Corporate Security Ben Luxon Corporate Security Ben Luxon

The Threat of Doxing to Organizational Security

Organizational doxing is on the rise and can be immensely damaging, exposing company secrets and customer data, or more directly exposing executives to new levels of threats.

What is Doxing?

The term itself originates from the phrase “dropping docs” and was later shortened to “docs” and then “dox”. As the original term suggests, doxing is when someone collects and then shares information about another person or organization.

There are numerous reasons someone might dox someone else or be the victim of doxing. It could be for revenge or a personal grudge, a disgruntled ex-employee might target their previous employer, for example. In 2014, Sony was the victim of a doxing attack backed by, experts believe, the North Korean government after they released a film which made fun of their leader. Other motivations include harassment and cyber-bullying, vigilante justice (for example, exposing neo-Nazi’s), and doxing for financial gain. 

Organizational doxing is on the rise and can be immensely damaging, exposing company secrets and customer data, or more directly exposing executives to new levels of threats.

Doxing Strategies and Goals

Traditionally doxing started with an online argument escalating to one person digging out information on their adversary and sharing it online. More recently though, doxing has become more of a cultural tool with hackers taking down people or groups with opposing ideologies. When it comes to organizations, threat actors have been known to both target an organizations reputation and to use information gained through a doxing attack to leverage financial reward.

For example, in one scenario an employee at a bank was blackmailed after a doxing attack into using his position in the bank to steal over $100,000 from customers for his blackmailers. 

The fallout is generally reputational with the victim suffering from online abuse such as death threats to them and their family in lieu of the new information shared. However, on occasion, the fallout can be significantly worse. There have been examples of mobs dishing out physical vigilante justice after a person's information, such as an address, was shared online.

doxing.jpg

There are numerous ways you can be identified online. By following ‘breadcrumbs’ of information a dedicated doxxer can assemble an accurate picture of a person - even if they were using an alias. The kind of details they might look for include, full name, current address, email address, phone number etc. Additionally, some doxxers might buy information from data brokers.

IP/ ISP Dox

There are various methods that can be used to locate your IP address, which is linked to your location. With just your IP address a doxxer could then use social engineering tactics against your Internet Service Provider (ISP) to discover the information they have on file such as:

  • Your full name

  • Email address

  • Phone number

  • ISP account number

  • Date of birth

  • Exact physical address

  • Social security number

This requires the doxxer to go through a dedicated process, which may not even work, however, it’s just one strategy they can employ, and even if they are unable to gather further information through a gullible ISP worker they still have the first parts of the puzzle - your IP address and a rough location.

Doxing with Social Media

If your social media accounts are public then anyone can view them. Often things a threat actor can find out include your location, place of work, your friends, your photos, some of your likes and dislikes, places you’ve been, names of family members, names of pets, names of schools you attended, and more.

With this kind of information, they can then find out even more about you, or even discover the answer to your security questions helping them break into other accounts such as your online banking.

As such it’s recommended to keep your social media profiles private, and if you use multiple online forums to use a different name and password for each to help prevent doxxers from compiling information from across multiple online forums and social media sites. 

Data Gathered through Brokers

Data brokers on the internet collect information from publicly available sources and then sell the data for profit. Generally speaking, they sell this data to advertisers - if you’ve ever found yourself randomly receiving emails from companies you’ve never heard of before, this is why. However, for a doxxer it could be an easy way to start building a detailed profile of their target.

How Might Doxing be Used Against Your Organization?

For organizations to be successful with their media strategies they necessarily need to share relevant information and regularly engage with their customers through social media channels. This provides a substantial opportunity for doxxers.

By combining publicly-available data with basic attack techniques, such as phishing campaigns or credential stuffing, malicious actors can uncover large quantities of supposedly secure data. For consumers, exposed information could lead to identity theft or public shame. Meanwhile, companies face the prospect of large-scale reputation damage or lost revenue if proprietary project briefs or intellectual properties are leaked to the public.

Additionally, doxing can be used as an incentive to expedite the resolution of ransomware attacks. This is where the cyber attacker threatens to release documents or information to the public should their target not pay the ransomware fee promptly. This adds to already serious financial implications.

dark web binary.jpg

How Can you Prevent Doxing?

Unfortunately, it's nearly impossible to completely remove personally-identifying information from the internet, especially parts which are part of public records. Still, there are some tips to reduce your attack surface.

Keep your profiles private 

People and organizations do have a lot of say as to what gets published on the internet. Make sure to practice general data privacy best practices.

  • Avoid posting identifying information

  • Keep all social media settings at the most private level, and don't accept friend requests from people you don't know

  • Change the settings on Office and your phone's photo app so personal info isn't embedded in those files

  • Use a "burner" email address for signing up for accounts when possible.

