CYBER SECURITY
The more intelligence we have about potential threats and threat actors the better we can defend against them .”
However , as Williams stresses , it is important to consider that while OSINT is a powerful tool for security professionals , it can also be leveraged by cybercriminals to identify and attack vulnerable and misconfigured systems . Therefore , minimising the external footprint of an organisation to only what ’ s required should be a top priority for all CISOs .
“ OSINT is a key practice in any modern cybersecurity strategy , alongside vulnerability testing and patch management ,” he adds . “ All practices that whilst unable to guarantee 100 % security all of the time , given the evolving threat landscape , do help keep businesses up to date with all the threats and tools to protect from them .”
“ OSINT could be misused to collect information about private social media activities of employees and their surroundings ”
AMIR SADDON DIRECTOR OF IR RESEARCH , SYGNIA
The ethical considerations when collecting and using OSINT OSINT is , by its very nature , available to all on the internet . Because of this , Williams explains , it becomes important for organisations to ensure that the collection and use of OSINT data complies with all relevant laws and regulations , including data protection laws such as the EU ’ s GDPR .
“ Whenever possible , obtaining consent from the individuals whose data is being collected can help ensure that the collection process is both legal and ethical ,” he says .
“ Overall , it ’ s important for professionals to keep ethics at the top of mind when conducting OSINT investigations . While there are clear laws around computer misuse , the main feature of OSINT is the ability to gain an edge over an organisation , asset or individual . The key component of OSINT is how this information is used by both attackers and defenders .”
cybermagazine . com 47