industry unlocked
Managing credentials for access
and control over CNI
To properly secure and protect social
media accounts, agencies must employ
best practices for privileged account
security, including:
• Enable transparent access:
Authorised users must be able
to seamlessly authenticate to an
account without knowing their
passwords, making it harder for
hackers to uncover and steal
credentials. This kind of access
would have given Hawaii’s governor
immediate access to his account
to confirm that the missile alerts
were false.
• Eliminate shared credentials:
Storing passwords in a digital vault
requires users to login individually for
access, eliminating the accountability
challenges of shared credentials.
• Automate password changes:
Changing privileged credentials
ensures attackers can’t use
old passwords across systems.
46
Automating password changes
regularly also updates access
privileges, reducing the chance of
an outsider stealing and using a
valid credential.
• Audit account activity: By creating
a record of activity on social media
Attention has turned
to how hackers
with malicious
intentions could
seize control
of the critical
infrastructures
of cities and
nation states.
accounts, all posts can be traced
back directly to an individual
authorised user, making it easy to
identify employees who may be
posting harmful content.
The false alarms in Hawaii and Japan
shine a spotlight on the significant
amount of trust that the government,
organisations and civilians put into social
media as a credible and dependable
form of mass communication. At the
same time, they’re prime examples of
what can go awry when these trusted
social sites aren’t managed properly.
The incident in Hawaii in particular
should motivate agencies to take
steps to guard against these same
avoidable mistakes.
Most importantly, it’s a call to action
to proactively protect social media
against threats both nefarious and
accidental, especially in the age of
rising CNI attacks and a greater public
awareness of them. This is only the tip
of the iceberg. u
Issue 09
|
www.intelligentciso.com