Intelligent CISO Issue 9 - Page 46

industry unlocked Managing credentials for access and control over CNI To properly secure and protect social media accounts, agencies must employ best practices for privileged account security, including: • Enable transparent access: Authorised users must be able to seamlessly authenticate to an account without knowing their passwords, making it harder for hackers to uncover and steal credentials. This kind of access would have given Hawaii’s governor immediate access to his account to confirm that the missile alerts were false. • Eliminate shared credentials: Storing passwords in a digital vault requires users to login individually for access, eliminating the accountability challenges of shared credentials. • Automate password changes: Changing privileged credentials ensures attackers can’t use old passwords across systems. 46 Automating password changes regularly also updates access privileges, reducing the chance of an outsider stealing and using a valid credential. • Audit account activity: By creating a record of activity on social media Attention has turned to how hackers with malicious intentions could seize control of the critical infrastructures of cities and nation states. accounts, all posts can be traced back directly to an individual authorised user, making it easy to identify employees who may be posting harmful content. The false alarms in Hawaii and Japan shine a spotlight on the significant amount of trust that the government, organisations and civilians put into social media as a credible and dependable form of mass communication. At the same time, they’re prime examples of what can go awry when these trusted social sites aren’t managed properly. The incident in Hawaii in particular should motivate agencies to take steps to guard against these same avoidable mistakes. Most importantly, it’s a call to action to proactively protect social media against threats both nefarious and accidental, especially in the age of rising CNI attacks and a greater public awareness of them. This is only the tip of the iceberg. u Issue 09 | www.intelligentciso.com