A key challenge facing modern security teams is the explosion of new potential threats, both cyber and physical, and the speed with which new exploits are taken advantage of. Additionally, in our globalized world threats can evolve from innumerable sources and manifest as a diverse range of hazards.

Because of this, security teams need to efficiently utilize automation technology and machine learning to identify threats as or even before they emerge if they want to mitigate risks or prevent attacks.

Artificial Intelligence in the Cyber Security Arms Race

Today, AI and machine learning play active roles on both sides of the cybersecurity struggle, enabling both attackers and defenders to operate at new magnitudes of speed and scale.

When thinking about the role of machine learning for corporate security and determining the need, you first need to understand how it is already being used for adversarial applications. For example, machine learning algorithms are being used to implement massive spear-phishing campaigns. Attackers harvest data through hacks and open-source intelligence (OSINT) and then can deploy ‘intelligent’ social engineering strategies with relatively high success rate. Often this can be largely automated which ultimately allows previously unseen volumes of attack to be deployed with very little effort.

Another key example, a strategy that has been growing in popularity as the technology evolves, making it both more effective and harder to prevent, is Deepfake attacks. This uses AI to mimic voice and appearance in audio and video files. This is a relatively new branch of attack in the spread of disinformation and can be harnessed to devastating effect. For example, there are serious fears of the influence they may bring to significant future political events such as the 2020 US Presidential Election.

These are just two of the more obvious strategies currently being implemented in a widespread fashion by threat actors. AI supported cyberattacks though have the potential to go much further. IBM’s DeepLocker, for example, describes an entirely new class of malware in which AI models can be used to disguise malware, carrying it as a ‘payload’ to be launched when specific criteria are met - for example, facial recognition of its target.

Managing Data Volumes

One of the primary and critical uses of AI for security professionals is managing data volumes. In fact, in Capgemini’s 2019 cybersecurity report 61% of organizations acknowledged that they would not be able to identify critical threats without AI because of the quantities of data it is necessary to analyze.

“Machine learning can be used as a ‘first pass’, to bring the probable relevant posts up to the top and push the irrelevant ones to the bottom. The relevant posts for any organization are typically less than 0.1% of the total mass of incoming messages, so efficient culling is necessary for the timely retrieval of the relevant ones.” - Thomas Bevan, Head Data Scientist at Signal.

Without the assistance of advanced automation softwares and AI, it becomes impossible to make timely decisions - impossible to detect anomalous activity. The result of which is that those organizations who don’t employ AI and automation softwares for intelligence gathering often miss critical threats or only discover them when it’s too late.

Signal OSINT and Machine Learning

Signal OSINT platform uses machine learning and automation techniques to improve data collection and aggregation. The platform allows you to create targeted searches using Boolean logic, but it is our machine learning capabilities which allow us to go beyond Boolean keyword searches. 

“By recognising patterns in speech and relations between commonly used words, one can find examples of relevant posts even without keywords. While phrases like ‘I’m gonna kill the boss’ can be picked up by keywords easily, keyword searches alone struggle with more idiomatic speech like, ‘I’m gonna put the boss six feet under’, and will incorrectly flag posts like ‘Check out the new glory kill animation on the final boss’. Machine learning, given the right training data, can be taught to handle these sorts of examples,” says Thomas Bevan.

Signal continuously scans the surface, deep, and dark web and has customizable SMS and Email alert capability so that security teams can get real-time alerts from a wide array of data sources such as Reddit, 4Chan, 8Kun etc. Additionally, Signal allows teams to monitor and gather data from dark web sources that they would otherwise be unable to access either for security reasons or because of captive portals.

Finally, the software allows users to analyze data across languages and translate posts for further human analysis. There are additional capabilities, such as our emotional analysis tool Spotlight, which can help indicate the threat level based on language indicators.

Complementing AI with Human Intelligence

In order to stay ahead of this rapidly evolving threat landscape, security professionals should be using a layered approach that pairs the strategic advantages of machine learning to parse through the vast quantities of new data with human intelligence to make up for current flaws in AI technology.

Machines have been at the forefront of security for decades now. Their role though is evolving as they get passed the heavy lifting, allowing analysts and security professionals to analyse hyper-relevant data efficiently. 

An emergency incident can happen at any time, often with very little warning. If an organization wants to prepare an effective response to an evolving threat landscape and better protect both their assets and employees they need to have efficient mitigation and response measures in place. 

Data and intelligence form a pivotal role in emergency management. They allow security and event management teams to discover threats and accurately assess the associated risk levels. With this knowledge, they can enact an appropriate response to remove employees from harm’s way and prevent potential damages to the organization.

Data Performs a Vital Role in Emergency Management 

Some of the ways data and intelligence gathered using Signal OSINT can be used include:

• Better Situational Awareness. Save time and lives by rounding out your situational awareness with commentary, photos and videos posted online by the public and media.

• Misinformation Management. Catch and manage the spread of misinformation in real-time before it spreads to the public and puts lives at risk, wasting precious time and resource.

• Improved Agency Collaboration. Get a better view of what other agencies are doing during an emergency to ensure you allocate people effectively.

• Geo-targeted Risk Assessment. Keep an eye on areas of interest, such as near a location of an event you’re hosting, and watch for disruptions such as extreme weather or terrorist threats near your offices.

Threats, Hazards, and Risks.

There are three main types of threats and hazards. First, natural hazards. This includes extreme weather such as hurricanes, earthquakes, and wildfires. These can cause extensive disruptions to a business. Such events are often seasonal and organizations should monitor for them during high risk months. 

Secondly, technological hazards. These include power outages and infrastructure failures. For example, your business might be affected by your internet provider going down temporarily, or transport links might be disrupted meaning employees are unable to get to work. 

And thirdly, man-made hazards. These include cyber-attacks and data breaches, terrorist threats or threats against assets or executives. These can happen at any time, however, often you can find indications on data sources such as darknet forums before the event.

The Importance of Assessing Risks Appropriately

The more data and information you have the more accurately you can assess the risk level of an emerging threat. For example, you might use Signal to set up real-time alerts on an evolving threat like spreading wildfires. This allows you to continually reassess and determine in a timely manner when or if you need to take action to ensure your staff are removed from harms way. However, there is a fine balance between under and over protection. 

The Risk of Over-protection

Over-protection is when you initiate responses either too early or too extreme. Erring on the side of caution is always a good idea when it come to protecting employees, however, it can be costly and inefficient. 

