Overview

A recent report by The Economic Times (CISO) revealed that more than 600 twitter accounts, emails and websites pertaining to the government of India were compromised in the last five years. CERT-In, the official government body that notifies the affected entities along with remedies, have also confirmed these shocking statistics.  The ‘Digital India’ drive, announced by the Government of India, has received  lots of applause and appreciation from both in India as well as the rest of the world. In order to fructify this grand initiative, it is important to safeguard the messaging and communications infrastructure though.  Still, many entities have suffered cyber attacks due to inadequate cyber security measures, poor IT security policies, lack of knowledge from end-users among many other shortcomings.   So what steps can be taken to ensure that similar statistics, as mentioned above, do not recur? In the information age, social media plays a pivotal role to stay connected - both personally and professionally. Socialization is no more a ‘trend’ - it has turned into a ‘necessity’. Today, not only government organizations but organizations and businesses of all shapes and sizes count on different social media platforms to stay connected with the audience to disseminate information.  There are millions of Facebook, Twitter, LinkedIn and other social media accounts across the globe. How do government officials ensure that the social media accounts and the admin accounts are safe from misuse?  Likewise, government organizations and government authorized agencies require intensive monitoring over hundreds or maybe thousands of emails coming in the inbox every now and then. Unless verified and secured, there could be threats of unwanted access through phishing emails. 

ARCON’s Analysis

ARCON has discussed the increasing vulnerabilities associated with government organizations in an exclusive whitepaper on essential IT safeguards in government organizations. ARCON has discussed the IT security limitations and how to reinforce end-user behaviour monitoring to keep anomalous user profiles at bay. In this backdrop, cyber threats on social media applications are not just restricted to government organizations. For instance, a twitter account of a government department could definitely be at risk if there are multiple users accessing the account for sharing different updates. Moreover, shared passwords always pose an additional threat of unauthorized access and hacking. Post analysis, it has been evident that organizations lack answers to the below: 
  • Are the passwords of the accounts frequently changed or randomized?
  • Is there any dedicated access control mechanism to monitor social media accounts?
  • How many shared credentials are used to manage and control social media accounts?
  • Do the employees have a casual attitude towards following IT security policies?

How to address the Risks of  Emails and Social Media Accounts Compromise? 

During this crucial juncture of digital transformation happening everywhere, ARCON would like to discuss some basic measures to ensure comprehensive security of the official email accounts and social media accounts. Security of Email Servers: Every email coming to the admin inbox of critical government departments should be verified by DNS (Domain Name System) server and MAC (Medium Access Control) sublayer.  DNS validates the authenticity of the IP address and MAC ensures secure transmission of the data through emails. Secondly, deployment of a robust Privileged Access Management (PAM) solution can ensure email servers are protected from unauthorized access. SMTP (Simple Mail Transfer Protocol) servers, especially in the government departments, require multi-level authentication so that the suspicious emails (mainly phishing emails) are restricted and deleted immediately after detection.  Protection of Social Media Applications: Many organizations keep third-party agencies to manage and control the social media activities. In the case of government authorities, social media accounts are more vulnerable to unauthorized access. Due to the lack of centralized governance framework and poor end-user visibility, the critical data assets are always at risk from malicious insiders or unknown third-party users. With the solutions such as Endpoint Privilege Management (EPM),  government organizations can ensure a centralized policy for all social media admins, and ensure access to  social media applications on just-in-time basis.    

The Bottom-Line

In the age of digitalization, data security, data integrity and data privacy are the top priorities. Cyber criminals always look to target the communication infrastructure as they offer big bounties. Hence, it is critical to protect emails and social media applications.