  • Set the ‘whois’ records on any domains you own to private

  • Ask Google to remove personally available information about you, and request the same from data broker sites

Implement Safe Browsing Measures

These steps are good internet hygiene in any case, but can also prevent a breach that can lead to your info being exposed to a potential doxxer:

  • Use a VPN, especially when using insecure public Wi-Fi networks

  • Switch to a secure email system with built-in encryption

  • Vary your usernames and passwords

Self-Doxing

Humans remain the weakest link in the security chain. In most cases, malice isn’t the problem or the intent when someone lets a threat actor in. Instead, employees overshare personal data on corporate platforms by accident or use insecure third-party applications. In both cases, however, following the breach and identifying the potential compromises is difficult when IT teams start from the side of defenders. 

By flipping the script and looking at your organization from the view of potential doxxer it becomes easier for IT and security teams to spot key areas of weakness. They can then develop strategies and staff training programs to protect against them.

Final Words

Doxing represents a growing threat to organizations and individuals. However, by self-doxing with security intelligence gathering strategies, security teams can create accurate attack surface maps. With this intelligence, they can then enhance threat modelling and deliver actionable insights to staff to reduce overall risks.

Using OSINT software like Signal you can learn about potential threats as or before they occur, learn about potential exploits targeting your organization, and self-dox to help identify weaknesses and shore-up defences.

Read More
Corporate Security Ben Luxon Corporate Security Ben Luxon

How Monitoring Current Events Like the 2020 US Election Can Increase Organizational Security

Tensions around the US election are high for both ends of the political spectrum. There has been an increase in polarization and militarization and many Signal customers have expressed concern.

There are numerous threats that could evolve to seriously impact an organization, from natural disasters, to acts of terror, to targeted attacks on executives. Currently though, tensions around the US election are high on both ends of the political spectrum. There has been an increase in polarization of political views and even militarization of the public in recent months, and many Signal customers have expressed concern.

For many American’s this is seen as the most important election of their lives so far. Fears of voter fraud and voter suppression are rife, which is reflected by an unprecedented number of early votes being cast with more than 90 million votes already cast a week before the election, more than two-thirds of all the votes cast in 2016.

This, paired with a deadly pandemic and a summer of protests, many of which became violent, and one can see the potential for civil unrest around a contentious presidency. To mitigate this risk organizations need relevant intelligence as events unfold to ensure they take the necessary precautions to protect their employees and assets.

As such, we have created advanced tools to enable Organizations to be alerted as early as possible to issues and current events, such as the Election, where the possible fallout could have an impact on their employees and assets.

Monitoring Election Threats in Real-Time Using Signal OSINT

Using Signal security teams can learn of events as they are happening or even before they happen, allowing effective response plans to be enacted, effectively neutralising potential threats. 

To do this users can create custom searches using Boolean Logic to filter intel from key web sources such as social media, the open web, and the dark web. Intel from these sources often acts as an early indicator alerting Signal customer to potential issues in real-time. The data can also be reviewed by our emotional analysis solution for increased data analysis efficiency.

Signal has real-time SMS and email alerting for high-risk threats so that companies can maximise available response time. Once alerted to potential risks the security team can form a final judgement on the threat level and decide whether action needs to be taken.

Final Words on Threat Monitoring with Signal

Threat monitoring isn’t just for events such as a contentious election. COVID-19, earthquakes, storms and other extreme weather events, and even threats of violence against specific executives, can all affect an organization. Signal OSINT software enables security teams to scan a vast number of surface, deep, and dark web channels and sources to gain real-time data on a broad array of emerging threats. 

Anonymous social media forums like 4chan or dark web forums are often where threat actors go to communicate and organize. And social media is often where you can learn of current events as they unfold. So whether it’s customer data for sale online, or an active shooter situation in-store, security teams armed with OSINT can quickly assess and respond appropriately to mitigate risks and damages.

Only when an organisation has a complete picture that incorporates the variety of potential risks and has invested in specific responses and contingency plans can it adapt as needed to mitigate the impact of extreme events.

Read More
Corporate Security Ben Luxon Corporate Security Ben Luxon

Fighting Disinformation: How to Detect Bots and Determine Fake News

In our increasingly digital world the proliferation of disinformation forms a serious threat to organizations. To combat misinformation companies need the right tools and information.

In an increasingly digital world, there is scope for fake news publishers to make a huge social impact as well as large profits through the spread of disinformation. Accordingly, this is a problem that has and will continue to grow. The spread is compounded by our very human natures which compel us to engage with inflammatory content and often share before we’ve had time to fact-check and verify.

