It often comes as a surprise just how much is available and the nefarious uses it can be put to. OSINT can be applied towards defensive purposes, but this article will only be covering the malicious purposes (i.e. how a bad guy might get access to your client’s sensitive information and data).
One of the biggest challenges of OSINT is not merely recognising it as a threat, but encouraging the behavioural change needed to protect against it widely enough. It is not simply enough for a principal to stop posting Instagram pictures of their travels in order to hide them. Their colleagues, friends, family, and employees also need to be aware and cautious with information which could be misused.