Have you ever stopped to consider the volume of new data created daily on social media? It’s staggering. Take Twitter, for instance. Approximately 500 million tweets are published every day, adding up to more than 200 billion posts per year. On Facebook, users upload an additional 350 million photos per day, and on YouTube, nearly 720,000 hours of new video content is added every 24 hours.

While this overwhelming volume of information may be of no concern to your average social media user posting updates to keep up with family and friends, it’s of particular interest to corporate security and safety professionals who are increasingly using it to monitor current events and detect potential risks around their people and locations—all in real-time. Meet the fast-paced and oft-confusing world of open-source intelligence (OSINT).

What is Open Source Intelligence (OSINT)?

The U.S. Department of State defines OSINT as, “intelligence that is produced from publicly available information and is collected, exploited, and disseminated promptly to an appropriate audience to address a specific intelligence requirement.”

The concept of monitoring and leveraging publicly available information sources for intelligence purposes dates back to the 1930s. The British Broadcast Corporation (BBC) was approached by the British government and asked to develop a new service that would capture and analyze print journalism from around the world.

Monitoring and identifying potential threats

Originally named the “Digest of Foreign Broadcast, the service (later renamed BBC Monitoring which still exists today) captured and analyzed nearly 1.25 million broadcast words every day to help British intelligence officials keep tabs on conversations taking place abroad and what foreign governments were saying to their constituents.

OSINT encompasses any publicly accessible information that can be used to monitor and identify potential threats

Today, OSINT broadly encompasses any publicly accessible information that can be used to monitor and identify potential threats and/or relevant events with the potential to impact safety or business operations.

The potential of OSINT data is extraordinary. Not only can it enable security and safety teams to quickly identify pertinent information that may pose a material risk to their business or people, but it can also be captured by anyone with the right set of tools and training.

OSINT for cybersecurity and physical threat detection

Whether it be a significant weather event, supply chain disruptions, or a world health crisis few saw coming, the threats facing organizations continue to increase in size and scale.

Luckily, OSINT has been able to accelerate how organizations detect, validate, and respond to these threats, and it has proved invaluable in reducing risk and informing decision-making – especially during emergencies.

OSINT is typically shared in real-time, so once a situation is reported, security teams can then work on verifying critical details such as the location or time an incident occurred or provide the most up-to-date information about rapidly developing events on the ground. They can then continue to monitor online chatter about the crisis, increasing their situational awareness and speeding up their incident response times.

OSINT applications

OSINT can help detect when sensitive company information may have been accessed by hackers 

Severe weather offers a good example of OSINT in action. Say an organization is located in the Great Plains. They could use OSINT from sources like the National Weather Service or National Oceanic and Atmospheric Administration (NOAA) to initiate emergency communications to employees about tornado warnings, high winds, or other dangerous conditions as they are reported.

Another common use case for OSINT involves data breaches and cyber-attacks. OSINT can help detect when sensitive company information may have been accessed by hackers by monitoring dark web messaging boards and forums. In 2019, T-Cellphone suffered a data breach that affected more than a million customers, but it was able to quickly alert affected users after finding their personal data online.

OSINT is a well-established field with countless applications. Unfortunately, in an ever-changing digital world, it’s not always enough to help organizations weather a crisis.

Why OSINT alone isn’t enough?

One of the core challenges with leveraging OSINT data, especially social media intelligence (SOCMINT), is that much of it is unstructured and spread across many disparate sources, making it difficult to sort through, manage, and organize.

Consider the social media statistics above. Assuming a business wanted to monitor all conversations on Twitter to ensure all relevant information was captured, it would need to both capture and analyze 500 million individual posts every day. Assuming a trained analyst spent just three seconds analyzing each post, that would amount to 1.5 billion seconds of labor—equivalent to 416,666 hours—just to keep pace.

While technology and filters can greatly reduce the burden and help organizations narrow the scope of their analysis, it’s easy to see how quickly human capital constraints can limit the utility of OSINT data—even for the largest companies.

Challenges with OSINT

OSINT data collection includes both passive and active techniques, each requiring a different level of effort and skill

Additionally, collecting OSINT data is time-consuming and resource-intensive. Making sense of it remains a highly specialized skill set requiring years of training. In an emergency where every second count, the time required to sift through copious amounts of information takes far longer than the time in which an organization must take meaningful action to alter the outcome.

Compounding the issue, OSINT data is noisy and difficult to filter. Even trained analysts find the need to constantly monitor, search, and filter voluminous troves of unstructured data tedious. Artificial intelligence and machine learning have helped weed through some of this data faster, but for organizations with multiple locations tasked with monitoring hundreds or thousands of employees, it’s still a challenging task.

Adding to the complexity, collecting OSINT data isn’t easy. OSINT data collection includes both passive and active techniques, each requiring a different level of effort and skill.

Passive vs Active OSINT

Passive OSINT is typically anonymous and meant to avoid drawing attention to the person requesting the information. Scrolling user posts on public social media profiles is a good example of passive OSINT. Active OSINT refers to information proactively sought out, but it often requires a more purposeful effort to retrieve it. That may mean specific login details are needed to access a website where information is stored.

