ThreatNG Security

View Original

OSINT Top Ten: Number 2 - Social Media

Threat NG Staff

At Number Two of the Open Source Intelligence Top Ten (aka OSINT Top Ten) is Social Media.

In managing threats on social media, it is essential to monitor how your organization is portrayed and represented. It is imperative to observe and report on what is broadcasted for compliant branding, instances of malicious/negative sentiment, and the appropriate level of "information sharing."

Other than an organization's own authorized social media accounts, it is also essential to observe and monitor for all of the following:

  • Related, Special Interest, or Look-Alike Accounts

  • Links Posted

  • Shares

  • Hashtags

  • User Mentions

  • Tags

An organization should answer the following questions to establish a baseline from which to monitor and manage this aspect of its digital presence:

  • What is your social media presence? How many accounts are sanctioned by the organization? What information is being shared by the organization? Who is sharing?

  • Is the information that is shared compliant with branding and communication guidelines/policies? Do the posts reflect the organization's mission and views?

  • What is the overall sentiment of the posts? Can you identify negative or positive posts?

Your adversaries and competitors can see what you see, especially on social media. Thus, all the more reason to ensure no inappropriate sharing or malicious posting from official and unofficial accounts. In establishing operational controls over social media, it is crucial to consider the following:

  • Are the social media feeds being monitored and shared across functional teams?

  • Is there a way to identify and manage threats in these feeds?

  • Are the social media feeds mentioning sensitive internal organizational issues that are reaching the wrong people?

Ensuring proper social media exposure and monitoring is vital for both the organization and key individuals. This action requires technical understanding, facilities, and resources. This monitoring is an investment that an organization needs to manage correctly. It will hopefully pay for itself by avoiding any costly data breaches or business disruptions.