Skip to content
Bethesda Fountain New York City

Bethesda Fountain in New York City, New York. (Photo by iStock)

Protecting Soft Targets without Hindering Culture

Soft targets are on everyone’s minds but not for the right reasons.

On 15 March 2019, an Australian gunman entered Al Noor mosque​ in Christchurch, New Zealand, and shot and killed 42 people. He then drove to Linwood Masjid Mosque and killed seven more. Three more victims died of their injuries after the attacks.

Over the past decade, a number of soft target attacks have taken place around the world, including the 2011 attacks in Norway that left 77 people dead, the 2015 Islamic extremist attack on the Charlie Hebdo office in France, the 2015 white supremacist attack on a church in Charleston, South Carolina, and a 2017 attack on a mosque in Quebec, Canada.

Although every soft target attack had its own set of triggers, and there are reasons to study each attack singularly to gain a better understanding of them, the reality is that we are still struggling to understand the concept of a soft target and how to protect it.

What is a Soft Target?

Firstly, let's define the term “soft target.” The best way to describe a soft target is to describe what it is not. A soft target is not a government or military institution, and it is not an institution or location with multiple security layers. Furthermore, soft targets are often places that are not traditionally perceived as targets, such as a restaurant, a cultural property, a popular public space, or a house of worship.

Consider the November 2015 Paris attacks where restaurants were targeted, or the vehicular attacks that ran people down in the street in Manhattan, Toronto, and Nice. Any open venue can be a soft target. Soft targets are places that generally have open access with little to no screening.

The U.S. Department of Homeland Security (DHS) combines the overall notion of soft targets with “crowded places”—calling them “ST-CPs” and defining them as “locations that are easily accessible to a large number of people, and that have limited security or protective measures in place making them vulnerable to attack.”

The bottom line is that the softest targets often have no security presence or security personnel. If an organization decides to replace its security personnel with technology but it takes 10 minutes for someone to respond to alarms, then there is a flaw in the security system. Vehicular attacks are over in a few minutes. How do you respond to that? This is why people are rethinking these risks and how to address them.

Oftentimes, soft targets are open to the public and can receive millions of visitors per year. Security professionals responsible for soft targets like cultural properties or shopping centers often talk about awareness and alignment to their organization's mission, which is not typically security-driven but rather client experience-driven.  

People and organizations are sharing information among soft targets, at least locally. And then, of course, there are issues of national discussion, like gun violence in the United States. Active shooter threats are a great concern. An FBI report found that nearly half of 160 active-shooter incidents in the last decade occurred in a business setting. The threat of gun violence at the workplace is thus unlikely but real. But firearms are not the only weapon to consider.

Knife attacks are on the rise in Great Britain. Arson has been used in Japan. Properties with parking on-site are going to have some vehicular traffic as well as pedestrian traffic, and the question arises: How do you secure that?

Unmanned aerial vehicles impact park-type environments and anything that is open air. There have been minimal cases reported of malicious intent done by aerial vehicles as it has been mostly nuisance or snooping type issues. That said, this is not beyond the realm of possibility.

Security Culture

Having a visible security force is important. Just about every cultural property these days (especially in the museum world) has a security officer right up front. Security officers are the ambassadors of that institution. They are the first person most visitors will see and perhaps the only person they will interact with. This is a deterrent factor. It alerts anyone who is thinking of doing something nefarious that security at this place is important.

Security officers who stand at their posts and don’t engage with anyone are not going to deter someone who wants to commit an act of violence. Officers need to be active in their observational and service roles. Selection and scheduling of the right security officer is important, as is making sure that the officer is present and can communicate issues before they escalate.

It’s a lesson soft targets can learn from loss prevention. Many retailers have a greeter at the front of the store saying hello and offering assistance to shoppers as they enter. Part of that is being a good salesperson and representing the organization, but it’s also a good deterrent to theft.

There are concepts in security that cross industries. There are theories of crime prevention that you can apply to whatever institution you work in. Staff awareness and training can contribute to organization resiliency.

How to Balance Security Alongside Other Priorities?

The tie-in is through Enterprise Security Risk Management (ESRM). Security is a support player. How are you ensuring the mission of the organization? That’s important. Risk management is what you’re doing to support the organization’s unique culture without even mentioning it.

Bringing insight into the organization is done via data, but you only know what data to bring when you understand what stakeholders’ issues and overall objectives are. People expect to be safe in their workplace, the mall, their church, mosque, and generally wherever they go. The general public doesn’t usually visit places with extreme security.


There’s a great wealth of information out there, and a lot of it is being shared freely between security colleagues and peers.

What’s interesting, especially within ASIS International, is the resource of the international community. How can you use different tactics locally? What’s acceptable in terms of resources and the law? Those are the things we come to understand by talking to our global colleagues.

There is a Cultural Properties Council that is made up of soft target security specialists. Another source would be the ASIS International Security Service Council, whose focus is in and around any security service that is deployed as part of a program. Both of these groups are reachable via

What about the Future?

Technology plays a factor in securing any environment, so knowing and understanding it is key—as is realizing that it is not the be all and end all. Technology needs to be applied for a purpose—to solve an issue. Security is a group of different things: technology, people, policies, and procedures (a management component). As a security practitioner, if you only understand one side or another, you’re only doing one part of the job.

Consider that threats can come from anywhere. Organizations are constantly reevaluating their risk matrix and the risks that they face. Threats and, in turn, risks are evolving.

Mark Folmer, CPP, FSyI, is vice president of security and industry for TrackTik. He also serves as chair of the ASIS Security Service Council and senior regional vice president of Region 6 (Canada) for ASIS International.