Tracy Reinhold, Chief Security Officer, Everbridge discusses themes of security and organisational resilience and previews the company’s upcoming webinar, in partnership with SJUK.
Founded in 2002 following the September 11 terrorist attacks, Everbridge was established to develop a notification system capable of ensuring that communications were received when it mattered most. According to Tracy Reinhold – its Chief Security Officer – the company was the first to recognise that many businesses and organisations lacked a way of communicating with employees.
“This really came to light after the attacks,” he told SJUK. “Organisations were unable to determine the welfare of their employees. We were created, initially, as a mass notification company, where businesses could check on the welfare of employees through multiple modalities. Technology was emerging at such a pace that we took advantage and started to see what else we could do to help organisations establish a resilient posture and retain that posture as they continued to evolve.”
Though Everbridge started as a mass notification company, today, Reinhold considers it a critical event management platform provider: “This is a natural progression when you think about the way the world is today. The pandemic changed the dynamic from an employee safety perspective. Very few organisations are going back to the office 100% of the time, many are hybrid and there are multiple organisations that have decided to go fully digital.
“This brings challenges when you think about how you protect employees. Because of remote working, it’s difficult to tell where employees are – one of the things we do is map where they are. We overlay threat information and, if there’s an event such as a tsunami, we can map people and let them know. If people are unsafe or feel unsafe, they will find somewhere else to work. Providing this service has a huge benefit in regard to maintaining a resilient organisational posture.”
Disruptions, regardless of how they manifest, impact businesses. By leveraging intelligence as well as aggregating and deconstructing information, businesses and organisations can make decisions and maintain a resilient posture. “When thinking about resilience, I like to think about it as the ability to recover quickly from business disruption,” continued Reinhold.
“At the end of the day, there are multiple components to business continuity. But, when you look at it from a holistic perspective, can you recover from business disruption? Can you mitigate that disruption before it manifests through leveraging intelligence that informs your potential disruptions before they happen? That’s really what we are all about.
“I was in Berlin recently and we talked about the nexus between climate change and security. I gave a presentation to 200 professionals that were questioning the idea of climate change and what the role of security is. Part of our job is to be that source of information that provides clarity for practitioners in the security space, so that they can go back to their companies and say, ‘this is why we need a good ESG position, this is why we need to be concerned’.
“It’s not enough for Everbridge to just provide technical solutions – we also have to provide thought leadership in that space that really demystifies what it is we do as practitioners, what organisations are responsible for. We look at ourselves as an organisation that partners with organisations to ensure the welfare of citizens or employees.”
Security in organisational resilience
“When you think about resilience, traditionally, security has been somewhat walled off from the rest of the company,” explained Reinhold. “I hate to say this, but it was always the department of ‘no, you can’t do that’. What we tried to do is to change that dialogue and make security a job that enables the business. When you look at resilience, it has to be a horizontal process, it has to encompass the entire organisation.”
Across many settings, resilience has traditionally resided in the security space, with many CSOs taking responsibility for continuity, crisis management and physical security. However, by taking these areas outside the remit of business, an environment vulnerable to disruption can be created. Reinhold elaborated: “One of the jobs of security is to educate the business, about the criticality of resilience. To do that, security has to sit down with the board and articulate in the boardroom.
“Many board members don’t know security, they know business. When you relate resilience to the ability to recover from a disruption, it makes more sense. It’s a conversation that a lot of security professionals are not comfortable with. However, influence is key to establishing resilience and you have to articulate value in a way that makes sense to the people that control the purse strings.
“What does this do? It changes how they look at security. It’s not just about guarding, it’s about enabling business. This is a discussion we need to have. I think the key driver is that we have to think holistically. You have to think about how we sustain the company and how we digitise resilience; how we leverage technology to help us establish and maintain a resilient posture for the organisation.”
Technology is embedded into the fibre of every organisation – understanding it, protecting it and leveraging it to enhance business is important. Reinhold emphasised that a holistic approach involves you looking at the combination of digital and physical security, overlaying what matters to the company and then establishing a resilient posture so that you can actually maintain that.
“One challenge which is often not looked at through a security lens is reputation. Customers will vote with their feet; it’s not a matter of just talking briefly about cybersecurity or what happens if you get attacked – it’s a matter of when and how you respond. What do you say to shareholders, stakeholders, partners? How do you develop a concise communications plan that allows you to control the narrative? These things are important because if you don’t talk about them, somebody else will.
