The need for visibility, control and awareness now extends beyond your network.
There is an old adage “loose lips sink ships”. Is your organization providing cyber-criminals information for free? You’d answer, “Of course not!". On the face of it this question seems ridiculous to even ask. However, cyber-criminals are becoming more sophisticated. As an adversary’s tactics and strategies evolve, cybersecurity organizations need to be aware of the unwitting exposure of secure information on social media. This approach is on the rise and fast becoming the preferred strategy for many cyber-criminals to perform the “reconnaissance” step in an analysis framework, such as the Cyber Kill Chain®.
Social Sharing Can Lead to Crippling Data Leaks
The methods used by cyber-criminals are becoming more sophisticated. As an adversary’s tactics and strategies evolve it is imperative that organizations evolve their defense strategies. A prime example of this evolution can be seen playing out on social media platforms.
In an age when we’re encouraged to continuously update our status and share our lives – both personal and professional – employees, and sometimes organizations, unwittingly post information online related to their network hardware, software, or cybersecurity infrastructure.
[Adversaries reason]…why spend days trying to hack software when I can look at your social network profile and learn everything about you?”
Cyber-criminals are adept at piecing together social data points to build context and intelligence around the inner workings of your organization. This information can be sufficient for an adversary to mount an attack and breach your network. Data once thought to be safe to share now informs adversarial battle plans. Here’s a hypothetical:
A fortune 500 company looking to hire additional technology headcount to support their internal IT security organization uses LinkedIn to socialize the opening and reach potential candidates. Common business practice.
When posting their openings, the company articulates a list of experience required based on current and pending security projects. Again, common practice. However, what looks like a great career opportunity for qualified applicants reads like a strategic attack plan for a cyber-adversary. “Skills and experience required” outline network architecture details about vendors and versions of firewalls, Intrusion Protection Systems and SIEMs deployed.
Almost immediately the organization’s security operations center (SOC) sees a rise in targeted infrastructure attacks culminating in a successful breach that causes a limited operational outage.
Unwittingly leaking sensitive information online can lead to threat actors gaining access to your cybersecurity program structure and network architecture to better plan and execute an attack. How can organizations aggregate social sharing to create a picture of the leak and subsequently develop a mitigation plan?
With 2.5 Exabytes of net new web content and more than a billion social media posts being shared daily, SOC teams are looking to use Big Data analytic engines to track activity, correlate events and index multi-language internet data sources related to organization-specific information published to the internet. There are three steps to advancing your cyber defense in this domain:
- Assess your cybersecurity posture against your threat profile
- Train your employees to be aware of social sharing pitfalls
- Implement technologies to empower cyber analysts to effectively monitor public posts
Find the leak before they do!
Monitor your sharing like an adversary would. Learn more about the big data analytics engine created to collect cyber threat intelligence and support proactive analysis.
Cyber Kill Chain is a registered trademark of Lockheed Martin.