Social media is a powerful tool that allows organizations to reach new audiences, communicate and engage with customers, build brand loyalty, share promotions and ultimately achieve new growth. However, because of the very public nature of it, social media opens up new opportunities for cyber criminals to target an organization.

Companies which don’t take the proper precautions in securing their social media channels could find themselves reeling from unexpected attacks. These attack could implement a wide variety of threat vectors, from employees to malware, and could evolve into serious and costly threats.

In this article, we explore some of the commonly exploited risks that are associated with corporate social media use as well as what a company can do to best mitigate these risks and how Open Source Intelligence (OSINT) can play an important role in preventing and protecting an organization.

The risks of social media for corporate security

Phishing and Scams

Phishing is a predominant attack strategy by cybercriminals with an estimated 90% of incidents and breaches including a phishing element. 

Phishing is defined as social engineering using digital methods for malicious purposes. Generally, the goal is to get the victim to hand over private information such as passwords, banking or credit card information.

In the case of social media, there are numerous forms that phishing can take. For example:

• Impersonation

• Credential theft

• Propagating attacks

• Data dumps

• Romance scams

• Intelligence gathering (for account takeover and spear phishing)

Social media platforms still offer only minimal controls to prevent the further propagation of account takeovers. Additionally, because social accounts typically need to be approved prior to connecting with people, account takeovers allow hackers to utilise trust associated with that account. Which is why it’s important for organizations to understand and prepare responses to these evolving threats.

Human Error

One of the key security weaknesses that many organizations face is human error. Everyone makes mistakes and in today’s digital world it is all too easy for cybercriminals to take advantage of these mistakes. In fact, according to EY Global Information Security Survey, employee weakness was responsible for 20% of all cyber attacks. Something as simple as clicking the wrong link or downloading the wrong file could cause havoc with a company's security systems.

When it comes to social media, one attack vector that many users don’t realize cybercriminals utilise is online challenges and quizzes. These quizzes often ask for or obtain by way of an answer personal information which is then used to hack passwords. 

For example, the answers to a social quiz might require you to give up letters from your mother's maiden name, your date of birth, or your first pet's name. This information combined with the details publicly available on your social media profiles could very easily offer up common password and security question combinations.

Third-party Apps

Even if your company's social media accounts are locked down tight, hackers may be able to gain access to an otherwise secure social media account through vulnerabilities in connected third-party apps.

Imposter Accounts

A cyberattack doesn’t always take the form of a hack. Instead, it is fairly easy for an imposter to create a social media account that looks like it belongs to your organization. This is one reason having a verified account is so valuable.

• LinkedIn’s latest transparency report notes that they took action on 21.6 million fake accounts in just six months.

• Facebook estimates that about 5% of monthly active user accounts are fake.

Impostor accounts can target your customers with fake deals, disinformation, or nefarious links. When a customer is tricked like this, not only does your brand suffer but often the organization is held responsible.

One recent example found on Twitter was a fake account fraudulently collecting money on behalf of President Trump’s 2020 reelection campaign. The account “@realDonaldTrump_” is set up as an almost exact replica of the real Trump’s account with only an underscore at the end of the handle to indicate it is not the real account. And of course, it lacks that tell-tale blue verification tick.

Unsecured Mobile Phones

More than 50% of the time spent online is done through mobile phones. Using social media apps allows us to access and engage on social channels with just a single tap. This is great, as long as you are the one in possession of your phone. However, this ease also creates a security risk. 

Should your phone be stolen and accessed all it takes is one tap for the thief to access your social accounts and then they can message all your connections with phishing or malware attacks or spread disinformation using your accounts.

And, worryingly more than half of people leave their phones unlocked.

Malware and Hacks

By its very nature, social media is about social interaction. For personal accounts, this means interacting with friends or acquaintances online in some form or another. For organizations it means interacting with customers, for celebrities or influencers it means interacting with fans.

This is actually a barrier for many cybercriminals. People are generally distrustful of communications where they have no prior experience with the person or people behind them. 

Generally speaking, strangers on the internet are still strangers and it takes a while to build an audience and gain their trust. For a cybercriminal to utilize social platforms then, they often have to go through a rather troublesome and lengthy process of building this trust. And while there are certainly numerous ways for a cybercriminal to sidestep these issues, if their end goal is to get people to click links or share information then their success rate will obviously be much higher should they originally share from a trusted account. 

Related: The Crucial Role of Social Media Monitoring in Corporate Threat Intelligence

5 actions to securing your companies social media presence

The best policies for social media security operate around prevention. By implementing a few basic social media security protocols organizations can massively reduce the potential threats that social media might otherwise present.

Have a clear social media policy

A clear and properly implemented social media policy is the first place to start. This will allow you to not only protect against security threats but also help prevent bad PR or legal trouble that might ensue should your social media be compromised.

You social media policy should include the following things:

• Outline of your brand guidelines that explain how people are allowed to talk about the company on social media.

• A list of social media activities to avoid, such as the quizzes that we mentioned earlier.

• Guidelines related to copyright and confidentiality

• A guide on the best practices for password management to avoid threats like credential stuffing.

• The expectation that employees will keep all their devices updated with the latest software.

• Examples of scams and attacks and educational material on how staff can avoid these and other key security threats,

• Information on who to notify and how to respond should an employee notice a security concern.

Train staff on best security practices

Building on from the previous point, because human errors are such a prevalent factor in hacks and other cyber attacks it is incredibly important to properly and routinely train staff in proper cybersecurity measures. Even the best social media policy won’t protect an organization should the staff not know how to properly follow or implement it.

Training employees routinely will also give them the opportunity to ask questions, engage and get a sense of the importance of the issue. Additionally, because cybercriminals are constantly evolving their strategies, training is an opportunity to update staff on new threats or examples of current scams.

As an added bonus, social media training also equips your team to use social tools effectively. When employees understand best practices, they feel confident using social media for their work. They’re then well-equipped to use social media for both personal and professional purposes and ultimately your company will see better results.

Limit access and permissions

One of the best ways to keep social accounts secure is to strictly control who has access and the exact permissions they have. Not everyone after all needs the ability to post, not everyone needs the ability to see the stats. And should an individual leave (especially if they leave under a dark cloud) it is important to be able to and remember to revoke their access so that they can’t use the social accounts to cause harm to the company.

Have a designated person in charge

This isn’t just a security concern, having a designated person in charge of and responsible for the running of your social channels will, first of all, ensure consistency but also ensure that someone is constantly on top of and routinely checking the social media security which will go a long way to mitigating any risks.

This person will likely be a senior person on your marketing team. They should maintain a good relationship with your company’s IT department to ensure marketing and IT work together.

Social media monitoring for threat detection

As we have mentioned several times already security threats, especially those around social media accounts are constantly evolving as cybercriminals implement new and innovative new methods for attacks. Using OSINT you can not only closely monitor not only your own social media accounts but the entirety of the web. This will allow for your security team to catch risks as they appear and neutralize potential threats early. 

