ESET shows how the OSINT (Open Source Intelligence) model can be used to reduce the risk of cyber attacks if IT managers use the methodology for their company.
Open Source Intelligence (OSINT) is a concept that is becoming increasingly important as an element of the IT security strategy in companies. Freely available sources such as media, TV or the Internet are used to collect information.
Secret services rely on OSINT
Secret services have been using this method successfully for decades. Hackers also use this method to prepare attacks on systems. Companies can also use OSINT themselves to localize sensitive and freely available information and to avoid misuse. As part of cyber risk management, OSINT is developing into an important part of a comprehensive security strategy. On WeliveSecurity, the ESET security experts explain how IT managers can use the methodology for their company.
“Data is the gold of the 21st century - this is especially true for IT security. Those who find out more about their counterparties and at the same time reveal as little as possible about themselves have an advantage, ”says Thomas Uhlemann, Security Specialist at ESET. "Social engineering and phishing would never be successful if companies and employees were more cautious in communicating to the outside world."
What is OSINT?
The term Open Source Intelligence (OSINT) originated outside of the IT security industry. He referred to the military and intelligence efforts to collect strategically important but publicly available information. The Internet, social media and digital services represent a huge data source for OSINT actors. For example, cyber criminals use this resource to gain information about every part of a company's IT infrastructure and its employees.
How can companies benefit from this?
For IT managers, the primary goal is to find all of this information that could pose a risk to the company. This minimizes the attack surface for attacks by hackers. One of the most obvious ways to do this is by performing regular penetration tests and red team exercises that use OSINT to find vulnerabilities. Useful information could be open ports or social media, for example. In career portals in particular, you can find out a lot about employees that can help attackers.
More at ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.