Threats to cyber security are diverse, complex and at an unprecedented scale. Examples include stealing intellectual property and commercially sensitive data, such as key negotiating positions. Such attacks exploit information security weaknesses through the targeting of staff, premises, partners and supply chains both at home and abroad.
Any targeted attack of this nature always begins with background research or reconnaissance. This is known as Open Source Intelligence.
Threat actors will investigate how your organisation appears ‘from the outside’. They will look for vulnerable staff, potential weaknesses in physical premises, and flaws in your Internet-facing technology. They will identify your premises and review them online to produce a shortlist for examination in person. Your registered domains, address ranges and Internet hosts will be discovered, potentially exposing the software in use, and public-facing systems such as Outlook Web Access will be identified. Internet searches will reveal email addresses and associated employee information from sites such as LinkedIn, which provide the raw material for spear phishing and social engineering attacks.