Federal IT professionals spend much time and money implementing sophisticated threat management software to thwart potential attackers, but they often forget that one of the simplest methods hackers use to access sensitive information is through social media. The world’s best cybersecurity tools won’t help if IT managers inadvertently share information that may appear to be innocuous status updates, but in reality, could reveal details about their professions that could serve as tasty intel for disruptors.
On LinkedIn®, for example, attackers can view profiles of network and system administrators and learn what systems targets are working on. This approach is obviously much easier and more efficient than running a blind scan trying to fingerprint a target.
However, federal IT professionals can actually use social media networks to block attackers. By sharing information amongst their peers and colleagues, managers can effectively tag hackers by using some of their own tactics against them.
Most attackers are part of an underground community, sharing tools, tactics, and information faster than any one company or entity can keep up.
Federal IT professionals can use threat feeds for information gathering and defense. Threat feeds are heralded for quickly sharing attack information to enable enhanced threat response. They can be comprised of simple IP addresses or network blocks associated with malicious activity, or could include more complex behavioral analysis and analytics.
While threat feeds will not guarantee security, they are a step in the right direction. They allow administrators to programmatically share information about threats and create mutual defenses much stronger than any one entity could do on its own. There’s also the matter of sharing data across internal teams so that all agency personnel are better enabled to recognize threats, though this is often overlooked.
An easy way to share information internally is to have unified tools or dashboards that display data about the state of agency networks and systems. Often, performance data can be used to pinpoint security incidents. The best way to start is to make action reports from incident responses more inclusive. The more the entire team understands and appreciates how threats are discovered, the more vigilant the team can be overall in anomaly detection and in raising red flags when warranted.
Federal IT professionals could use the Internet Storm Center as a resource on active attacks, publishing information about top malicious ports being used by attackers and the IP addresses of attackers. It’s a valuable destination.
The bottom line is that while all federal IT professionals must all be diligent and guarded about what they share on social media, that doesn’t mean they should delete their accounts. Used correctly, social media and online information sharing can effectively help them unite forces and gain valuable insight to fight a common and determined enemy.
Find the full article on GovLoop.