Don’t Spill Your Candy in the Lobby: Managing the Corporate Infosec Risks From Open Source Intelligence (OSINT) presented at CounterMeasure 2014

by Scott Wright,

Summary : In the reconnaissance phase of an attack, the attackers will use tools to gather information about a target organization. We often worry about what architectural vulnerabilities they can discover with scanning tools. But Open Source Intelligence (OSINT) is just as valuable to attackers, since it can be used to launch successful social engineering attacks. (This is what I call “spilling your candy in the lobby” – lots of goodies for attackers to feast on.) But what can an attacker really learn about your organization from OSINT?
Most of the tools used by attackers are freely (or cheaply) available, and any security manager can use them to easily determine the visibility of corporate information that may be valuable to attackers. This management level session will identify the types of tools and methods used to exploit information made easily available by corporate employees, and will prescribe a process for thwarting attackers by minimizing the exposure of corporate OSINT to attackers.