5 Reasons Why Every Organization Needs an OSINT Team
Date: 2 Jun 2019 Category : 5 Reasons Why Every Organization Needs an OSINT Team | Author: Graham Penrose
The number of adversaries faced by organizations is rising exponsentially, and with that rise comes an increasingly sophisticated threat level. Countless new technologies create new areas of vulnerability for both cyber and information-based businesses. Open source intelligence (OSINT), is increasingly important for organizations for a number of reasons. In this article we outline the top 5 reasons today’s organizations need to embrace OSINT techniques. In summary, the top 5 reasons are (detail below):
- To Protect Executives In Specific Locations – At Home Or Abroad
- For Real Time Incident Response – Violence, Theft, Crisis
- To Detect Data Breaches Early On
- To Protect Brand Reputation And Preserve Trust
- To Gather And Understand Public Sentiment, React, And Respond
First, A Word About Real World Threats
“Every day a new security threat is unleashed on unassuming victims, whose financial security, reputations, and brands can be destroyed with a few key strokes on the dark web,” said Cynthia Hetherington, founder and president of Hetherington Group, a leader in investigative due diligence, corporate intelligence, and cyber investigations. “An OSINT investigator not only needs a keen eye but also a well-trained eye, which comes from staying on top of the latest breaches, platforms, and cyber threats. At Hg, we cut through volumes of open source data using OSINT tools and techniques to keep our work precision-driven.”
One company, we’ll call them “Company A”, learned a valuable lesson when an OSINT savvy criminal used social media to physically breach their offices.
The individual did a quick search on the company’s social media feed and discovered a video which showed the inside of their offices and revealed seemingly harmless pieces of information such as the type of vending machines they had.
This information was enough for the criminal to pretend he was there to fix the vending machines. The fact that he knew every detail about the machines was enough for the company to trust that he was who he said he was. Once inside, the criminal found notes on desks containing passwords and other information. Luckily for “Company A”, this particular breach was actually a penetration tester who was able to aid the company in improving their security and prevent a future breach by an actual criminal. This is an example of how criminals use OSINT, and why companies need to use it too.
Another example was in 2018, when researchers found an open Fedex server containing over 119,000 documents which included driver’s licences, passports, and more.
While these particular researchers reported the server, they may or may not have been the first to find it. If a bad actor had discovered it previously, they could be using it maliciously without the company’s knowledge. With a well-trained OSINT team, this could have been found much sooner and secured before anyone got their hands on it.
To Protect Executives In Specific Locations – At Home Or Abroad
For the highly variable task of executive protection, rapid access to OSINT tools can advise your team on factors like:
- Is there a fire or other event happening in the city where I’m sending my executive?
- Have airports, roadways, or other means of egress really been closed?
- Is there a shareholders meeting with high risk individuals who need protection?
- Is my VIP’s data leaked on the dark web?
For Real Time Incident Response – Violence, Theft, Crisis
Any time there is a large number of people gathering in a particular place, there are risks to consider. Events as benign as sports games and festivals can quickly become heated and dangerous. These are often places where we are most vulnerable, as we are accessible to predators. Teams responding to incidents need access to real time information about the situation so they can keep people safe.
Properly trained OSINT teams understand how to take the information at hand to both prevent incidents, as well as to aid in the response after the incident.
Incidents can range from reputation management issues during new product releases, to physical incidents like burglaries and break-ins, in-store violence surrounding Black Friday or other events, to more serious issues such as natural disasters, active shooters, or other soft-target violence.
To Detect Data Breaches Early On
In 2019, Information security is more important than ever. OSINT analysts are experts at navigating buried data from search engines and web pages, and uncovering online intelligence quickly. These experts are deft at handling the tools and techniques required to conduct OSINT investigations and catch leaks. Businesses are at a constant risk of confidential information being leaked, such as customer personal information, intellectual property, and more.
To Protect Brand Reputation And Preserve Trust
Nothing damages a company more than losing brand trust. Preserving the integrity of your brand is a multifaceted job, and a team employing OSINT resources can certainly help. Getting ahead of data leaks, as outlined above, is paramount for protecting customer information and ensuring they have every reason to trust you and your company. Gathering and analyzing open source data like public social media can also be crucial to help you monitor mentions of your brand name in particular locations in order to stay ahead of online slander.
To Gather And Understand Public Sentiment, React, And Respond
Whether your organization is looking to understand the public perception in a particular region for business expansion, or there has been a public-facing incident that requires crisis communication, data collected through OSINT research can be an invaluable asset for making better informed decisions. Social media and dark web are key places to go for open source information gathering regarding public opinion.