Today's world is a digital world. Accelerated by the Covid-19 pandemic, our collective online presence has intensified at a rate never envisaged before. The New Normal has not only brought big changes to the way we live, but also affected what businesses needed to thrive, e.g. new online customer experiences, updated resource management, revised human resources policies, and better cybersecurity.
While the coronavirus has wreaked havoc on our 'real' lives, something similar happened to our online lives - a record number of cyberattacks on individuals as well as finance, retail, and transportation corporations. Such attacks had implications not just for digital security and privacy, but also for financial and physical security.
While vaccines curbed the spread of the coronavirus, cyber viruses and threats have continued to snowball. They've included data breaches, phishing, organisational email compromise, impersonation, malware, ransomware, DDoS attacks, zero-day exploits (a software vulnerability attackers discover before anyone else and for which no patch or mitigation is available), credential stuffing, and SIM swapping.
Then there are the cyber-enabled fraud and attacks which include money laundering, counterfeiting, credit card fraud, and gift card fraud. Cybercrime can also have an impact on physical security including doxing, harassment, travel and event attendance risks, and even terrorism.
Any of these threats can stem from the outside, from deliberate actions taken by professional hackers to third-party exploitations of vulnerabilities in the supply chain. They can also come from the inside - from a disgruntled or a terminated employee.
State of corporate security 2021
According to a recent report by Forrester Research, based on the results of a survey answered by more than 400 global risk and compliance decision-makers across the U.S., U.K., Australia, and New Zealand, only 29% feel confident in their risk management technologies, and 40% improvise as risk unfolds. Close to 70% say that risk information is siloed across different departments.
The use of OSINT can help improve this bleak picture. It can amplify the reach of corporate security efforts, provide a more comprehensive context to help avoid blind spots, streamline risk information sharing between departments, and deliver early risk indicators for security teams to react faster and more effectively.
What can OSINT do for corporate security?
A good OSINT solution should offer all of the following.
Ability to continuously search for relevant risk information on tens of thousands of different sources on the surface, deep, and dark webs; peruse forums, marketplaces, anonymised discussions, and paste sites, to identify threats before they impact business.
Offer risk information through an easy-to-use interface that can be used by every relevant person in the organisation, regardless of how tech-savvy they are. The information must be presented in an easily digestible format, while the most important findings must be highlighted for immediate action.
Some risks require cross-department collaboration. A good OSINT solution will have collaboration features as well as permissions settings to make sure those who must be involved are involved, and those who shouldn't have access, don't.
A good OSINT solution will easily integrate with the corporation's existing third-party risk management tools and solutions, saving IT headaches.
Finally, a good OSINT solution must sort all risks by an order of criticality and alert the key people in real-time when there's an imminent risk. This gives corporates a chance to react before there's a toll on business.
Cobwebs solutions check all the boxes above and more and give your corporation the peace of mind it deserves.