The spread of disinformation is problematic on a number of levels, it can impact a brands image, spread harmful or misleading medical information - as we’ve seen throughout COVID-19, or even undermine democracy itself as was seen in the 2016 US elections. Ultimately, to combat misinformation organizations need to be equipped with the right tools and understand both what they’re looking for, and the reasons for spreading misinformation.

The High Cost of Fake News

There are serious potential ramifications for the unchecked proliferation of misinformation which can impact both B2C and B2B organizations. For example, a competitor or disgruntled customer or employee could hire or create a fake news publisher to damage your brand image for purposes of revenge or to gain a competitive market advantage. 

These adversarial news generation sites could easily generate a huge amount of very believable content, syndicate across a number of channels, and promote heavily through social media, potentially through the use of bots. Overwhelmed companies would face a significant challenge when developing a response to counteract these examples of bad “press” and it would be necessary for those targeted organizations to have real-time actionable data at their fingertips.

How do you Spot a Bot?

Anonymity

Real people sharing real stories will have full accounts, normally with a photo of themselves. These people will have friends, followers, family and likely engage largely with their friends content. The opposite is fairly true for bots. Bots, by their very nature don’t have identities which often results in bot accounts appearing to have a highly anonymous approach.

This could be evidenced in the lack of information they share, or perhaps they use a generic profile picture like a well-known landmark.

Activity

The frequency of their postings as well as how successful those posts are are good indicators of a bot. For example, you might come across an account with only one post and no followers yet that post has thousands of shares.

Content

The people that create bots have an agenda. Whether that’s to drive traffic to a website, generate income, spread political disinformation, etc. Whatever, their reason, the bots will be used to achieve it which means all their posts will have a common theme such as inflammatory political context.

Stolen photo

It’s not uncommon for bots to steal profile pictures. A quick test can be running their profile picture through Google image finder to find the real owner of the image.

Related: Responding to Global Crises like COVID-19 with Increased Situational Awareness

Things might appear real at a glance, but prove to be fake on closer inspection..

Things might appear real at a glance, but prove to be fake on closer inspection..

A quick checklist for botnet detection

Bot accounts used in one network or campaign usually have several of the below listed features in common:

  • Multiple accounts with similar names or handles;

  • Accounts were created on the same date;

  • Each account is posting to the same sites, or even the exact same links;

  • The same phrasing or grammatical error appears across each accounts;

  • They all follow each other and/ or share each other posts;

  • They use the same tool for link shortening;

  • The bios have similarities;

  • Profile pictures are generic or identifiably not them (easily searchable through Google).

Obviously, just because some accounts have similarities doesn’t mean they are all bots, however, it should certainly raise some eyebrows in suspicion especially if you have  four or five accounts with several of these signs.

Fake Accounts vs. Account Takeovers

We outline above a few of the tell-tale signs of a bot. There is an additional tactic that is commonly used to amplify the distribution of fake or inflammatory content and this is through an account takeover. 

For this approach botnet operators perform credential stuffing attacks on social media accounts and then use the accounts they gain access to, to share information through direct messaging or by sharing content. Additionally, a compromised account could theoretically mean sensitive information is exposed and executives or organizations as a whole could suffer reputational damage or financial loss.

Standard security protocols, such as having unique passwords for all your online accounts, should help individuals avoid becoming victims of these tactics. 

The Importance of Verifying Information

The best way to check the accuracy of a source is to check it against another source.

However, this does raise another question. What if those other sources, those source which are supposed to independently verify the truth are working with the information source you’re fact-checking. Or what if the facts in the source are. largely correct but the story is spun to support one side of an argument. This might ring with scepticism and conspiracy, however, it is a point worth making, with whom do you place your faith and at what point do you stop questioning the validity of information?

Identifying Click-bait

Click-bait titles are purposefully crafted to evoke a powerful response from the readers. The reason for this is it encourages people to share the post, often without even reading the text. Less reputable news sites are occasionally guilty of this tactic, twisting the truth in their titles to get a response and increase their reach. However, it is also a tactic employed by botnet operators to maximise the reach of fake news. Signs that this might be the case are as follows:

  • Does it evoke a strong emotional reaction?

  • Is the story utterly ridiculous - or does it perfectly confirm your beliefs?

  • Are you going to spend money because of it?

  • Does it make you want to share it?

What’s the Bigger Context

Understanding the context behind a piece of news can help you determine how much, if any, of the story is true as well as lead you to a better understanding of what the publishers end goal is.

  • Who’s providing the information?

  • What’s the scale of the story?

  • If there’s an “outrage,” are people actually upset?

