One thing about many industries is that there are a ton of acronyms for everything. The tech industry certainly has it’s fair share, as well as those in security. OSINT stands for Open Source Intelligence. You may also hear other terms like passive, or public, reconnaissance. The underlying theme of these terms is that public information is used, in some way, shape, or form, to discover risks/threats to a business.
How businesses benefit
When it comes to businesses, traditionally roughly 80% of the risk/threat comes from inside. In 2020, those numbers were flipped on their head when Verizon reported in their Data Breach Investigations Report that 70% of threats came from external actors.
Some internal threats include employees, contractors, and vendors. With the proliferation of social media, disgruntled employees may turn to these platforms to leak sensitive data. Rogue I.T., such as people bringing in their own routers, may open ports that are discovered externally by search engines. The same is true for misconfigured devices that the business owns. A server not set up correctly may allow search engines to index items that are not intended for public consumption. As a result of these examples, it is very possible that data and technology are accessible externally. By identifying these risks/threats, an organization is better able to control their environment.
Businesses also benefit from our service when looking for the external threats, whether it’s your website that might be vulnerable, or if login credentials were leaked somewhere, or if there is a malicious entity masquerading as your business, or if there is sensitive data that was uploaded somewhere publicly facing. Breached accounts put your company and clients at risk. The COVID-19 pandemic issued in a deluge of publicly available information, from the publishing of video conference calls to the Facebook and LinkedIn scraping incidents of 2021.
From a malicious actor mindset, gathering everything about your organization is the first, and most important step before carrying out an attack against your company. If you are in a particular industry, keeping an eye on emerging threats will allow you to put a plan in place to weather a storm; another benefit of OSINT.
Admittedly, while OSINT is not the be-all-end-all solution that’s going to solve your problems, it is a very important piece of the puzzle that must be part of your strategy for securing your digital assets and protecting the goodwill/reputation of your organization.
Whether you are concerned about:
- Data breaches/hacking attempts.
- Fake social media accounts and websites posing as your organization.
- Misuse of your organizations images, branding, or intellectual property.
- Security holes in your website that would allow someone to deface it or steal data.
- Data leaks such as internal documents being published to social media, online forums, or the darkweb.
We conduct research to uncover these issues and provide reporting to show any risks discovered, what they are, and how to go about fixing the issue.
Contact us now to start a conversation with us. We’re here to help.