For example, careful monitoring of social channels will allow you to discover imposter accounts and get them shut down quickly before they can do real damage. It will allow you to spot inappropriate use of your brand by employees or others associated with your company such as a new partner.

The role of OSINT for social media monitoring and corporate security

By monitoring social networks for mentions of your brand and keywords, you’ll know right away when suspicious conversations about your brand emerge. For example, people might be sharing fake coupons or offers, or an imposter account starts tweeting in your name. Using OSINT you can monitor all the relevant activity online regarding your business and quickly identify fraud allowing you to respond to it in a timely fashion.

Additionally, you can use OSINT tools like Signal to monitor not only your social media channels for things like imposters but also for physical threats against employees or branch locations. Moreover, you could monitor for negative emotional sentiment concerning an event you're hosting and identify people who may decide to turn those threats into action.

Finally, OSINT is vital in identifying when one of the above-mentioned risks of social media becomes more than just a threat, when it becomes a reality. Being amongst the first to know when something like this happens allows you to respond quickly and effectively

Conclusion

Social media security threats are constantly changing. Hackers are always coming up with new strategies, and new scams and viruses can emerge at any time. Researchers are now anticipating that advanced attacks against social media networks will be able to leverage a user’s contacts, location, and even business activities. This information can then be used to develop targeted advertising campaigns toward specific users, or even help spark crime in the virtual or real world.

To prevent social media breaches, protect user information, and secure company data, increased vigilance by individual users and regular audits of your social media security measures are necessary to ensure organization security.

A supply chain risk can vary broadly, from volatile global politics to natural disasters, from terrorism to DDoS attacks or data breaches. A disruption anywhere along the supply chain could have serious ramifications for business continuity potentially costing an organisation millions. Additionally, the size and scale of operations means that there are often numerous vulnerabilities. 

Open Source Intelligence (OSINT) is an invaluable tool for both security teams and supply chain managers. It allows them to gain oversight over often vast and complex supply chains, monitor risks and threats, and gather real-time data that is essential for coordinating an effective response. 

Many supply chain risks and threats are in association with fears around break downs within logistics operations or supplier disruptions. Additional concerns also relate to financial and legal exposures, uneven market demand for product, mounting competition, and natural disasters.

Protecting Business Continuity from Supply Chain Risks

Even as product complexity expands supply chains continue to stretch into developing countries where labour and natural resources are plenty, but the infrastructure is undeveloped or insufficient. Meanwhile, advanced planning and sourcing practices which aim to maximize efficiency and minimize costs, stretch operations to a point of fragility. 

Any disruption can result in organizations and consumers worldwide feeling the impact via loss of suppliers, delayed or destroyed goods, product release delays, and ultimately, customer dissatisfaction and brand damage.

To mitigate the damage of potential threats, both physical and cyber, specific resources need to be designated with the goal of maintaining business continuity in the face of disruptions. One of the most essential resources for security teams and supply chain managers alike is relevant insights and intelligence to assist in assessing potential supply pitfalls. 

Key Supply Chain Disruptions to Monitor with OSINT

Traffic

Even something as seemingly mundane as traffic can cause havoc with supply chain management as supply chains are heavily reliant on good transportation networks. Security professionals and supply chain managers need to know fast if key transportation networks are endangered.

For example, if a freight hub such as Hong Kong International Airport which sees nearly 3.7 million tons of freight through its gates each year were to encounter a serious disruption the ramifications would be far reaching. It’s not just physical disruptions though that teams need to monitor as cyber attacks can have equally far-reaching consequences.

Weather

It’s hard to predict where and when a tornado, hurricane, severe thunderstorm, or debilitating snowstorm will hit. However, in certain parts of the world such as Southeast Asia, these severe weather events occur more seasonally. 

For example, in 2015, the top 4 typhoon events in Southeast Asia caused an aggregate of over $33.5B in damages, more than 138 days of recovery time, and impacted nearly 7,000 supplier sites. In response to the increased risk of extreme weather events organizations must confront the complexity of their operations and improve visibility to go beyond just their immediate vendors. 

Only when an organisation has a complete picture that incorporates the variety of potential risks and has invested in specific responses and contingency plans can it adapt as needed to mitigate the impact of extreme weather events and maintain strength in the marketplace.

Mergers and acquisitions

A single organisation may work with hundreds of independent suppliers from all over the globe. It’s important to have clear oversight of their operational capabilities as well as retaining an awareness of how global events such as extreme weather or in this scenario a merger or acquisition might affect their output. 

What organisations cannot do is assume the best case scenario. Like other threats mentioned in this article, this supply chain risk is exacerbated by the scope of the operation. A single delayed part, for example, could bring assembly lines to a halt causing a build-up of undelivered orders ultimately resulting in dissatisfied customers and a long-term loss of revenue. 

With potentially hundreds of suppliers and thousands of parts it’s not practical to maintain frequent communications with every single supplier, nor is it possible to manually oversee the entirety of the supply chain. 

Fire and the Unexpected Physical Disruptions

While some events can be predicted and planned against, others can’t. A fire in a warehouse for example. Or as we have seen recently COVID-19 which has caused havoc across supply lines with factories either temporarily shutting down or reducing the scale of their operations with limited workforces.

Such unexpected crises can have a big impact causing costly delays. Organisations need up to date and real-time information on all their respective suppliers if they are to react fast and mitigate the potential financial impact of these supply chain risks.

Cyber Threats

There are multiple threat vectors that cyber attackers could target. And as operations get more complex and they focus increasingly on utilising technology for increased efficiency, these vulnerabilities become progressively more concerning. Attacks could take the form of anything from customer data breach, to leaked information pertaining to sensitive company data or even as in the case of Maersk, a rogue malware completely taking down an organisations IT systems.

Related: Securing the Supply Chain: The Role of OSINT in Logistics

Conclusion

New demands and pressures are constantly stretching supply chains and forcing supply chain managers and security teams to adapt. The stakes are high and security is a critical factor. Major concerns such as an unstable global economy, aggressive market competition, extreme weather conditions, demand volatility, and production failures place revenue growth, reputation and overall business operations at great risk. 

Understanding the nature of potential vulnerabilities and keeping current on disturbances that can impact processes can help teams better handle and mitigate problems related to global supplier concerns, brand protection, and financial risks.

Open Source Intelligence monitoring solutions like Signal enables teams to gain a clear oversight of the entirety of their logistical operations. This means they have details of potential disruptions or cyber-attacks before, or as, they are happening, allowing security teams and supply chain managers to implement their contingency plans in a timely fashion and prevent unnecessary financial losses.

Supply chain operations can be vast and while globalisation and digital technologies are making the world a smaller place in many ways, they are simultaneously increasing the number of potential vulnerabilities that security teams and supply chain managers need to monitor. Current threats to the logistics sector range from piracy, which has been experiencing a resurgence in recent years, to terrorism, to DDoS attacks, malware or data breaches.

