Information is everywhere and it is powerful and valuable. No wonder the public data business is booming – worryingly so for advocates of data protection. States and state unions such as the EU are now stepping in and tightening corresponding legislation, as with the GDPR recently, which is currently giving many companies cause for concern. So what does this have to do with open source intelligence? Here you will find out what lies behind OSINT and how it can help your company to protect itself.
In short, the definition of open source intelligence (OSINT) is the “act of finding information”. During that process, publicly available sources are searched for information. The key point here is that the information is not classified, in other words, it is public, legal and free. Online sources such as blog entries, social media profiles or images are primarily used for this but more professional sources such as newspapers or business reports are also combed through. This often results in a huge, relatively complex collection of data artefacts which first needs to be structured and correlated.
Today there are in fact tools and methods that simplify the process of searching through large volumes of data. The decision as to whether or not the information found is even relevant however still needs to be checked by a person.
Terms often bandied around when talking about open source intelligence are the deep web and the dark web (which are not the same thing). With these, information is no longer simply searched for on the “normal” internet, but also in the underlying layers using special tools. The collection of information there is often difficult, however. The sources can usually only be found under a cryptic name, change frequently and are also not always available.
In our cyber attack simulation, the search for information forms the basis for all further steps. The more detailed and high quality the information collection phase turns out to be, the more accurately and efficiently the attack scenarios can be devised. This, in turn, improves the success rate – and you know exactly where your weaknesses lie.
You may now be wondering how you can use open source intelligence personally. In practical terms, the principle is not just limited to cyber security. All of us use OSINT on a daily basis. How many times a day do you Google for answers? There you go, that is – quite simply – OSINT. So you are already perfectly capable of performing your own simple searches to optimise your cyber security. In so doing, simple search queries can help you identify information that cyber criminals could misuse:
Even unremarkable information gives cyber criminals an ideal starting point to launch an attack. So, think carefully about the information you divulge publicly. After all, hackers are clever and will exploit any weakness. Even the tiniest weak point can provide a way in. In the right (or wrong) hands, and with sufficient energy, all information can be misused – and against you at that. So, take advantage of open source intelligence as a useful tool to optimise your cyber security. You will be amazed what sensitive information you find!
The principle and use of open source intelligence sounds simple but, again, experience is key here. You will undoubtedly find lots of critical information on your own but nowadays cyber security is more important than ever. For this reason, it is advisable to use experienced experts who will screen your systems, employees and processes for vulnerabilities using a penetration test. OSINT is also sometimes used here to gather information. This information can then be used for targeted social engineering for example.
Find out more about our cyber attack simulation here. Alternatively, contact us directly for a non-binding quote – we will gladly advise you.