262,000 suspicious mail items in 2021.   6,300 threats  —  are you prepared?

Download our Annual Mail Security report.

Mail Threat Alert - OctoberAugust September July 2020

Dangerous Mail Report Download

“Benign” threat vectors — and why they’re often overlooked through the ESRM process.

This expert panel discusses risks from “benign” threat vectors, why they’re often overlooked through the ESRM process, and the overall threat reduction/mitigating responsibility.

Download a copy ↓

Will Plummer, CSO.

Will Plummer

CSO, RaySecur

CSO and Director of RaySecur’s EODSecur program. 25-year US Army veteran and Master EOD Technician.

Chuck Randolph sq.

Chuck Randolph

Senior Director of Operations and Intelligence, AT-RISK International

30-year US Army veteran, and current president of the International Protective Security Board (IPSB).

2021 Mail Security Statistics

High-Risk Facility Mail Security Logistics - Slide 3.

Driving Factors

  • Mistrust in media and government
  • Continued COVID response threats
  • Mandatory vaccine policies
  • Feeling lack of representation

The majority of mail threats reported in 2021 were driven or motivated by the four items listed above.

With the notable exception of narcotics trafficking, almost all of the mail security threats tracked in the United States fell into these categories.

High-Risk Facility Mail Security Logistics - Slide 4.

Growing Problem Areas

The topics below represent areas of focus for security teams handling or preparing their organization for mail security threats.

2021 was a turbulent year in the United States, and the effects appeared largely in discernible patterns, highlighted below.

  • Corporate
  • Government
  • Labs and Testing Facilities
  • Jails and Prisons
Trigger Topics
  • COVID Response
  • Personal Biases
  • Firing/Layoff
  • Growing Empowerment
Emerging Threats
  • White Powder Toxicity
  • Death Threats
  • Hate Crime
  • Extorsion
  • White Powder Increasing
  • Mid-Term Election Response
  • Higher Profile Targeting
  • Drug Increase
High-Risk Facility Mail Security Logistics - Slide 5.

Container Types

Overall, containers stayed fairly steady, though 2021 saw a small shift in letter sizes, compared to 2020.

We saw an increase in letter-sized threats by a little bit — and that’s primarily tied to death threats and racial threats.

High-Risk Facility Mail Security Logistics - Slide 6.

Reported Substances

White Powder remained a significant category in mailed threats in 2021— and these are threats that received a response by first responders.

Drugs grew by about 9% — and that refers to drugs that were found recovered. The true number is likely much higher. Many of these drug-related incidents were found in the workplace. This has been a growing problem recently that companies will have to handle soon.

Drug incidents are no longer occurring once a year now. More and more, we’re hearing from organizations receiving 5 or 6 drug packages per year.

Lastly, IED’s saw a significant increase as well. Most of them were hoaxes, but the rate of incident nearly doubled from 1.7% in 2020 to 2.5% in 2021.

High-Risk Facility Mail Security Logistics - Slide 7.

Target Types

Government targeted incidents shot up exponentially, many of them in response to January 6th, Covid policies by the government officials, and mandatory vaccines.

These incidents were not isolated to the Washington DC beltway. This number represents government and elected officials of all types across the US.

Dr. Fauci, the Arizona Republican party, Senator Rand Paul, and Rep. Ilhan Omar all received white powder in their mail in 2021.

These numbers include educators as well. Our March, 2021 threat alert details how 10 schools were evacuated over white powder in New York City earlier this year.

Residence numbers jumped by 14%, likely because so many people began working from home. In those cases, the threat my still be aimed at the business, though they’re listed here as residential.

High-Risk Facility Mail Security Logistics - Slide 8.

Response Types

Significant in the Response Type category is the number of FBI responses. Many of these threats are federal. That could mean items crossed state lines, or it could be specific to USPS (as opposed to private couriers like UPS, DHL, or FedEx).

This increase in federal response could also be partially explained by federal agencies simply taking more interest in mail threats, given recent elevated trends. In those cases, federal charges may result for incidents which may not have risen to that level in past years.

High-Risk Facility Mail Security Logistics - Slide 9.

Event Tracker

Mail threats historically follow high-profile events with a 5-7 day delay. Given that, we can match several spikes in 2021 mail security incidents to various events from US news this year.

  • January 6th at the US Capitol
  • Death of George Floyd and subsequent trial
  • Civil unrest and protests in Portland, OR
  • Federal and corporate vaccine mandates

There are other, unrelated incidents as well. But these events do help to contextualize and explain obvious trends.

Download this Presentation

Download and print or share the slides from this webinar on mail security.

If you’d like to see more webinars on similar topics, please feel free to let us know!

And as always, please feel free to share this webinar with your colleagues in mail security.

Mail Security Threat Analysis

Why are threats ignored?

Threats are ignored when they’re seen as “benign.” They’re not benign. They are a problem, but people can just mis-identify the possibility of threats.

Oftentimes costs are, are just invisible if you think, “It’s just the mailroom. I could absorb that cost,” while not understanding the downside to that cost.

Three days out of your facility for a decontamination event is a significant cost. Luckily, some of the solutions are inexpensive and can be achieved with materials you already have.

Low Risk vs. Unknown Risk

I hate the term “low-risk.” It’s unknown.

But sometimes we need to put a percentage on things: green, yellow, red—it makes it easier to talk to leadership about resourcing. But I think these “benign” things often get mislabeled as low-risk when, in fact, it’s unknown risk.

The only way to identify that unknown risk is to create common operating information.

If we can create common operating information, we have data. And now we can now have risk discussions. We can now have these “benign” activities that we can assess and have broader discussions. Discussions are cheap insurance. They’re inexpensive force-multipliers.

Managing External Contractors & Communication

Multiple groups (or sometimes multiple external contracted companies) that work inside some organizations. Each is trying to accomplish somewhat similar tasks.

One corporation may hire Company A, who hires Company B to perform a task. That task is managed by facilities, who is run by Company C. These silos become problematic if external contracts cross over into another company’s contract.

Contract management are an anchor to prevent risk. They prevent people from the notion of see something, say something. It easy to say, “Hey, I saw that’s not part of the SLA, but…”

If you, if you see an anomaly, call it in. Let’s identify it collectively. Sounds easy, but can be hard to do.

How do “Benign” Threats Arrive?

The biggest issue in this example is targeting high profile individuals. Many security teams are used to the corporate headquarters being ground zero.

Corporate security norms are based on bringing everybody inside. We’re behind our own firewalls. We have control over everybody and everything. EP teams get to slow down a little bit because everybody’s inside of a safe environment.

Well, then COVID hit. Folks are working from home, and that includes CEOs and the C-suite. And that target is now in one of four or five homes they might own and targeting them is much easier. Targets are working from home, and their supply chain goes through their house or to their house directly.

Fragmentation within Security Teams

We have organizations within organizations. A CEO may be protected by a different team at home than they are at the office. There are residential teams and there are corporate teams.

These teams often have different procedures. And that can lead to gaps and lack of common operating information.

We live in the information age. It’s pretty easy to discover where a CEO lives, or where the head of HR lives.

Security teams should slow down and look at their risk map at scale. Ask your teams what are we doing here? Are we good? In some cases, look at a certain risk and decide to “circle-X”—decide to accept that risk.

Identify those risks that you’ll have to accept. Then identify those risks that are unacceptable, and build protocols around them.

Download this Presentation

Download and print or share the slides from this webinar on mail security.

If you’d like to see more webinars on similar topics, please feel free to let us know!

And as always, please feel free to share this webinar with your colleagues in mail security.