More than one IT security expert has warned CISOs need to be proactive to thwart cyber attacks before they get started rather than be play defence. Usually this means getting onto the “dark Web,” where hackers buy and sell malware and stolen data, to find clues about immanent — or ongoing — attacks.

But there may be intel closer than that, writes Alastair Paterson, CEO and co-founder of Digital Shadows, a situation awareness service. Social media sites like Twitter, Facebook and sharing sites like Pastebin can also be early-warning sources.

Admittedly, these aren’t the places where infosec pros will find clues from criminals, but, more likely, hactivists. That’s because they want to be heard, Paterson argues. So groups often provide operation names and specify target lists.¬†Post-attack evident can include claims of defacements, DDoS attacks and breaches.

His message is that while the dark Web is a great source of intel, CISOs shouldn’t overlook public news and social media sites as well.

Read the full column here