“This will impact your brand and reputation because you lose control of the narrative. All of these things, when you think about the interconnectivity of security to the core business, is why making it part of the culture is important.”
Trust, technology and transparency
As we look at the threats that businesses and organisations will face in years to come, Everbridge will play a crucial role in providing support and strengthen postures. Reinhold said: “Cyber is obviously a huge threat, but we have to put mitigation strategies in place to address potential disruptions to our business. It’s the biggest challenge I see and we have to maintain an open aperture.
“In 2019, not many people would have assumed there was going to be a pandemic. A lot of organisations were unable to pivot, because they were too rigid in their interpretation of threat and risk. So, what we need to be careful of going forward is to not address yesterday’s crisis; we don’t want to have an entire plan built around the pandemic and not think about what could possibly happen outside of that arena.
“AI is a looming issue right now, but the benefits could be huge. So, how do we responsibly use AI and leverage automation? It’s about trust, technology and transparency. These things are critical for an organisation to survive. You can have the greatest tech in the world, but if employees or customers don’t trust you, they will take their business elsewhere. Get ahead of threats, leverage technology and intelligence and make sure you have vetted the veracity of the intelligence before you make a statement. And, don’t wait too long; there’s a fine line between speed and correctness.”
Everbridge’s role is to leverage technology to digitise the ability of a company to respond to disruption. The company brings an agnostic approach to the table. “It doesn’t matter whether it’s cyber, whether it’s terrorism – you still have to recover,” Reinhold added. “That’s why we say we are creating an environment for you to manage disruption and return to revenue faster.”
Navigating the hybrid work environment
In regard to organisational resilience and business continuityin ahybrid work environment, Reinhold made the point of breaking this down into different segments. “One of the things that companies look at is insider threat,” he said as an example. “Traditionally, there were triggers that indicated it, such as people logging in at odd hours.
“Many of these triggers have disappeared. Because of the new remote working environment, when you’re thinking an employee is logging in at two in the morning, they might actually be on the other side of the world. For them, it is their work day, but to you, you’re seeing a potential threat. Part of the way to look at that is by leveraging technology to geolocate individuals and assets in a company. This allows you to identify potential triggers that you may have missed.”
From Reinhold’s perspective, the same thing applies to business continuity: “When you think about business continuity, there was always a BCP (business continuity plan) in the business. All the things the person responsible would have done are still things you have to do. But, now, you rely on technology. I recommend that your BCP should be a digital process and should never be printed. When it is printed, it is obsolete. A document that is no longer live can’t be updated.
“In one of my previous jobs, I digitised our BCP. It was updated every night; by integrating with HR, as employees left, we knew who was who. These things need to be considered when thinking about addressing resilience and continuity in a hybrid or digital first environment.”
Connecting digital and physical security and safety throughout a business is a must. The idea that digital and physical security and safety are not related, may well be the best recipe for disruption. As Reinhold told us: “It’s about communication and consolidating those two things together.
“The business doesn’t care if it’s a cyber or physical risk, they care if it’s a risk. Horizontal integration and convergence is very real. If you see something that looks like a potential disruption, then you need to address it. And, the best way to do that from a security perspective, is when your digital team and physical team are locked together. It’s not about competition.
“In our webinar, Crucial Trends to Build Organisational Resilience in 2023 produced in partnership with SJUK, we’re looking forward to getting people to think differently about risk and resilience. It’s about getting people to understand that our job is to look more cross functionally. I learn something new every day and one thing I know is that I don’t know enough. For me, webinar opportunities provide us with a platform to share and educate.”
Crucial Trends to Build Organisational Resilience in 2023
Organisational resilience remains a strategic imperative, growing in importance as businesses face threats from cybercrime, climate change, severe weather, and political instability. CSOs must not only protect their employees but also position the organisation itself to remain resilient.
Learn real-world advice and first-hand insights on the challenges we face and share strategies on how we can overcome them. Discussion topics include:
• Best practices and lessons learned in developing a robust and reliable resilience plan
• New perspectives of organisational resilience and business continuity in a hybrid working environment
• The complex process of enhancing/connecting digital and physical security and safety throughout your business
Speaker: Owen Miles, Field CTO CEM, Everbridge