Lydia Snider is a special advisor to U.S. Army Cyber Command in social media and information warfare. She never thought she’d be a consultant to the U.S. Department of Defense (DoD). In fact, she enjoyed a very successful career as a digital marketer. Snider still posts to LinkedIn these days, but she’s not sharing advice about building brand awareness. Instead, she’s covering subjects such as how North Korea is using social media to entice the employees of aerospace companies with fake job offers.
Many U.S. manufacturers don’t see themselves as targets for cyber warfare. Maybe it’s because they don’t think what they make would be interesting enough to America’s adversaries. Sometimes, however, it’s not what you make but the people who make it that are the immediate target. When Snider spoke at a recent webinar, she identified some specific threats. “If you are on this call,” she advised, “you are probably a target of Iranian phishing efforts.” Phishing, the fraudulent attempt to obtain sensitive information through electronic communications, has cost some companies millions of dollars.
Understanding the Threat Landscape
Phishing attacks are typically launched via email, but that doesn’t mean social media is without risks. Just as many salespeople use LinkedIn to cultivate prospects, America’s adversaries use the world’s most popular professional networking website to identify and build rapport with targets. Snider warns against accepting LinkedIn requests-to-connect without verifying through a separate channel that a request is legitimate. Yet there are ways to tell if the picture for a LinkedIn profile has been computer-generated. “Fake images have a dead eye stare,” she says, and may contain “tells” such as earrings that don’t match.
Cyber threats are myriad and extend beyond a particular social media platform or nation-state actor. TikTok, a Chinese video-sharing service owned by a Beijing-based company, is of particular concern to Snider because of its data collection and facial recognition features. “We have no vision into this,” she says, and adds that “DoD is not allowed to be on it.” The cyber consultant also cites a Russian app where users upload images of themselves and apply an age filter that makes people in photos look much older. “Our devices can create a network for adversaries to come in and take over our devices,” she warns.
Protecting Yourself from Cyber Adversaries
Snider’s advice can help you to protect yourself, your manufacturing company, and your co-workers. Here are a few recommendations:
- Use two-factor authentication, an authentication method where a device user is granted access only after successfully presenting two pieces of information to an authentication mechanism.
- Check all of your privacy settings periodically. Social media platforms add new settings all the time, and these settings typically default to the most open, or least restrictive, option.
- Be careful about posting personal information, including pictures of meals on business trips – especially if you are traveling overseas or in unfamiliar locations.
- Turn off location services and delete any apps that you don’t really need. Many smartphone apps have built-in location tracking.
- Review and remove old on-line activity. “The bad guys have already scraped this stuff,” Snider warns, but removing it will make it unavailable for future scraping.
Finally, Snider advises, it’s important to understand that “nothing is one hundred percent secure.”
About the Author: Steve Melito is a Solutions Specialist for FuzeHub and has been cited in several publications for his research into a 1982 cyber incident inside the former Soviet Union.