Lessons Learned from Analyst Breaches
Security analysts are the cornerstone of many business cybersecurity programs. Having experienced analysts vet threats is the catalyst for delivering timely, reliable, and valuable cyber intelligence. However, analysts face some very real security challenges when executing their mission. We can learn a great deal from the way these experts navigate cyber attacks.
This year, there have been some high-profile breaches as a result of hacking analysts, showing us more than ever that everyone is a target. As a company and as individuals, we need to constantly evaluate our security posture – cyber safety awareness is vital.
What We Can Learn From Analyst Hacks
Hackers look for the easiest and/or lowest cost way to infiltrate a network, and often the most effective method is through an organization’s employees or contractors. Security analysts are highly sought after targets because they often have access to highly sensitive and confidential data. One of the first, and most obvious, ways to avoid being a target is to shield your online identity. If a hacker doesn’t know who you are, then it’s that much harder to target you.
- Analysts are inherently cautious about their data.
Security analysts are highly likely to be fastidious in taking appropriate security precautions in everything they do. This begins with routinely changing passwords, using different passwords for each application, and ensuring the passwords are sophisticated – less likely to be easily broken, even with brute attacks. So, how often do you change your passwords? Do you have a different one for each online account? Analysts are also likely to use pseudonyms when using social media. This allows them to personally communicate on these channels without their identity being easily connected to their professional career.
- Treat your home or mobile office like your corporate network.
If a hacker can’t access your company’s network, they may try to compromise you when you’re away from the office, whether through your mobile device, home network, or personal accounts. Analysts carefully guard their information when working remotely or traveling. Some simple, but highly effective tips include: making sure you change your home router administration credentials from factory-issued defaults, and choosing network names that don’t contain your last name or any identifiable information. Keep your applications and operating system updated and patched. Turn off your mobile phone Hot Spot, Bluetooth, and Wi-Fi when these are not required. When traveling, make sure to password-protect your mobile devices and check data privacy rules in the places you’re traveling. These steps shut the door on many cyber attacks.
- Lock down ALL of your online accounts, not just social media.
If it is publicly known that you work at XYZ company from just reading your social profile, then you can easily become the target, whether it’s through compromising your email addresses, eCommerce profiles, or any of your social accounts – hacking them to change information, sending you posts with malicious links, or posting malicious links on your account. The easiest way to see what personal information is available about you on the open source is using any search engine to look yourself up. If you can see your place of employment, professional title, work history, home address, email address, and social media accounts, so can the bad guy. As a rule of thumb, the following should be followed:
- Be cautious of who you allow into your social networks
- Refrain from listing your employer on social media profiles
- Restrict public access to your accounts
- Update your privacy settings
- Don’t use social media while on public Wi-Fi hotspots
- Not all data security risks are cyber-based.
One of the oldest tricks in the book is stealing information by old fashion theft. For example, 70 percent of smartphones are lost or stolen each year, and only 7 percent are recovered. As it pertains to businesses, 52 percent of devices are stolen from workplaces, and 24 percent are stolen from conferences. Since 2006, 25.3 percent of data breaches were due to stolen mobile devices. Analysts are particularly careful with their devices, making sure they’re never left unattended and secured in trunks of cars or a hotel safe. It’s also important to be vigilant while using your devices in public to make sure no one can view your screens while riding planes and trains.
Analysts are tasked with protecting an organization’s data, but like anyone else, they can be susceptible to being breached. More than others, analysts are mindful of securing their private information, identity, and public-facing accounts to avoid being targeted. We can all benefit from thinking like an analyst when it comes to our personal and professional security.