For decades, open source intelligence, or OSINT, remained in the purview of the defense and intelligence community. Few people thought much about using OSINT for corporate security.
Things have changed.
Thanks to the rapid growth of public data, OSINT has now established itself as an indispensable tool for business risk management.
Savvy leaders, in fact, have even gone so far as to invest in entire OSINT teams dedicated to keeping an eye out for potential threats.
And those investments have paid off. For instance…
In other words, leaders have realized that a small investment in open source intelligence upfront is far cheaper than responding to an unexpected event down the road.
Still, most companies fail to exploit OSINT to its full potential. And many security leaders don’t consider a potential use case until after an incident occurs.
All of which begs the question, “How can organizations fully exploit open source intelligence for corporate security?”
Let’s take a look at some examples.
Learn More: 5 Cognitive Biases That Could Affect Your OSINT Investigations
1. Executive Protection | 5. Data Leak Detection |
2. Crisis Response | 6. Supply Chain Protection |
3. IP Protection | 7. Event Security |
4. Loss Prevention |
OSINT has become an essential tool for organizations to safeguard VIPs, such as executives or other high-profile employees.
For instance, security details can scan open sources to spot travel risks and emerging events.
Such situational awareness enables protectors to avoid dangerous areas, set up alternative travel plans, or respond quickly to incidents.
Additionally, high-profile individuals are often subject to violent threats online.
OSINT tools allow details to monitor for threatening posts with phrases like ‘shoot,’ ‘harm,’ or ‘kill,’ alongside the protectee’s name.
If they spot a suspicious post, teams can exploit open source intelligence to gauge the credibility of a threat.
And in the event such posts spark serious concern, protectors can put out a BOLO alert for a person of interest.
OSINT's value, however, goes beyond travel safety or violent threats.
Take false rumors spreading online, for instance.
Misinformation could damage a VIP’s reputation, their ability to conduct business, or the value of the organization they represent.
And if left unchecked, misinformation could represent a serious danger to your principal.
Imagine false reports suggesting your company has planned a hostile takeover of a rival firm. Such rumors could incite anger, putting executives at higher risk of an attack.
Keeping tabs on any rumors or false reports allow corporate security teams to respond quickly.
This makes it much easier for organizations to plan an appropriate response. And by extension, this limits the damage misinformation can inflict on the protectee.
Alternatively, open source intelligence can help avoid overreactions to perceived threats.
Take the aftermath of Hurricane Maria in 2017, for example. After reading alarming news reports, Microsoft managers reconsidered their travel plans to Puerto Rico.
The software giant's intelligence team, however, prepared an assessment of the situation for C-suite executives.
They concluded media outlets had painted a misleading picture of the security situation in the terrority.
Moreover, the team believed Microsoft executives would face few serious risks to their well-being in the specific areas they needed to travel.
This gave management enough confidence to operate safely in the area.
Corporate security teams have to contend with three types of hazards:
Such hazards can strike at any time. But corporate security teams face two more challenges in crisis response.
Firstly, a slow reaction time could cost an organization millions in damages or business disruption. A delayed response might also endanger the lives of customers and employees.
Furthermore, many organizations have people and assets scattered around the world.
Even the most well-staffed security teams can struggle to keep tabs on events happening in every place where their company operates.
Thankfully, OSINT solutions can go a long way towards addressing these challenges.
For starters, it’s not uncommon for events to be reported first on social media.
Through continuous monitoring of these channels, corporate security teams can be alerted to a potential crisis hours before reports get picked up by traditional news outlets.
Moreover, reports gathered through open sources often contain firsthand information, such as photos, audio, and comments.
That enables analysts to understand the nature of an incident and respond effectively during a crisis.
Early reports of an active shooter situation at the headquarters of Netflix, discovered by Navigator.
Disaster relief efforts in Haiti demonstrated the power of OSINT in crisis response.
