From the Experts: Social Media Monitoring and Dark Web Investigations – Security Boulevard

Recently, Authentic8s National Security Engagement Lead and former CISO at the White House Matt Ashburn sat down with Forresters Brian Kime to discuss cyber investigations, where they lead and their importance to private and public sector organizations. Kime is a Forrester senior analyst covering cyber threat intelligence, vulnerability risk management and industrial control system security. In this role, he helps organizations identify, assess, and prioritize cyber and physical threats; prepare for emerging attack vectors; and reduce cyber risk in enterprise IT and operational technology (OT) environments.

Ashburn: We see social media sites and applications as rich resources for gathering information related to our investigations but are concerned well put ourselves and/or the company at risk. How should we get started? Do you have any dos and donts when it comes to social media?

Kime: Your organization and your high-profile employees are more vulnerable than ever, which is why you need to integrate social media monitoring into your security strategy immediately. Here a few recommendations for firms to manage social media risks.

Identify your most valuable social points of presence, actors and assets, and consider the consequences for your organization if those high-value accounts were compromised or impersonated. To determine value, consider the business influence and brand influence of those accounts as well as the data and people they are associated with.

How people use and interact on social media continues to evolve rapidly, as do the tactics cybercriminals wield to exploit it. Cyber threat intelligence services can help track the methods the adversarial groups are using against organizations like yours. As the threat landscape evolves and new threats and use cases emerge, be sure to review your social media security posture with regular audits and vulnerability assessments.

Encourage your employees to verify that new social media connections are who they say they are by connecting over email, instant messaging or phone. Create training modules on how to identify email phishing and suspicious social media activity. Identify your most at-risk and valuable employees, such as IT system and domain administrators, high-profile executives, employees in finance or R&D, etc., and set stricter policies and technical oversight controls for them.

You may want to limit messaging features to only those who use it to speak on the companys behalf. And review your marketing teams security practices to ensure they dont share access credentials for your brands social accounts; require that they access accounts through a social media management solution and reduce reliance on static passwords by requiring two-factor authentication (2FA). You should also actively monitor and protect your high-profile accounts for suspicious behavior and establish a process to monitor and submit takedown requests for fraudulent social accounts misusing your brand names and logos.

Ashburn: Is tracking activities on the dark web really a need for corporations? Seems more applicable to government- and law enforcement-type investigations.

Kime: Absolutely yes. While the dark web is primarily used by hackers for hire (either independent or state sponsored) who are trying to make a profit by selling stolen data, tracking the dark web can still be very valuable. For one, tracking the dark web helps corporations identify if their own data is for sale which might be indicative of a data breach or malicious insider activity. While you should still block access to the Tor browser and block Tor traffic at the firewall for all employees, enabling a small group of users with dark web access will provide additional insight about potential data breaches against other malicious activities targeted against your firm.

Ashburn: How do I convince upper management that we need to allocate resources to do more proactive threat intelligence gathering vs. just reacting after the fact all the time?

Intelligence helps decision makers reduce risk and uncertainty. Boards of directors are concerned with managing reputational and regulatory risks to preserve stockholder value. Therefore, intelligence should always lean towards being proactive by assessing the organizations threats intent and capability to breach or attack the organization. More tactical and operational benefits to threat intelligence include:

Matt Ashburn: How useful/important is actively managing attribution versus, say, being very cautious and making sure to use incognito mode in my browser?

Brian Kime: Users tend to think incognito mode or private browsing conceals their activity from all snooping, when the reality is those privacy modes do not prevent websites, ISPs, your employer or school from logging your activities, tracking your presence and attributing your browsing to your organization. For any user who conducts sensitive research or intelligence collection outside the corporate network, it is vital that we covertly access those hostile resources so that we do not give away our presence or intelligence requirements to our adversaries. By actively managing our own attribution (vice attributing cyberthreat activities to criminals or state organizations) we preserve our operational security and reduce the likelihood and consequences of a threat detecting our research or our intelligence collection.

Related Resources

Authentic8 and Forrester recently conducted a joint webinar on the importance of threat intelligence in the SOC and how to better enable intelligence-gathering investigations. The webinar also gives expert advice on the types of tools and frameworks that can give your SOC an advantage over adversaries.

Watch On Demand

Recent Articles By Author

*** This is a Security Bloggers Network syndicated blog from Authentic8 Blog authored by A8 Team. Read the original post at: https://blog.authentic8.com/social-media-monitoring-dark-web-investigations/

Read more from the original source:
From the Experts: Social Media Monitoring and Dark Web Investigations - Security Boulevard