Open Source Intelligence and Risk Management
OSINT or Open source intelligence is the process of gathering information on an individual using sources which are open the public. This information could include; if users have had passwords stolen previously and if they have been made public. Assessing risk of accounts of committee members having accounts or information stolen. This also extends to any staff members within a company, assessing if remote access accounts have been compromised. With the advent of social media and increasing numbers of people sharing their lives online, they willingly give information which could be used against them.
This is where OSINT comes in, this information can be collected and use as a proactive defence of companies and people. With efficient monitoring of public infrastructure attacks such as what happened to Equifax could have been avoided. Poor management of update logs and major error with password security caused one of the largest and most dangerous breeches of all time.
With people becoming more and more open with information, this leaves not only companies such as Facebook and Twitter privy to users’ information but also anyone who would (or wouldn’t) like to access it. This means not only could it be used against the person whose information it is but also the company they work for because an average of 84% of people reuse passwords.
This doesn’t limit companies to protecting their own passwords security which many be very good but does not protect people who also use other companies such as linked in and adobe as we have seen in the past. One hack on these large companies leaves any company weak due to their inter-connected nature. This phenomenon is not limited to accounts and passwords but could cause accidental leaks via social media.
When taken in small amounts this data would seem innocuous to the average user, but with the correct skill set and due diligence the data in the hands of an attacker is a treasure trove of knowledge about any business and their workings. This leaves competitors with knowledge of future plans or malicious actors with a way to breech your company.
This can be mitigated with monitoring of company accounts and emails to prevent the breeches using an early warning system. While also encouraging employees to manage their own security and privacy.