Lastly, unverified OSINT data can’t always be trusted. Analysts often encounter false positives or fake reports, which not only take time to confirm accuracy, but if they act on misinformation, the result could be damage to their organization’s reputation or worse.

So, how can companies take advantage of it without staffing an army of analysts or creating operational headaches?

A new path for OSINT

Organisations can leverage the benefits of OSINT to improve situational awareness and aid decision-making

Fortunately, organizations can leverage the benefits of OSINT to improve situational awareness and aid decision-making without hiring a dedicated team of analysts to comb through the data. By combining OSINT data with third-party threat intelligence solutions, organizations can get a cleaner, more actionable view of what’s happening in the world.

Threat intelligence solutions not only offer speed by monitoring for only the most relevant events 24/7/365, but they also offer more comprehensive coverage of a wide range of threat types. What’s more, the data is often verified and married with location intelligence to help organizations better understand if, how, and to what extent each threat poses a risk to their people, facilities, and assets.

In a world with a never-ending stream of information available, learning how to parse and interpret it becomes all the more important. OSINT is a necessary piece to any organization’s threat intelligence and monitoring system, but it can’t be the only solution. Paired with external threat intelligence tools, OSINT can help reduce risk and keep employees safe during emergencies and critical events.

Download PDF version Download PDF version

Author profile

Sara Pratley Vice President Global Intelligence, AlertMedia

In case you missed it

What Are New Trends In Residential Security?
What Are New Trends In Residential Security?

Residential security and smart homes are rapidly changing facets of the larger physical security marketplace, driven by advances in consumer technology and concerns about rising crime rates. During the COVID-19 pandemic, many people spent more time at home and became more aware of the need for greater security. As workplaces opened back up, returning workers turned to technology to help them keep watch over their homes from afar. We asked this week’s Expert Panel Roundtable: What are the trends in residential security in 2021?

How Businesses Can Protect Their People In The New Age Of Work
How Businesses Can Protect Their People In The New Age Of Work

Ensuring employee health and safety remains a key priority for organizations this year, especially as we see COVID-19 cases continue to rise in different areas of the world. As an ongoing challenge, COVID-19 has shifted the priorities of many organizations. In fact, “improving health and safety for employees” is the top strategic goal this year of manufacturing and logistics organizations in the U.S. and U.K., according to research conducted by Forrester on behalf of STANLEY Security. But as we think about reopening and as hybrid workforce models and “workspace-on-demand” approaches rise in popularity, leaders need to consider implementing the right technologies to help ensure a safe return to the office. This means investing in health, safety, and security solutions that can help leaders protect their people. The intersection of security technology and health and safety There’s no doubt that the scope of security has expanded in the wake of the global pandemic. What was once an area governed by a select few security or IT professionals within a business has now become a crucial company investment involving many key stakeholders. The role of security has expanded to encompass a broader range of health and safety challenges for businesses Additionally, the role of security has expanded to encompass a broader range of health and safety challenges for businesses. Fortunately, security technologies have made significant strides and many solutions, both existing and new, have been thrust forward to address today’s biggest business challenges. Investment in security technology It’s important to note that businesses are eager to adopt tech that can help them protect their people. Nearly half (46%) of organizations surveyed by Forrester report that they’re considering an increasing investment in technology solutions that ensure employee safety. Technologies like touchless access control, visitor management systems, occupancy monitoring, and installed/wearable proximity sensors are among some of the many security technologies these organizations have implemented or are planning to implement yet this year. Facilitating a safe return to work But what does the future look like? When it comes to the post-pandemic workplace, organizations are taking a hard look at their return-to-work strategy. Flexible or hybrid workforce models require a suite of security solutions to help ensure a safer, healthier environment More than half (53%) of organizations surveyed by Forrester are looking to introduce a flexible work schedule for their employees as they make decisions about returning to work and keeping employees safe post-pandemic. Such flexible – or hybrid – workforce models require a suite of security solutions to help ensure a safer, healthier environment for all who traverse a facility or work on-site. One of the central safety and security challenges raised by these hybrid models is tracking who is present in the building at any one time – and where or how they interact. Leveraging security technology With staggered schedules and what may seem like a steady stream of people passing through, it can be difficult to know who’s an employee and who’s a visitor. Access control will be key to monitoring and managing the flow of people on-site and preventing unauthorized access. When access control systems are properly integrated with visitor management solutions, businesses can unlock further benefits and efficiencies. For instance, integrated visitor management systems can allow for pre-registration of visitors and employees – granting cellphone credentials before people arrive on-site – and automated health screening surveys can be sent out in advance to help mitigate risk. Once someone reaches the premises, these systems can also be used to detect the person’s temperature and scan for a face mask, if needed.  We will likely see these types of visitor management and advanced screening solutions continue to rise in popularity, as 47% of organizations surveyed by Forrester report that they’re considering requiring employee health screening post-pandemic. Defining the office of the future A modern, dynamic workforce model will require an agile approach to office management. It’s imperative to strike the right balance between making people feel welcome and reassuring Businesses want to create an environment in which people feel comfortable and confident – a space where employees can collaborate and be creative. It’s imperative to strike the right balance between making people feel welcome and reassuring them that the necessary security measures are in place to ensure not only their safety but also their health. In many cases, this balancing act has created an unintended consequence: Everyone now feels like a visitor to a building. Protocols and processes With employees required to undergo the same screening processes and protocols as a guest, we’ve seen a transformation in the on-site experience. This further underscores the need for seamless, automated, and tightly integrated security solutions that can improve the employee and visitor experience, while helping to ensure health and safety. Ultimately, the future of the office is not about what a space looks like, but how people feel in it. This means adopting a “safety-always” culture, underpinned by the right technology, to ensure people that their safety remains a business’ top priority. 