Over-protection is often caused by the following:

• Personal interpretation of the threat level.

• Not having enough data to form an accurate assessment.

• Not having enough alert levels to allow a staged escalation of measures appropriate for the evolving risk level.

The Risk of Under-protection

Just as with over-protection, under-protection will inhibit the effectiveness of your emergency management response. This can place employees unnecessarily in harms way and means you will be unable to appropriately respond to a threat. The end result of under-protection is invariably higher than necessary associated costs.

To prevent under-protection there are several things that an organization can do:

• Provide clear guidance on risk levels of certain threats and make the response increase easy to implement.

• Continually assess and reassess the evolving threat landscape and update your alert level guidance accordingly.

Other Emergency Risk Management Considerations

We have already mentioned alert levels a couple of times in this article. This is because having clear guidelines and properly gradated alert levels will allow you to respond effectively and efficiently to crises. 

Additionally, your employees should be aware of your response plans, especially to common threats. For example, if your officers are located in an earthquake prone area, have regular earthquake drills. 

Finally, should an emergency happen you need an efficient way to communicate the danger to your employees and instigate the appropriate response.

Signal and Emergency Management

Signal provides hyper-relevant intelligence on evolving threats as or even before they happen. This allows security teams to maximize warning times and enact mitigating measures.

Immediately, this means better protection for staff. This also has additional longer term upsides. For example, it might allow a security team to detect negative sentiment around the brand which allows them to identify and monitor potential threat actors and prevent a threat from evolving. Or, it could allow for a team to have early detection of a data breach, which according to IBM could save an organisation over $600,000. 

What is Threat Intelligence?

Those very same technologies that have allowed globalization, which have brought us all closer together and enabled organizations and brands to achieve the current growth and success they enjoy today, have simultaneously brought with them increased risks. These risks come in the form of increased vulnerabilities and exploitable attack vectors for cyber attackers. Threat intelligence is all about gathering data and knowledge to combat and mitigate these threats. 

Threat intelligence provides organizations with information and context required to effectively predict and even prevent cyberattacks. Additionally, it helps inform security teams of the best practice for both preventative measures and response measures to ensure if there is a cyberattack the resulting costs are minimal. 

In short, threat intelligence is the gathering of evidence-based knowledge to inform action-oriented preventative and reactionary responses to an ever-evolving cyber threat landscape.

The Importance of Threat Intelligence

Threat actors are increasingly persistent, and their persistence pays off. Even the most dedicated professionals can’t help but struggle to keep abreast of every new cybersecurity development. New exploits are constantly being discovered or developed and strategies such as social engineering are increasing in complexity. Security teams need up to date data and intelligence on evolving threats if they are going to be able to develop effective responses.

Additionally, within the corporate world one of the key buzzwords of the last two decades has been “accessibility”. Accessibility to data means organizations have necessarily become reliant on digital processes and almost everything is stored on the cloud. Unfortunately, while accessibility is essential to developing efficient processes, and effectively using big data, it also increases the number of threat vectors that attackers can exploit. According to the IBM 2020 data breach report the longer a data breach goes undetected the more expensive it ends up being for the organization. Primarily then, threat intelligence gathered using tools like Signal OSINT can help organizations detect data breaches earlier, mitigating the eventual costs both reputational and monetary.

The final reason that threat intelligence plays such a pivotal role in today’s security is the distinct lack of skilled cybersecurity professionals. Threat intelligence is a time-consuming business that requires a skilled deft hand to manage. The best threat intelligence solutions use machine learning to automate data collection, then filter and structure data from disparate sources to present only hyper-relevant information to a skilled security team for final analysis. The security team can then use this data to create effective actionable plans based on evidential knowledge. This approach optimizes the performance of both the cybersecurity professional and the intelligence tools being used.

Threat intelligence is actionable — it’s timely, provides context, and is able to be understood by the people in charge of making decisions.

Use Case Examples for Threat Intelligence 

Threat intelligence can be used in a diverse range of strategies which makes it an essential tool for security teams in any organization. It’s most immediate value is in helping prevent an attack by gathering intel on threats in real-time, however, it’s also useful for a broad scope of activities such as managing vulnerabilities, informing decision making, and responding to attacks as or after they happen.

Related: The Role of Threat Intelligence and Cybersecurity in Retail

Prevent an attack

From the time that a vulnerability is found to the time an exploit targeting that vulnerability is available for threat actors is shortening. Security professionals need to know about the vulnerability fast so that they can implement a patch and prevent it from being exploited.

Respond to a Data Breach

Data breaches are costly and often go unnoticed. With the right threat intelligence tools you can determine when a data breach happens fast and take suitable actions to mitigate the costs of any following repercussions.

Manage a Vulnerability

The approach of “patch everything, all the time” is impractical and will likely see organizations fall behind - leaving more serious vulnerabilities open for longer. Threat intelligence can help security teams effectively manage vulnerabilities by giving the salient data to allow them to prioritize patches based on actual risk. 

Risk Analysis

This leads on nicely from the last point. Threat intelligence can help security teams determine the actual risks associated with potential vulnerabilities or attacks by providing additional contextual information. For example, threat intelligence can help security professionals  answer the following questions:

• Which threat actors are using this attack, and do they target our industry?

• How often has this specific attack been observed recently by enterprises like ours?

• Which vulnerabilities does this attack exploit, and are those vulnerabilities present in our enterprise?

• What kind of damage, technical and financial, has this attack caused in enterprises like ours?

Fraud Prevention

Fraud can encompass anything from a fraudulent use of your brand, data, or even impersonation of your employees. For example, an individual might impersonate a doctor and sell fake versions of your prescription medication online.

Incident Response

Having the ability to gather and filter through threat intelligence from across the surface, deep, and dark web in real-time allows security teams to effectively and appropriately respond to incidents as they are happening.

How can Signal threat intelligence improve your organization’s security?

Signal allows our customers to analyze emerging global trends, detect threats in real-time, and then form appropriate security strategies to counter these potential threats as or even before they fully reveal themselves.

One of the key issues that security teams and analysts face is the sheer amount of noise that might surround their brand. Invariably much of this noise is irrelevant to their purposes, however, some of it will be bad. This is why Signal assists with advanced filters with boolean logic as well as features such as our emotional analysis tool.

Data Breaches Aren’t Uncommon 

It’s not just small companies with limited security budgets that have exploitable cyber gaps. Often, in fact, large organizations become targets because of the amount and nature of the data that they hold. Organizations in the healthcare sector, for example, have proven time and again to be a popular targets for cybercriminals.