  • How do different news outlets present the same story?

Understand their Angle

Just because something is misleading or even incorrect doesn’t mean it’s without use especially in a security context. In fact, understanding the reason behind the content might give insight into potentially harmful tactics targeting your organization and better allow you to create an effective response.

When determining what their angle is ask the following questions:

  • Are important facts getting left out or distorted?

  • What’s the larger narrative?

  • What if you are actually wrong? Your previous opinion on a subject might have been formed by a different piece of fake news.

  • Why did they share this story?

coding .jpg

Determining Truth from Fiction Online with Signal OSINT

How companies utilize technology and adapt to the shifting threat landscape will determine how effectively they are able to mitigate the threat of disinformation.

Signal enables organizations to monitor and manage large amounts of data from a plethora of different data sources across the surface, deep, and dark web. This, paired with advanced filters and boolean logic means that security teams are empowered to identify disinformation, discover patterns and botnets, and practically respond to these potential and evolving threats. 

Additionally, Signal enables security teams to detect data leaks. This data may be used in credential stuffing attacks and poses a severe security risk. Identifying data leaks early is essential for mitigating the threat of credential stuffing and in this case preventing harmful misinformation from being spread through or by an organizations workforce.

Read More
Signal Product, Corporate Security Ben Luxon Signal Product, Corporate Security Ben Luxon

Combining Human Analysts, AI, and Automation for Fast Threat Intelligence

Security professionals need to think like cybercriminals: allow machines to do the heavy lifting then add in human intervention to execute strategies as successfully as possible.

It is estimated that cybercrime will cost organization a combined amount of upwards of $6 trillion a year. Cybercriminals are getting smarter and to defend networks, predict threats, and protect staff, organizations need increased access to timely intelligence. 

Effective information security requires smarter detection techniques which is why many organizations are incorporating AI-driven solutions and products to enable their security teams. However, even with AI assistance the sheer amount of data to assess is encumbering. Signal offers a multi-faceted approach that incorporates filters using boolean logic, AI analysis, and a human hand.

Getting Actionable Insights in Real-Time

In threat intelligence having timely data means everything! Having hyper-relevant intelligence as or even before events are unfolding could mean the difference of several zero’s. By contrast, acting upon old threat insights that maybe have dated can be counter-productive, or even undermine the purpose of the intelligence.

Automation and AI tools can make all the difference when it comes to constantly collecting fresh data. A threat intelligence platform such as Signal which harnesses automation and AI tools massively expands the potential data sources and amount of data that an organisation is able to effectively and efficiently monitor. As well as enabling security teams to sift through all that data and detect anomalous and potentially dangerous activity.

Reacting fast is vital to mitigating threats, but what is even more effective is preempting potential attacks enabling security teams to take preventative measures. For example, using a dark web scan a security team might discover an exploit package for sale targeting a previously unknown vulnerability. Discovering this exploit pack allows the security team to patch the vulnerability before hackers have a chance to take advantage of it.

Robot hand.jpg

Automation isn’t Everything

Machines can save you time and in that way they save you money. The combination of AI and Automation when scanning the surface, deep and dark web allows your security team to have more eyes on more data sources. This is vitally important especially today when cyber skills are scarce and data growth so overwhelming. This combination helps prevent analysts from being utterly swamped by endless admin work and allows them to deliver true value to their role.

That being said. Machines can only do so much by themselves (at least for the foreseeable future. People remain fundamentally better at understanding insights from potentially vague context and who are able to deliver an effective response.

Acting fast as we have already mentioned is incredibly important. But just throwing machine learning at the threat intelligence problem isn’t nearly enough. The perfect blend combines rapid and large-scale initial gathering and analysis by machines that then hand-off to their human team-mates to apply strategic intellect while the data is still fresh.

Security professionals have to think how cybercriminals think: machines (e.g. botnets) to do the heavy lifting and a sprinkling of human intervention to execute as successfully as possible.

Injecting Human Intelligence into Automated Threat intelligence

The key to superior threat intelligence accuracy and timing is to leverage automation whilst simultaneously injecting human expertise. You don’t want to be wasting your human resources by making skilled data security analysts wade through piles of admin. Nor do you want those analysts to miss potential anomalous data because your automated system disregarded a seemingly meaningless information package which later turned out to be a viable threat. 

Signal allows you to create filtered searches using Boolean logic scanning your chosen data sources and understanding potential location information. These searches can additionally be run through our emotional analysis tool Spotlight. 

sentiment+analysis+2.jpg

There is one more problem though. Getting the balance of human and automation right is essential if you want to derive an effective threat intelligence system at a competitive cost.

