OSINT benchmark: be aware of your digital footprint

10 June 2020 - The coronacrisis once again underlines the vital importance of Internet connections and the linked IT systems. In the Netherlands, a large number of people are working from home and companies turn to technology to keep them going. Adequate security is therefore an absolute necessity. Are you aware of the digital footprint your company is leaving behind?

Cyber crime

Cyber criminals are using sly and sneaky tricks to exploit this crisis for opportunist purposes. There are countless examples of new forms of fraud that exploit feelings of anxiety. For example, cyber criminals managed to send e-mails containing malicious software on behalf of RIVM due to a security breach. CEO fraud was also soaring.

Digital footprint

Companies often have low awareness of their digital visibility and the risks involved. In today's digital age, a lot of business information can be found online. When this information ends up in the wrong hands, it may have huge consequences for the continuity of business operations and the security of systems and data.

A digital footprint is the inevitable side effect of everything we do online. We are online everywhere and all the time, but we are often unaware of the fact that these activities leave a unique imprint. Controlling the digital footprint also has social relevance. A cyber security incident not just affects the relevant company directly, but the entire ecosystem of that company. After all, a company is as strong as its weakest link.

OSINT

Over the past few months, we have conducted cyber security studies for dozens of companies in a variety of industries. During these exploratory studies, for each company, we mapped the information publicly available on the Internet. This information is also referred to as 'open source intelligence' (OSINT).

Vulnerable

The studies focused on the quality aspects of safety, reputation and privacy protection. Particularly striking is the vast majority of companies that still have outdated or unknown domains online. In addition, the companies are very vulnerable to e-mail spoofing (a technique in which the sender's e-mail address is forged) and/or phishing (in which the victim's personal details are used to provide a sense of trust). It also turns out that they do not have their privacy protection sufficiently in order.

Even more remarkable is the observation that most companies are not aware of their digital visibility and the (publicly accessible) information that can reveal a lot about the systems used and the status of security. The study shows both manageable blind spots and direct cyber security related problems.

Digital ecosystem

The risks revealed by the studies are diverse and range from hacking and malware attacks to broader continuity and compliance risks. Recognising, evaluating and mitigating these risks lies with the risk bearer, i.e. the company that is affected. This company also has a responsibility to other stakeholders in the digital ecosystem.

Benchmark

We advise you to form a picture of your digital footprint and set up a management process which arranges the responsibility to all the parties involved in a clear manner. Independent periodic testing of the digital footprint should be an integral part of the management process. OSINT is a good and useful tool to that end. With this benchmark, we wish to contribute to a safer digital environment and robust online economy. This starts with having insight into the IT reality.

Document

Mazars OSINT Benchmark 2020.pdf

Want to know more?