Another example of a large organization being targeted is Experian. Experian experienced a major data breach in August 2020 where over 24 million records were exposed. The attackers impersonated a client and were able to request and obtain confidential data. Experian claimed that no customer banking information was exposed. Even so, personal information like this could be used in a targeted social engineering strategy to then get Experian customers to reveal further sensitive information such as their banking details.

This isn’t the first major data breach that Experian has had. Back in 2015, 15 million North American customers and applicants had their personal data, including Social Security numbers and ID details, stolen. Perhaps because of this prior experience, Experian understands the risks and are adept at dealing with cyber breaches. They claim that the attacker’s hardware has already been seized and the collected data secured and deleted.

How Much Does the Average Data Breach Cost?

The answer to this question varies between country and is additionally dependent on the sector but in general, can span anywhere from $1.25 million to $8.19 million.

According to the 2020 report from IBM and the Ponemon Institute the average cost of a data breach in 2020 is down 1.5% since 2019 and cost around $3.58 million USD. This works out to be around $150 per record and is a 10% rise over the last 5 years. The report analyzes recent breaches at more than 500 organizations to spot trends and developments in security risks and best practices.

The cost estimate includes a combination of direct and indirect costs related to time and effort in dealing with a breach, lost opportunities such as customer churn as a result of bad publicity, and regulatory fines. Though the average cost of a breach is relatively unchanged, IBM says the costs are getting smaller for prepared companies and much larger for those that don’t take any precautions.

Interestingly, various industries including healthcare appear to be more susceptible targets for attackers. According to the report, healthcare breaches cost organizations $6.45 million per breach, a number that eclipses all other sectors and makes it the ninth year in a row that healthcare organizations have had the highest costs associated with a data breach.

The average cost for per breached healthcare record ($429) is more than double any other industry too and substantially higher than the average, $150, according to the report. Healthcare breaches can often take the longest to identify (up to 236 days) as well.

Data Breaches are Happening all the Time

Data breaches are occurring constantly. Records from large brands with big security budgets and teams as well as much smaller organizations. It’s important that everyone understand the importance of secure digital practices and explores strategies for educating staff to reduce the risk of social engineering tactics.

How do Data Breaches Occur?

Hackers use various strategies to gain access to data. For example, with Experian the attacker leveraged human weakness through social engineering to persuade an employee to give them the data. Other strategies could be exploiting weaknesses such as a misconfigured or unsecured cloud storage. Alternatively a data breach could be the result of a malicious malware or ransomware. 

According to the IBM/Ponemon report around 40% of all incidents were actually due to either cloud misconfigurations or stolen login details. Because of this IBM has urged companies to reexamine their authentication protocol to ensure 2FA is active.

A final note on the ascertaining of data by attackers is around state-sponsored attacks. State-sponsored attacks only make up around 13% of the overall number of attacks according to the report. However, with an average associated cost of around $4.43 million it’s clear that these types of attacks tend to target high-value data and this results in a more extensive compromise of victims' environments.

The energy sector, commonly targeted by nation-states, saw a 14% increase in breach costs when compared to the prior-year period, with an average breach cost of $6.39 million.

How can Organisations Reduce the Cost of Data Breaches?

“The average time to identify and contain a data breach, or the "breach lifecycle," was 280 days in 2020. Speed of containment can significantly impact breach costs, which can linger for years after the incident.” - Source 

By having mitigation measures in place IBM/Ponemon estimate companies can reduce the cost of a breach by an average of $720,000. 

According to their report those companies which had automated technologies deployed experienced around half the cost of a breach ($2.65 million on average) compared to those that did not have these technologies deployed ($5.16 million average). 

Security response times were also reported to be ‘significantly shorter’ for companies with fully deployed security automation – these companies are as much as 27% faster than their counterparts at responding to breaches.

Security tools like OSINT platforms not only enable a faster breach response but a significantly more cost-efficient one as well, which as the security professional shortage persists is of absolute importance.

Final Thoughts

With our increasing levels of digitisation, our growing reliance on the cloud, and the complexity of security systems paired with human error there are more attack vectors than ever before for hackers to exploit. 

A data breach could involve anything from publicly available data being scraped and sold off to spammers, to online banking and credit card information being stolen. The longer a data breach goes undetected the longer the threat actors have to utilize this data causing more harm as time goes on.

Having the right tools and processes in place will allow you to detect data breaches early or even prevent a data breach from happening in the first place. With the steadily rising cost associated with data breaches, this could save an organization millions in the long run.

Whether they like it or not, many organizations have been forced to adopt work from home practices to continue operating. Working from home isn’t new. In fact, between 2005 and 2017 the numbers of people that were able to work from home grew 156%. However, it has generally been seen as a bonus rather than a given and more traditional workplaces have been resistant. 

Despite the fact that 49% of office workers have never experienced working from home before, this experiment has largely been a success. Empowered with communication tools like Slack, Microsoft Teams, Google Hangouts. and Zoom, teams have had deep connectivity even from their own living rooms and many organizations have actually seen increased productivity.

Even so, the challenges of working from home are enormous and are invariably compounded by technological difficulties and poor home security practices.

Security teams, in particular, are feeling the pressure. With numerous workers now operating outside the corporate network security controls, new attack vectors have been opened up which are being exploited by cybercriminals.

Cybercriminals Taking Advantage of the Pandemic

Several security providers have put together data sets which show clear spikes in malicious activity since the beginning of the pandemic. McAfee created its own coronavirus dashboard which shows malicious detections quickly growing from the hundreds into the thousands over the last six months. The most common threat type has been Trojans with Spain and the US being clear outliers in the number of threats detected.

As of August, there were nearly 2 million malicious detections against over 5,500 unique organizations. McAfee go into detail about the families and types of attacks that they’ve seen a spike of cases in since the pandemic began.

WFH challenges for security teams

We’ve established that cybercriminals are taking advantage of the security breaches created by a sudden adoption of working from home but what is it exactly that makes working from home lees secure and what exactly are the security flaws threat actors are targeting?

Working from home doesn’t necessarily mean working from home, it could also mean working from anywhere and many workers have already figured that out. This means workers can (in theory) escape their houses and head out to cafes, restaurants, libraries or other public spaces with free WiFi networks. Zoom, with its virtual background feature, has incidentally supported this. The key issue with this is when workers operate on unsecured open networks. 