To solve this problem we have launched our Sapphire program. Sapphire is an optional bolt-on which enables Signal customers to leverage our skilled in-house data analysts to further refine their results allowing their in-house security personnel to spend time on delivering real value.

Final Words

As can be seen from the description above, Signal is not an “AI application” in the commonly understood way. Instead, it’s a system where we use AI techniques and automation in multiple places to create a tool which in the right hands creates an extremely capable intelligence solution.

Even though machines and software will continue to evolve with dazzling speed, the complexity of threat analysis means there will be plenty of challenging opportunities for human analysts for a very, very long time.

Read More
Corporate Security Ben Luxon Corporate Security Ben Luxon

4 Aspects of Effective Executive Travel Risk Management

Businesses have begun realising the importance of reducing travel risks especially for executives where the potential of risk is increased and the potential cost heightened. Signal risk intelligence software enables users to monitor the surface, deep, and dark web to better protect people and assets.

All organisations want to keep their employees safe, this goes across the supply chain and up to top executives. Whether they’re protecting them from the likes of terrorism, upset customers, natural disasters or road accidents, these risks are heightened when employees and especially executives travel.

Whilst threats to travel security are not limited to highly unlikely events, many serious threats like the sudden eruption of a volcano, or terrorist are, thankfully, things that most travellers never have to worry about. However, if COVID-19 has shown us anything it’s that no matter how unlikely a situation may be, they are still a possibility and could escalate incredibly quickly.

Businesses have over the last years begun realising the importance of reducing travel risks especially for executives where the potential of risk is increased and the potential cost heightened. In a 2017 study by Business Travel News of 229 travel buyers and managers and corporate safety and security managers, it was found that “65% said their companies' attention to traveller safety and travel risk management has increased over the past three years.” Ignoring the risks that travel holds could be an expensive mistake.

4 Essentials to Consider for a Effective Travel Security

  1. Reliable Intelligence 

  2. Education

  3. Briefings

  4. Planned Response

Executive travelling.jpg

Reliable Risk Intelligence

Situations can change rapidly and relevant timely intelligence in an evolving situation is vital if an accurate risk assessment is to be provided

Without an accurate risk assessment and a detailed understanding of the potential local risks, a security team cannot make a properly balanced decision regarding operation security. It is incredibly important then, not just for teams to perform risk assessments before travel but to continually monitor local situations so that should things change the security team can react accordingly and take appropriate actions.

For example, as COVID-19 was evolving into a global pandemic security teams needed reliable information from trustworthy sources to allow them to properly understand the potential risks it posed as well as to navigate through the plethora of misinformation being spread. Teams using Signal OSINT were able to get this information and take preventative actions, putting secondary measures into place should the situation evolve. In this particular example, extreme action was needed. The security teams first suspended all executive travel to badly affected areas and as the situation evolved into a more serious global crisis they evacuated executives and employees who were overseas, before entirely suspending further business travel.

Without the proper information, the best course of action cannot be pursued. Situations change rapidly and timely intelligence will provide detail on current and future anticipated threats. 

Staff Education

As part of an effective travel security program staff need to be aware of the potential dangers and have the tools and knowledge to minimise and mitigate personal travel risks. Risk can be dramatically reduced with good basic personal security methodology which is often the most cost-effective and efficient way to improve the safety of employees abroad.

Part of this education must be an ongoing effort to share with the relevant parties this real-time information from data sources gathered through tools such as Signal.

Debrief

With properly trained staff, the individuals travelling should be aware of the environment, threats and risks that they are entering. On top of this, as we mentioned above this information sharing should not stop at the briefing, but as the threats evolve the relevant individual needs to be kept up to date so that they can change their behaviour if necessary.

A Planned Response

The fourth aspect of an effective travel risk management plan is having planning a response to all possible crises. In certain locations, some aspects and threats are more prevalent. 

For example, emergency services might be lacking or public transport might be more dangerous. In these cases, proper plans need to be put in place. For the latter, you might arrange a rental car for your executive, or a driver, if the road laws are known to be difficult. These preventative actions remove several potential threats which would be far more costly for the business than the cost of something like a driver.

There must be a pre-identified and rehearsed service in place to ensure an effective and timely response to an emergency.

Three main parts to an effective response include:

1. Prevention – The best security avoids or prevents threats from becoming risks. A good benchmark is to be able to identify the exact location of your employees and be able to effectively communicate with them within 15-20 minutes of an incident occurring.

2. Crisis Management –  If a crisis does happen, the first thing you need is an effective communications channel. Through this, you need to be able to quickly implement plans and processes to manage the evolving crises.