Following the 2010 earthquake, responders applied geotagged social media posts to identify the hardest-hit neighborhoods.
Rescuers even used this data to pinpoint the locations of people still alive under the rubble of buildings.
And over the following months, such data represented an important tool for NGOs directing recovery efforts.
The OpenStreetMap Project, in particular, represented one of the big success stories from this operation.
Haiti has long ranked as one of the poorest countries in the western hemisphere. As a result, data providers had produced no high-quality maps of the capital city Port-au-Prince.
So when the earthquake struck, crisis responders didn’t have the tools they needed to support victims.
But within hours following the disaster, volunteers created a geo-spatial wiki from tweets and other social media messages.
Within two weeks, the online community created a digital map of the entire country. The information included everything from streets and buildings to parks and hospitals.
All of which proved essential for crisis responders to coordinate operations and distribute aid.
Since 2015, 20.0 million Americans have canceled their cable subscriptions. And as more households cut the cord, many have exploited illegal torrents for free content.
Check out these statistics:
A recent study by Synamedia found just over half of sports fans watch illegal streaming services at least once a month.
Furthermore, 29% of fans pay the criminals who operate these channels to access content.
Movie and television studios have the same problem. Online piracy costs the industry as much as $51.0 billion in lost revenue annually, according to estimates by Statista.
Yet despite efforts to crack down on illegal streaming, this figure has only grown year after year.
And as you might have guessed, every dollar that goes to criminals comes straight out of the pockets of leagues and studios.
The sheer size of the internet complicates the problem further.
Pirates can quickly set up new services in obscure corners of the web. That makes it tough to spot and take down illegal content.
Increasingly, however, content producers have started to rely on OSINT tools to combat online piracy.
Security teams often accomplish this by setting up keyword search queries. For example, you might scan for terms like ‘free,’ ‘download,’ and ‘streaming,’’ alongside the name of your brand or intellectual property.
After that, these queries will automatically scan for links to illegal streaming services on popular sites like Twitch, Reddit, or YouTube.
Advanced OSINT software can also reveal criminal networks on more obscure corners of the internet, like paste sites or the dark web.
But those responsible for protecting intellectual property can exploit OSINT for far more than just taking down illegal streaming services.
Counterfeiting, for instance, runs rampant on alternative social networks like Telegram. A simple search will reveal an endless number of channels pawning knockoff products from electronics and designer handbags to high-end watches.
An estimated 17% of ebooks are consumed illegally, according to the UK’s Intellectual Property Office. The International Publishers Association estimates online piracy costs authors and publishers billions of dollars each year.
Additionally, malicious insiders often exploit dark web marketplaces to sell closely-held company secrets, such as patents, research plans, or product roadmaps.
Once again, ongoing intelligence gathered from open sources can go a long way towards safeguarding IP.
If you work in loss prevention, then you are no doubt aware of the growing problem that is organized retail crime.
In the United States, for example, the number of shoplifting incidents nationwide recently hit a 25-year high. And industry experts estimate the average American family will pay an extra $500.00 per year in higher prices to offset the cost of criminal activity.
To combat this trend, more asset protection departments have started to exploit OSINT.
Criminal groups often exploit social media to coordinate robberies or share tips and tactics with their fellow thieves.
Reviewing such discussions can tip off organizations of an organized “flash mob” raid at a nearby store. Or loss prevention teams could learn about a new tactic to evade theft prevention devices.
Take the form Raddle.me, for instance.
The community promotes itself as a group of “outsiders, malcontents and wayward dreamers” while promoting an anarchist, anti-capitalist worldview.
The site resembles a simple version of Reddit. Each form contains ongoing discussions around various topics, such as “Decolonisation,” “AntiWork,” and “EatTheRich.”
Politics aside, keeping tabs on the site can pay off for loss prevention efforts.
For instance, you can find detailed how-to guides for shoplifting at many retail brands on the form /f/Illegalism.
