Open Source Intelligence / open source analyses/scanning
Open Source Intelligence, in short, called OSINT, refers to the collection of information from public sources to use it in the context of intelligence.
An OSINT scan produces a report with all information one can find on a subject organization without having to interact with people from the organization or performing attacks against the organization.
The typical goal of an OSINT scan is to shine a light onto the organization to identify weak spots for a technical attack such as unmaintained systems or for a social engineering attack, such as personnel names, functions and internal manuals/procedures that could be exploited to gain personal benefits for the attacker.
An OSINT report not only helps IT management identify weak spots to lower risks, it can also show the evolution of the organisations public security stature when performed on a recurring basis.
Currently legislation is being put in place that will require regular open source analyses (e.g. The digital operational resilience testing act (DORA))
At Forvis Mazars we not only provide the report with the findings, but also provide details about identified issues, their risks, how they can be misused and workarounds and remediation help with each identified issue.
Contact jens.timmerman@forvismazars.be for more information about an OSINT scan for your organization.
WHY an OSINT scan ? Be aware of your Digital Visibility
Our cybersecurity research shows that many organisations are insufficiently aware of their digital visibility on the Internet and the entailed risks. Information visible on the Internet can be misused with serious consequences for the continuity of business operations and the security of systems and data, e.g. attacks such as ransomware, hacking, phishing, DDoS-attacks and spoofing.
The Forvis Mazars OSINT scan involves consulting various public sources and visiting the website/servers at once to create a digital profile which could be used to anonymously prepare a cyber attack. We indicate the Internet-related vulnerabilities of an organization which are based on three quality aspects: security, reputation and privacy.
The OSINT scan is the ideal entry-level assessment for any organisation wanting more control over the more cross-chain cybersecurity. It draws a picture of the IT reality as it presents itself to the world and does not start with internal control or management processes. Starting with the IT reality, it provides directly targeted advice and provides a firm foundation for setting up a management cycle.