Ultimately security professionals have to try and ensure device security and data protection in the work from anywhere model - a challenge made significantly harder with over 50% of employees using their own devices during this period. IT teams have tried to make the security transition easier, with some 70% increasing VPN use among employees, however, 1 in 4 workers according to the Morphisec report were unfamiliar with their company’s security protocols.

This challenge for security professionals has resulted in the majority of security professionals seeing a sizeable increase in workload since their companies began corporatewide remote work. And while most of the transition to WFH went smoothly, respondents reported an increase of security incidents, with the top issues including a rise in malicious emails, non-compliant behavior by employees and an increase in software vulnerabilities.

What can be done to improve WFH security?

Security teams have had years to develop best practices for combating the ever-evolving cyber threat landscape. The sudden move to work from home though has shifted power away from them and brought a greater reliance onto workers who simply do not have the expertise to maintain proper cybersecurity protocols. 

Worryingly, 20% of workers said their IT team had not provided any tips as they shifted to working from home. This has opened exploitable attack vectors and introduced new challenges for security professionals. This though isn’t to say that there is nothing that can be done.

Step 1: Control the WFH Environment

This is all about educating employees about best practice and the reasons for these practices when working from home. For example, informing them not to use open networks.

Step 2: Control the WFH Computer

It’s a good idea to supply the computer being used so that you can install the proper security softwares and control access to sites which might offer security risks as well as maintaining control over permissions.

Step 3: Improve your Phishing Responses 

The crossover between home life and work life extends beyond the location. People are more likely to spend time on social media networks and working on private projects than they would be if they were in the office. This opens them up to more phishing campaigns so it’s important they know how to avoid falling for them.

Step 4: Restrict Remote Access to Sensitive Documents and Data

Lockdown permissions and access to sensitive documents and data. If they really need access they can communicate this need with you directly and you can ensure it is done securely and safely. 

Step 5: Monitor Surface, Deep and Dark Web for Emerging Cyber-Threats

Use an OSINT tool like Signal to monitor for cyber threats, planned attacks and data breaches.

Step 6: Encourager VPN Usage

VPNs are a simple and easy way to improve security. It’s worth ensuring the company has a quality VPN service that doesn’t slow a users internet connection unnecessarily as this might persuade workers to turn it off.

Step 7: Don’t Allow Split-Tunnels

Split-tunnelling allows a user to access networks through both the encrypted VPN service and a potentially unsecure network simultaneously.

The Role of Threat Intelligence for Improving Work From Home Cybersecurity

One of the key benefits of using an OSINT solution like Signal is the ability to create customized searches with Boolean logic to uncover hyper-relevant threats in real-time with SMS and email alerts. 

Ways that this has been used in the past to improve cybersecurity include:

• Early detection of data breaches. The average cost of a data breach in 2020 is $3.86 million. The earlier you catch a data breach the faster you can take action to mitigate the associated financial and reputational damage.

• Discovery of new cyberattack strategies, exploit kits, phishing tactics which were talked about or for sale on the dark web.

• Organizations have uncovered attacks that are yet to be carried out. This is true for both physical attacks against an asset or person as well as cyberattacks. For example, details of a phishing strategy and the targets within the organization were discovered after being talked about in a darknet forum. 

• Monitor employee online activity. For example, this can allow security teams to identify employees who have been targeted and even blackmailed by cyber attackers for access to company data.

High profile executives and VIPs are more likely to receive threats of violence, be at the centre of negative online noise, and to be the target for both cyber and physical attacks. This, when paired with their busy schedules (which often involve travel), makes staying ahead of potential threats a particular challenge for their security teams. 

Attackers have a variety of reasons and goals for targeting executives and VIPs. It could be anything ranging from a reaction to company layoffs, to kidnapping for ransom. Whatever the reason though, security teams need to be able to spot the threats, understand the motives, and implement an effective response in a timely fashion.

In this article, we take a look at 6 key ways Signal OSINT is used today by customers to advance protection measures for high profile executives.

How Can Signal OSINT Improve your Executive Security?

Discover private information published online

There are several reasons that an individual might publish private information online. Often, it is in anger or as some form of revenge. The kind of information that has been found published online includes: names, email addresses and logins, physical address, details about an executives families, passport details, medical information, credit card and bank details, and SSN’s.

Having such information leaks opens up an executive to a wide range of potential threats. As a security professional, it is vital to know if and when there is a data breach so that the threat can be neutralized. The longer data is available online the more risk there is. For example, if card details are discovered online the bank can be contacted and the card cancelled.

Read: Detecting and Mitigating the Risks of Data Breaches 

Identify direct threats

Sometimes threat actors are more direct in the way they threaten executives. This could, for example, be a direct threat of violence through an email, instant messaging service or public forum like social media. While the majority of such threats come from so-called “keyboard warriors” there are some which will require further attention and action. 

For example, discussions might be uncovered on the dark web forum with details of a planned attack on an executive. With the prior knowledge of the attack action can be taken to reduce the associated risks.

One way to differentiate between someone that is simply venting their anger on a public forum and someone who genuinely might take action is to look for repetition of negative sentiment.

Emotional analysis

Emotional analysis gives data extra context which allows it to be better understood enabling a more effective and accurate response to the potential risks. 

It also allows you to differentiate between when a negative comment is simply that, a negative comment, or when it needs more serious attention, for example, it’s evolving into a physical threat.

Read: When Does Negative Sentiment Become a Threat? 

Misinformation is spreading about an executive

The spread of disinformation is problematic on a number of levels. For example, throughout COVID-19 misinformation has been spread regarding the virus, it’s root causes and best prevention practices. This has harmed efforts to curtail and control it. Another recent example is the role of misinformation in the 2016 US election. 

There are numerous reasons that individuals and organizations spread misinformation, it could be part of a phishing campaign or an international political assault, for example. Whatever the reason the results are almost always harmful. When an individual spreads misinformation around a CEO or other executive there are real ramifications for brand and reputation which need to be managed.

To combat misinformation organizations need to be equipped with the right tools and understand both what they’re looking for, and the reasons for spreading misinformation.

Disruptive events are planned which could prove a threat to executives.

Events such as protests planned at or near an office or manufacturing location could present logistical problems and delays as well as potentially devolve into riots which would represent a physical threat. Having intelligence on the events and any salient information regarding individuals or groups looking to create trouble will allow you to take appropriate precautionary measures and prevent a threat from escalating.

