The holidays are officially over, so now you can enjoy your summer, free from worries about cybercrime, right? While it is true that the holidays give rise to an increase in online crime, hackers and other online criminals also target businesses during more relaxed times. This is why organisations need to remain proactive with their cyber security efforts by having an offensive security strategy and performing a continual review of open-source intelligence.
So how do offensive security and open-source intelligence work together to keep your business data safe?
Offensive security: Putting yourself in a hacker’s shoes
An offensive security strategy allows cyber security experts to ‘think like a criminal’, identify system vulnerabilities and is a valuable tool to ensure a greater degree of protection for your business from a cyber attack.
Think of it this way, in chess, you need to be several steps ahead of your opponent. The same applies when you deal with hackers and other digital criminals. Instead of testing your security protocols from your business’s perspective, cyber security providers look at vulnerabilities from a cyber criminal’s perspective.
Example of a cyber crime scenario and an offensive security strategy in action
Your business has developed a one-stop marketing platform that covers everything from the initial idea to content through to analysing the results. From your company’s perspective, you would create solid security around your users’ password protocols so only paid users can access it. However, further thought has not been put into protecting the source code from being replicated.
A wannabe competitor who does not want to do the work to create a better solution targets your organisation and manages to replicate your platform’s source code. They then offer a rip-off version for half the price leaving your business without customers and a loss in revenue.
An offensive security team evaluates all the ways a shady operator might want to use your business to make a few easy dollars. Then, they brainstorm – and implement – tight security controls that eliminate the possibility of their finding their way to your digital property.
Next, they test your solution by:
- ensuring that the solution works as it should in normal circumstances, and
- using abnormal circumstances to see if the solution still works, even in unusual situations. Modelled after defence protocols, this tactic allows cyber security services to anticipate bad actors’ moves before they act.
Open-Source Intelligence (OSINT): Using public-facing information to strengthen security
Open-source intelligence refers specifically to information that is available for public consumption. Activities such as a Cyber Surface Scan can be performed to gather, analyse and identify external threats or vulnerabilities to your sensitive data.
You might think that the Australian Secret Intelligence Service mostly uses James Bond-like tools and tricks to unravel international terrorism rings, uncover sinister plots, and otherwise gather intel on global thuggery. Yes, they do have such tools. However, most of the world’s top intelligence agencies depend on open-source intelligence (OSINT) to solve the bulk of their cases.
Piecing the puzzle of publicly available data
Think about a 1,000-piece puzzle. One piece tells you little. But when you can put several of them together, a picture begins to emerge.
Similarly, a trove of publicly available information can help intelligence officers develop a clear picture of an enemy plot. Cyber security professionals, too, use OSINT techniques to track down hackers, discover new insights in criminals’ tactics, and keep their clients’ systems safe.
Whether it’s from social media, public databases, industry journals, photos, geographical data on images, or subscription-only services, there is a wealth of information online that you won’t need anything but a little time and an inquisitive mind to uncover.
When they combine that data with artificial intelligence (AI) and predictive technology, cyber security experts can sift through it quickly, getting a near-complete picture of the suspected hacker.
Cyber criminals can use OSINT against your business
But there’s a catch. Criminal elements also use sophisticated OSINT techniques to uncover passwords, identify vulnerable human targets, and other devious tricks to get the information they need. They haunt forums on the dark web, too, foraging for any information that you reveal about yourself or your business. In addition, they peruse your business’s public financial reports, press releases, and website content for clues about your vulnerability to attack.
For that reason, we recommend that our clients reveal little information about themselves online. Your pets’ names, your mum’s maiden name, and even your answers to those ‘harmless’ Facebook quizzes can help criminals paint a near-complete picture of your life. If you use any of that information as passwords or usernames, you need to change them immediately and vary them for each login.
Intrix Cyber Security combines both offensive security and open-source intelligence to identify any weak spots in your security before your adversary does. In addition, we also provide a 24/7 cyber security monitoring service that stays alert, so you do not need to worry when the weekend or holidays arrive.
Contact us today to organise a Cyber Surface Scan that will identify and discover attack surfaces such as software misconfiguration, operating systems, network devices, and sensitive files on online cloud platforms. Book your scan with our team today, we’re here to give you the ultimate in peace of mind.
