Do You Think Drones Don’t Concern You? Let Me Prove You Wrong

A biased perception of the risk

Drones are often associated with armed conflicts—particularly the war in Ukraine or tensions in the Middle East. In the collective imagination, a drone is therefore seen as a weapon: explosive, visible, and dramatic.But this perception is misleading.

In our environments, whether in Montreal or elsewhere, drones do not represent a military threat. Rather, they are a discreet, accessible tool already used for malicious purposes: surveillance, information gathering, intrusion, or exfiltration.

These devices are relatively inexpensive and can be purchased or assembled at low cost, making them accessible to almost anyone. They can be used illegally against individuals, businesses, government organizations (municipalities, Crown corporations, ministries), as well as critical infrastructure such as hydroelectric dams, power distribution stations, airports, water treatment facilities, hospitals, bridges, and more.

 

Malicious uses already possible… here

Contrary to common belief, it is not necessary to be in a war zone for drones to pose a serious threat. In an organizational context, malicious uses can take many forms:

 

Surveillance and information gathering

• Observation of facilities and operations
• Identification of access points, sensitive areas, or blind spots
• Capture of images, videos, or sensitive data

 

Targeting and tracking individuals

• Monitoring employees, managers, or executives
• Gathering information on habits or movements
• Observing family members or close contacts
• Targeting and tracking public figures or sensitive profiles, as well as their family members (police officers, military personnel, elected officials, experts, etc.)

 

Intrusion and bypassing security measures

• Accessing supposedly secured external perimeters
• Bypassing physical access controls or security guards
• Observing areas from above that are not covered by traditional systems

 

Exfiltration and insider involvement

• Transferring objects or documents from restricted areas
• Using internal accomplices to facilitate exfiltration
• Theft of equipment, keys, access cards, or digital media

 

Sabotage and disruption of critical infrastructure

• Attempts to damage or interfere with sensitive equipment
• Interference with essential systems (electrical, water, transportation)
• Intentional triggering of failures or operational disruptions
• Use of drones to drop, move, or manipulate objects in critical areas
• Surveillance of infrastructure to prepare sabotage activities
• Targeting critical infrastructure such as hydroelectric dams, power distribution stations, airports, water treatment facilities, hospitals, schools, colleges, universities, bridges, youth detention centers, correctional facilities (prisons), police stations, etc.

 

Threats to personal safety

• Intimidation, harassment, or intrusive surveillance
• In extreme cases, risks of serious injury

 

👉 The list is almost endless—and constantly evolving with technology.

 

A blind spot in risk assessments

these realities, drones are still largely absent from:

• Organizational risk assessments
• Business Impact Analyses (BIA)
• Business Continuity Plans (BCP)
• Crisis Management Plans (CMP)
• Physical security plans

 

Why? Because the risk is:

• Perceived as marginal
• Associated with extreme contexts
• Or simply misunderstood

👉 As a result, very few organizations have considered the real consequences or the appropriate mitigation measures.

 

Very real potential impacts

The malicious use of drones can lead to:

• Confidentiality breaches (data, operations, strategies)
• Risks to personal safety
• Operational disruptions
• Reputational damage
• Legal and regulatory consequences
• Increased exposure of critical infrastructure

👉 In short, this is a cross-cutting risk affecting multiple dimensions of organizational resilience.

 

Practical Guide: How to Better Prepare for Drone-Related Risks

Without overcomplicating things, organizations can integrate this risk into their existing frameworks. Here is a simple and effective checklist:

 

1. Integrate drones into your risk assessment

• ☐ Include drones as a potential external risk source
• ☐ Identify exposed assets (sites, facilities, people)
• ☐ Assess potential impacts (safety, operations, reputation, etc.)

 

2. Review your physical security perimeter

• ☐ Identify exposed assets and areas (sites, facilities, external access points)
• ☐ Identify existing security measures (surveillance, access control, guarding, etc.)
• ☐ Identify blind spots (especially vertical exposure)
• ☐ Assess the coverage and effectiveness of surveillance systems
• ☐ Verify the robustness of external access controls
• ☐ Identify additional measures required to reduce vulnerabilities
• ☐ Consider particularly vulnerable areas (roofs, yards, secondary access points)

 

3. Raise awareness among your teams

• ☐ Inform employees about potential drone-related risks
• ☐ Train security personnel to recognize suspicious drone activity
• ☐ Raise awareness among managers and executives

 

4. Structure incident management

• ☐ Define actions to take when a suspicious drone is detected
• ☐ Integrate this scenario into your Crisis Management Plan (CMP)
• ☐ Develop response procedures aligned with your Physical Security Plan and Emergency Response Plan
• ☐ Define protection measures that can be rapidly deployed (securing areas, restricting access, halting operations, etc.)
• ☐ Clarify roles and responsibilities
• ☐ Plan internal and external communications

 

5. Adapt your existing plans (BCP, CMP, security)

• ☐ Include drone-related scenarios
• ☐ Test these scenarios through exercises (tabletop or simulations)
• ☐ Identify continuity measures in case of disruption

 

6. Collaborate with stakeholders

• ☐ Establish links with local authorities (police, public safety)
• ☐ Understand applicable regulatory frameworks
• ☐ Stay informed about industry best practices

 

7. Monitor the evolution of the risk

• ☐ Monitor emerging drone-related threats and uses
• ☐ Regularly update your risk assessment
• ☐ Adjust mitigation measures accordingly

  

Conclusion

The issue is not drones themselves. The issue is that we continue to associate them with war zones… while their malicious uses are already present in our everyday environments.

👉 What is not anticipated cannot be effectively managed.

And in a world where technology evolves rapidly, today’s blind spots often become tomorrow’s incidents.

 

Strategic Support to Strengthen Your Resilience

At Benoit Racette Services-conseils inc., we help organizations protect their critical operations, ensure the safety of their teams, and maintain the trust of their clients—even when a major disruption occurs.

With over 28 years of specialized experience in business continuity, crisis management, emergency preparedness, and IT disaster recovery planning, Benoit Racette supports organizations with rigor and confidentiality, transforming complex challenges into concrete solutions tailored to their reality.

• Resilience diagnostic
• Updated business continuity plan
• Operational crisis management plan
• Realistic IT disaster recovery plan
• Tests and exercises to validate plans and strengthen teams
• Targeted training in continuity, crisis management, and operational preparedness

 

These are the tools that distinguish organizations that suffer… from those that respond with control.

Want to assess your vulnerabilities, refine your plans, or better prepare your organization?

Contact us: [email protected]