The range of potential threats is exacerbated by the particular vulnerabilities of the supply chain and the sheer size and scope of the operations involved. For example, around 90% of the entirety of global trade flows through only 39 bottleneck regions. An effective attack on any of these 39 traffic heavy logistics hubs would have far-reaching and knock-on consequences impacting billions of dollars worth of trade. 

One example is the Hong Kong - Shenzhen freight cluster where nearly 15% of both container and air freight traffic moves through. Additionally, there is a selection of geographic chokepoints such as the Panama Canal or the Strait of Malacca where a successful attack could effectively halt a vast amount of freight.

If this wasn’t enough digitisation has increased the number of threat vectors that logistics companies need to consider. This increase in vulnerability needs to be addressed with effective security measures such as real-time data collected through Open Source Intelligence (OSINT) software.

How Can Transport and Logistics Companies Secure their Supply Chains?

Ensuring secure passage 

One of the key concerns, and one of the oldest, that logistics and transport companies have to contend with are the tangible and physical security threats; terrorism and piracy being the obvious examples. Organisations need real-time information to carefully and continuously assess the threat level, implications, and risks surrounding these physical security concerns.

Using these analyses organisations can then determine strategies to mitigate these threats as well as determine contingency plans for worst-case scenarios. They will need to be able to adapt and respond quickly to events as risk levels change. Supply chain managers across all industries will need to take into account higher transport costs, longer travel times, and potential problems meeting schedules when alternative transport routes are used

Fundamentally these risk management strategies hinge on having all of the information available on emerging and current threats. To be able to respond in a timely fashion it is absolutely necessary for supply chain managers and security teams to have the most up to date data. Being caught unawares could have far-reaching and even devastating consequences. And in some cases, business models based on time-critical deliveries may be squeezed out of the market. 

Keeping cyber space safe 

Cyber security is a secondary consideration for many logistics and transport companies. However, it is a security concern that should be receiving increasing levels of attention as “cyber criminals are evolving their tradecraft with new innovations and increasingly automating their attacks”, according to the 2020 Global Threat Intelligence Report (GTIR) by NTT Ltd. 

You only have to look back to 2017 for a clear example of what can happen should a logistics operator be caught unaware by malware. In this scenario the shipping giant Maersk had their IT systems taken out by a vicious malware called NotPetya. With roughly one container shipping into port every 15 minutes you can imagine the logistical nightmare that ensued as the company was forced to turn to manual processes to keep things moving. It was estimated that the delayed operations, lost revenue, and the process of completely rebuilding their IT systems cost Maersk upwards of $300 million.

NotPetya, developed by the Russian military, was targeting businesses in Ukraine – but the malware quickly got out of hand. Soon it was spreading around the world, taking down networks and causing billions of dollars in damage and lost revenue. Meaning, in this scenario, Maersk was simply collateral damage.

Despite this, according to The State of Logistics Technology Report 2019 by EFT, “the logistics industry is still not seeing security as a primary part of business operations” even with clear examples of what can happen. In this report, researchers surveyed more than 500 industry professionals with questions relating to cybersecurity and found: 

• Only 35% of solutions/service providers have a Chief Information Security Officer (CISO) in place;

• Only 43% of shipping companies have a CISO;

• Only 21% of logistics companies believe they even need a CISO.

Transportation is already heavily reliant on Information Communication Technology (ICT), and virtual threats are growing in frequency and complexity. For this reason, cyber threats are an increasingly worrisome problem across multiple industries. Additionally, for transportation and logistics cyber attacks as part of an attack designed to induce physical damage is an additional attack vector of increasing commonality.

OSINT Software for a More Secure Future

Some organisations operate with hundreds of individual suppliers. Disruption to any of these suppliers anywhere along the supply chain could have costly ramifications. Maersk is just one example of this, operations weren’t returned to normal for nearly two weeks, and even with employees across the company going above and beyond to maintain operational efficiencies, losses for customers and themselves quickly climbed into the millions.

Security investments provide a payback not only in terms of loss prevention but also by enhancing supply chain performance. When it comes to security and supply chain management, it’s especially important to look at future scenarios and manage security proactively. Reacting to crisis situations is not enough. Companies have to find the right combination of preventive and reactive measures to achieve the optimal level of supply chain security. 

Executives should keep an eye on so-called wildcard events too. That means looking at the possible financial impact, the relative vulnerability of their business model and their company’s ability to react to low-probability, high-impact events. 

How Signal is Already Helping Secure Logistics Supply Chains

Signal Open Source Intelligence software allows you to gather hyper-relevant real-time data giving users a clear oversight of their often vast supply chain operations. 

This means they will have details of potential disruptions or cyber-attacks before, or as, they are happening allowing them to implement their contingency plans in a timely fashion and prevent unnecessary financial losses.

In an increasingly digital world, there is scope for fake news publishers to make a huge social impact as well as large profits through the spread of disinformation. Accordingly, this is a problem that has and will continue to grow. The spread is compounded by our very human natures which compel us to engage with inflammatory content and often share before we’ve had time to fact-check and verify.

The spread of disinformation is problematic on a number of levels, it can impact a brands image, spread harmful or misleading medical information - as we’ve seen throughout COVID-19, or even undermine democracy itself as was seen in the 2016 US elections. Ultimately, to combat misinformation organizations need to be equipped with the right tools and understand both what they’re looking for, and the reasons for spreading misinformation.

The High Cost of Fake News

There are serious potential ramifications for the unchecked proliferation of misinformation which can impact both B2C and B2B organizations. For example, a competitor or disgruntled customer or employee could hire or create a fake news publisher to damage your brand image for purposes of revenge or to gain a competitive market advantage. 

These adversarial news generation sites could easily generate a huge amount of very believable content, syndicate across a number of channels, and promote heavily through social media, potentially through the use of bots. Overwhelmed companies would face a significant challenge when developing a response to counteract these examples of bad “press” and it would be necessary for those targeted organizations to have real-time actionable data at their fingertips.

How do you Spot a Bot?

Anonymity

Real people sharing real stories will have full accounts, normally with a photo of themselves. These people will have friends, followers, family and likely engage largely with their friends content. The opposite is fairly true for bots. Bots, by their very nature don’t have identities which often results in bot accounts appearing to have a highly anonymous approach.

This could be evidenced in the lack of information they share, or perhaps they use a generic profile picture like a well-known landmark.

Activity

The frequency of their postings as well as how successful those posts are are good indicators of a bot. For example, you might come across an account with only one post and no followers yet that post has thousands of shares.

Content

The people that create bots have an agenda. Whether that’s to drive traffic to a website, generate income, spread political disinformation, etc. Whatever, their reason, the bots will be used to achieve it which means all their posts will have a common theme such as inflammatory political context.

Stolen photo

It’s not uncommon for bots to steal profile pictures. A quick test can be running their profile picture through Google image finder to find the real owner of the image.

