With the recent reports of cybersecurity attacks across several companies and organizations, it’s critical to ensure that your organization’s data, applications, and software are all adequately protected from threats such as phishing, ransomware, and malware. As an effective and widely adopted tool, open-source threat intelligence will help identify all vulnerabilities, risks, and evolving threats to protect your organization’s valuable data assets.
Industry-Specific Use Cases for Open-Source Threat Intelligence
Open-source threat intelligence (OSINT) is powerful for its use of available data from the internet at large. Advancements in computing technologies enable OSINT to identify cyberthreats and vulnerabilities across businesses in all areas, particularly:
- Open-source threat intelligence management in healthcare
- Open-source advanced threat intelligence in retail businesses
- Open-source operational threat intelligence in financial services
Open-Source Threat Intelligence Management and Healthcare
Threat intelligence management allows you to understand the extent of vulnerabilities in your organization’s networks. To use open-source threat intelligence for this purpose, your company should source information from critical inventories like the Common Vulnerabilities and Exposures (CVE) list, cross-referenced with internal audits.
In healthcare, this primarily means scanning for indicators of attacks on protected health information (PHI). This industry is a high-risk target for cyberthreats, given PHI’s value, particularly regarding insurance fraud.
Recent Healthcare Breaches
Most of 2020’s reported healthcare data breaches resulted from noncompliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which sets legal standards for the privacy and security of PHI. That year alone, 642 data breaches were reported to have compromised 500 or more healthcare records each across covered entities.
Covered entities—per HIPAA—include healthcare providers, health plans, and their business associates, which collectively account for more than 29 million healthcare records. Of the breaches reported, 22% were due to unauthorized access or disclosure of healthcare records primarily because of:
- Healthcare workers poking around medical records
- Malicious insiders with access to protected health information
- Unintended or unauthorized disclosure of protected health information
- Human error resulting in exposure of protected health information
This all underscores the need for threat intelligence management (open-source or otherwise) to understand vulnerabilities and reduce risks within systems containing valuable health records.
Open-Source Threat Intelligence Management and HIPAA
Most of these data breaches involved compromises to electronic PHI (ePHI), which primarily falls under the scope of the HIPAA Security Rule.
OSINT can optimize controls pertaining to several Security Rule requirements, including:
- Administrative safeguards – Risk assessment of ePHI uses and storage helps companies understand breach risks, and cyber risk ratings reports should incorporate many threat intelligence sources, including but not limited to open-source options. These can facilitate staff training on identifying and mitigating phishing, malware, and other possible attacks.
- Physical safeguards – Only authorized individuals should have access to systems and areas that contain PHI and ePHI. OSINT can identify common vectors of attack and social or other engineering scams used to gain illegitimate proximal access to PHI.
- Technical safeguards – To prevent unauthorized access to PHI, your organization must implement unique access controls for each user and set devices. Examples include workstation computers or tablets automatically logging off when dormant. You can utilize OSINT to identify which particular machines are the highest risk and demand the most visibility.
A threat intelligence management program (OSINT or not) will help with all HIPAA compliance.
Open-Source Threat Intelligence Management and Mobile Devices
Beyond on-premise HIPAA compliance efforts, OSINT helps manage all devices with access to ePHI. Per HIPAA Journal’s 2021 checklist, one of the major causes of these data breaches is using mobile devices accessing or containing ePHI. An OSINT informed threat intelligence management program can empower healthcare companies to:
- Implement multifactor authentication (MFA) on mobile devices – MFA should be required for mobile access to ePHI. OSINT can identify potential weaknesses in user accounts such as weak, missing, or outdated passwords and other credentials/factors.
- Identify necessary encryption for ePHI transmission – Using mobile devices to transmit ePHI should only be allowed under secure, closed networks. OSINT can inform where to scan for any possible breaches of this principle and what networks are most exposed to risks.
- Ensure secure storage solutions – Utilizing updated cloud storage solutions with reliable and tested security minimizes hacking risks. Referencing OSINT sources and databases ensures that your cloud infrastructure is free of common threats.
Threat intelligence management is essential in healthcare, and OSINT makes it much easier.
Open-Source Advanced Threat Intelligence and Retail
Using OSINT in the retail industry works much in the same way as it does for healthcare, but the specific threats companies need to gather intelligence on can differ widely. The networks used by retail companies contain vast amounts of sensitive data from all employees, contractors, and customers, all of which require cyber protections. OSINT can and should inform data protection.
Like healthcare, the retail industry is also a top target for cyberthreats. There was a significant increase in retail ransomware attacks in 2020, which caused massive losses in revenue and affected supply chains worldwide. Useful threat intelligence on these attacks needs to include details about all possible vulnerabilities and threats, along with the relationships between them.
The most advanced attacks require special attention. Open sources can provide much of what companies need to know, but more robust sources of information may be required for advanced threats. In these cases, OSINT plays more of a complementary role to robust threat mitigation.
Advanced Threat Intelligence for Identity and Access Management
Companies serving thousands or millions of customers need to implement robust identity and access management (IAM) to restrict unauthorized access while facilitating availability for users to whom data belongs. Advanced threat intelligence tools (OSINT or not) help in several ways:
- Analyze user behavior to flag fraud – Retail companies can use open source machine learning algorithms to learn spending patterns for their customers to flag seemingly fraudulent account behaviors, such as unusual purchases, requests, or inactivity.
- Use SIEM to monitor threats – By monitoring possible security threats in real-time through open source security information and event management (SIEM), cybersecurity teams position themselves to launch timely responses, protecting all sensitive data.
- User authentication via social media profiles – Authenticating customer identities using social media or other publicly available profiles adds a layer of security, since the machine learning algorithms can detect login anomalies associated with accounts.
If not the only source, OSINT can be a pillar of your threat intelligence informed IAM program.
Open-Source Operational Threat Intelligence and Finance
Finally, open-source threat intelligence can go a long way toward preventing and mitigating data attacks in the financial sector. Data breaches have long been a reality in finance; attacks were reported at several financial services companies recently, exposing the personal information of thousands of customers and clients. Because attacks targeting finance are common, the most critical kind of threat intelligence to collect for financial services companies is operational.
This kind of threat intelligence focuses primarily on direct evidence about prior attacks, with less emphasis on details of internal security vulnerabilities they exploited. It’s all about the actors.
In particular, threats common to the financial sector include but are not limited to:
- Theft of identities and credentials via robust malware campaigns
- Targeted exploitation of vulnerabilities within company networks
- Advanced, multi-stage attacks using new and innovative tools
Operational threat intelligence (open source or not) will help to prevent these threats in many ways:
- Learning from incidents – Incident response requires learning from the attacks and other events that have happened to your company, as well as other similar companies. Any information in the public domain will help prevent these attacks happening again.
- Managing vulnerabilities – Open-source databases will help financial institutions identify any internal vulnerabilities shared by other, similar firms that have experienced attacks. In particular, the OSINT should identify how they were compromised and what safeguards are needed to prevent similar attacks from befalling your company.
The best way to utilize OSINT, in finance and all industries, is with the help of a qualified MSSP.
Optimize Your Threat Intelligence and Overall Management
RSI Security has helped countless businesses of all sizes and across all industries rethink their cyberdefenses. Utilizing open-source threat intelligence and generating deeper insights with our own robust scanning infrastructure, we’ll help you mitigate all risks you face. If you’re looking for a team of experts to address and minimize all possible threats and vulnerabilities in your organization’s networks, contact RSI Security today for a free consultation.