Travel risks

All travel comes with some inherent risk. However, it is more pronounced for executives who are at increased risk due to the regularity of their travel and high profile.

Additionally, events like extreme weather or terrorist action may make a destination unsafe. As such, having an OSINT solution such as Signal offering an early warning of any particular dangers will enable you to plan alternative routes and otherwise avoid high risk scenarios.

Read: 4 Aspects of Effective Executive Travel Risk Management 

Early warnings with real-time data

Using Signal you can create customized alerts filtered via specific keywords, phrases or even locations. We also have a built-in translation tool so that data can be searched across languages and automatically translated into your default language.

Additionally, you can run alerts through our emotional analysis tool to determine how much of a threat any particular alert is. Finally, get our optional Sapphire bolt-on and utilise our skilled data analysts to further refine your results. 

This approach allows your leave your intelligence gathering on autopilot and not only effectively reduce costs but vastly increase the scope of your monitoring ability and the overall amount of hyper-relevant intelligence at your fingertips. All of this allows you to gather actionable intel in realtime.

Find out more about Executive Protect with Signal…

Social engineering is an attempt by attackers to fool or manipulate others into surrendering access details, credentials, banking information, or other sensitive data. Once access is gained the general goal is to gain money. 

Recently, for example, Twitter was subject to a high profile social engineering attack. Attackers manipulated several Twitter employees to gain access to the platforms admin accounts. Once they got access they used the admin privileges to post a tweet saying “All Bitcoin sent to our address below will be sent back to you doubled!”  They posted on a number of celebrity and company profiles including Apple, Bill Gates, Elon Musk and Joe Biden.

Twitter shut the attack down quickly but not before the attackers got away with an estimated $120,000 USD worth of Bitcoin.

Social engineering is a creative strategy for attackers to exploit human emotion and ego, generally for a financial reward. It often forms part of other strategies as well such as ransomware. 

In this article, we take a look at some of the more common forms and tactics of social engineering as well as exploring just how an organization can protect itself from such an attack.

What are the stages of a social engineering attack?

In general, social engineering attacks are implemented in three stages.

1. Research. Attackers perform research to identify potential targets as well as to determine what strategies might work best against these particular targets. Attackers will likely collect data off company websites, LinkedIn and other social media profiles and potentially even in-person.

2. Planning. Once the attackers know who they will be targeting and have an idea of the targets potential weaknesses, they have to put together a strategy that is likely to work. The attacker needs to design the strategy and specific messages they will use to exploit the target’s individual weaknesses. Sometimes discussions surrounding plans can be found on darknet forums.

3. Implementation. The first stage of execution of their prepared strategy is often sending messages through email, social media messaging or some other messaging platform. Depending on their approach the entire process could be automated, targeting a broad number of individuals, or it might be more personal with the attacker interacting personally with their victim. Generally, they are aiming to gain access to private accounts, uncover banking or credit card details, or to install malware.

6 of the Most Common Social Engineering Attack Strategies

1. Phishing and Spear Phishing.

Phishing messages are designed to get a victim’s attention with an alarming or curious message. They work on emotional triggers and often masquerade as well known brands making it seem like the messages come from a legitimate source.

Most phishing messages have a sense of urgency about them causing the victim to believe that something negative will happen if they don’t surrender their details. For example, they might pose as a banking institute and pretend to be a fraud notice asking them to log into their account immediately, however, the email actually links to a fake login page.

Spear phishing is similar but with a more targeted individualistic approach.

2. Baiting.

A baiting attack generally pretends to offer something that the victim would find useful, for example, a software update. However, instead of a useful update or new software, it is, in fact, a malicious file or malware. 

3. Scareware. 

Playing on the targets fear this approach seeks to persuade the target that there is already a malware installed on their computer, or perhaps seek to persuade them that they already have access to their email address. This attack will then persuade the target to pay a fee to remove the malware. 

4. Pretexting.

In a pretexting atack the attacker creates a fake identity and they use it to manipulate their victims into providing private information. For example, the attacker might pretend t be part of a third-party IT service provider. They would then ask for the users account details and password in order to assist them with a problem. 

5. Quid Pro Quo. 

Similar to baiting, a quid pro quo attack promises to perform an action which will benefit the target. For example, an attacker might call an individual in company who has a technical support inquiry and then pretend to help them. However, instead of actually helping them they get the individual to compromise the security of their own device.

6. Tailgating.

Tailgating is a physical type of social engineering. It enables criminals to gain physical access to a building or secure area. An example of how this might work would be the criminal following behind someone authorized to access an area, they ask the person ahead to simply hold the door for them assuming an air of innocence.

How to Prevent Social Engineering

One of the key reasons social engineering is so difficult to protect against is because of the variety of ways it can be implemented. Attackers can be incredibly creative and this can make it very hard to spot a social engineering attack. Additionally, security professionals have to contend with skilful manipulation of the human ego.

Social engineering attacks exploit human behaviour. They target peoples fears or concerns often with messaging that centres around urgency attempting to encourage victims to take action immediately before they figure out they are part of a social engineering attack. Key to prevention then is remaining suspicious of emails, voicemails, or instant messages through platforms such as Facebook. 

Additionally, security teams need to stay ahead of the attackers. They need to be aware of each variation of a particular social engineering attack. Using OSINT tools, for example, they can learn about current messaging and strategies being implemented as well as potential exploits. Allowing them to take actions to mitigate evolving and emerging threats.

Increased awareness and vigilance though is only the first step. These attacks are common because they are effective, and they are effective because they take advantage of inherently human traits. Changing this human behaviour though doesn’t happen overnight. An internal education strategy needs to be put in place to regularly inform and teach employees about current social engineering strategies in an effort to reduce the potential for any employee to fall prey to one. In these ways, security professionals can mitigate the potential risks that surround social engineering attacks.

Ransomware is big money and is a rapidly growing cyberattack strategy. The market has expanded massively since the advent of secure and untraceable payment methods such as Bitcoin. Emsisoft estimates that ransomware costs for US organizations in 2019 was in excess of $7.5 billion. Compare this to four years prior when in 2015 ransomware damages totalled around $300 million.

Some markets are particularly prone to ransomware attacks such as medical organizations and public services. And there have been several high profile cases involving these industries over the last few years. Attackers know that with lives literally on the line organizations in these fields are likely to simply pay the ransom to make the problem go away. Most recently Garmin technology company has been held to ransom with attackers using the WastedLocker ransomware seeking a ransom of USD$10 million.

