Hostile reconnaissance will typically begin with online research. The internet offers a potential wealth of detail that can help a hostile identify targets, explore security vulnerabilities and frame their modus operandi with relatively little fear of being identified.
Some of the security vulnerabilities can be obvious, such as posting or sharing confidential organisational information that puts staff, processes or assets at risk. Others may be less so, such as search engines storing search history or smart phones tracking geolocation data which can be exploited by those with malicious intent.
Organisations that demonstrated that they had security measures in place, but which did not give too much away in terms of specific detail, were deemed to be the hardest targets.
NPSA commissioned research found:
Hostiles were discouraged if:
- A lack of information meant they could not confirm or deny assumptions
- They could not ascertain detail on organisational structures or personalities
- A lack of imagery prevented a virtual recce of the physical location
- The cookies policy included logging of a user's IP address, pages visited and keywords searched for
Hostiles were encouraged if:
- Detailed information revealed exploitable weaknesses in security
- Security did not appear to be a priority for the organisation
- There was a lack of evidence of physical security measures
Organisations should ask themselves whether it is absolutely necessary to make content available for their main users; in doing so, they might be able to reduce the amount of information available to hostiles.