacks accounted for only 13% of cyber insurance claims. However, in 2020 alone, 54% of all claims were the result of a ransomware attack.

In what may be considered a positive step and addressing the rampant threat of cyber-related crime, Russian authorities recently arrested members of the hacking collective REvil. This group was responsible for some of the costliest and most devastating ransomware attacks in the past year. While it is tempting to view this as a positive step in international law enforcement coordination, those of us who have worked in law enforcement in a liaison capacity with Russian law enforcement and security services (I was the FBI Legal Attaché in Moscow from 2012 through 2015) may adopt a more cynical view. Any Russian arrest of a criminal hacking group will simply be the formal recruitment of that group by the Russian Federal Security Service (FSB). What was once a cyber threat from a criminal hacking group has now become a cyber threat from a foreign intelligence service.

WHAT THAT MEANS TO THREAT ASSESSMENT:

Successful defense against such cyberattacks must be conducted by highly skilled technical cybersecurity experts. Threat assessment teams should work hand in hand with cyber security specialists when addressing such threats.

Threat Mitigation Strategies

ORGANIZATIONAL TRANSPARENCY

Transparency is always the best strategy for organizations during these tumultuous times, even if that means saying “I don’t know.” It will be important for organizations to honestly and directly address the uncertainty and anxiety facing their employees regarding return-to-work plans. As we have all seen, official guidance regarding COVID-19 precaution measures is, at times, both contradictory and confusing. In addition, the narrative regarding COVID-19 is flooded with informational distortions, further clouding the picture and calling into question, in the minds of some employees, the motivations behind an organization’s personnel policies. Organizations should communicate freely and openly, especially when guidelines or requirements change. For example, if a return-to-work date has been established that directs all employees to return to a physical office, organizations should anticipate that date might change based on new information. When a change is required, it won’t be enough to simply announce the change. A simple statement outlining the rationale behind the change can go a long way in helping an already stressed, anxious, and confused workforce understand and adapt to the need for the change.

AWARE & ALERT MANAGEMENT

As we learn to live in a late-stage COVID world, many employees will find themselves invited (or summoned) back to the office. In anticipation of this transition, managers should be aware of how the protracted remote working environment may have impacted their employees. Undoubtedly, they will discover that their employees, now thrust back together, are not the same people as those who left. Knowing this, managers should pay special attention to their employees’ potential resentment, their current state of mental health, and be aware of, and sensitive to, any potential “denialism/conspiracy” theories that could foster an environment of workplace incivility — a common precursor to workplace violence. At the office, working in masks may be new and unsettling for some employees. Many may not like the practice, or they may resent policies that are not uniformly or consistently enforced.

EMPATHIC LEADERSHIP

While many employees will have come through the pandemic with minor disruption, others will have been significantly impacted. They may have lost family members, become ill themselves, or suffered through extended isolation. Some will be eager to return to the office, while others may prefer an at-home approach. A recent poll by the Best Practice Institute found that approximately 83 percent of CEOs want to bring employees back to physical offices full-time, while only 10 percent of workers want the same. Whatever your organization’s approach, be mindful of potential resentment or even outright anger at changing company policies. In addition, it will be important to keep in mind the cumulative emotional and mental toll of the pandemic. This is almost hard to overstate. For example, during the pandemic, about four in ten adults in the U.S. reported symptoms of anxiety or depressive disorder, representing a 40 percent increase (from one in ten) from only the year prior.

STRONG CULTURAL ETHOS OF MUTUAL DIGNITY & RESPECT

In an office environment, people talk. As a nation, we remain in a fragmented and hyper-politicized environment where COVID-19 and related public health measures have become cultural flashpoints and political arguments. Some employees may vocalize conspiracy theories doubting the severity, or even the existence of COVID-19, while other employees may have been tragically impacted by the disease. It will be important to establish clear boundaries and policies regarding political dialog in the workplace. Left unchecked, heated conversations may evolve into workplace incivility or even escalate to acts of interpersonal violence in work environments.

COMPREHENSIVE GAP ANALYSIS & POLICY REVIEW

Now is the time for organizations to conduct a comprehensive review of all crisis and contingency plans with these articulated threats in mind. Organizations must also remain vigilant and mindful of regional and locally focused protest activity. Establishing or enhancing liaison relationships with local law enforcement is also strongly recommended. Security leaders should not wait until they are on-scene of an actual crisis to exchange business cards with their law enforcement counterparts.

CODE-OF-CONDUCT IMPLEMENTATION

Organizations should consider implementing policies that address civility in the workplace and should also consider developing a code of conduct that articulates acceptable workplace behavior. While remaining mindful and respectful of individual beliefs, organizations can craft a code of conduct that describes acceptable behavior. Many organizations, including most governmental agencies, already have policies that restrict or limit political activity or discussion within the workplace (see the Hatch Act of 1939-applicable to U.S. Federal Government employees).

Ready to make a change in your organization?

Contact us for a free consultation. We can assist you and complete a gap analysis and full policy review to help eliminate redundant or conflicting guidance and to bring that policy into full alignment with prevailing best practices and vetted guidelines. We can also help in establishing, training, or exercising your threat management team and even provide you with a real-time, threat assessment capability through our Virtual Threat Manager® retainer program. Experience-driven, research-based solutions at the intersection of security and behavioral health.