Publicly available information on your employees forms valuable intelligence in the reconnaissance phase of the attack chain. Every social media post, the app used, and an email sent could further increase the effectiveness of a targeted attack on your organisation. Having visibility of this network of potentially harmful risk points is time-consuming.
Sapphire’s specialist OSINT team is tasked with analysing the information in the public domain about employees, management teams, suppliers and partners. It uses this data to build a picture of susceptible individuals hierarchies and targeting packages, and improve organisational awareness.
Informed: Get a clear picture of what your human attack surface looks like a threat actor for better visibility of human risk, as well as screening recruits and conducting due diligence.
Insightful: Run simulated attacks on individuals within your organisation to prepare target functions, such as finance, for real-world attacks.
Pragmatic: Foster a culture of security by combining simulated attacks with security awareness training.
Open Source Intelligence, OSINT, refers to the practice of gathering publicly available or published information on a target. It is often used by an attacker when developing the reconnaissance phase of their targeting. OSINT can come from a variety of sources, including:
In a threat context, OSINT is often used by an attacker looking to achieve a number of things:
i. Identify vulnerabilities to be exploited
ii. Understand suppliers for supply chain attacks
iii. Researching staff for social engineering attacks
A dedicated threat actor can collect the following information types on employees and companies:
Finding the relevant information takes a significant amount of time and understanding of sources, especially if analysing a big group of people, such as a finance team at a large organisation. It is also often deemed to be outside of responsibilities by front line security teams, who do not have the necessary skills.