In this article, we explore in detail what ransomware is, how cybercriminals utilize and what strategies organizations can employ to ensure they are protected from ransomware attacks.  

What is Ransomware?

Ransomware is a form of malware. It can take various forms but generally it functions in one of two ways:

• Crypto ransomware. This malware encrypts the files on a computer so that the user cannot access them.

• Locker ransomware. This malware locks the victim out of their device or out of particular files, preventing them from using it. 

One thing all ransomware attacks have in common is that the target won’t be able to regain access to their files unless they pay the attackers a hefty ransom to unlock the files.

Ransomware has grown in popularity over the last few years in the wake of cryptocurrencies which makes it safe to receive their ransom payments. The cost of a ransomware attack can range from a few hundred to thousands of dollars depending on who the target is and how valuable the attackers believe the files they have locked out of reach are. 

Probably the most common delivery system for ransomware is phishing scams. For examples, a virus masquerading as an email attachment can, once downloaded and opened, easily take over a victims computer. Another strategy is through social engineering which is growing in popularity with cybercriminals because of the better strike rate. A recent example of a successful social engineering attack was perpetrated against Twitter employees. Attackers were able to get aways with an estimated 12.85BTC, nearly US$120,000.

The encryption strategy for malware is the more common of the attacks. The result of this attack is that the victim will not be able to decrypt their files without a mathematical key known only to the attacker. The user will be presented with a message when they attempt to open their files saying that their documents are now inaccessible and will only be decrypted if the victim sends an untraceable cryptocurrency payment to the attacker’s wallet.

To encourage prompt payment attackers might masquerade as law enforcement and demand the payment as a fine. If the victim does have illegal or illicit files or programs on their device, such as pornography or pirated software or movies, then they may be more likely to pay without asking questions and without reporting the attack.

12 Ransomware Examples from the Last Decade

Ransomware has been around for decades. However, it was only after the advent of cryptocurrencies that it began being a favoured strategy for cybercriminals. Cryptocurrencies allow for them to collect untraceable completely anonymous payments. Some of the worst offenders have been:

• CryptoLocker is an older malware threat, and while it isn’t in broad circulation anymore during it’s peak it infected some half a million machines. Cryptolocker is a Trojan horse that infects a device computer and then searches the computer as well as additional connected media including; external hardrives, cloud storage, and USB sticks, for files to encrypt. 

• TeslaCrypt is a variation or copycat of CryptoLocker. TeslaCrypt started by using social engineering to infiltrate devices and later used phishing emails as well. It heavily targeted gaming files and saw numerous upgrade improvements during its reign of terror.

• SimpleLocker was another CyrptoLocker styled malware. However, it’s key difference was that it focused it’s targeting on Android devices.

• WannaCry is a ransomware worm. What this means is that it spreads autonomously from computer to computer using EternalBlue, an exploit developed by the NSA and then stolen by hackers.

• NotPetya also used the EternalBlue exploit. It is thought to be part of a Russion-directed cyberattack against the Ukraine. However, it expanded autonomously to infect a broad range of organizations.

• Leakerlocker was first discovered in 2017 and targeted Android devices. Rather than encrypt files, it threatens to share your private data and browsing history unless you pay the ransom.

• WYSIWYE, stands for “What You See Is What You Encrypt”. Discovered in 2017, this ransomware scans the web for open Remote Desktop Protocol (RDP) servers. It then allows for a customized attack with an interface through which it can be configured according to the attacker’s preferences.

• SamSam has been around since 2015 and has affected devices in a number of waves of attacks. It utilizes vulnerabilities in remote desktop protocols (RDP), Java-based web servers, file transfer protocol (FTP) servers or brute force against weak passwords It would then spread to numerous devices. It primarily targeted public services and healthcare effectively bringing entire organizations to halt.

• Ryuk first appeared in 2018. It is specifically used to target enterprise environments. It is often used in combination with other malware like TrickBot for distribution.

• Maze was first discover in 2019. The MAZE ransomware has been used in attacks that combine targeted ransomware use, public exposure of victim data, and an affiliate model. The ransomware was initially distributed via spam emails and exploit kits before later shifting to being deployed post-compromise.

• GandCrab currently holds a large portion of the ransomware market and may well be the most lucrative ransomware ever. Its developers, which sold the program to cybercriminals, claim more than $2 billion in victim payouts as of July 2019.

• Thanos is a Ransomware-as-a-Service (RaaS) operation which allows affiliates to customize their own ransomware through a builder offered by the developer. It was first discovered by security professionals being talked about on a Russian darknet forum. It is the first to use the RIPlace technique, which can bypass many anti-ransomware methods.  

Dealing with Ransomware

Prevention is always the best policy when it comes to dealing with cyber attacks. Using tools such as Signal you can stay up to date with the most common strategies and one step ahead of cybercriminals. However, if you become the victim of a ransomware attack, it is advisable not to pay the ransom. If you do so there is now guarantee that the cybercriminal will return your data, they are thieves after all. Additionally, it fuels the profitability of the ransomware business making future attacks more likely. So what can you do?

Decryption

For many ransomwares, especially the older ones there are decryption tools which have been developed. The first step then is to contact your internet security vendor and determine if decryption is possible. If this initial strategy fails you can visit nomoreransom.org. The No More Ransom site is an industry-wide initiative designed to help all victims of ransomware.

Recovery

It’s good practice to back-up your data regularly on both external hard drives as well as on cloud storage. If you have done this it becomes possible to simply recover the data which is currently being held hostage. There are of course some scenarios where this won’t be possible, for example, if the malicious actor is threatening to share private information rather than having simply encrypted your device.

Preventing Ransomware Attacks

Good security practices will help prevent you from falling victim to ransomware. These defensive steps will additionally help protect you against other generic cyber attacks. 

Four basic steps that every organization should take to mitigate the threat of cyber attacks are:

• Keep all operating systems up to date and patched. Doing this will ensure that there are few potential vulnerabilities that malicious actors can exploit.

• Do not allow a software admin privileges unless you are confident in its safety and know exactly what it is and what it does.

• Ensure you have an active and up to date anti-virus software installed on all devices. This will allow you to detect and block malicious programs like ransomware as they arrive.

• And, as we said in the section above, back up all your files regularly. This last point won’t help protect against ransomware or other malware but can help mitigate the damages that your organization might suffer.

