By Joe Kim, SolarWinds EVP, Engineering and Global CTO
Social media has given us many things, from the mass circulation of hilarious cat videos, to the proliferation of memes. However, social media is not commonly thought of as a tool for cybercriminals, or a possible aid in combatting cybercrime.
However, as government IT pros frantically spend valuable time and money bringing in complex threat-management software, one of the methods most easily used by hackers is right in front of you—assuming you’ve got your favorite social media page open.
Social media can be a tool to both protect and disrupt, and attackers are eagerly screening social media profiles for any information that may present a vulnerability. Any status providing seemingly innocuous information may be of use, revealing details that could be weaponized by hackers.
Take LinkedIn®, for example. LinkedIn provides hackers with a resource that can be used nefariously, by viewing profiles of system administrators, attackers can learn what systems they are working on. This is a very easy way for a cybercriminal to gain valuable information.
As mentioned, however, social media can also be a protective tool. By helping ensure that information is correctly shared within an organization, IT pros can more easily identify and tag attackers.
Cybercrime is organized within a community structure, with tools and tactics doled out among cybercriminals, making attacks faster and more effective.
This is a method that government IT pros need to mimic by turning to threat feeds, in which attack information is quickly shared to enable enhanced threat response. Whether it’s through an IP address or more complex behavioral analysis and analytics, a threat feed can help better combat cybercrime, and shares similar traits to social media.
For government IT pros, the most important part of this similarity is the ability to share information with many people quickly, and in a consumable format. Then, by making this information actionable, threats can be tackled more effectively.
The internal sharing of information is also key, but not always a priority within government. This is a real problem, especially when the rewards of more effective internal information sharing are so significant. However, unified tools or dashboards that display data about the ongoing status of agency networks and systems can help solve this problem by illuminating issues in a more effective way.
Take performance data, which, for example, can tell you when a sudden surge in outbound traffic occurs, indicating someone is exfiltrating data. Identifying these security incidents and ensuring that reports are more inclusive will allow the entire team to understand and appreciate how threats are discovered. This means you can be confident that your organization is vigilant, and better equipped to deal with threats.
Essentially, government IT professionals should think carefully about what to post on social media. This doesn’t mean, however, that they should delete their accounts or start posting under some poorly thought-out pseudonym.
When used correctly, social media can provide public service IT professionals with more protection and a better understanding of potential threats. In a world where cyberattacks are getting ever more devastating, any additional help is surely worthy of a like.
Find the full article on PublicNet.