Related: Responding to Global Crises like COVID-19 with Increased Situational Awareness

A quick checklist for botnet detection

Bot accounts used in one network or campaign usually have several of the below listed features in common:

• Multiple accounts with similar names or handles;

• Accounts were created on the same date;

• Each account is posting to the same sites, or even the exact same links;

• The same phrasing or grammatical error appears across each accounts;

• They all follow each other and/ or share each other posts;

• They use the same tool for link shortening;

• The bios have similarities;

• Profile pictures are generic or identifiably not them (easily searchable through Google).

Obviously, just because some accounts have similarities doesn’t mean they are all bots, however, it should certainly raise some eyebrows in suspicion especially if you have  four or five accounts with several of these signs.

Fake Accounts vs. Account Takeovers

We outline above a few of the tell-tale signs of a bot. There is an additional tactic that is commonly used to amplify the distribution of fake or inflammatory content and this is through an account takeover. 

For this approach botnet operators perform credential stuffing attacks on social media accounts and then use the accounts they gain access to, to share information through direct messaging or by sharing content. Additionally, a compromised account could theoretically mean sensitive information is exposed and executives or organizations as a whole could suffer reputational damage or financial loss.

Standard security protocols, such as having unique passwords for all your online accounts, should help individuals avoid becoming victims of these tactics. 

The Importance of Verifying Information

The best way to check the accuracy of a source is to check it against another source.

However, this does raise another question. What if those other sources, those source which are supposed to independently verify the truth are working with the information source you’re fact-checking. Or what if the facts in the source are. largely correct but the story is spun to support one side of an argument. This might ring with scepticism and conspiracy, however, it is a point worth making, with whom do you place your faith and at what point do you stop questioning the validity of information?

Identifying Click-bait

Click-bait titles are purposefully crafted to evoke a powerful response from the readers. The reason for this is it encourages people to share the post, often without even reading the text. Less reputable news sites are occasionally guilty of this tactic, twisting the truth in their titles to get a response and increase their reach. However, it is also a tactic employed by botnet operators to maximise the reach of fake news. Signs that this might be the case are as follows:

• Does it evoke a strong emotional reaction?

• Is the story utterly ridiculous - or does it perfectly confirm your beliefs?

• Are you going to spend money because of it?

• Does it make you want to share it?

What’s the Bigger Context

Understanding the context behind a piece of news can help you determine how much, if any, of the story is true as well as lead you to a better understanding of what the publishers end goal is.

• Who’s providing the information?

• What’s the scale of the story?

• If there’s an “outrage,” are people actually upset?

• How do different news outlets present the same story?

Understand their Angle

Just because something is misleading or even incorrect doesn’t mean it’s without use especially in a security context. In fact, understanding the reason behind the content might give insight into potentially harmful tactics targeting your organization and better allow you to create an effective response.

When determining what their angle is ask the following questions:

• Are important facts getting left out or distorted?

• What’s the larger narrative?

• What if you are actually wrong? Your previous opinion on a subject might have been formed by a different piece of fake news.

• Why did they share this story?

Determining Truth from Fiction Online with Signal OSINT

How companies utilize technology and adapt to the shifting threat landscape will determine how effectively they are able to mitigate the threat of disinformation.

Signal enables organizations to monitor and manage large amounts of data from a plethora of different data sources across the surface, deep, and dark web. This, paired with advanced filters and boolean logic means that security teams are empowered to identify disinformation, discover patterns and botnets, and practically respond to these potential and evolving threats. 

Additionally, Signal enables security teams to detect data leaks. This data may be used in credential stuffing attacks and poses a severe security risk. Identifying data leaks early is essential for mitigating the threat of credential stuffing and in this case preventing harmful misinformation from being spread through or by an organizations workforce.

It is estimated that cybercrime will cost organization a combined amount of upwards of $6 trillion a year. Cybercriminals are getting smarter and to defend networks, predict threats, and protect staff, organizations need increased access to timely intelligence. 

Effective information security requires smarter detection techniques which is why many organizations are incorporating AI-driven solutions and products to enable their security teams. However, even with AI assistance the sheer amount of data to assess is encumbering. Signal offers a multi-faceted approach that incorporates filters using boolean logic, AI analysis, and a human hand.

Getting Actionable Insights in Real-Time

In threat intelligence having timely data means everything! Having hyper-relevant intelligence as or even before events are unfolding could mean the difference of several zero’s. By contrast, acting upon old threat insights that maybe have dated can be counter-productive, or even undermine the purpose of the intelligence.

Automation and AI tools can make all the difference when it comes to constantly collecting fresh data. A threat intelligence platform such as Signal which harnesses automation and AI tools massively expands the potential data sources and amount of data that an organisation is able to effectively and efficiently monitor. As well as enabling security teams to sift through all that data and detect anomalous and potentially dangerous activity.

Reacting fast is vital to mitigating threats, but what is even more effective is preempting potential attacks enabling security teams to take preventative measures. For example, using a dark web scan a security team might discover an exploit package for sale targeting a previously unknown vulnerability. Discovering this exploit pack allows the security team to patch the vulnerability before hackers have a chance to take advantage of it.

Automation isn’t Everything

Machines can save you time and in that way they save you money. The combination of AI and Automation when scanning the surface, deep and dark web allows your security team to have more eyes on more data sources. This is vitally important especially today when cyber skills are scarce and data growth so overwhelming. This combination helps prevent analysts from being utterly swamped by endless admin work and allows them to deliver true value to their role.

That being said. Machines can only do so much by themselves (at least for the foreseeable future. People remain fundamentally better at understanding insights from potentially vague context and who are able to deliver an effective response.

Acting fast as we have already mentioned is incredibly important. But just throwing machine learning at the threat intelligence problem isn’t nearly enough. The perfect blend combines rapid and large-scale initial gathering and analysis by machines that then hand-off to their human team-mates to apply strategic intellect while the data is still fresh.

Security professionals have to think how cybercriminals think: machines (e.g. botnets) to do the heavy lifting and a sprinkling of human intervention to execute as successfully as possible.

Injecting Human Intelligence into Automated Threat intelligence

The key to superior threat intelligence accuracy and timing is to leverage automation whilst simultaneously injecting human expertise. You don’t want to be wasting your human resources by making skilled data security analysts wade through piles of admin. Nor do you want those analysts to miss potential anomalous data because your automated system disregarded a seemingly meaningless information package which later turned out to be a viable threat. 

Signal allows you to create filtered searches using Boolean logic scanning your chosen data sources and understanding potential location information. These searches can additionally be run through our emotional analysis tool Spotlight. 

There is one more problem though. Getting the balance of human and automation right is essential if you want to derive an effective threat intelligence system at a competitive cost.

To solve this problem we have launched our Sapphire program. Sapphire is an optional bolt-on which enables Signal customers to leverage our skilled in-house data analysts to further refine their results allowing their in-house security personnel to spend time on delivering real value.

