Leveraging OSINT for Corporate Security
To successfully protect people and assets, corporations must contend with several crime types, including theft of property, money, and data, intellectual property breaches, fraud, and cyber-attacks.
An organization taking action to prevent all of these crimes, protecting their assets, people, intellectual property, and sensitive data, is a difficult task. Large corporations are subject to more significant levels of potential risk due to the size of operations and brand recognition, resulting in an increased need to proactively monitor the internet for threats from both insider employees and external threat actors.
Failure to act can cause significant disruption to operational activity and brand reputation, which can damage relationships with existing customers, potential customers, and employees. All established organizations should proactively monitor the internet for potential risks as a standard to ensure that they can take action to mitigate threats and protect their people and assets.
With threat actors constantly creating new techniques to obtain goods and data, ensuring organizational security is a constant struggle. Increasingly, intelligence-led corporate security teams utilize OSINT to guarantee reliable, relevant, timely, and actionable intelligence from the internet.
Organizations in several sectors already successfully utilize OSINT as part of their corporate security tactics, including:
- Banking, Legal, and Finance Firms
- Banking, Legal, and Finance Firms use OSINT to protect their key executives and buildings, including headquarters and branch locations.
- Retail Organizations
- Retailers use OSINT to protect their supply chains, investigate theft of stock and vehicles, and monitor locations where executives travel.
- Energy, Utility, and Postal Organizations
- Energy, Utility, and Postal Organizations use OSINT to protect operational centers, distribution networks, vehicles, and key executives.
- Musicians and Sports Teams
- Security teams working on behalf of event locations, musicians, and sports teams use OSINT to protect event sites in the lead-up to and during events.
Many organizations use OSINT to guarantee the safety of individuals, particularly C-suite executives exposed to elevated risk due to their employment, status, or net worth. Many executive protection teams scan social media and news sites for mentions of names of executives to monitor the internet for direct threats and misinformation.
Executives are at increased risk when traveling or appearing in public at scheduled events. Security teams should monitor online chatter before and during events in the relevant locations for mentions of the brand and executives' names alongside threatening language like "stab", "shoot", or "riot" to identify any direct threats and safeguard VIPs. Ensuring situational awareness for events and travel ensures executives can alternate travel plans or modify event locations to avoid dangerous areas. Establishing situational awareness enables security personnel to be alert to real-time risks, guaranteeing a quick response to potential incidents.
Security teams should also monitor social media and news sites for misinformation, including falsely created social media accounts using the executives' names, or false rumors being spread online about an executive or the brand. Misinformation can quickly damage the reputation of a person or business, so identifying and limiting damage is a priority for corporate security teams.
Asset and Supply Chain Protection
Corporate security teams also use OSINT to monitor the locations of headquarters, brand locations, and operational routes. Vehicles and site locations containing high-value goods are targets for burglars and robbers who may be keen to cash in on the street value of the items. Thieves do not just target conventional goods, like cash, artworks, and electronics, but have also been recorded as targeting unconventional items that maintain value, like stamps and maple syrup. Supply chain disruptions and thefts that lead to missed deliveries and empty shelves can cause a significant loss in profits and trust and leave customers in need. Monitoring branch locations and the movement of vehicles that contain such goods enables security teams to track threats and act quickly to real-time threats to the supply chain.
Outside of the threat of theft, corporate security teams may also need to protect organizational locations from local threats, such as terror attacks, armed conflict, power loss, riots, and extreme weather. International companies are often bound to conflict zones and areas with high terror threat levels, either because they are resource-rich or because people living in these areas still require goods and services.
Monitoring terror groups, armed conflict, weather patterns, infectious diseases, and reported power outages, is essential to guarantee the safety of the staff working in those locations. Failure to detect these threats could result in a slow reaction time that results in significant damages, operational disruption, or loss of life that could have been minimized or prevented. Leveraging OSINT, global security teams can instantly respond to threats, closing or protecting operational sites as required.
Corporate security teams routinely use equipment and technology to support security personnel in securing an event, and these measures are increasingly relying on OSINT. Leveraging OSINT enables event organizers to improve planning and resource allocation by exploiting publicly available information from the internet to detect risks and minimize disruption.
Leveraging OSINT, event security teams can anticipate threats, identifying online chatter about planned riots, streaking, trespassers, violence, or severe weather. Having identified risks, security teams can also monitor the event as it progresses, ensuring that security personnel on the ground can act accordingly to any risks. When incidents occur, quick detection through social media discussion can ensure personnel can react quickly and locate the incident to prevent it from escalating.
Organized retail crimes, including theft, burglary, and robbery, pose potential significant financial loss to retail organizations. The theft of goods can manifest through both insider and outsider threats. Employees can steal goods themselves, or assist third parties in stealing them. With many stolen goods sold online, global security teams can identify thieves and recover stolen goods by investigating transactions on digital marketplaces. Using automation tools, security teams can set alerts for frequently targeted merchandise to correlate with reported theft.
Similarly, by monitoring real-time crime data for commercial burglaries and robberies and tracking social media posts discussing shoplifting and burglaries, corporate security teams can predict and prepare for local criminals targetting retail stores. Retailers can adopt operational activity to prepare locations for emerging threats and risks and locate identified threat actors before they act again.
Intellectual Property Protection
Employing OSINT, corporate security teams can identify intellectual property breaches, such as instances of misuse of the organization’s brand name and logo, counterfeit merchandise, and manufacturing and streaming equipment.
Physical threats to intellectual property pose significant risks to the reputation of a company, with the actions of traders and poor quality of goods being attributed to the victim organization. Using OSINT, corporate security teams can scan for any discussion or images relating to the brand and negative comments or comments alleging counterfeits to detect fraudulent goods.
Digital threats to intellectual property through illegal streaming also pose a substantial threat to media and sports companies through loss of potential income. Many criminals operating illegal streaming channels at a discounted price are collecting funds, with an estimated global revenue loss to online piracy of up to $51.0 billion. Corporate security teams can scan social media and forums for keywords related to their content and words like “download” and “streaming’’ to detect illegal downloading of intellectual property.
Data leaks present a significant risk to an organization, often costing millions of dollars. Corporate security teams can identify and investigate cyber threats to prevent the loss of personal information, confidential data, and bad publicity. Corporate security teams should routinely monitor the internet for potential threats including employee doxxing, executive movement tracking, posts of ID badges that could be replicated, and sensitive information, such as floorplans, confidential reports, and corporate chat logs. Monitoring risks like these can enable security teams to act quickly against cyber threats and threat actors.
Corporate security teams can leverage OSINT to better protect their people and assets. Using automation software to continuously search for information relevant to business security across millions of different sources on the internet, security professionals can ensure that they are informed of real-time imminent risks.
An upfront investment for a tool that collects and processes intelligence enables corporate security teams to easily manage and digest risks in an easy-to-use platform and share automated reports with stakeholders within the business.
Skopenow is a real-time situational awareness and investigative platform trusted by corporate security teams to deliver instant threat intelligence, maintain business continuity, protect people and assets, and reduce the financial impact of security risks. Employing image recognition and behavioral analytics on billions of data points, Skopenow detects and alerts actionable behaviors and risks like violent behavior, substance dependencies, and threatening language. Sign up for a 7-day free trial of Skopenow at: https://www.skopenow.com/try.