Is social media being mined for insider threats?

This blog is co-authored by Annie John and Todd Cernetic. “Sometimes the best hiding place is the one that’s in plain sight” said Stephenie Meyer,…

Security Center of Excellence profile picture

Security Center of Excellence

September 1, 20203 minutes read

This blog is co-authored by Annie John and Todd Cernetic.

“Sometimes the best hiding place is the one that’s in plain sight” said Stephenie Meyer, the author of the bestselling Twilight series.

Not that long-ago, social media was the “new kid on the block,” something we used to share photos with distant family members, comment on exotic holidays, and of course showcase our dining experiences! We were all just pilgrims in a strange land.

Fast forward to present-day and it seems that every person, company, organization, and authority wants to know more about you and your ideas, thoughts, and conversations through social media.

As Marianna Noll commented on IT Security Central, “It’s not really social media itself you need to worry about, but the people who use it. Consider how much compromising information people share on social media which can include personal life details, political views, location, interests, and much more.”

Most social media users often trust technology companies to protect their personal information. Users might not consider the risk of bad actors within these companies and how an insider’s motivations might lead to a malicious act, such as espionage.

But as Marianna points out, “For cyber criminals this data about a target is an absolute goldmine. Especially if the target is sharing work details! Social media platforms also provide another vector for phishing and drive-by-installations of malware.”

  • So, let’s consider some examples: A recent attack on Twitter resulted in the hijacking of accounts belonging to high-profile individuals and brands. This was the perfect example of the impact a malicious or duped insider, social engineering tactics, and poor monitoring of privileged access, could have on businesses.
  • Another example involved former Twitter employees abusing their access to spy on users for a foreign regime, according to the United States Justice Department.

All tech companies face the issue of malicious insiders. Motherboard by VICE Media has revealed how Facebook employees used privileged access to stalk women, and Instagram recording app usage via a device’s camera.

But social media is also used as a platform for social engineering, with criminals gathering masses of personal information and using it against an individual or their employer. These incidents are far too common, and most security teams are blind to the social media vectors as they are looking to keep up with the vulnerabilities and attacks against outside threats in their own organization.

SC Magazine’s executive insight article “5 Ways to Translate Security Data into Actionable Business Insight” by Brian Philip Murphy gives an excellent summary of recommended actions:

  1. Make sure tools are deployed properly.
  2. Separate critical data from the noise.
  3. Identify the unknown and fill the gaps with benchmarks.
  4. Close the language gap with context.
  5. Validate that your security controls work as expected.

Additionally, a Digital Forensic Incident Response (DFIR) solution is a vital part of the equation.  Insider threat awareness is an essential component of a comprehensive security program. Always remember, if you see something, say something, and clarity creates simplicity.

Share this post

Share this post to x. Share to linkedin. Mail to
Security Center of Excellence avatar image

Security Center of Excellence

See all posts

More from the author

Threat alerts

Threat alerts

December 2021 December 14, 2021: Log4j Summary: Top US cybersecurity officials have warned of the zero-day vulnerability found in the Java logging library Apache Log4j….

June 3, 2021 1 minute read
Lessons from the SolarWinds attack: How to protect your business

Lessons from the SolarWinds attack: How to protect your business

By the time it was discovered in December, the SolarWinds cyber attack had evaded the security defenses of and penetrated at least 18,000 government agencies,…

March 25, 2021 5 minutes read
The HAFNIUM Attack on the on-premises Microsoft Exchange Server

The HAFNIUM Attack on the on-premises Microsoft Exchange Server

On March 2, Microsoft announced that its on-premises Exchange Server had experienced multiple 0-day exploits. Microsoft commented: “In the attacks observed, the threat actor used…

March 18, 2021 3 minutes read

Stay in the loop!

Get our most popular content delivered monthly to your inbox.