3. Evacuation or Hibernation Plans – If a situation escalates beyond a certain point it may be that security teams need to implement and evacuation or hibernation plan. Which will either have the executive returned home, or hibernate in-situ until the situation changes. An example of a necessary evacuation plan being implemented would be in response to the Corona Virus. With only a little warning it became apparent to those organisations who had teams or individuals in Wuhan China that they needed to get them out of their fast. This situation then escalated rapidly to become a global crises.

identify locations

Challenges

Travel security and executive protection comes with a number of challenges. It doesn’t look good to put a large amount of money into executive protection, however, there needs to be a balance to avoid potential risks. If an executive is attacked, or involved in an accident whilst abroad then shareholder value may drop, potentially for days, and sometimes the pressure in these scenarios can have negative effects long after the incident.

A situation can change rapidly, requiring a different response even as soon as hours later., which is why having real time intel of an event is so crucial. With the right systems in place and the right tools in the security teams toolbox, threats can be identified, monitored, and effective preventative measures and contingency plans put in place. All of this acts to protect both the individuals and the company involved.

The Role of OSINT in Managing Executive Safety During Travel

The modern workforce is more decentralized than ever. As employees travel or work remotely, it is important to know about potential issues that could impact their safety and security. Signal can assist with early warnings of:

  • natural disasters in or near destinations;

  • potential travel disruptions;

  • terror attacks;

  • security threats;

  • political or economic indicators.

Signal Open Source Intelligence software allows you to gather real-time data. More importantly Signal allows users to tailor their feeds to get customised data relevant to their particular situation.  Which means instead of having to monitor every part of the web manually you can instead get customised filtered alerts. 

On top of this, Signal risk intelligence software enables users to monitor the surface, deep, and dark web. Many dark web forums don’t allow strangers to access their sites and require authenticated logins which makes it even harder to gain access on to these sites and monitor potential risks that occur in these places which security teams need to be aware of such as data breaches, threats of physical attacks and terrorism.

Learn more about how Signal can improve your executive protection…

Read More
Signal Product, Corporate Security Ben Luxon Signal Product, Corporate Security Ben Luxon

How to tell when negative sentiment becomes a threat to your business

Determining online sentiment doesn't just allow you to understand better how your brand is performing and how people feel about your business though. It can also be used to manage crises and spot potential threats to assets or staff.

Without sentiment analysis, data can be misleading. Sentiment gives data extra context which allows it to be better understood enabling a more effective and accurate response to the potential threat.

There are some 500 million tweets and over 4 million new blogs posted every single day. Each of these sparks another conversation which could house potential threats against an organisation. And we haven’t yet mentioned Facebook, Instagram, Reddit, Flickr, Medium or any of the other dozens of social sites and forums where people post online. And if you thought that was a lot of noise you have to remember the dark web too, where many cybercriminals go to engage in nefarious activities with the protection of a Tor browsers anonymity. 

The point here is that the internet is full of noise. Monitoring all of that and then cutting through the noise to detect relevant potential threats requires the right tools. 

What is Sentiment Analysis?

Sentiment analysis, in short, is analysing the language in online posts and comments to determine the underlying emotion behind what has or is being posted by an individual or group.

Determining online sentiment doesn't just allow you to understand better how your brand is performing and how people feel about your business. It can also be used to manage crises and spot potential threats to assets or staff.

Without sentiment analysis, data can be misleading. Sentiment gives data extra context which allows it to be better understood enabling a more effective and accurate response to the potential rtisks. 

sentiment+analysis+2.jpg

It also allows you to differentiate between when a negative comment is simply that, a negative comment, or when it needs more serious attention because, for example, it’s evolving into a physical threat.

Where and How do we Measure Sentiment?

Any text that gets highlighted by Signal OSINT software can be run through our sentiment analysis tool, Spotlight. This allows users to reduce the amount of noise and focus on the threats.

Sentiment can be expressed anywhere online, this might be through social media, in the comments of a blog or even in a dark web forum. Signal allows you to gather data from a huge array of open intelligence sources including (but not limited to) social media and dark web forums.

How can Sentiment Analysis Be Used for your Business?

Emerging Threats

Sentiment analysis can be an incredibly useful tool for those that wish to identify potential risks which might evolve into tangible reputational or physical threats against, employees, executives, brand or assets.

Managing Reputation

Your brand’s health and reputation are important. Having a tool that allows you to analyse the overall sentiment towards your brand and associated keywords gives organisations a bigger and better overall picture of their brand which can be a game-changer for launches of major events or analysing the success of a large marketing campaign.

