Is social media being mined for insider threats?

This blog is co-authored by Annie John and Todd Cernetic.

“Sometimes the best hiding place is the one that’s in plain sight” said Stephenie Meyer, the author of the bestselling Twilight series.

Not that long-ago, social media was the “new kid on the block,” something we used to share photos with distant family members, comment on exotic holidays, and of course showcase our dining experiences! We were all just pilgrims in a strange land.

Fast forward to present-day and it seems that every person, company, organization, and authority wants to know more about you and your ideas, thoughts, and conversations through social media.

As Marianna Noll commented on IT Security Central, “It’s not really social media itself you need to worry about, but the people who use it. Consider how much compromising information people share on social media which can include personal life details, political views, location, interests, and much more.”

Most social media users often trust technology companies to protect their personal information. Users might not consider the risk of bad actors within these companies and how an insider’s motivations might lead to a malicious act, such as espionage.

But as Marianna points out, “For cyber criminals this data about a target is an absolute goldmine. Especially if the target is sharing work details! Social media platforms also provide another vector for phishing and drive-by-installations of malware.”

  • So, let’s consider some examples: A recent attack on Twitter resulted in the hijacking of accounts belonging to high-profile individuals and brands. This was the perfect example of the impact a malicious or duped insider, social engineering tactics, and poor monitoring of privileged access, could have on businesses.
  • Another example involved former Twitter employees abusing their access to spy on users for a foreign regime, according to the United States Justice Department.

All tech companies face the issue of malicious insiders. Motherboard by VICE Media has revealed how Facebook employees used privileged access to stalk women, and Instagram recording app usage via a device’s camera.

But social media is also used as a platform for social engineering, with criminals gathering masses of personal information and using it against an individual or their employer. These incidents are far too common, and most security teams are blind to the social media vectors as they are looking to keep up with the vulnerabilities and attacks against outside threats in their own organization.

SC Magazine’s executive insight article “5 Ways to Translate Security Data into Actionable Business Insight” by Brian Philip Murphy gives an excellent summary of recommended actions:

  1. Make sure tools are deployed properly.
  2. Separate critical data from the noise.
  3. Identify the unknown and fill the gaps with benchmarks.
  4. Close the language gap with context.
  5. Validate that your security controls work as expected.

Additionally, a Digital Forensic Incident Response (DFIR) solution is a vital part of the equation.  Insider threat awareness is an essential component of a comprehensive security program. Always remember, if you see something, say something, and clarity creates simplicity.

Related Posts

Back to top button