Final Words

As can be seen from the description above, Signal is not an “AI application” in the commonly understood way. Instead, it’s a system where we use AI techniques and automation in multiple places to create a tool which in the right hands creates an extremely capable intelligence solution.

Even though machines and software will continue to evolve with dazzling speed, the complexity of threat analysis means there will be plenty of challenging opportunities for human analysts for a very, very long time.

Sites on the dark web are marketplaces for emerging cyber threats. As such, these are rich sources of intelligence, often relevant to a broad spectrum of potential targets.

Signal’s AI and emotion analysis paired with customisable alerts allows you to identify potential relevant threats from sites on the dark web to other threat sources, enabling you to more quickly identify, profile, and mitigate risks to your organization.

Cybersecurity Threats from the Dark Web

With enough knowledge, you can create actionable insights. To understand and counter cyber threats we need developed intelligence and actionable insights and details of those threats.

Three of the main forms of threat identified on the dark web are: 

• Physical threats. 

• Data for sale online. 

• Fraudulent activity.

What we know is that the darknet contains difficult-to-locate hacker websites and tools which are the basis of cybersecurity threats. To understand how to counter these cyber-threats, we need to develop intelligence about the details of those threats.

Before we start looking at how that intelligence is gathered, let’s look first at what sort of things we are looking for. 

Content to Look out for on the Darknet

The darknet isn’t itself criminal or illegal. Rather it provides a platform of anonymity which makes it a very attractive prospect for criminals. There have been cases where contract killers have been hired, or terrorist cells have organised attacks.

On top of this, the darknet hosts various items related to cybercriminals as well as the more traditional criminal activities. It is worth noting though that the majority of traffic that goes through Tor browsers is not criminal activity.

1. Malware

You don’t need to be a proficient software coder any longer to become a hacker. Malware, and things like phishing and exploit kits, are freely available to purchase on the dark web if you know where to look.

2. Data for Sale

It’s common to discover stolen data for sale on the dark web. This often includes non sensitive data such as account logins and email addresses which will be used in credential stuffing attacks. However, more concerning is the amount of credit card and PII (Personal Identifiable Information) that can be found for sale.

Read: Mitigating the threat of credential stuffing.

3. Cyber Security Vulnerabilities

Another item hackers and cybercriminals sell on the dark web are “exploits”. These are when exploitable vulnerabilities in a companies security is discovered. Then the cybercriminal sells the exploit to a hacker who can use the information to create tailored malware.

On a positive note, it has been found that the number of exploits for sale on the dark web have declined in recent years. One potential reason for this decline is due to an increasing number of companies offering a bug bounty program. These programs offer a legitimate financial reward to those that discover potential security flaws.

4. Distributed Denial of Service (DDoS) BOts and Tools

Kaspersky has found that cybercriminals are reaping rewards of up to 95% profit by selling DDoS-as-a-service. Cybercriminals offer a sophisticated pricing plan for customers wanting to attack websites. Cheap and dangerous darknet botnets, for sale from $20, can cause havoc.

5. Discussion Forums for Cyber Criminals

Hackers come together on darknet forums to plan, share details, and exchange goods and information. And while the use of a Tor browser grants them anonymity, discovering their conversation allows security teams to potentially spot threats as or even before they are emerging.

What is Darknet Intelligence?

The darknet hosts a huge amount of valuable insights and data that could make all the difference to your security teams success. Understanding the kind of information you are looking for and how the dark web is used by cyber criminals allows you to effectively monitor criminal forums on the dark web and evolve effective plans to counter impending threats.

However, there is one fundamental problem. How do you do efficiently scan or monitor the dark web? 

Due to the nature and structure of the dark web, finding relevant sources, gaining access to criminal forums, and obtaining information is a huge undertaking that requires specialised knowledge. 

Manually Gathering Darknet Intelligence

Skilled security analysts can spend time building up knowledge around darknet based threats, locating relevant forums and gathering access via pseudonyms. Understandably this approach is wrought with difficulties such as:

• Expense.

  A skilled security analyst is expensive, the average salary being over $99,000 a year. And there aren’t that many out there. By 2022 there will be an estimated shortfall of around 1.8 million skilled cybersecurity professionals. 

• Efficiency.

  The darknet is disparate and deep. The names dark web or darknet are themselves misnomers. They suggest that the dark web exists somewhat like the World Wide Web in a state of connectivity. However, many of the websites on the dark web, especially the criminal ones do not want to be found. They aren’t indexed and other sites don’t link to them. Many of them require you to form an account and to be vetted by admin before you can gain access. 

  One individual is going to have an incredibly hard time finding, gaining access to and manually monitoring relevant dark web sites. One solution could be employing a team of security analysts - however, that brings us back to the first point; expense.

• The changing nature of the darknet.

  Sites on the darknet come and go quickly. Again this is especially true for the criminal websites that you would want to be monitoring. This means that anybody wanting to monitor these sites would need to regularly research and find the same sites as well as continuously looking for new ones.

Thankfully, there is an alternative and you don’t need to waste hours of a skilled analysts time trawling through an almost endless see of data in the dark. This alternative requires you to utlize automation tools such as Signal or our recently launched product LERTR. 

Automating Darknet Intelligence with Signal or LERTR

Darknet intelligence-gathering tools work by running automated searches of darknet websites and forums. Using Signal you can create customised alerts filtered via specific keywords, phrases or even locations. We also have a built-in translation tool so that data can be searched across languages and automatically translated into your default language.

On top of this, you can run alerts through our emotional analysis tool to determine how much of a threat any particular alert is. Finally, get our optional Sapphire bolt-on and utilise our skilled data analysts to further refine your results. 

This approach allows your leave your dark web monitoring on autopilot and not only effectively reduce costs but vastly increase the scope of your monitoring ability and the overall amount of hyper-relevant intelligence at your fingertips.

All of this allows you to gather actionable intel in realtime.

Communication and technology companies form an integral part of the daily activities of many individuals, companies, and governments. This sector forms a foundation of critical infrastructure which is in part what makes it such an appealing target for cybercriminals.

A successful cyberattack on a company in this sector could see vital services for hundreds of thousands if not millions disrupted. A severed internet connection could see businesses crippled and potentially shut down entire governments.

Remaining aware of the litany of evolving threats that could be and are currently being perpetrated against communications and technology companies is a priority if they want to have any hope of defending themselves against cyber or physical threats. 

Telecom operators are adept at protecting their networks, additionally, with the telecom infrastructure being the primary transport for most attacks it’s also true that cybercriminals also have to rely on this infrastructure. This limits the adversaries who directly attack telecom infrastructure largely to anti-establishment hackers.

However, today, telecom organisations are recasting themselves as technology companies - which is why this article encompasses both. For instance, they are creating mobile applications for use of VoIP calls and storing data on cloud services. The lines between technology and communications companies become even more blurred with large tech companies owning parts of the infrastructure as well as those tech companies which have crossed over into the realms of communications. Apple, Facebook, and Google being the most obvious examples.