Evolving Crises

When it comes to dealing with current and evolving crises having up to date and detailed situational awareness, gained through an OSINT tool such as Signal can make a huge difference. However, as we have mentioned before, there is a huge amount of noise out there. So, how do you determine which comments, which posts are relevant and need monitoring?

The answer is to use Signal to create specific filters and then run identified posts through our sentiment analysis tool “Spotlight”. This allows users to both quickly identify emerging threats and to then stay on top of these risks as they are evolving in real time.

Moving Your Marketing Forward

Social sentiment is a powerful tool for understanding the relationship between your brand, your customers, and your competitors. If you measure it regularly and act on what you learn, your team can create targeted marketing strategies to keep up with the ever-changing demands and opinions of your customers.

online threat

How do you determine when Negative Sentiment Becomes a Threat?

One of the key methods used by our software and our analysis team to tell whether or not a comment is a threat that needs more attention is the repetition of negative sentiment online by an individual or group.

For example:

  • Does a particular author of a comment or post have a long history of bad-mouthing an organisation or expressing negative sentiment?

  • Have they repeated the same negativity on multiple sources?

Even if they aren’t directly threatening any physical or tangible action against the organisation, if there’s enough online commentary from a single individual or group then this could escalate and it may be smart to further monitor.

You can then set up a search using our filters to target this individual or group so that you don’t miss if this negative sentiment becomes a physical or reputational threat. 

Secondly, using Spotlight, users can identify posts expressing dangerous emotions such as anger, or disappointment. Both if repeated enough should be addressed. Posts expressing anger are likely to indicate a physical threat and should be monitored for that, whilst the posts expressing disappointment may hold reputational risks. 

Summary

Sentiment analysis tools like Signal’s Spotlight can help security teams form a broader and more detailed overview of the situation to better understand the potential and emerging threats. It allows them to target their online searches and cut through the noise to identify key threats. All of this essentially means a more efficient and more effective security team.

You also might like:

Critical Security Intelligence for the Financial Services Sector

Read More
Emergency Management Ben Luxon Emergency Management Ben Luxon

Responding to Global Crises like COVID-19 with Increased Situational Awareness

In the wake of a global incident, corporations need fact-based reliable information from official sources and they need it fast. The smart adoption of technology can help facilitate the means for companies to protect their teams and assets as well as mitigate potential damages to the business.

Corona Virus has for many been a rude awakening. Companies have been left scrabbling in an attempt to put in place contingency plans and deal with the spread of misinformation, all whilst facing tumbling share prices.

COVID-19 is the most recent global incident, it’s not the first and it won’t be the last, however, it has thrown into harsh light the realities and weaknesses that surround many organisations international structure. Our increasing levels of globalization throw local isolationist policies out the window and if a company wishes to maintain economic growth changes in the way that they manage their response to global incidents is needed. 

In the wake of a global incident, corporations need fact-based reliable information from official sources and they need it fast. The smart adoption of technology can help facilitate the means for companies to protect their teams and assets as well as mitigate potential damages to the business.

Dealing with Misinformation: Disruption is the new normal.

The rapid spread of news and information online has sparked a recent increase in global headlines highlighting critical outbreaks. International concerns can cause loud and distracting noise when trying to identify specific data.

On top of this, panic has followed in the wake of COVID-19, stocks have plummeted to levels that haven’t been seen since 2008, people are rushing to stores to stock up on necessities. This panic has been spread and amplified by both a lack of preparation for a global crisis of this nature, as well as an amount of misinformation spread rapidly through both social media and even through more trustworthy news sources. 

To tackle this, the first thing any organisation needs is accurate, relevant and trustworthy information. You don’t want to be relying on secondary, potentially egregious sources, not only because it will take longer to uncover news forcing, but you also won’t know how reliable that information is. Sad as it may be to admit, many media outlets aim to sell news, and facts aren’t necessarily lucrative, spectacle sells. 

global crisis

Using an open-source intelligence (OSINT) software like Signal you can create a custom real-time stream from official sources such as the World Health Organisation, or the CDC to get reliable information and updates fast. Easily sift through unwanted information to detect only the most valuable in an outbreak.

Better situational awareness for a more efficient response

Increased situational awareness allows companies to proactively respond to crises. It allows them to get accurate information first, and create actionable and effective strategies based on reliable data to efficiently counter emerging threats.

As well as having multiple sources, companies can use OSINT tools to identify trustworthy and “official” statements and sources and tailor their live stream searches around those. This is often where the news breaks first and will give an unbiased account of the facts.

Examples of responses to COVID-19 can be seen from several large companies including Facebook and Amazon. In areas where there are outbreaks, such as Seattle, they have closed down offices and asked employees to work from home. They have also both cancelled  conferences which would have drawn thousands of people together with potentially disastrous results - instead they are looking at creating a virtual experience instead. This is just one example, of how companies, armed with accurate information can then use available technology to facilitate preventative measures mitigating the threat of the outbreak.