Users also share methods to override anti-theft devices and conceal stolen goods as well as the easiest stores to target.
This type of information amounts to a free security consultation by the very same people stealing from your business.
A screenshot of a popular shoplifting guide, discovered by Navigator.
OSINT can also support the recovery efforts.
The days of offloading stolen goods at the local flea market have mostly come to an end. Today, fences prefer to exploit the anonymity and scale of the internet to move merchandise.
Most asset protection teams now actively monitor online marketplaces for stolen goods. But sophisticated OSINT tools can automate this process, alerting investigators as soon a relevant listing pops up.
Furthermore, software vendors can track obscure online communities where criminals gather, such as paste sites, dark web marketplaces, and alt-tech social networks.
All of this information can help retailers adapt in-store security practices, locate suspects during an investigation, and elicit the support of law enforcement.
Data leaks now represent expensive incidents for businesses.
The average cost of a data breach for organizations now tops almost $3.9 million, according to a 2021 survey by IBM.
That number increases to $8.2 million on average per incident for companies based in the United States.
In the study, IBM included the explicit costs of handling a breach: detection, investigation, notifying customers, paying fines, patching software, etc.
But the authors also went further and considered some of the less obvious expenses, such as customer churn and reputational damage, that follows from bad publicity.
If prospects don’t trust your company’s IT security, they may take their business elsewhere.
Data breaches present other types of security risks, too. For example:
OSINT tools allow organizations to spot data breaches on social media or in fringe online communities, such as chan boards, paste sites, and dark web marketplaces, where threat actors sell and share leaked data.
On-going monitoring of these sites allows corporate security teams to respond to such incidents quickly.
And by extension, this intelligence can mitigate the risks to employees and the organization.
You only need to see the empty aisles at retailers in recent months to appreciate the impact of the global supply chain crisis.
The process that delivers a product to store shelves is a tightly interconnected network. If one link in that chain fails — from sourcing and manufacturing to transportation — the whole system breaks down.
And that breakdown can have huge repercussions.
If shelves sit empty, shoppers can’t buy your product. Any supply chain disruptions can result in millions of dollars of lost sales for retailers.
For logistics and transport companies, supply chain havoc can result in missed deadlines for product deliveries.
Short-term, that may result in financial losses. Long-term, such issues could impair the reputation of the entire company.
For supply chain managers, the solution is to have all available information on emerging and current threats.
Sure, new technologies like blockchain and IoT sensors play a role in this process. But OSINT provides extra context that can allow decision-makers to respond more effectively in a crisis.
For example, supply chain managers could exploit OSINT techniques to answer the following questions:
The stakes are high when it comes to sourcing parts and inventory.
But OSINT tools allow organizations to maintain situational awareness over their entire supply chain.
And by extension, this can allow operators to respond quickly and effectively to emerging events.
The fundamentals of running a safe event haven’t changed much in decades. But increasingly, savvy venues have started to employ open source intelligence to protect attendees.
In the context of event security, OSINT has several applications. For example:
Sports teams, in particular, have embraced OSINT for venue security.
For example, the NCAA continuously monitors social media ahead of events like the Final Four. Analysts watch for attendees that have posted photos of ticket stubs or press credentials.
After spotting such images, the NCAA’s social media team can ask these individuals to delete their posts. Most fans will comply.
Of course, OSINT won’t replace traditional practices of event security.
Still, a single analyst gathering open source intelligence can represent an enormous force multiplier for a short-staffed detail.
Organizations have finally started to appreciate the value of OSINT for corporate security.
Businesses understand it’s far better to make a small investment upfront gathering intelligence than being caught flat-footed and responding to an incident after the fact.
Still, most security teams have not exploited all the value they can from open source intelligence.
The solution to this problem comes down to awareness.
In many cases, teams don’t need to invest in expensive training. It can be helpful to simply take the time to understand how other their peers exploit these OSINT techniques for new applications in their own organization.