Steps 2 & 3 - Protecting against hacking, account takeover and other malicious external threats
Even as public agencies and large organizations implement best practices to bring their messaging systems and channels under solid control, they are still at risk for hacking and other external threats with similar public messaging consequences. Malicious actors are well-known for building fraudulent look-alike sites; for creating fake accounts to impersonate a legitimate agency or company; for posting messages from fake employee accounts—and more. Just as hackers work quietly to breach major corporations, some have turned their attention to upending the credibility of trusted public institutions. Unfortunately, there are a number of well-documented incidents where bad actors have co-opted the identities of public agencies to spread fake news, false alarms and other misleading information, resulting in public confusion, panic and financial damage. For example:
-
On April 23, 2013, hackers took over the Twitter account of the AP news organization. The promptly tweeted a message that two explosions in the White House had injured President Obama. The fake tweet caused a rush of panic on Wall Street that impacted the Dow average.
-
Another case. In January 2017, President Trump issued an order to various agencies to withhold publishing of certain regulations and other communications, including social media, until his transition team completed its review. A number of rogue Twitter accounts for agencies including the EPA, FDA, National Park Services and other appeared over the ensuing weeks that conveyed false messages to the public.
-
Just this past week the LAPD was also breached and accounts were in the hand of hackers control for a period of time.
Agencies and enterprise organizations need the security capability in place to detect and take down fake sites, fake accounts and fake messaging. The solution also needs to protect social media against other attacks such as phishing, malware, spam and malicious attacks and to ensure the on-going protection and integrity of the company's digital identity.
| Social SafeGuard provides comprehensive surveillance of social media risks |
STEP 2 – Protecting against hacking and account takeover
Social Safeguard utilizes a highly prescriptive and systematic technology approach called DAST to combat the problem of hacking and account takeover across the plethora of social media channels utilized by today’s public agencies and enterprise organizations. DAST refers to our four-phase technology model that includes Discovery, Assessment, Securing and Testing functionality:
- The Discover Phase identifies the company's legitimate assets while also revealing fake and unauthorized presences and accounts.
- The Assessment Phase predicts new attacks and identifies areas of greatest exposure.
- The Securing Phase places known legitimate assets under security and policy-based supervision and stops account hacking and takeover. In addition, Social SafeGuard automatically analyzes any URLs present within a post, message, or file attachment for malicious content which can be immediately be removed from the platform.
- The Testing Phase against simulated threats periodically ensures on-going protection and the integrity of the company's digital identity.
By deploying these steps your social assets are secure from ATO (Account Takeover) and your agency or organization moves to a pro-active stance in combating social media risks.
STEP 3 – Protecting against fake sites and other malicious external threats
Bad actors most often use fake pages and websites utilizing a target organization’s domain to impersonate the organization's brand. They can take the form of phishing, malware, spam and other malicious attacks. To protect against these types of multi-varied threats in the social media space, risk management requires and approach that provides effective surveillance of both internal domains and the dynamic external social media threat landscape.
Social Safeguard’s DAST handles this dual requirement as well:
- The Discovery Phase utilizes patented proprietary techniques to identify digital encroachment, fake domains and fake accounts and other malicious that target the organization’s brand.
- The Assessment Phase utilizes a variety of techniques including feeds from cyber-security ThreatExchange to keep pace with new attacks and other emerging patterns of malicious activity across the broad cross-section of social media channels.
- In the Securing phase, DAST utilizes internal capabilities, its social media vendor partnerships, and other cybersecurity relationships to take down fake domain sites and defeat other malicious activity that threatens to our customer’s social media assets and reputation.
- Again, the Testing phase keeps the organization’s social media assets resilient to new patterns of attack through simulated attack testing.
Taken together, Social Safeguard’s risk management platform provides a comprehensive solution to assure that internal social media activity is in compliance with internal guidelines and industry regulations while also assuring that these same assets are protected against external hacking and other malicious activity. It gives public agencies and enterprise organizations the tools they need to avoid failures via a patented policy engine that supervises, reveals and monitors the company's digital and social media presence, while also providing the broad surveillance and actions that can effectively combat external threats against an everchanging social media risk landscape.
Kevin Walter is a Senior Product Management professional and an industry expert in Information Management and Governance.
The solution to immediately gain better control and security over your social media channels is available with the Social SafeGuard platform. If your organization plays a role in alerting the public to emergency situations or you are concerned about crisis management in digital or social media, contact Social SafeGuard to learn how you may already be under attack and to request a free social media audit.