Success Requires Insight
heuristics provide important clues to organizational weaknesses
Is it possible to identify organizational weaknesses in companies by evaluating publicly available data on the Internet?
Yes, it is possible!
I have compiled a short list of measures that show how this can be achieved:
- Cybersecurity benchmarks and comparisons
Organizations can compare their own security metrics against industry standards and benchmarks. Deviations from best practices could indicate organizational weaknesses. - Vulnerability Scanning
Through regular vulnerability scanning, organizations can collect security metrics to identify and assess potential weaknesses in their infrastructure. - Monitoring cybersecurity communities and reports
Tracking cybersecurity reports, alerts and forums on the internet can provide valuable information about current threats and exploits that can serve as indicators of weaknesses. - Data leaks and security incidents
The analysis of publicly known data leaks and security incidents in similar organizations can point to common vulnerabilities that may also exist in your own company. - Analyzing social media activity and online presence
Organizations can monitor their public online presence to identify signs of security risks such as employees sharing sensitive information.
It is quite clear that the sole use of heuristics and metrics from the internet may not be sufficient to gain comprehensive insights into a company's potential organizational weaknesses.
However, I find that this method can provide good initial indications of hidden weaknesses. At the very least, it can raise the awareness of those responsible for this task.
This information is collected automatically at regular intervals. Changes within an organization can thus be easily identified and documented. Cyclical patterns can be identified by analyzing time series. We have developed our JOUO portal for this purpose. With JOUO, data from various sources can be conveniently summarized.
Further measures can be derived from this data offering, which is also attractively priced.
I would then continue with a holistic approach that also includes internal reviews, training and audits. Based on the data generated by JOUO, the measures to be taken can be prioritized.
Of course, this ensures that ethical and lawful methods are used for data collection and analysis to protect the privacy and compliance of all parties involved.
Creating awareness within management of cybersecurity and compliance issues requires that existing problems are recognized and understood. It is important to understand that cyber security problems are not actually technical problems, but organizational ones. More precisely, they are organizational weaknesses. These can only be remedied through active management intervention and require a holistic view of the situation.
#DoNotFightAlone