Open-source intelligence (OSINT) is quickly becoming a vital component of corporate threat intelligence for energy companies.
In today's digital age, it's no longer enough to install locks and cameras: proper protection from potential threats – both internal and external – demands comprehensive collection and analysis of public information like geolocations, social media posts, news reports, and more.
But how exactly can energy firms leverage OSINT tools to strengthen their physical security?
This blog post explores five practical ways to integrate OSINT into safety procedures.
Learn More: “Pipeline Security: Leveraging OSINT to Identify & Validate Threats”
What is Corporate Threat Intelligence?
Threat intelligence is a growing industry in the current threat landscape. It involves proactive, intelligence-led strategies that anticipate and prepare for security threats. As threat actors become more complex and agile, threat intelligence is crucial for organizations across all industries, particularly the energy sector.
Many corporate threat intelligence programs incorporate Open -Source Intelligence (OSINT) — information from media outlets, social networks, and other public sources — as part of threat analyses and best practices. OSINT can provide an understanding of threat actors' activities to enable organizations to make informed decisions on responding to or mitigating potential risks. With threat intelligence, organizations can further protect themselves against attacks by understanding their attack surface, threat actor behaviors and capabilities, and actionable insights detailing how security threats may materialize.
By following these five strategies, organizations can ensure they are well-equipped to protect their assets and operations.
1. Cast a Wide Net to Develop a Comprehensive Risk Profile
OSINT can provide valuable insight into potential risks associated with your business, such as threats posed by disgruntled employees or external actors. By gathering information from various sources, you can develop a comprehensive risk profile and identify areas where additional security measures may be needed.
The reality is that threats are unpredictable and can stem from various places. A disgruntled customer or a careless employee who posts an ID badge on social networks can all be potential threat sources. The term "data diversity" becomes critical. In other words, you cannot respond to a threat if you can't see it. If you absorb as much data as possible, you’re less likely to overlook a serious risk.
Accordingly, looking at a wide array of data sources such as internal feeds, industry experts, media, social media, and paste sites can help to prevent intelligence blind spots.
2. Review and Update Your Sources Regularly
Reviewing a wide array of data sources is only as effective as the credibility of the origins and the awareness of new intelligence sources. For example, much of the January 2021 Capitol attack planning occurred via public posts on Parler. However, because only some analysts knew Parler, the threat went undetected. Unfortunately, incidents like this happen all the time. Therefore, monitoring many data feeds and regularly reviewing and updating sources is essential.
3. Identify Weaknesses in Your Current Security Measures
Recognize that the threat to your business can be both internal and external. By collecting and analyzing intelligence gathered from open sources, you can identify weaknesses in your security measures and take steps to address them before they become a problem.
Internal threats can present in the form of data breaches. Risk Based Security recently reported that in 2020 there were over 3,000 publicly disclosed data leaks. These kinds of leaks can have a significant financial impact on an organization’s financial picture. Building better walls around IT systems is not a complete solution because some attackers will inevitably slip through defenses.
Companies need to monitor internal and external sources for indications of a data leak. Such as highly sought-after areas of their network and assets. To that end, the edge of an internal corporate network where it connects to the broader internet might be a place to start. Additionally, fringe communities often give insight into leaked data. Fringe communities provide a forum for threat actors to sell, share and discuss leaked data.
External weaknesses can include updating outdated equipment or systems to ensure that employee access privileges are limited only to those who need them. Using OSINT techniques can help you detect unauthorized access attempts against your company's physical assets, such as unauthorized entry into restricted areas or cracks at theft or sabotage. This data informs decisions regarding how best to secure these assets.
4. Monitor Activity Nearby Your Premises
By monitoring activity near your premises, you can stay informed about any suspicious activity related to a threat against your facility or personnel. The questionable activity could include people loitering around the area or vehicles parked nearby for extended periods. The use of CCTV cameras can also be helpful in this regard. OSINT monitoring techniques, when used with automated monitoring tools, can also allow security teams to respond faster in crises.
5. Stay Informed About Changes in Global Threats
Finally, staying informed about global threats and changes is essential for avoiding attackers who may target your premises or personnel due to geopolitical events or other factors outside your control. Gathering intelligence via OSINT helps you stay informed about changes in global threats so that you can respond quickly and take steps to protect your organization accordingly.
The Bottom Line
Open-source intelligence (OSINT) provides numerous benefits for organizations looking for ways to improve their physical security measures—especially those within the energy sector who face unique challenges when protecting their premises and personnel from physical attacks. From developing comprehensive risk profiles based on intelligence gathered from open sources, detecting unauthorized access attempts, identifying weaknesses in current security measures, monitoring activity nearby premises, and staying informed about changes in global threats—utilizing OSINT is one way businesses within the energy sector can ensure their safety and protection from threat actors.