The Role of OSINT in Defending Against Ransomware

While open source intelligence tools can’t prevent ransomware, they can help organizations mitigate the potential damages. 

Securing the supply chain

Supply chains can stretch across continents with potentially hundreds of suppliers and manufacturers all around the world bearing responsibility. Should any single part or resource be in short supply, then assembly lines can be brought to a halt resulting in costly delays at the very least. 

There are numerous threats to the supply chain, one of which is malware and in particular regard to this article, ransomware. A key example of this is when the shipping giant Maersk had their IT systems taken out by a malware NotPetya. This resulted in their IT systems being down for days and many deliveries being delayed despite Herculean logistical efforts by the company. 

Using OSINT tools you can learn whether an organization on your supply chain has been affected by ransomware in real-time which will allow you to take the necessary actions to mitigate the damage this has as their production or logistics is slowed.

Industry Targeting

It’s not unusual for malware to exploit weaknesses which are specific to an industry. For example, the Healthcare industry is particularly susceptible to ransomware as a delay in returning their operations to normal could result in patients deaths. Indeed a leading medical-research institution working on a cure for Covid-19 were forced to pay hackers a $1.14m USD ransom because of a ransomware attack.

Using OSINT tools you can monitor your own specific industry to determine what strategies and exploits are currently being used by cybercriminals against like companies. Determining this will allow you to take extra and specific precautions to fend off similar attacks which could potentially be turned on you.

Detect New Ransomware and Strategies

Cybercriminals are continuously evolving and updating their strategies and the ransomware that go with them. We are unlikely to see the end of this development. 

By using OSINT to monitor darknet forums and market places security professionals are able to learn about the newest strategies being employed, the most recent weaknesses being exploited, and the most current software being utilized. Armed with this knowledge they are much more able to develop effective countermeasures as well as actively prevent ransomware infection.

The dark web isn’t inherently bad or evil. It’s not illegal to be anonymous on the web. However, the unfortunate truth is that there are plenty of people who are willing to take advantage of the anonymity lent by the dark web and to undertake some form of illicit activity.

Cybercriminals use the dark web as a means to communicate about all manner of activities, from planning cyberattacks to the selling of illegal goods or stolen data.

On top of this, with distrust growing towards governing bodies and large corporations around data privacy dark web communities are thriving. More people are becoming familiar with the dark web for both legitimate and illegitimate reasons, a fact that should cause security professionals increasing concern.

On the flip side, many security professionals actually shy away from the dark web. It is an online region surrounded by an ether of mystery and myth. However, while certain parts of the dark web should only be accessed with the utmost skill and caution, the basics of the dark web need to be understood by all members of the security community.

The difficulties of accessing dark web forums

There are numerous challenges that security professionals face when they come face to face with the dark web. The first of which is actually finding the dark web forums where illicit activity is taking place.

The first step to locationg dark websites is through various directory lists. These easy to locate sites and forums, however, are unlikely to be where the really important things are happening. Instead it’s more likely to be filled with amateurs and more innocent activity. Additionally, these lists often become outdated quickly as dark web domains change frequently.

In order to locate more relevant darknet forums for the purposes of security research, there are strategies which can be employed, for example, snowball sampling.

Snowball sampling is a method which involves creating a web crawler that takes a root URL and crawls the website for outgoing links. Generally, this will then return a large number of dark web URLs. This works particularly well for dark web forums as people often link to other sites in comments or posts. Done incorrectly though could draw attention to your bot and have the admin block you.

The dangers of accessing dark web forums

Accessing the dark web should be done with care and caution. It is in some ways like the last frontier, the wild west. It provides a training ground for new techniques and strategies for experienced and inexperienced hackers alike. For a security professional, getting to know these new techniques is vital for the efficacy of your security strategies.

A few key safety concerns and the dangers of the dark web are as follows:

• Breaking the law. Law enforcement officials operate on the dark web to catch people engaged in criminal activity. Like others on the dark web, law enforcement can do their work under a cloak of anonymity. It’s important to remember that you can be prosecuted for things you do on the dark web and thus to behave in an appropriate and legal manner.  

• Viruses. Unsurprisingly a lot of hackers on the dark web would be more than willing to turn their talents and attention to you should you accidentally cross them. Some websites will infect your device with viruses and any and all links or downloads should be viewed with suspicion. There are a lot of viruses to watch for, from ransomware to spyware and everything in between. Additionally, if you do click any links you may be taken to the material you don’t want to see that many people would find disturbing. 

• Webcam hijacking. It’s smart practice to cover your webcam with a piece of tape or plastic when you’re not using it. This is because some people may attempt to gain access to your device’s webcam by using a remote administration tool (RAT). The risk of this happening increases exponentially when you enter the dark web.

Remember: You use the dark web at your own risk and you should take necessary security precautions such as disabling scripts and using a VPN service.

Why do security professionals need to surveil dark web forums?

We’ve talked about the dangers and difficulties of accessing and finding relevant dark web forums for security research. Why though should accessing these dark web forums be a priority for security professionals and how can one effectively monitor these forums for potential threats?

Identify new hack strategies. 

The dark web is where many cyber criminals go to learn as well as to purchase things like exploit kits. Monitoring the dark web, being able to investigate and understand the methods and mindsets of hackers is essential to enable security professionals to develop counter strategies.

Discover physical threats or plans against your organization or executives.

Terrorist organizations, violent far-right dissenters, and others who intend to commit or openly discuss violence against others can be found on dark web forums. One example of this is the shooting which took place in a mosque in New Zealand on the 15 March 2019 which killed 51 people.

This attack was talked about before and during the attack on forums such as 8chan. Pictures of the weapons that would be used were shared along with a 74 page manifesto. Conversations around the event appeared with numerous like-minded individuals actively in support.

This is an extreme, worst-case scenario. But it absolutely highlights the necessity for security teams to have the tools to effectively monitor dark web forums.

Listen and filter noise around your organization’s name. 

There is a lot of noise on the internet. Inevitably some of it may be about your organization and it’s more than likely that not all of it will be good noise. Because of the nature of dark web forums, there is an increased likelihood of discovering negative noise about or relating to your organization.

With the right tools, such as Signal paired with our emotional analysis tool Spotlight, you can identify persons of interest and more closely monitor future activity around them. 

Additionally, discussions around stolen data for sale, as well as things like exploit kits are often discussed on the dark web. Identifying these threats as soon as they appear will allow you to take appropriate action to mitigate these threats and reduce any potential damages.

