OSINT benchmark: be aware of your digital footprint
10 June 2020 - The coronacrisis once again underlines the vital importance of Internet connections and the linked IT systems. In the Netherlands, a large number of people are working from home and companies turn to technology to keep them going. Adequate security is therefore an absolute necessity. Are you aware of the digital footprint your company is leaving behind?
Cyber criminals are using sly and sneaky tricks to exploit this crisis for opportunist purposes. There are countless examples of new forms of fraud that exploit feelings of anxiety. For example, cyber criminals managed to send e-mails containing malicious software on behalf of RIVM due to a security breach. CEO fraud was also soaring.
Companies often have low awareness of their digital visibility and the risks involved. In today's digital age, a lot of business information can be found online. When this information ends up in the wrong hands, it may have huge consequences for the continuity of business operations and the security of systems and data.
A digital footprint is the inevitable side effect of everything we do online. We are online everywhere and all the time, but we are often unaware of the fact that these activities leave a unique imprint. Controlling the digital footprint also has social relevance. A cyber security incident not just affects the relevant company directly, but the entire ecosystem of that company. After all, a company is as strong as its weakest link.
Over the past few months, we have conducted cyber security studies for dozens of companies in a variety of industries. During these exploratory studies, for each company, we mapped the information publicly available on the Internet. This information is also referred to as 'open source intelligence' (OSINT).
The studies focused on the quality aspects of safety, reputation and privacy protection. Particularly striking is the vast majority of companies that still have outdated or unknown domains online. In addition, the companies are very vulnerable to e-mail spoofing (a technique in which the sender's e-mail address is forged) and/or phishing (in which the victim's personal details are used to provide a sense of trust). It also turns out that they do not have their privacy protection sufficiently in order.
Even more remarkable is the observation that most companies are not aware of their digital visibility and the (publicly accessible) information that can reveal a lot about the systems used and the status of security. The study shows both manageable blind spots and direct cyber security related problems.
The risks revealed by the studies are diverse and range from hacking and malware attacks to broader continuity and compliance risks. Recognising, evaluating and mitigating these risks lies with the risk bearer, i.e. the company that is affected. This company also has a responsibility to other stakeholders in the digital ecosystem.
We advise you to form a picture of your digital footprint and set up a management process which arranges the responsibility to all the parties involved in a clear manner. Independent periodic testing of the digital footprint should be an integral part of the management process. OSINT is a good and useful tool to that end. With this benchmark, we wish to contribute to a safer digital environment and robust online economy. This starts with having insight into the IT reality.
Want to know more?
If you would like to find out more about the OSINT benchmark, please contact Jan Matto by e-mail or by telephone at +31 (0)88 277 13 99 or Gert-Jan Gerrits e-mail or by telephone at +31 (0)88 277 19 54. They will be happy to help.