industry unlocked
Savvy hackers
understand
the power of
communication
platforms and have
targeted social media
accounts to plant
false information over
the years.
to prevent hackers from hacking into
these accounts to broadcast fake
information – a very tangible reality in
today’s threat landscape.
www.intelligentciso.com
|
Issue 09
Savvy hackers understand the power
of communication platforms and have
targeted social media accounts to plant
false information over the years.
Take the case of the false tweet sent
from the US’s Associated Press Twitter
handle. This resulted in a US$136.5
billion drop in the S&P 500 index’s
value in just a few minutes.
Cybersecurity best practice for
CNI and beyond
Government-related social media
accounts used for timely or sensitive
communications should be treated as
CNI, subject to the same cybersecurity
best practices adhered to by the energy,
transportation and chemical sectors.
Government social media accounts
– like Twitter, Facebook, YouTube,
LinkedIn and more – are typically shared
accounts, meaning that teams of people
throughout an agency have access
and can post information to them. The
passwords for these accounts are
commonly shared internally among
team members.
This makes them extremely easy targets
for attackers or malicious insiders. The
shared nature of these accounts also
means there is no record kept of who
posted what when – making a deliberate
false alert a tangible reality. To add
to the headache, passwords used to
‘secure’ these accounts are rarely
changed and typically used across
multiple accounts.
By treating these accounts as privileged,
organisations can be safe in the
knowledge that a simple forgotten
password doesn’t delay communications,
while also hardening these platforms
against external hacks.
45