Federal IT professionals spend much time and money implementing sophisticated threat management software to thwart potential attackers, but they often forget that one of the simplest methods hackers use to access sensitive information is through social media. The world’s best cybersecurity tools won’t help if IT managers inadvertently share information that may on the surface appear to be innocuous status updates, but could, in reality, reveal details about their professions that could serve as tasty intel for disruptors.
Networks such as LinkedIn, for example, can attract cyberattackers like bees to honey. By simply viewing LinkedIn profiles of network and system administrators, bad actors can learn what systems targets are working on. This approach is obviously much easier and more efficient than running a blind scan trying to fingerprint a target.
Despite its status as a threat magnet, federal IT professionals can actually use social media networks to thwart attackers. By sharing information amongst their peers and colleagues – the old “strength in numbers” approach – managers can effectively tag hackers by using some of their own tactics against them.
Before doing that, it’s helpful to have a clear profile (pic) of today’s attackers, who have found their own strength in numbers. Cybercrime once conjured up an image of a lone wolf attacker, but that’s no longer true. These days, most attackers are part of an underground community sharing tools, tactics and information faster than any one company or entity can keep up.
Federal IT professionals should take a page out of this playbook and use threat feeds for information gathering and defense. Threat feeds are heralded for quickly sharing attack information to enable enhanced threat response. They can be comprised of simple IP addresses or network blocks associated with malicious activity, or could include more complex behavioral analysis and analytics.
The threat feed concept shares similar traits to social media. Both are designed to provide shareable information and intelligence that can be consumed by many people. Ideally, that information can be made actionable to combat threat vectors.
While threat feeds will not guarantee security, they are a step in the right direction. They allow administrators to programmatically share information about threats and create mutual defenses much stronger than any one entity could do on its own.
There’s also the matter of sharing data across internal teams so that all agency personnel are better enabled to recognize threats. After all, a unified front requires that everyone be on the same page, with the same information.
Unfortunately, less than half of IT professionals claim their organizations tightly integrate security and other IT processes. This illuminates a vital gap in IT security, as the very sharing of information internally can help spot attackers or certain behaviors that otherwise might be missed.
An easy way to share information internally is to have unified tools or dashboards that display data about the state of agency networks and systems. Often, performance data can be used to pinpoint security incidents – a sudden surge in outbound traffic indicating someone is exfiltrating data, for instance, or a CPU on a database server spiking because of an attack. The best way to start is to make action reports from incident responses more inclusive. The more the entire team understands and appreciates how threats are discovered, the more vigilant the team can be overall in anomaly detection and in raising red flags when warranted.
The Internet Storm Center is another option for details on evolving threats. This center serves as a great resource about active attacks, publishing information about top malicious ports being used by attackers and the IP addresses of attackers. It’s a valuable destination for federal IT professionals who wish to share information on attack methods and learn about potential threats.
The bottom line is that while all federal IT professionals must all be diligent and guarded about what they share on social media, that doesn’t mean they should delete their accounts. Used correctly, social media and online information sharing can effectively help them unite forces and gain valuable insight to fight a common and determined enemy.
Joe Kim is part of the GovLoop Featured Blogger program, where we feature blog posts by government voices from all across the country (and world!). To see more Featured Blogger posts, click here.
Leave a Reply
You must be logged in to post a comment.