Open-Source Intelligence (OSINT) tends to be most frequently discussed in the context of defense, law enforcement, national security, and all sorts of other high-profile use cases that make the local and national news. But the need for a robust OSINT program is not limited to those headline fields – far from it. Here at Fivecast, we’ve noticed an ever-increasing number of private sector organizations taking an interest in improving their OSINT capabilities for the same reason that folks in law enforcement, intelligence, and national security have been investing in OSINT for years: the enormous amount of publicly available data generated on social media platforms every day contains nuggets of information that are vitally important for corporate security, investigations, and due diligence teams to uncover and include in their analysis.
Why does the Corporate Sector need OSINT?
In this blog, we’ll discuss four use cases that OSINT is particularly relevant to in the corporate space – protective security, due diligence, insider threat and theft, and supply chain risk management (SCRM). There are, of course, many other issues that investigative teams must look at on a regular basis – and OSINT makes tracking and solving those issues much easier as well. At its core, OSINT represents another tool in the security and investigations toolbox, and an AI-enabled OSINT solution like Fivecast ONYX helps corporate security teams collect and analyze diverse and huge volumes of online data faster, more reliably, and at a greater scale than ever before – all with minimal disruption to pre-existing workflows.
Protective Security
For corporate protective security teams tasked with protecting facilities, employees, and other company assets, the ability to detect risks and separate posturing from true threats is invaluable. It is also nearly impossible if this risk detection and analysis is done manually – or by relying on OSINT tools designed for marketing teams. By using OSINT solutions like Fivecast ONYX that can automate the data collection and provide valuable analytical time savings, corporate security teams can focus on what they’re good at – using their experience and insider knowledge of the company to identify, prepare for, and mitigate the highest priority threats being made online.
Due Diligence
Due Diligence can mean a lot of different things depending on the context. In each of those contexts, though – whether that’s Know Your Customer (KYC), Anti-Money Laundering (AML), Counter-Terrorism Financing (CTF), or fraud detection – analysts can immensely benefit from the inclusion of OSINT into their process. Personal but public interactions and behavior online that the poster(s) did not consider may reveal unknown, illegal, or simply unreported relationships that could put a deal under threat or severely damage the reputations of the companies involved. Finding those needles in the immense haystacks of public data online can be very difficult, but it need not be as time-consuming as it has been in the past – the ability to conduct simple, reliable analysis of the publicly available data associated with a company, its executives, and other key players in a deal can go a long way towards building trust between parties and ensuring that companies do not inadvertently run afoul of sanctions, regulations, or laws.
Learn more about how OSINT can support Due Diligence:
Request the Enhanced Due Diligence Blog
Insider Threat & Theft
Whether physical or related to the exfiltration of sensitive corporate data, insider threats keep corporate security teams across the world awake at night. And that’s because an employee, contractor, or someone with approved access to physical and/or electronic systems can often wreak far more havoc more quietly than even the loudest external critics. This damage can come in the form of violent attacks but can also be in the form of stolen data, intellectual property (IP), or even goods and materials for illegal resale. Fivecast ONYX has proven invaluable to investigators in the past when seeking to identify when and where people are selling stolen goods or to assess the potential for any type of behavior that places the company and its employees at risk. The volume and velocity of analysis that OSINT delivers makes it exponentially easier for insider threat teams to rapidly assess the threat level posed by anyone who is displaying signs of suspicious activity.
Read more about how Insider Threat detection can be enhanced with OSINT:
Request the Insider Threat Industry Brief
Supply Chain Risk Management (SCRM)
SCRM efforts are often placed in the due diligence bucket, and with valid reason. After all, partners and suppliers can and should be vetted for any number of potential issues before a formal business relationship begins. However, the responsibilities of a SCRM team often go well beyond that of a due diligence team, as vulnerabilities tend to include things like economic, political, environmental, and regulatory disruptions that due diligence checks normally would not consider. Essentially, due diligence is just one component of an effective SCRM strategy. And OSINT should play a critical role in this strategy by enabling SCRM teams to better assess both online narratives, connections and relationships that could cause massive disruptions in a company’s operations if the risk from those activities is not accurately identified and mitigated before it becomes a company-wide catastrophe. In addition, social media gives SCRM teams the ability to maintain a modicum of situational awareness all around the world, including in places a company’s suppliers operate far away from the physical presence of any company offices or personnel.
OSINT can be used to support SCRM, gain valuable situational awareness and reduce risk.
Minimizing Corporate Risk with OSINT
Ultimately, OSINT is not going to solve all corporate security problems all the time. But incorporating effective OSINT tools into the daily corporate security operations workflow removes an enormous, repetitive, and boring data collection burden; a task that is increasingly beyond human scale. And, Fivecast ONYX doesn’t stop there – it provides security and intelligence teams with search, translation, and other AI-driven analytical tools to greatly improve the speed with which they can analyze the huge amounts of surface, deep and dark web data Fivecast ONYX enables them to collect. These efficiencies are why Fivecast ONYX users have reported a 400% increase in productivity – both by saving users time on existing investigations and by allowing them to get through more investigations than ever before.
