How to avoid the single point of confusion pitfall

Feb. 28, 2022
Overreliance on a single data point or technology can have devastating consequences for your organization

In 1945, the U.S. military began investigating the mysterious disappearance of a squadron of aircraft lost in the area now known as the Bermuda Triangle. In the immediate aftermath, a rescue plane disappeared. And in the ensuing decades, ships and aircraft alike vanished. The mystery has fueled numerous theories, some bordering on the fantastical – aliens, giant whirlpools, and supernatural influences all have been blamed for the disappearances.

More likely explanations point to less exciting factors like human error, weather, and an unusual magnetic feature that impacts compasses. For pilots in the 1940s, compasses were essential. In the Bermuda Triangle, they were a single data point of confusion on which too many decisions were based.  

I see an analogy in the security space. An over-reliance on one data point or an inability to integrate multiple data points creates its own kind of Bermuda Triangle. We call this a single point of confusion or SPOC.

Pilots have learned to integrate better data offered by more tools. Security teams can too.

The Risks of SPOC

Let’s imagine a scenario that many security professionals have faced in recent years: A planned protest expected to pass near their downtown headquarters. In the crowd is a person-of-interest that has been identified on social media as a critic of the company and the company’s industry. Around this time, a manifesto appears on the dark web for the first time signed by a handle that the security team has seen before. The manifesto threatens the company with violence and vandalism.

Taken individually, each item might spur varying levels of concern or action. A protest might lead to an advisory to employees. The person-of-interest might lead to a locked facility or enhanced security presence. But let’s face it, quite often, organizations collect this information for discrete purposes and it might not even make it to the security operations center (SOC) or they rely on single-point tools that focus on one level of analysis to the exclusion of others.

What if all these data points were connected without the organization realizing it? The single point of confusion reigns. Real-time threat intelligence is about connecting the dots, from the planned protest to the POI to the dark web avatar.

It’s Time to Transform Physical Security

Humans generate 2.5 quintillion bytes of data every day.  The volume fuels, and is fueled by, a non-stop news cycle, a tsunami of social media, and a growing wave of connected smart devices. 

For safety and security teams needing to monitor activities 24/7, often across many locations, access to such vast, continuous real-time data should be beneficial.  Often, the volume of data is a swirling soup of random information that generates more questions – What data is most important? Are we over rotating on a data point with no significance for the situation? – and potentially more confusion than clarity.  And so they turn back to what is most familiar – isolated, and often disparate pre-incident indicators.

Real-time threat intelligence and situational awareness enable detection, understanding and action amid this swirling soup of data. Security professionals need to leverage more information, everything from weather to news, to open source intelligence.

It’s the integration of multiple streams of information into a unified basis for decision-making.

The physical threat landscape is changing faster than we can inhale. This has caused an exponential increase in data and pre-incident indicators. An overwhelming majority, 71%, of physical security and IT leaders have said this volume of data is unmanageable, according to the “Ontic 2021 Mid-Year Outlook State of Protective Intelligence Report.” What’s more, a lack of unified digital protective intelligence is leading to missed threats and, in some cases, physical harm to employees, lost revenue and damaged reputation. The research shows even one missing thread can lead to devastation.

And with expanded ability to detect, understand and act, those lost in the mystery of the Bermuda Triangle might have avoided SPOC and experienced a different fate or at least we would have clear answers to what happened. The same tools can help prevent today’s increase of mass shootings, prepare for natural disasters, react quickly to an unexpected crisis and more.

It is no longer enough to monitor physical threats, cyber activity and human resource issues separately. Time and time again we see that nothing remains “unexplained” like the Bermuda Triangle, and all pieces of a disastrous puzzle are eventually revealed – before or after it occurs is the only question that remains.