Estimated reading time: 3 minutes

Tim Willis, Director of Corporate Security, EMEA at Dataminr explains how the company harnesses social media and publicly available information to generate real-time security alerts for its customers.

The widespread use of social media around the world has created new information streams which, in the security landscape, provide the potential to generate alerts faster.

How can social media be used as a tool for security alerts?

What we are seeing with the explosion in the use of social media and other platforms on mobile devices, is that it has really changed how people can share information and how we become aware of incidents as corporate security teams. It is very easy to forget that the first iPhone was only launched 11 years ago, but it has changed the way that we receive information about things that may affect our people, operations, assets, or reputation as companies.

Traditionally we relied on sources of information like media outlets, but we can now get it directly from people on the ground who are tweeting about whatever they see. People are reporting what they experience, as well as posting pictures, which can provide enormous value by allowing security and crisis management teams to get eyes on the ground as an incident unfolds.  It’s also important to note that this is all public information. People are posting on a public forum, and if you know how to harness the value, it allows you, as a security team and as an organisation, to really start to make sense of events earlier. You can more quickly understand what has happened, what it looks like, and whether it is likely to impact the business.

How are you able to find the relevant information for your clients from such a vast pool of data?

Dataminr’s algorithm is at the center of the business, and it ensures that we deliver clients only the information that is relevant to them in real time. Each Dataminr user can customize their settings. We engage with them from the outset to understand what their pain points are, what their operational footprint looks like, where their exposure is, and what they are worried about. Then, we can help point a lens on those areas so that clients receive only the alerts that impact them and aren’t bogged down by noise.

For example, with an incident like the London Bridge terror attack, we saw an anomalous pattern of activity, coupled with keywords that indicate an event type. Rather than our clients having to put in a huge strings of keywords, the algorithm finds the content automatically and delivers it if it matches the client’s topical and geographical focus.

How can you make sure all of the alerts you send out are real and avoid false positives?

We’re looking not only at keywords, but also the patterns of activity. For example, a few years ago one of the major news wires’ Twitter feed was hacked and reported a bomb in the White House in Washington, DC. Because the information came from a reputable source, all the other news agencies started to run the story, but because Dataminr’s algorithm wasn’t seeing the typical patterns of activity expected in events like this from people on the ground, we were able to disprove that story fairly early on. All those patterns and things that we are looking for ensure providence, and the fake news is sifted out.

You cover a lot of different sectors, why is corporate security an important market for you?

For a corporate security team, as businesses become more international, it’s a complementary source of information to many of the existing feeds that corporate security teams have.  We are hearing from our clients that this really fills a need. They have to keep an eye on what’s happening around the world based on their operational footprint and risk tolerances, but their current information streams are often not real time. Consider an organisation with operations on multiple continents, in areas that speak different languages and in different time zones. Trying to keep your finger on the pulse of what is happening on the ground there is challenging, particularly with lean security teams who are often time-starved. Dataminr can really drive efficiencies within those teams by helping set the tripwires in locations where the company is operating and around topics relevant to the security team. When conditions are met, the metaphorical wire is tripped and a Dataminr alert is delivered to the security team’s desktops, inboxes and mobile phones without the need to constantly monitor multiple feeds manually.

When an incident potentially impacting your business does occur on the other side of the world, the corporate security team has the reassurance that they’ll get a real-time alert. Alerts are derived from publicly available datasets, like social media, and are automatically translated, so corporate security professionals don’t need to know the source language.

Alerts also provide corporate security teams with ongoing situational awareness, which is especially helpful in remote locations, and provide context to assess the overall threat landscape. All of those are important parts of the puzzle, but for your immediate incident response, the sooner you can hear about an event, the sooner you can respond to it, and the better you can contain it. Real-time alerts are essential.