Individuals claiming to be with ISIS recently compromised the Twitter and YouTube accounts of US Central Command. Although we do not know the extent or manner of the attack, CENTCOM has claimed that there was no compromise of their networks or data. What we do know is that social media has become a digital representation of an individual, organization, company, or government, and when those social media accounts are compromised it calls into question the security of those entities.
The US government takes cybersecurity very seriously, but even with the most sophisticated tools and personnel, there is little doubt that everyone and everything is a potential target online. So in light of these recent breaches to CENTCOM’s social media accounts, what can organizations do to limit the possibility that their accounts will be compromised?
The first step is to assume that you will be targeted and gain enough visibility into your accounts to quickly identify a compromise and then move to limit its impact. Strong access control should be mandatory, including the use of multi-factor authentication, a measure which can easily be enabled for almost all social media accounts. Additionally, limit the number of people that have access to a shared account and ensure that you are using strong passwords or even better use a password manager, which can automatically generate a very complex password and then securely store it.
It should also be noted that an attack against social media might just be the initial compromise. Organizations should assume that someone is going to attempt to breach their network and, in that case, there are a couple of steps every organization should take:
– While it is nearly impossible to prevent 100% of data breaches and security incidents, you can dramatically reduce the chance that an attempt results in data loss, and if one does succeed (which it will) you can limit the negative impact on your organization. The key is to incorporate technologies that address each point of vulnerability and then create a continuous business process.
– Start with gaining visibility into all assets, including computing devices, data, applications, and users in the organization across your entire infrastructure.
– Segment data and applications (especially those that are sensitive) away from other non-sensitive data, and continuously monitor to ensure nothing deviates from the company’s security policies.
– Implement controls to ensure users have the least amount of privilege required to access applications and data, and continuously audit the environment to identify any attempts to bypass these policies.
– Require multi-factor authentication to sensitive servers, and restrict access to only those users that require access to ensure business continuity.
– Harden servers and applications to ensure that only required services, ports, and protocols are available.
– Move security policies and enforcement closer to the data and/or apps. Protecting just the perimeter isn’t good enough any more in the age of modern virtualized infrastructure.
– Audit and monitor for new threat vectors and to identify new potential threat vectors.
– Quickly move to mitigate or remediate any identified threats.
– Ensure that incident response is a continuous process, adding new incidents of compromise to your organization’s suite of security capabilities.
If all else fails, I suppose you can always blame North Korea….
[su_box title=”About Amrit Williams” style=”noise” box_color=”#336588″]Amrit Williams has over 20 years of experience in information security and is currently the Chief Technology Officer of CloudPassage. Amrit has held a variety of engineering, management and consulting positions prior to joining CloudPassage. Previously, Williams was the Director of Emerging Security Technologies and CTO for mobile computing at IBM, which acquired BigFix, an entperprise systems and security management company where Wiliams was CTO. Prior to BigFix, Williams was a research director in the Information Security and Risk Research Practice at Gartner, Inc. where he covered vulnerability and threat management, network security, security information and event management, risk management, and secure application development. Before IBM, Williams was a director of engineering for nCircle Network Security, and undertook leadership positions at Consilient Inc., Network Associates, and McAfee Associates, where he worked to develop market leading security and systems management solutions.[/su_box]