The document discusses the risks of social media and cyber warfare. It begins by summarizing the 2013 fake AP tweet that said President Obama was injured in explosions at the White House, which caused stock prices to plunge. The document then discusses how social media can impact core industries and how phishing attacks targeting the weakest link, like what happened to RSA, remain a risk. It closes by discussing challenges around BYOD policies and the importance of security awareness training for all employees.
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Ap fake tweet
1. The AP Fake Tweet
&
Other Social Media Risks
Philip Alexander CISSP-ISSMP, CEH, CHFI
Founder - Data Privacy Network
2. Agenda
Fake AP Tweet Rattles Stock Market
Cyber Warfare
Social Media’s Impact on Core Industries
Phishing for the Weakest Link
People & Politics
BYOD
Questions
3. Fake AP Tweet Rattles Stock Market
FAKE Tweet from AP Twitter account: 1:07PM – 23 Apr 13
Breaking: Two Explosions in the White House and Barack Obama is
Injured
Dow plunged more than 140 points with minutes
Was seen by nearly 2,000,000 followers
Was re-Tweeted nearly 1,500 times
4. Cyber Warfare
Impact of Cyber Warfare (Hacking)
Rattles investors faith in US Stock Market
Syrian Electronic Army
Claimed responsibility for posting fake Tweet
They also claimed to target:
NPR
Reuters
BBC
Al Jazeera
5. Social Media’s Impact on Core Industries
Dow impacted even though it wasn’t hacked.
**Companies that outsource security to Social Networking sites
6. Phishing for the Weakest Link
AP reports receiving Phishing email prior to fake Tweet
Attachments
Links
People & Politics: A hole in a strong Defense-in-Depth posture
RSA’s SecurID Breach Started with a Phishing Email: April 2011
***OSI Layers 8 & 9.
7. People & Politics
Education & Awareness
Did the AP change their Twitter account password?
Twitter reported being hacked back in February 2013
Least-Privileged Access
From the CEO on down
Web Filtering
Block access to risky web sites
***Security is not just the Security Guy’s job!
8. BYOD
Support & Data Leakage (DLP) challenges associated with BYOD
Thumb Drives
Do your systems allow USB Drives to be used?
Smart Phones
Can your employees send/receive work emails from their personal Cell
Phones?
iPad – iPod
Are personal devices allowed at work?
9.
10. Questions
Philip Alexander CISSP – ISSMP, CEH – CHFI
Founder – Data Privacy Network
phil@dataprivacynetwork.com
http://www.dataprivacynetwork.com
https://www.facebook.com/DataPrivacyNetwork
https://twitter.com/DataPrivacyNtwk
Notes de l'éditeur
“ I forward this file to you for review,” the unsigned email, sent to four employees of RSA's parent company EMC, stated. “Please open and view it.” 1 of the 4 retrieved the email from their junk mail folder, and opened the Excel file “2011 Recruitment plan.xls”, that contained a malicious Adobe Flash object,