This cross-over between communications and technology creates new risk frontiers for both communication and technology companies. 

“One mounting technology concern is Internet route hijacking, also known as IP hijacking, an exploit in which adversaries corrupt Internet routing tables to ‘hijack’ packets of data. Possible solutions include the implementation of secure Border Gateway Protocol (BGP), a technology that can be used globally. However, secure BGP standards haven’t been consistently adopted, and that’s not likely to happen without government incentives.”

Source

In addition to the growing number of cyber threats, it’s also necessary to consider threats against executives as well as supply chain vulnerabilities which might be exploited. The fact that many of large organisations operate internationally, where materials and equipment manufactured in various different parts of the world is the final part of an ever-evolving ecosystem of threats.

Threats Facing Technology and Communications Companies

Today’s cybercriminals are evolving and adapting fast, discovering and creating new vulnerabilities to exploit constantly. Addressing these threats requires telecommunications and technology companies to have access to up-to-the-minute knowledge and information about threats and vulnerabilities for a vast array of potential attack vectors. 

We can divide the main threats facing the communication and technologies industries into two interrelated categories: 

• Threats targeting companies directly. 

These include DDoS attacks, targeted attacks (APT campaigns), network device vulnerabilities and human-related threats like insider access, social engineering and the risk of allowing third parties to access information. 

• Threats targeting subscribers of services.

Particularly the customers of cellular service providers (CSPs) and Internet service providers (ISPs). These include malware for mobile devices, subscriber data harvesting, end-user device vulnerabilities, and more.

Mobility and the Cloud

Another key issue for these industries is the proliferation of smartphones and internet-capable devices. Despite this being a pressing concern it has been found that technology and communications companies have done little to deploy security measurements with only around 45% of organisations having a mobile device security strategy in place.

As the use of mobile devices increases so does the use of cloud computing services. The cloud has been around in its modern context since at least 2006 however, it is becoming increasingly used by modern organisations with some today 50% of operators currently using some sort of cloud service.

The use of the cloud opens up new business growth avenues and increasingly optimises workflows allowing individuals to work and manage their data from anywhere on any device. However, it simultaneously creates new attack vectors which are compounded by the use of mobile devices. 

Whilst organisations share increasingly more data with third parties, vendors, partners, and customers it has been found that a striking lack of security practices exists for IoT and cloud-enabled devices. 

• 67% had an IoT security strategy.

• 34% had policies for secure collection, retention and destruction of new data.

• 36% had implemented uniform cybersecurity policies across all IoT devices and systems.

Source: The Global State of Information Security Survey 

How Communications and Technology Companies are Improving Cybersecurity 

Security is everybody’s business. Any member of staff might be exploited as a weakness. In a 2018 survey it was determined that 30% of security incidents were attributed to an employee compared to 23% attributed to an external hacker and 19% attributed to third party vendors. Employees could become threats in a variety of ways, accidentally or maliciously. 

For example, they could be personally hacked and extorted for access to protected data. Or they could be a victim of a phishing attack unwittingly installing malware on company devices allowing hacklers to steal packages of data. Or, it could be a location or particular executive that is physically targeted for an attack. The variety of dynamic threats means that it’s not just security teams that need be involved in and informed about threats.

One trend that is true across industries including telecom and technology companies is an increased budget for cybersecurity and threat intelligence.

“It’s predicted that global spending on cybersecurity products and services will exceed $1 trillion cumulatively over the five-year period from 2017 to 2021.”

Source: 2018 Cyber Security Market Report

Another measure is an increasing focus on intelligence. Threat intelligence using tools like Signal allows organisations to efficiently obtain hyper-relevant data in real-time.

How is Signal being used today to protect organisations?

• Company data is discovered for sale on the dark web.

• Threats to an office location are found in online discussion forums.

• Signal discovers an employee sharing sensitive company information online.

We now offer a focused Cyber Security product, LERTR.

Final Words

Today, information security is an advanced discipline that requires the correct technology and processes paired with a skillset based on counterintelligence techniques and supported by top executives. As technology evolves new threats will inevitably appear along with a raft of new challenges. 

For companies to mitigate the risks presented by an evolving threat landscape core practices such as employee security training need to be reassessed and continuously updated based on the newest information. The convergence of mobile technology, cloud services and social networking have multiplied risks - and many operators have yet to address many of these increased vulnerabilities. 

These factors call for a new approach to security, one that’s driven by the knowledge of threats, assets, and adversaries. One in which security incidents are seen as a critical business risk that may not always be preventable, but can be managed to acceptable levels.

Retail is the fourth most targeted industry by cyber-criminals. It is the same technologies that have created new potential growth opportunities for these businesses which has simultaneously opened up new and evolving attack vectors for both cyber-criminals and physical attacks.

Use of the cloud, IoT (Internet of Things) and global expansion increases potential risks exponentially, as these threats are no longer constrained by location or borders. Organisations need to secure customer data, protect executives, manage travel, predict physical threats to assets, and prevent cyber-attacks. All of these threats could come from a range of possible sources involving a plethora of evolving methods, from anywhere in the world. 

Digital and In-Store Locations Are Both Valuable Targets

Retailers deal with large numbers of people. As such, their databases necessarily contain vast amounts of data which could be valuable to hackers. This includes but isn’t limited to personally identifiable information (PII) for customers, employees and even executives. Vulnerable PII which contains financial information is highly valuable and the most obvious of targets for hackers, however, even non-sensitive data can be a hugely profitable attack vector for cyber-criminals when used correctly. This is shown by the frequent sales of login credentials on the dark web.

Additional avenues of attack include mobile retailer apps, customer-facing devices in retail locations, and IoT product offerings. These new technologies are continuously assessed by cybercriminals for potentially exploitable weaknesses and can often be found mentioned in online discussion forums. Because of this, public-facing social media data, as well as data collected off the dark web, is more valuable than ever in detecting threats.

Social media, as well as anonymous forums on deep and dark websites, are used to discuss or advertise criminal strategies like shoplifting, POS fraud, and counterfeiting. Public-facing social media data is more relevant than ever for detecting sentiment, executive threats, and critical events like active shooters in or around retail locations.

The Heavy Cost of Threats for Retailers

The cost associated with the risks outlined in this article are huge. Retail inventory loss incurred by shoplifting or fraud costs the industry an estimated $50 billion a year. The average cost of a data breach, according to a 2018 Ponemon Institute report, is USD $3.86 million. And these are just the measurable costs. The long lasting effects that comes with the reputational damage and global brand erosion that coincides with a data breach that exposes customer or executive data is also a highly valid concern.

This information points to the importance and necessity for an effective data discovery and analysis programme to be employed by companies to effectively secure organisations in the retail industry. Security teams are burdened with a seemingly impossible task of processing an ever-increasing and varied amount of threat data to separate the noise from the real threats to contextualise that data into actionable insights. This industry needs tools that automate and accelerate data analysis to enable effective threat monitoring and prediction.

