Every day, hackers and other threat actors attempt to steal and leak sensitive data, motivated by any number of factors. Data leaks and data breaches can cause tremendous reputational damage, loss of client confidence, and significant financial losses.
So far in 2023, 466 million records have been compromised by various cyberattacks across the world, according to the company IT Governance. Banks, hotels and hospitals have all fallen victim to the MOVEit mass hacks, which has so far impacted more than 500 organizations, exposing the personal information of more than 34.5 million people, according to latest figures from the cybersecurity company Emsisoft. Meanwhile, the global average cost of a data breach has reached $4.45 million in 2023, a 15% increase over the last three years, as noted in the latest IBM Security data breach report.
Corporations must implement all types of administrative safeguards and security technology to protect their data from breaches — from adoption of security management processes and awareness training to the implementation of identity access management, endpoint detection and response (EDR) and other security tools. Advances in security technology continue to strengthen corporate efforts to prevent data breaches and cyberattacks. However, adversaries are relentless, quickly evolving tactics and techniques to stay ahead of the technology curve. As a result, corporate security teams need every tool at their disposal to prevent data breaches and cyberattacks.
Accessing open-source intelligence (OSINT) information can help companies improve their data breach prevention efforts by amplifying the reach of their current corporate security practices. OSINT lets security professionals monitor the surface, deep, and dark web to extract and analyze relevant data that strengthens corporate intelligence and aids in the development of security policies.
Organizations should not treat cybersecurity as a “catchup” game, where corporations take measures and precautions after a breach has happened. Corporate security teams need real-time insights, and tools that illuminate hidden leads and automatically connect the dots. The main takeaway here: the importance of predicting the threats before they happen and improving a corporation’s relevant security posture ahead of an attack. That said, what can OSINT do for corporate security teams? Here are some primary functions that can help:
- Automated, continuous, search: An OSINT solution can continuously search for relevant risk information on tens of thousands of different sources on the surface, deep, and dark webs. This means the ability to peruse forums, marketplaces, anonymized discussions, and paste sites, to identify threats before they impact business. On dark web forums, threat actors often discuss topics that relate to ransomware, including breaches, cryptocurrencies, and extortion, while remaining anonymous. At the same time, corporate security professionals must extract intelligence without exposing their assets to cyber criminals and adversaries operating in the Internet underground.
- Machine learning and natural language processing: OSINT should use machine learning algorithms to automatically extract targeted intelligence from the vast quantities of data found online. Natural language processing algorithms can analyze content and trace a threat actors' origins, delivering critical information through an easy-to-visualize format. All these capabilities support real-time monitoring of online activities and gathering and analyzing data in digital open resources, as well as the deep and dark webs. For instance, a company can use an AI-powered OSINT platform for advanced text analysis to determine potential threats and risks based on context, sentiment, and nuances using the natural language processing capabilities.
- Easy-to-use, visual interface: OSINT platforms need to offer risk information through an easy-to-use interface that’s leveraged by every person with authorized access in the organization, regardless of how tech-savvy they are. Important information must get highlighted for immediate action. All risks should be sorted by how critical the threat is and alerts should be sent to key people in real-time when there are imminent risks.
- Ongoing threat analysis: Equip OSINT to conduct continuous threat analysis that can detect potential attacks on a company across all layers of the web. If a corporation unfortunately faces a data breach, such continuous threat analysis becomes pivotal for acquiring critical information to aid the response strategy for customers, employees, shareholders, and suppliers. This can assist corporations in comprehending the nature of the threat, its potential impact, and formulating measures to counteract its effects.
- Collaboration and integration: OSINT should have collaboration features as well as permissions settings to make sure authorized people are involved, and those who should not, do not have access to information. Moreover, OSINT must easily integrate with the corporation's existing third-party risk management tools and security solutions for a more holistic in-depth security approach.
Cybercriminals and nation-state adversaries are targeting corporations for ransomware payments, data exfiltration, intellectual property theft, business and service disruption, among other reasons. OSINT capabilities can detect these increasingly targeted and persistent attacks.
For instance, a company can use it to “follow the money” of a ransomware attack. Cyber criminals leave a digital footprint when they buy ransomware attack kits and use the dark web for ransomware payments in cryptocurrencies. OSINT can show a corporate security team who was behind the attack and where the payments went. Moreover, it offers a centralized approach to cybersecurity that can help corporations move beyond siloed security tools, offering organizations with technological capabilities to monitor and analyze big data in real-time and gain a better understanding of the threat landscape.
Udi Levy, co-founder and CEO, Cobwebs Technologies