How OSINT software can help

Improve employee safety

Knowing how to respond and then implementing an effective response without causing further panic or further spreading misinformation allows organisations to effectively protect their staff in and outside of the office. 

For example, knowing how COVID-19 is spread as well as understanding the the severity and location of the outbreaks means you can form effective localised preventative measures without causing undue widespread panic or unnecessarily harming your business.

Better executive protection

Executives travel, and travel entails risk especially with an evolving international crisis of this nature. In this scenario, for example, it would be sensible to protect these executives by taking simple precautions such as delaying trips to areas with severe outbreaks such as China or Italy.

In line with current government recommendations all employees should be practicing social distancing and where possible managing meetings with video conferencing technology. Adapting in the face of an emerging threat such as COVID-19 allows companies to reduce the risks that they face and better protect their staff from exposure. 

Supply chain management

Those businesses that are built on the foundations of large and complex international supply chains have to question their structure and practices. What is the backup plan? How do you mitigate the threat to a potentially compromised supply chain? And perhaps, more importantly, how do you protect those staff and assets that are involved? 

First, you need actionable and accurate information in real time allowing you to fully understand potential risks and issues and only then can you form an effective plan of action.

corona+virus+threat+live+streams.jpg

Summary : The Importance of Accurate Real Time Data

Coronavirus is the only the latest example of a disruptive global crisis and it won’t be the last.

Due to the rise of unofficial media sources which can easily disseminate news through the internet, especially social media platforms, there is a lot of potentially unreliable information being consumed. Fact-checking can be immensely time-consuming and many people don’t bother, which is how false information propagates. As an organisation though this misinformation can be as harmful or even more harmful than the reality. Getting ahead of and tackling false news becomes an important task.

In terms of dealing with a global crisis such as COVID-19, think about spreading fact-checked sources through internal communications to allay fears spread through potentially incorrect or misleading media. This will also show employees that you are on top of the situation encouraging trust in the organisation and your official response.

To truly and effectively mitigate the threat of global incidents, how companies utilise technology to adapt to the scenario will make a huge difference. Ask yourself: Does your business offer flexible working practices? How can your business support workers if they need to self-isolate? Do you need your executives to attend events in physical locations or can business be done virtually? And as a final consideration - a side effect of these changes - how might these adaptations become more normalised to improve employee efficiency as well as supporting a healthier work life balance?

Resources 

Read More
Dark Web Monitoring, Signal Product bridget bisset Dark Web Monitoring, Signal Product bridget bisset

Seeing in the Dark - Exposing the Dark Web

In 2017 we launched our dark web monitoring functionality. From there we have evolved it into an invaluable part of our security intelligence offering which is used by corporate security teams across the globe.

There is plenty of online information regarding the dark web – mostly accurate, although it can be daunting to understand the various nuances. There are numerous benefits that come with monitoring of the dark web.

When it comes to dark web monitoring, Signal risk intelligence software offers a comprehensive service which enables security professionals to gain increased situational awareness using targeted, highly relevant data gathered from dark web sources.

Why did we add Dark Web monitoring to Signal threat intelligence software?

The Dark Web is the place to lurk out of sight, with complete anonymity, which makes it a logical centre for criminals to gather, discuss illegal activity, and sell illegal goods and services. Because of this, those bodies and security teams which are able to effectively monitor the blogs, forums, and chat rooms of the dark web have an invaluable source of information on nefarious or illegal activities - and are often among the very first to know about important and relevant information that may impact their company or organisation.  

Advanced warning for things like data breaches, reputational risks and physical threats to assets allow companies to effectively form strategies to deal with and mitigate the threats to their organisations.

These conversations and activities are highly relevant to many Signal subscribers, hence the addition of the Dark Web as a data source for Signal Gold subscribers in 2017.

Read our articles:

Screen Shot 2017-12-18 at 11.44.00 AM.png

Examples of activities that have been identified from dark web content include:

  • Online markets selling stolen and fake goods

  • Impersonation of individuals or organizations

  • Details in regard to hacking or incitement to hack

  • Reputational risk via fake news or impersonation

  • Illegal activities such as drugs and drug paraphernalia

One of the benefits that Signal provides is the ability to review the dark web post content without needing to utilize a Tor browser – simply review the content from within your Signal browser session.

Dark web monitoring is available for Signal subscribers with a gold or better subscription– if you are interested in more information in regard Signal or the dark web content, then contact us info@signalpublicsafety.com

Read More