- 50% of retailers have experienced a data breach.

- 84% plan to increase IT security spending.

- 85% of retail IT security professionals said their organisation used cloud storage for sensitive data.

Source

The Importance of Cybersecurity in Retail

The rise of e-commerce and the adoption of digital technologies means that retailers now hold vastly more data on their customers than ever before. Most major outlets currently have online stores and it’s expected that online sales will outstrip high street sales within the decade. Gaining access to customer accounts can give access to PII and even bank details. Hackers who manage to obtain this customer data will either use this data themselves or more likely sell it on the dark web.

One of the popular methods that this data is used for is an approach called credential stuffing. This attack works because many customers use the same login credentials across many different sites. Hackers will take these credentials and make multiple automated login attempts across an array of websites. One team of security analysts found that 90% of retail login attempts were from hackers attempting to access other people’s accounts in this way. 

Another common attack vector is payment processes. Retailers are embracing technology to make it as easy as possible for customers to purchase through their online stores, however, if security standards aren’t advanced alongside these payment processes then they leave vulnerabilities to fraudulent activity.

A final key cybersecurity vulnerability for retailers is the staff. Often retailers hire young and inexperienced staff, most of whom have had little if any cybersecurity training. This leaves them vulnerable to common ‘social engineering’ attacks such as ‘phishing’. For example, a hacker might contact a staff member directly and trick them into installing malware onto a company device or attempt to get them to provide sensitive information by pretending they are someone that they aren’t. 

Additional Threat Vectors for the Retail Industry

A few examples of additional threat vectors that the retail industry need to pay careful attention to include: 

Gift card cloning

In a 2018 report security firm Flashpoint identified found hundreds of discussions of "cracked" gift cards on criminal web forums.

There are several strategies to hack gift cards. One example is by predicting the gift card numbers, which when combined with a brute force attack, means hackers can identify activated cards and the amounts on them. Another method involves creating clone cards of inactive gift cards and then when they are activated using the credit before the rightful owner has a chance.

Whichever method they choose it’s often the retailer that’s left picking up the tab.

Executive and employee threats

As with any industry, staff may be targeted, not just for phishing attacks or fraud but for physical attacks by disgruntled customers or even terrorists. 

Threats to physical locations

From active shooter attacks to terrorist assaults physical locations, especially those where members of the public can come and go freely, are high-risk locations.

By utilising the right technology companies can identify threats early and mitigate the potential damage by forming an effective response based on real-time data fast.

What modern security means for modern retail

Criminals can leverage the web to commit both physical (such as in-store theft), as well as cyber-attacks (such as phishing or gift card cloning). This leaves retailers operating in a unique threat landscape with a broad array of potential attack vectors.

There are three levels that modern retailers should consider to ensure a complete and effective security, both in-store and online. First, at the highest level, training and information need to be gathered for both their security teams, both also disseminated to employees across the organisation so that everyone is aware of the threats and how to avoid them.

The next level is to only work with secure third-party providers. Companies that take security seriously and when it comes to building defences against cybercrime have strong records. These businesses, such as connected devices, cloud storage or payment portal providers form a crux of any companies security.

Finally, the security team need to be enabled with the right tools for the job at hand. Signal OSINT software enables security teams to scan a vast number of open, surface, and dark web channels and sources to gain real-time data on emerging threats. Our sentiment analysis, custom filters and advanced alerting means security teams can be notified instantly on threats as they are emerging. Whether it’s customer data for sale online, or an active shooter situation in-store, security teams can quickly assess and respond to mitigate risks and damages.

An estimated 2.94 billion people globally use social media. This is roughly a penetration of about 40% which is only expected to grow. However, in developed countries, this penetration rate is even higher. Facebook and Instagram are currently the two most used platforms, but there are numerous channels with hundreds of millions of active users daily. 

On any one of these channels, attackers might voice their intentions, spread false information concerning your organisation, or partake in more obscure but potentially equalling dangerous activities such as cyber-bullying or phishing. Because of the high number of users paired with the social nature of discussion, potential threats often emerge on these channels and forums first, even before they become a tangible risk.

On top of this, many companies have active social media presences which enable them to engage with their target audiences for positive brand growth. However, because of the saturation, companies are opened to several new vulnerabilities that come hand in hand with the opportunities that social media presents.

A fundamental challenge with social media monitoring, then, is knowing where to look and how to identify credible threats amidst overwhelming noise in a timely fashion that doesn’t require immense resources.

In this article, we explore some of the key threats that evolve and can be monitored using social media channels as well as how to overcome the fundamental difficulties surrounding effective social media monitoring.

The Challenges of Social Media Monitoring

Using social media monitoring as part of your comprehensive cybersecurity strategy has several key benefits unique to the platforms involved. However, leveraging social media for increased security and situational awareness can be a challenge and, without the right tools, it is next to impossible to effectively monitor these channels and form timely responses.

The amount of chatter on social media channels is both a boon and a curse to security professionals. People discuss everything from the inane to clearly threatening conversations and actions. All of this happens though, across dozens of social media channels. On Twitter alone, there are some 500 million tweets a day. In one study, it was found that five new profiles are created on Facebook every second - and it’s quite possible that some of those are fake or could be a threat to your business.

An example of using social media to gain increased situational awareness is the 2019 Christchurch shooting. Parts of the event were live streamed through social channels. Those security teams monitoring these channel were amongst the very first to know of the event as well as gain valuable situational awareness that allowed them to respond more effectively than without this information.

To overcome the key challenges presented by social media monitoring it is vital to employ the right tools and resources. For example, Signal OSINT platform allows you to monitor your chosen social media channels continuously and set up tailored lives streams and customised filters to help user identify potential threats from the noise of online chatter. To further refine the data gathered through the use of Signal you can run things through our sentiment analysis tool. 

Signal enables users to monitor not just social media but the surface, deep, and dark webs in their entirety forming the crux of many organisations’ security efforts.

Identifying Threats 

Intertwined in the comments, posts, pins and tweets are a multitude of information security and business risks. From targeted phishing to full-on account takeovers or even emerging threats against physical assets. As social media continues to dominate business communications, security teams must understand and address the risks posed by social media, the largest unsecured IT network on earth.

Here are a few of the key identifiable security threats associated with social media.

Targeted Phishing

Phishing attacks have been evolving over the years to incorporate and take advantage of the everyday tools that both businesses and consumers use. One such method is by using social media to gather data on targets through phishing attacks and other strategies. 

For example, is your mother’s maiden name listed on your Facebook? Where did you go to school? Did you post pictures of your first ever pet? All of this data commonly used for security questions is freely available for determined fraudsters. For those that are a little more enterprising, they might even get you to volunteer particular details disguised as a fun quiz. Phishing attacks are generally used to gain valuable data which can then be used for monetary gain. 

Social Engineering

By using social platforms criminals can build trust and through the use of deception manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. This can take on several different aspects whether it’s targeting employees to divulge information about a company or manipulating customers to share personal information that would allow them login access to their accounts for the purposes of identity fraud.

