September 14, 2022
Open-source intelligence (OSINT) is nothing new – gathering publicly available information has been a key strategy for decades, especially in the intelligence world. As technology has become a non-negotiable part of everyday life, online presence went from nice-to-have to an absolute must, both for people and businesses. Moreover, the deep and dark web evolved and became the everyday mecca of cybercriminals. Next came the Covid-19 crisis, which not only increased internet use but also transformed the way we use it. Thus, today, the importance of OSINT is more profound than ever.
The latest cybersecurity reports suggest corporations are an increasingly popular attack target, right behind financial services providers. Many businesses across the globe have begun to use OSINT solutions to protect against such attacks, yet without the right OSINT strategy and the targeted tools, these companies are still vulnerable.
Businesses of all types – from luxury brands to mom-and-pop small stores – all have online presences that are vulnerable to threat actors. While brick and mortar locations are decreasing, those with physical locations are still vulnerable to physical attacks. This combination creates a complexity of challenges for corporate security teams as threats can be varied, and simultaneous, with significant business impact.
Access to publicly available data on online platforms can give businesses not just a panoramic view into customer satisfaction and sentiment, but also a deep understanding of active threats against their digital and physical assets. Because these platforms use location as a key metric, data from these platforms become even more valuable.
Following the Covid-19 pandemic, apps and internet usage skyrocketed, opening up retail, food and beverage brands and luxury brands to attacks. Users turn to the best-known platforms as well as newer, niche, less regulated ones to report anything from local events to consumer-targeted phishing attacks.
A day doesn’t go by without new reports of massive data breaches, scamming, or cybercrime occurring somewhere, implicating a loved brand. In such an environment, OSINT is even more important than ever.
With data from a variety of sources, OSINT supports the fight against real-world security risks as demonstrated in the scenarios below. The common goal in all scenarios is to expedite access to critical information.
OSINT gets brand-relevant information from social media, including not just the mainstream platforms but also those that are less-regulated and/or are on the deep and dark web. OSINT gathers data from marketplace listings (where stolen items are for sale) or from user posts about their own theft activities, and from online discussion groups and pages where the subject is theft, shoplifting etc. This information helps security teams to adapt their online and in-store security practices in a timely fashion, locate suspects, and support law enforcement in their efforts.
Fraud is conducted by various schemes. For example, one well-known gift card fraud is meant to scam the victims into buying large amounts of gift cards for a “friend”. Automation of the search, collection, and analysis of fraud-related open-source data can lead to digital evidence, ‘unmasking’ these threat actors.
OSINT sifts through relevant discussions, scammer listings and red-flagged websites. This actionable intelligence helps the organization to better understand fraudsters’ strategies and make the necessary adjustments to increase the security of their organization and the privacy of their people.
OSINT combs through social media and the dark web, in addition to paste sites and breached data repositories to find reputational issues, service disruption alerts, and instances of account compromise. The goal is to identify these incidents, inform early, and enable the security team to respond rapidly. It also uses personally identifiable information (PII) from staff or customers to boost its findings. With this information, the security analyst is better equipped to respond early to indications of these various risks and improve security practices.
Global incidents can threaten your business continuity and your people. OSINT goes through various global and local sources, news articles, breaking news alerts, relevant images and videos, and user posts, to identify and analyze events that can affect your operations, travels, events and executives.
With this information, the security member has a better grasp of the crisis – whether natural or manmade – and how its unfolding affects the organization’s online and physical presence. It responds to the situation better and increases security, online, and offline.
With any type of threat – whether digital or physical – it’s simply impossible to manually go through billions of social media posts, marketplace listings, discussions, and relevant news sites to locate the critical security information the organization needs. There are certain search and tracking tools that help reduce noise but it’s like putting a band-aid on a broken leg. The situation is much more complicated when it comes to the deep and dark web, not to mention dangerous.
A good OSINT solution allows businesses of all sizes to access the information they need through a single platform with the right targeted tools. Whether the user is interested in upholding a good brand reputation, avoiding or managing a real-world crisis, preventing cyberattacks, minimizing digital risks, or all of these at once, a good OSINT solution is key.