by Drew Spaniel, Researcher, Institute for Critical Infrastructure Technology
The digital threat landscape is comprised of organization-centric asymmetric warfare theaters populated by innumerable hyper-evolving sophisticated and unsophisticated adversaries with myriad motives, tools, techniques, and procedures. As trite as it sounds, it remains true now more than ever that “knowledge is power.” However, in the Digital Age, where access to information is ubiquitous, pervasive, and immediate, it can prove challenging to isolate essential content from the surrounding multitude of uncultivated material, distracting articles, memes, fake news, disinformation, media talk-pieces, or coverage that is simply non-essential to the audience. Ignorance of a threat or emerging technology can prove deadly to businesses and devastating to consumers. Human-operated social media accounts that propagate curated content can help to level the threat landscape by broadcasting critical information between and outside of niche industry silos and can thereby elevate inclusive cybersecurity and cyber-hygiene conversations and cross-sector efforts by informing key stakeholders of glaring vulnerabilities, emerging trends, and nescient threats.
Every piece of content costs time, attention, and energy to read. Personnel are often inundated with the burden of performing their duties while sifting through the flood of incoming information across hundreds or thousands of sites. Those uninformed on a critical subject are at a significant disadvantage and could even be complicit in the threat to their organization. The time of information silos has long past. Threat actors, ranging from script kiddies to cybercriminals to advanced persistent threat groups (APTs), compromise targets in every sector and niche. Cross-sector supply chains, distribution networks, and third-parties are frequent victims of opportunistic adversaries that are intent on maximizing their influence while minimizing their resource expenditure. Attackers only need to focus on penetrating one or a handful of systems. Meanwhile, defenders must mitigate the efforts of hundreds or thousands of attackers while remediating existing vulnerabilities and searching for undiscovered weaknesses. When one organization is compromised, the threat actor pilfers valuable PII, PHI, and IP and then laterally infects associated external systems. The theory of Broken Windows applies; when one organization is compromised, others will soon fall victim, as the adversary laterally moves and as other potential threats witness the success of the campaigns and discover exploitable vulnerabilities. Eventually, every organization is compromised by multiple adversaries as the number of threats steadily multiplies. Thanks to years of apathy, lackadaisical cyber-hygiene, and a software culture that abhors security-by-design, we are already at the last stage of the analogy. Cybersecurity experts agree that there are two types of organizations: those who know their systems are compromised and those who are naïve. Malware and viruses spread like proverbial diseases. Threat actors multiply like bacteria. The only practical response is a concerted effort to dismantle information silos and unite disparate niche industry communities to repel the digital horde like a resilient immune system. The best way to incite a cybersecurity and cyber-hygiene renaissance is through the precision dissemination of cultivated content across a ubiquitous delivery mechanism, to expedite the training and evolution of essential personnel.
Information Security is more than just cybersecurity alone. To repel threats, experts must also monitor insider threats, vulnerabilities in niche systems, air gap vulnerabilities, destructive cyber-physical attacks, Deep Web developments, the weaponization of consumer data, IP theft trends, risk scenarios, incident response, cyber forensics, and numerous additional topics. It is a broad field comprised of high-level cybersecurity and cyber-hygiene best practices, known and obfuscated exploitable vulnerabilities, a shifting plethora of laws and regulations, sector-specific threat advisories, CVEs, and distributed whitepapers, blog posts, and other information from thousands of reputable vendors, security researchers, and government entities. Information Security teams are often under-resourced, inundated by the deluge of information, and overwhelmed by the incessant onslaught of attacks. Just as “no man is an island,” no organization is a castle. Any organization that focuses solely on defending its perimeters will be compromised in short order. Instead, organizations must layer their defenses according to emerging threats, and they must work across organizations, niches, industries, and silos to advance the security of every other firm. It behooves organizations to ensure that internal and external experts remain easily well-informed on cultivated industry-specific material optimally delivered across pervasive vectors.
It is the social responsibility of Information Security thought leaders to create research, expedite information delivery, and foster the evolution of the community at large. One of the most effective mechanisms available in the cyber-war is the popularization of reputable social media accounts that curate and disseminate vital information on niche topics. Bot accounts, even when driven by AI and machine learning cannot identify critical content, ascertain relevance, or gauge quality. Instead, these accounts are operated by subject-matter experts focused on uniting the community, breaking information silos, and liberating content. With a righteous goal and a skeptical, but discerning eye, these thought leaders can leverage pervasive dragnet surveillance platforms for good. Whitepapers, innovative research, developing trends, threat advisories, CVEs, interesting articles, emerging legislation, or cultivated discussions can all be promoted by the author on a social media feed that directly informs followers ranging from security personnel to researchers to students to subject matter experts. These accounts can be indispensable when responding to a global threat. Consider that the WannaCry ransomware and Mirai botnets were both combatted by online communities of security researchers communicating across curated twitter feeds and social media pages. Over the past few years, ICIT has promoted reputable content curators on social media and has propagated meaningful content to our followers. Now, especially in the dawning age of disinformation and fake news, it is imperative that more thought leaders, including resourced security vendors and industry experts, launch, support, and maintain human-operated content curation accounts that advance meaningful Information Security research and content instead of ideological platforms or marketed products.