Identify business relationships
|Identify business relationships|
|Tactic||Organizational Information Gathering|
Business relationship information may be used by an adversary to shape social engineering attempts (exploiting who a target expects to hear from) or to plan for technical actions such as exploiting network trust relationship.1
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: Requires an intensive process. In some industries, business relationships may be public in order to generate business, but this is not the case for all industries and all relationships.
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: Exception to the rule is if the adversary tips off the target that others have been asking about the relationship with them.
Similar Techniques for Other Tactics
|Organizational Information Gathering||Identify business relationships|
|People Information Gathering||Identify business relationships|