Account Takeover

An account takeover is a form of identity theft. This is when fraudsters illegally use bots to gain access to a victims account. There are several reasons this could be valuable to a hacker. For example, what they might do is launch a phishing attack from this account which will allow them to utilise the trust associated with that individual’s personal account to increase the chances of success. 

Physical Threats

Social media is a public forum where a huge number of people go to express their opinions. What this inevitably means is that both positive and negative sentiment is expressed about companies, organisations and people. Some of this sentiment holds serious reputational risks or may even evolve into a serious physical threat against an employee or asset. 

Final Words

Experienced hackers and cyber-criminals, understanding the public nature of the channels will attempt to avoid actions that expose their intentions. Social media threat monitoring in this way has its limitations, which paired with those relating to privacy protections inhibit it from being a comprehensive intelligence source.

That being said, social media, when monitored effectively can catch negative sentiment as well as expose potentially dangerous or threatening information or conversations in real time - some of which will prompt further investigation or other actions to be taken. Social media monitoring can provide critical real time information on threats increasing situational awareness, but organisations and their security teams are well-advised to not lose sight of the forest for the trees. 

The usefulness of social media monitoring is best leveraged in a holistic risk management approach, one that incorporates diverse security strategies, including a range of cyber security measures.

All organisations want to keep their employees safe, this goes across the supply chain and up to top executives. Whether they’re protecting them from the likes of terrorism, upset customers, natural disasters or road accidents, these risks are heightened when employees and especially executives travel.

Whilst threats to travel security are not limited to highly unlikely events, many serious threats like the sudden eruption of a volcano, or terrorist are, thankfully, things that most travellers never have to worry about. However, if COVID-19 has shown us anything it’s that no matter how unlikely a situation may be, they are still a possibility and could escalate incredibly quickly.

Businesses have over the last years begun realising the importance of reducing travel risks especially for executives where the potential of risk is increased and the potential cost heightened. In a 2017 study by Business Travel News of 229 travel buyers and managers and corporate safety and security managers, it was found that “65% said their companies' attention to traveller safety and travel risk management has increased over the past three years.” Ignoring the risks that travel holds could be an expensive mistake.

4 Essentials to Consider for a Effective Travel Security

1. Reliable Intelligence 

2. Education

3. Briefings

4. Planned Response

Reliable Risk Intelligence

Situations can change rapidly and relevant timely intelligence in an evolving situation is vital if an accurate risk assessment is to be provided. 

Without an accurate risk assessment and a detailed understanding of the potential local risks, a security team cannot make a properly balanced decision regarding operation security. It is incredibly important then, not just for teams to perform risk assessments before travel but to continually monitor local situations so that should things change the security team can react accordingly and take appropriate actions.

For example, as COVID-19 was evolving into a global pandemic security teams needed reliable information from trustworthy sources to allow them to properly understand the potential risks it posed as well as to navigate through the plethora of misinformation being spread. Teams using Signal OSINT were able to get this information and take preventative actions, putting secondary measures into place should the situation evolve. In this particular example, extreme action was needed. The security teams first suspended all executive travel to badly affected areas and as the situation evolved into a more serious global crisis they evacuated executives and employees who were overseas, before entirely suspending further business travel.

Without the proper information, the best course of action cannot be pursued. Situations change rapidly and timely intelligence will provide detail on current and future anticipated threats. 

Staff Education

As part of an effective travel security program staff need to be aware of the potential dangers and have the tools and knowledge to minimise and mitigate personal travel risks. Risk can be dramatically reduced with good basic personal security methodology which is often the most cost-effective and efficient way to improve the safety of employees abroad.

Part of this education must be an ongoing effort to share with the relevant parties this real-time information from data sources gathered through tools such as Signal.

Debrief

With properly trained staff, the individuals travelling should be aware of the environment, threats and risks that they are entering. On top of this, as we mentioned above this information sharing should not stop at the briefing, but as the threats evolve the relevant individual needs to be kept up to date so that they can change their behaviour if necessary.

A Planned Response

The fourth aspect of an effective travel risk management plan is having planning a response to all possible crises. In certain locations, some aspects and threats are more prevalent. 

For example, emergency services might be lacking or public transport might be more dangerous. In these cases, proper plans need to be put in place. For the latter, you might arrange a rental car for your executive, or a driver, if the road laws are known to be difficult. These preventative actions remove several potential threats which would be far more costly for the business than the cost of something like a driver.

There must be a pre-identified and rehearsed service in place to ensure an effective and timely response to an emergency.

Three main parts to an effective response include:

1. Prevention – The best security avoids or prevents threats from becoming risks. A good benchmark is to be able to identify the exact location of your employees and be able to effectively communicate with them within 15-20 minutes of an incident occurring.

2. Crisis Management –  If a crisis does happen, the first thing you need is an effective communications channel. Through this, you need to be able to quickly implement plans and processes to manage the evolving crises.

3. Evacuation or Hibernation Plans – If a situation escalates beyond a certain point it may be that security teams need to implement and evacuation or hibernation plan. Which will either have the executive returned home, or hibernate in-situ until the situation changes. An example of a necessary evacuation plan being implemented would be in response to the Corona Virus. With only a little warning it became apparent to those organisations who had teams or individuals in Wuhan China that they needed to get them out of their fast. This situation then escalated rapidly to become a global crises.

Challenges

Travel security and executive protection comes with a number of challenges. It doesn’t look good to put a large amount of money into executive protection, however, there needs to be a balance to avoid potential risks. If an executive is attacked, or involved in an accident whilst abroad then shareholder value may drop, potentially for days, and sometimes the pressure in these scenarios can have negative effects long after the incident.

A situation can change rapidly, requiring a different response even as soon as hours later., which is why having real time intel of an event is so crucial. With the right systems in place and the right tools in the security teams toolbox, threats can be identified, monitored, and effective preventative measures and contingency plans put in place. All of this acts to protect both the individuals and the company involved.

The Role of OSINT in Managing Executive Safety During Travel

The modern workforce is more decentralized than ever. As employees travel or work remotely, it is important to know about potential issues that could impact their safety and security. Signal can assist with early warnings of:

• natural disasters in or near destinations;

• potential travel disruptions;

• terror attacks;

• security threats;

• political or economic indicators.

Signal Open Source Intelligence software allows you to gather real-time data. More importantly Signal allows users to tailor their feeds to get customised data relevant to their particular situation.  Which means instead of having to monitor every part of the web manually you can instead get customised filtered alerts. 

On top of this, Signal risk intelligence software enables users to monitor the surface, deep, and dark web. Many dark web forums don’t allow strangers to access their sites and require authenticated logins which makes it even harder to gain access on to these sites and monitor potential risks that occur in these places which security teams need to be aware of such as data breaches, threats of physical attacks and terrorism.

Learn more about how Signal can improve your executive protection…