Dark web monitoring solutions: Signal OSINT platform

With an ever increasing amount of Cyber activity it is more important than ever for organizations to mitigate the potential risks of cyber threats, attacks, and data breaches. As the traditional Physical Security and Cyber Security worlds converge, Signal cyber feeds provide the ability to expand areas of interest and boost potential Cyber threat intelligence.

Cyber feeds that are accessible with a Signal subscription include:

• Onion/Tor – Anonymous network requiring Tor browser (AKA as Dark Web)

• I2P – Invisible Internet Project

• ZeroNet – decentralized web-like network of peer-to-peer users

• Open Bazaar – a fully decentralized marketplace

• Telegram – a cloud-based instant messaging and voice over IP service

• Discord – a VOIP application and digital distribution platform

• IRC Chat – instant relay chat

The information available on these additional Cyber feeds can help identify a number of potential scenarios including;

• Hacking for hire

• Compromised accounts & servers

• Sale of financial data

• Sale of counterfeit and/or stolen goods

• Money laundering

• Sale and/or publication of personal information such as SSN, email, phone numbers

• Discussions on and/or exposure of data breaches

Related: What is OSINT and how is it used for Corporate Security?

There are good reasons why the fictional characters like Varys (Game of Thrones) are so influential in their respective worlds. The more information you have the more you can tailor and optimise strategies for your preferred outcome. However, whereas Varys has to contend with political scheming, assassination attempts and dragons, the modern (and real) world has a much broader plethora of potential attack vectors, many of which were unimaginable just 20 years ago.

Thankfully for security professionals, the broadening net of threats exists in a symbiotic relationship with intelligence sources and security tools. What this means is that while, yes, there are now more threats to contend with, there are also more solutions and tools. For example, artificial intelligence (AI) enables Centaur approaches that far exceed human or machine only results. 

In this article, we take a look at how Open Source Intelligence (OSINT) can be and is being used to arm security teams with the ability to gather and analyse vast quantities of data and then enact effective plans to mitigate damage and even prevent threats. 

What is OSINT?

OSINT, as the name suggests, is data gathered from all publicly (openly) available data sources. These data sources could be anything from government records or archives, online discussion forums, blogs, social media posts, or the comments on those posts. 

OSINT allows you to collect data from all of those sources at once, and because of the sheer amount of information that is shared and discussed continuously on every fathomable topic, it is an incredibly powerful tool. There are billions of historical records and millions more being posted every day. You can use OSINT to identify physical threat made against your organization or executives, discover data breaches, uncover terrorist plots and even get breaking news as it is happening.

In many situations, expert data analysts with OSINT tools can identify malicious actors and discover relationships, information which can be used to enhance a privacy and security plan.

How Organizations use OSINT

The need for organizations to employ OSINT as part of their corporate security processes is becoming increasingly more evident. Interestingly though the use of OSINT has been neither formalised nor widely adopted. It often takes a particular scenario to unfold before they even consider it. 

A common example is a data breach. According to the Ponemon Institute’s 2018 Cost of a Data Breach Study, the average amount of time for a company to detect a data breach was 197 days. More often than not, the organization was not the first to know either. Utilising OSINT allows you to learn of data breaches as soon as discussions begin online, for example, the hacker offers up your data for sale.

This is just one way in which OSINT is used by businesses. The use of intelligence is immensely versatile. You can detect physical threats to assets or staff, determine travel risks, discover brand hazards, secure your social media channels and cybersecurity and more.

Despite the versatility of applications for OSINT tools it still often takes a worst-case scenario for an organization to decide to finally employ OSINT solutions.  

Applications of OSINT as Cyber Intelligence

Most people freely share a large amount of data about themselves. In fact, in this day and age, it’s hard not to share your data. For example, almost everyone has a phone number, this phone number is likely connected with your name, address, date of birth, and email address. It might even be linked with your broadband connection and subsequently your IP address. 

As an example, in 2019 T-mobile had a significant data breach. Thankfully, it appears they spotted and responded quickly, but not before some 1 million records were exposed. They were able to mitigate the damage but not prevent it. Other companies have historically been less quick to respond such as TerraCom and YourTel America who had to pay out $3.5 million USD collectively in damages in 2015 after their data breaches. Organizations also need to remember how everyday activities expose other forms of data such as shopping habits through credit card usage and location through fitness apps. 

Intelligence isn’t just important for detecting breaches or hacks. It is also vital if organizations want to protect their staff from physical threats or from being exploited via phishing scams. For example, a company’s employees will likely all have social media accounts such as a LinkedIn account which details their roles and responsibilities. This information can be paired with information from other social profiles or information shared online and can, when used properly, become valuable intelligence on how an organization runs, who’s responsible for what, and even who a malicious actor should target.

Because of the various methods that security teams can use intelligence to protect a businesses interests having a dedicated team, armed with powerful OSINT tools like Signal, could save them from serious reputational and financial damages.

Examples of threats that Signal OSINT can detect and help protect against

• Counterfeit or stolen property listed online - for example, counterfeit drugs.

• Employee conduct, threats and harassment on social media.

• Frustrated, angry or threatening customer correspondence.

• Merger, acquisition & organizational partnership discussions - this could be important for ensuring smooth operation of the supply chain, for example.

• Sensitive information publicly disclosed – accidentally or intentionally.

• Inaccurate, harmful or out of date information.

• Presence of fake websites, fake invoices or scams targeting customers, staff or the organization - for example, a phishing website made to look like a banking institutes website and designed to encourage users to enter their password combination. 

• Credentials from data breach & compromised accounts belonging the organization.

• Unsavoury relationships, membership or pending court action related to the organization.

The Results of Employing Powerful OSINT Tools

Experienced hackers and cybercriminals will understand the public nature of the channels and as such are likely to attempt to avoid actions that expose their intentions. However, OSINT doesn’t stop at the surface web, tools like Signal can give analysts and security teams access to data from sources such as the dark and deep web and even private dark web forums as well as more obscure surface websites. 

The purpose of OSINT research is to provide teams with a thorough foundation of knowledge. Teams can subsequently use these insights to develop actionable plans to either prevent a threat from fully emerging, or minimise the damages of a current or recent attack.

One of the key issues that security teams and analysts face is the sheer amount of noise which might surround their brand. Invariably much of this noise is irrelevant to their purposes, however, some of it will be bad. This is why Signal assists with advanced filters applying boolean logic as well as features such as our emotional analysis tool.