Unveiling the Potential of Open-Source Intelligence (OSINT) for Enhanced Cybersecurity Posture
Abstract
Never before has it been more important to increase internal cybersecurity posture to prevent malicious activity, and organizations are forced to mobilize their resources to prepare for tomorrow's threats. Throughout the past few years, the usage of open-source intelligence (OSINT) has made its way from the military landscape into public, private, and commercial organizations. Using OSINT, organizations can tailor their countermeasures to the tactical, operational, and strategic procedures of potential cyber threat actors by benefiting from the knowledge within openly available sources. Leveraging the enormous information sharing on online platforms using OSINT also requires organizations to navigate the increasing information overload. Nevertheless, many are using ad hoc and unstructured approaches, contradicting the systematic fundamentals of the intelligence profession. Therefore, this study investigated how organizations can implement and use OSINT to improve cybersecurity posture using OSINT's advantages. A semi-systematic literature review (SSLR) highlighted a scant focus on organizational aspects of OSINT, whereas the focus has primarily relied on technical considerations. Interviews with nine representatives of different private, public, and commercial organizations helped understanding how each applied OSINT to extract as much value as possible from the CTI capability. During data collection and analysis, this thesis adopts the intelligence cycle, a well-known cyclic representation of the intelligence acquisition process. The thesis extends the theory by integrating several intelligence cycle theories and offers a more dynamic and comprehensive representation of the intelligence process. Through an inductive conceptual framework (ICF), the thesis highlights how OSINT can become a valuable tool to ensure organizations encounter the cyber threat landscape by considering relevant information about threat actors. The study emphasizes the significance of establishing an understandable definition of OSINT within one's organization and identifying intelligence requirements aligned with available resources. Determining the organization's motivation, prioritizing dialogue and feedback, and continuously evaluating the intelligence requirements are essential to leveraging OSINT's advantages. This new framework is one of the main contributions of this thesis, visualizing how the research findings all contribute to a coherent utilization of OSINT as a cybersecurity-enhancing tool. By guiding organizations through the entire intelligence cycle, they will likely experience a greater understanding of their own capabilities and potential cyber attackers.