Cyber Threats Put Together Scattered Data like Puzzle Pieces
Some OSINT information found may be in useful in its purest form, like a Social Security name and number on an employee list. However hackers with grander aspirations use information gathered from Facebook or Twitter as a starting point for socially engineering, or to generate large userlists with customized password guesses.
A motivated hacker might look at current job postings, then check the public LinkedIn profile for your organization’s IT-related employees to deduce an overview of your computer network, the software you use, and your current security solutions — all without scanning the network and from just visiting two websites.
Three Ways Organizations Can Manage OSINT
The reality is that as an organization’s digital footprint expands, so too does the opportunity for attackers to examine said footprint; the goal becomes to slow and manage that expansion. Here are some ways to take control:
- Inventory and examine what data you have in the wild, what needs to be out there, mitigate any damage.
- Establish guidelines and policies on what data can be released, where, and by whom. Tasks like establishing social media policies and improving user education about online usage (only post the absolute least you need to) can effectively help slow the spread of data.
- Monitor and track compliance through routine crawling of search engines for documents that identify violations in document handling processes. For example, a Google search for:
*filetype:pdf site:mycompany.com “INTERNAL SENSITIVE” OR “CONFIDENTIAL” OR “NOT FOR PUBLIC RELEASE”*might reveal organizational-specific lingo such as nickname of secret projects or physical locations can also help to identify data leaks.
As even more devices come online, and as mobile computing continues it’s near exponential growth, it is becoming even more important to develop active programs to handle OSINT intelligence analysis as key element of cyber security.