As technology capacities escalate, the risk for cyberattacks from threat actors also grows. John Chen, Executive Chairman and CEO of BlackBerry, shared that “cyberattacks are a serious threat to everything from our personal data and privacy to an enterprise’s intellectual property and a nation’s critical infrastructure.” This has become increasingly important with remote work being the new norm for many industries.
The FBI and the National Counterintelligence and Security Center (NCSC) recently released a movie, “The Nevernight Connection,” that was inspired by true events to increase awareness about the threats that come with professional networking social sites. In the release, it said that “China and other foreign governments are using [these] sites to target people with U.S. government security clearances.” Specifically, these threat actors approach individuals with the hopes of a career opportunity in exchange for information.
Alan E. Kohler, assistant director of the FBI’s Counterintelligence Division, said how the movie highlights the way in which “foreign intelligence services are posing as headhunters and consultants on professional networking sites to aggressively target Americans. [The FBI believes] it’s critically important to educate the public in order to neutralize this threat from foreign intelligence services.”
The U.K. Centre for the Protection of National Infrastructure shared in a “Think Before You Link” video how “criminals and hostile foreign states use social media to target individuals who have access to valuable information. Connecting could put yourself, your organization, and national security at risk.” By connecting with potential attackers, individuals are allowing them to see their profile, personal information, and who else is in their network. This is all valuable information that should be protected.
Your information is valuable whether it is classified or not. The FBI advised that “current and former government employees are not the only ones at risk from these schemes. Individuals in the private sector and academic and research communities are also being targeted this way by hostile foreign actors seeking to acquire trade secrets, proprietary data, and information on cutting-edge research and technology. Foreign intelligence services are looking to target anyone with access to the information they want.”
As a way to mitigate risk, the FBI and NCSC suggest to “never accept an invitation to connect from someone you do not know, even if they are a friend of a friend. If possible, validate invitation requests through other means before accepting them. Report suspicious online approaches to appropriate authorities. And most importantly, be careful what you post on social media platforms about yourself and your job, as it could draw unwanted attention from adversaries and criminals.”
Agencies need to continue educating all employees on how to secure and protect all social media channels. And likewise, agency workers should notify security officers if an offer seems too good to be true, lacks depth or verifiable information, or uses tactics like urgency and flattery in the motives for hiring. Security works best when all parties engage in a partnership.