Security 500 conference     

 Don’t miss the networking event of the year for security executives!
Register today for the Security 500 Conference.

Security Enterprise Services

How to Use Social Media for Better #Security

Deltek

Rich Ronston of Deltek uses social media-sourced intelligence to understand new options and apply them to the business’s risk appetite. Photo courtesy of Lauran Cacciatori/Deltek

Picture this – in 20 minutes, one enterprising hacker at the 2012 Defcon conference in Las Vegas learned one Wal-Mart store’s physical logistics – from the janitorial contractor to where employees go to lunch – key details about the make and version numbers of the Wal-Mart manager’s PC, browser and anti-virus software, and got the manager to upload the address of an external website into his browser – no questions asked. The hacker, Shane MacDougall, had captured every data point in the convention’s annual “Capture the Flag” social engineering contest, and Wal-Mart was the victim. That’s social engineering.

After the event, MacDougall told reporters that “Social Engineering is the biggest threat to the enterprise, without a doubt… I can see all these (Chief Security Officers) that spend all this money on firewalls and stuff, but they spend zero dollars on awareness.”

But security leaders are paying attention now – especially Mark Arnold, Security Engineering Manager at TJX, the parent company of retailers HomeGoods, TJ Maxx and Marshalls. He joined TJX two years ago and wanted social engineering (or “Human Hacking”) training since then, but – after the Defcon debacle – he got the resources he needed.

“It’s becoming a reality that these spaces provide more targets,” Arnold says. “Malicious actors are looking to take advantage of people now, not just networks. They see humans as ‘nodes’ in the system. They look for low-entry employees – easier entry points. They want to compromise as many of these ‘smaller prizes’ as possible.”

Arnold is using social media to obtain a better picture of who would be targeting – looking for predictable data that TJX can use in future security and marketing campaigns.

Rich Ronston, Lead IT Security Architect at Deltek, is using the open-source data found on social media to determine where resources are most needed. Deltek supplies project-based solutions on-premise, as well as in the Cloud, so Ronston has to stay up to date on the changing landscape.

“Twitter has cutting-edge information that could impact our SaaS applications and Deltek’s IT department,” Ronston says. “We like the immediacy of information and ability to find deeper intelligence. You can get what you need to know quickly and take it directly to the CIO. Then, we apply the scenario – such as a new patch or possible vulnerability – to our risk appetite and decide what to do.”

Messages, conversations, links and detailed vendor information form the basis of security research on social media, Ronston says: “It puts you into the center of the conversation.”

Merely searching for basic hashtags or metadata tags on Twitter, such as #Security, can produce a depth of information to help security professionals better perform their functions. For example, a quick search under that term could produce security metrics, risk management data, security news stories, chatter about business continuity trends or even hints at possible security risks.

In Arlington, Texas, the Arlington Police Department is monitoring social media to pick up on specific risks and threats pertaining to the city’s Entertainment District – a close-knit area that contains Cowboy Stadium, Rangers Ballpark and Six Flags Over Texas. These venues are also the site of events – not just sports games, but controversial speakers or meetings – that could be targets of attacks. By searching social media venues, such as Twitter or Reddit, for specific keywords or tags that could be related to a specific event or a certain issue of concern, the intelligence unit can investigate threats further.

“It’s all open source information, but we have to have a criminal nexus to pursue a specific statement,” says Sgt. J.P. Rogers of the Arlington PD Intelligence Unit. “We have to determine that it’s a legitimate public safety issue before looking into an incident or a person, and we have civil rights and civil liberties training to ensure we follow that rule.”

For example, Rogers says, general or conditional statements (“If this team loses, I’m going to drop a bomb on the stadium”) would not be investigation-worthy – the speaker does not demonstrate the intent or the capability to follow through. However, a statement of “There is a bomb in the stadium now” demonstrates an imminent threat that requires action and investigation.

“You have to manage the difference between free speech and a threat,” Rogers says.

Once a threat is declared serious enough for investigation, law enforcement works across state lines to track user information to the statement’s source. In the two most recent cases, Rogers says, the offending Tweeter was out-of-state and entirely incapable of following through on the threat, but it pays off to be sure.

Arnold reacts to social media threats the same way his team would respond to a cyber attack – he informs the legal team and upper management to spur a coordinated incident response.

Uncovering threats is not the only use for social media monitoring, however. Many private industries are using it to foster an active dialog with customers as a value-added marketing tool.

Customers can spur a lot of online buzz about what they like or dislike about a company, and social platforms such as Yelp or Twitter can supply businesses with the opportunity to reach out to specific, vocal customers who provide real-time reviews of your service.

“You can have risk or IT security groups leverage social media channels to broadcast specific information to product subscribers or customers,” Ronston says. “Outside of the IT department, you can use it for marketing or for getting your company message out. It’s as much a marketing engine as a listening tool.”

Professional networking sites such as LinkedIn offer security professionals another set of tools, Arnold says. He uses LinkedIn for cultivating details and profiling, including vetting new individuals and checking connections to current associates.

“Interconnections add to predictability,” Arnold says. By knowing who knows who on social media, he can better understand what kind of target that person is to outside threats.

“We’re trying to use the whole network security model, the life cycle of security, to manage these threats,” he adds. “The whole entity is being targeted now – not just devices, but specific people.” And, by monitoring the footprint that an enterprise’s human element leaves on social media, security can better predict who will attack where, and be prepared for it.

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Claire Meyer

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security Magazine 2014 September cover

2014 October

Security takes a look at safety and preparedness for the harshest of weather phenomena in this October 2014 edition of the magazine. Also, we investigate supply chain security and the many benefits of PSIM. 

Table Of Contents Subscribe

Travel & the Ebola Risk

Are you and your enterprise restricting travel due to Ebola risks?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.