June 7, 2012

LinkedIn Breach, Part II: What You Need to Prepare for Next

Jason Clark

Yesterday’s LinkedIn breach made headlines, but I want to go deeper and provide practical advice for organizations on how they can anticipate any DLP consequences and tighten their network security. As the world’s largest professional social network, LinkedIn is unique because it has legitimate uses for almost every employee.

LinkedIn’s password breach could result in three serious ramifications for businesses everywhere:

  1. Cybercriminals can take advantage of trust and social engineering attacks. If you are ‘linked’ to a trusted colleague you are more likely to click on a malicious link sent from them, which may open the door to targeted attacks and confidential data theft.
  2. Many LinkedIn accounts are tied to other social media services, such as Facebook or Twitter, so posts with malicious links can also be spread to a larger audience.
  3. Most of us are creatures of habit and have the same password for multiple accounts. The consequences of a breached password could reach across email, social media, banking accounts, and mobile phone data.

In my last post, I provided an email template for you to share with employees about changing their individual passwords, but it doesn’t stop there. The truth is many of your employees are going to ignore changing their passwords.

So what next? Well, to be honest, you are just getting started. First, we need to look at the three likely attack scenarios that might develop from this breach:

  1. Employees are tricked into clicking a malicious link from a trusted colleague through their compromised friends status feed (this could be a broad or targeted attack).
  2. A generic spam email is sent from compromised accounts to one of your employees, leading them to a malicious site.
  3. Sophisticated attackers collect data on their target (your CEO, CFO, etc.), find a suitable LinkedIn contact to compromise and send a tailored lure, which will likely lead to data-stealing code.


You need a strategy to protect against these and other attack scenarios. Here’s a seven-step check list for mitigating your risk.

  1. Educate, educate, educate your employees. An ounce of prevention can do wonders for your organization’s security. After you have educated, use tools like PhishMe.com to test whether employees are “getting it.”
  2. Double-check your core best practice procedures.Are all your security solutions up to date?
  3. Verify your social media controls and ensure all related policies are current.
  4. Review what solutions and settings you have in place to protect against targeted attacks. People post true and explicit details about their background on social media sites, which makes them ripe for socially engineered attacks. Can you prevent targeted attacks from email, the web, and mobile devices?
  5. Prepare to spend more time following up on suspicious events or activity. This means digging into logs with more urgency to ensure you have not been targeted or compromised.
  6. You need to be able to monitor data in motion. Your data loss prevention solution should block sensitive information from leaving the network via both email and web channels, not just discover that it’s lying around on the wrong server. Make sure you have this capability.
  7. In addition to DLP, investigate what other outbound security measures you have to identify and contain botnet or other malicious activity.

The potential implications for your business are serious. Talk with peers and find out what other steps they are taking. If you have any questions or thoughts, post comments here.

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.