Access The Right Areas - Making A Smart Home Genius With Biometrics
Access The Right Areas - Making A Smart Home Genius With Biometrics

Household adoption of smart home systems currently sits at 12.1% and is set to grow to 21.4% by 2025, expanding the market from US$ 78.3 billion to US$ 135 billion, in the same period. Although closely linked to the growth of connectivity technologies, including 5G, tech-savvy consumers are also recognizing the benefits of next-generation security systems, to protect and secure their domestic lives. Biometric technologies are already commonplace in our smartphones, PCs and payment cards, enhancing security without compromising convenience. Consequently, manufacturers and developers are taking note of biometric solutions, as a way of leveling-up their smart home solutions. Biometrics offer enhanced security As with any home, security starts at the front door and the first opportunity for biometrics to make a smart home genius lies within the smart lock. Why? Relying on inconvenient unsecure PINs and codes takes the ‘smart’ out of smart locks. As the number of connected systems in our homes increase, we cannot expect consumers to create, remember and use an ever-expanding list of unique passwords and PINs. Indeed, 60% of consumers feel they have too many to remember and the number can be as high as 85 for all personal and private accounts. Biometric solutions strengthen home access control Biometric solutions have a real opportunity to strengthen the security and convenience of home access control Doing this risks consumers becoming apathetic with security, as 41% of consumers admit to re-using the same password or introducing simple minor variations, increasing the risk of hacks and breaches from weak or stolen passwords. Furthermore, continually updating and refreshing passwords, and PINs is unappealing and inconvenient. Consequently, biometric solutions have a real opportunity to strengthen the security and convenience of home access control. Positives of on-device biometric storage Biometric authentication, such as fingerprint recognition uses personally identifiable information, which is stored securely on-device. By using on-device biometric storage, manufacturers are supporting the 38% of consumers, who are worried about privacy and biometrics, and potentially winning over the 17% of people, who don’t use smart home devices for this very reason. Compared to conventional security, such as passwords, PINs or even keys, which can be spoofed, stolen, forgotten or lost, biometrics is difficult to hack and near impossible to spoof. Consequently, homes secured with biometric smart locks are made safer in a significantly more seamless and convenient way for the user. Biometric smart locks Physical access in our domestic lives doesn’t end at the front door with smart locks. Biometrics has endless opportunities to ease our daily lives, replacing passwords and PINs in all devices. Biometric smart locks provide personalized access control to sensitive and hazardous areas, such as medicine cabinets, kitchen drawers, safes, kitchen appliances and bike locks. They offer effective security with a touch or glance. Multi-tenanted sites, such as apartment blocks and student halls, can also become smarter and more secure. With hundreds of people occupying the same building, maintaining high levels of security is the responsibility for every individual occupant. Biometric smart locks limit entry to authorized tenants and eliminate the impact of lost or stolen keys, and passcodes. Furthermore, there’s no need for costly lock replacements and when people leave the building permanently, their data is easily removed from the device. Authorized building access Like biometric smart locks in general, the benefits extend beyond the front door Like biometric smart locks in general, the benefits extend beyond the front door, but also throughout the entire building, such as washing rooms, mail rooms, bike rooms and community spaces, such as gyms. Different people might have different levels of access to these areas, depending on their contracts, creating an access control headache. But, by having biometric smart locks, security teams can ensure that only authorized people have access to the right combination of rooms and areas. Convenience of biometric access cards Additionally, if building owners have options, the biometric sensors can be integrated into the doors themselves, thereby allowing users to touch the sensor, to unlock the door and enter. Furthermore, the latest technology allows biometric access cards to be used. This embeds the sensor into a contactless keycard, allowing the user to place their thumb on the sensor and tap the card to unlock the door. This may be preferable in circumstances where contactless keycards are already in use and can be upgraded. Smarter and seamless security In tandem with the growth of the smart home ecosystem, biometrics has real potential to enhance our daily lives, by delivering smarter, seamless and more convenient security. Significant innovation has made biometrics access control faster, more accurate and secure. Furthermore, today’s sensors are durable and energy efficient. With the capacity for over 10 million touches and ultra-low power consumption, smart home system developers no longer have to worry about added power demands. As consumers continue to invest in their homes and explore new ways to secure and access them, biometrics offers a golden opportunity for market players, to differentiate and make smart homes even smarter.