: May 12th, 2017

Joe Kim explains how social media can help public service IT professionals better understand potential cyber threats out there.

Social media has given us many, many things, from the mass circulation of hilarious cat videos, to the proliferation of memes, and an outlet for many people’s deepest, darkest thoughts. For better or worse, social media has changed a lot about our lives, but it is not commonly thought about of as a tool for cybercriminals, or a possible aid in combatting cybercrime.

Indeed, the seriousness of cyberattacks has increased in the past few years, with such attacks becoming increasingly sophisticated and resulting in larger gains for hackers. The depth of the problem can be seen in the record £1.9bn government investment to protect the UK from these attacks.

However, as government IT pros frantically spend valuable time and money to bring in complex threat management software, one of the methods most easily used by hackers is right in front of you—assuming you’ve got your favourite social media page open and, who are we kidding, you definitely do.

Social skills

Social media can be a tool to both protect and disrupt, and attackers are eagerly screening social media profiles for any information that may present a vulnerability. Any status providing seemingly innocuous information may be of use, revealing details that could be weaponised by hackers.

Take LinkedIn®, for example. LinkedIn provides hackers with a resource that can be used nefariously, by viewing profiles of system administrators, attackers can learn what systems they are working on. This is a very easy way for a cybercriminal to gain valuable information.

As mentioned, however, social media can also be a tool of protection. By helping ensure that information is correctly shared within an organisation, IT pros can more easily identify and tag attackers, turning their own weapons against them.

The world of cybercrime is something of a community, with tools and tactics doled out between cybercriminals, making attacks faster and more effective.

This is a method that government IT pros need to mimic by turning to threat feeds, in which attack information is quickly shared to enable enhanced threat response. Whether it’s through an IP address or more complex behavioural analysis and analytics, a threat feed can help better combat cybercrime, and shares similar traits to social media.

For government IT pros, the most important part of this similarity is the ability to share information with many people quickly, and in a consumable format. Then, by making this information actionable, threats can be tackled more effectively.

Also like social media, threat feeds aren’t impenetrable. However, they do allow administrators to programmatically share information about threats and create mutual defenses far stronger than any individual could manage.

Internal affairs

The internal sharing of information is also key, though as anyone who has worked in a government organisation will tell you, internal communications isn’t exactly high on their agenda.

This is a real problem, especially when the rewards of more effective internal information sharing are so significant, allowing all agency personnel to be better equipped to identify and combat threats. However, unified tools or dashboards that display data about the ongoing status of agency networks and systems can help solve this problem by illuminating issues in a more effective way.

Take performance data which, for example, can tell you when a sudden surge in outbound traffic occurs, indicating someone is exfiltrating data. Identifying these security incidents and ensuring that reports are more inclusive will allow the entire team to understand and appreciate how threats are discovered. This means you can be confident that your organisation is vigilant, and better equipped to deal with threats.

Essentially, government IT professionals should think carefully about what to post on social media. This doesn’t mean, however, that they should delete their accounts or start posting under some poorly thought-out pseudonym.

When used correctly, social media can provide public service IT professionals with more protection and a better understanding of potential threats. In a world where cyber attacks are getting ever more devastating, any additional help is surely worthy of a like.

Joe Kim is CTO at SolarWinds