As the debate roils on about the dismantling of big tech, lawmakers are renewing calls that powerful social platforms, namely Twitter and Facebook, share the blame for such major events as the capital riots in Washington, after getting slapped for their outsized role in swaying votes in the 2016 election. Meanwhile, Google and Apple played no small part in, albeit temporarily, squashing Parler for offering too much free speech while the U.S. Commerce Department is hoping to dial back usage of WeChat and TikTok for offering too little privacy. And more to the nuts and bolts, the impact of the Solarwinds hack has rippled through government organizations worldwide. For some, these have been a whirlwind few months full of revelations. For threat researchers dialed into public and open web intelligence channels throughout 2020, it’s time to ask: is anybody listening?
Corporations need to be proactive
As is often the case, the implications of a thing don’t rear their head until too late. Social media companies, eager to gain popularity, promised users an opportunity to “be part of the conversation,” encouraged them to share, and they did. In the immediate aftermath, law enforcement and government around the world grappled with if and how to use these platforms to safeguard public interests. This controversial debate goes on to this day. Meanwhile, early on, too little scrutiny was paid to how the powerful behavioural data was being used by private companies to impact public affairs, but this reared its ugly head with the Cambridge Analytica scandal.
Public sector policy making is slow to respond to changes in the technology landscape, and usually when it does this means something very bad happened. The corporate sector, on the other hand, has been considerably more proactive where public conversations are concerned. For companies simply looking to be informed about threats to their assets, make sure that employees are not misrepresenting them, or that information that shouldn’t be shared isn’t, it’s not all that controversial. Cybersecurity disciplines, in particular, have been capitalizing on open and dark web intelligence for many years to conduct threat research.
Online dialogues are fluid
Social platforms like Gab and Parler are relatively new on the block. Bastions of free speech, aspirationally or otherwise, they have not yet endured the trials of their predecessors. Mark Zuckerberg and Jack Dorsey are by now accustomed to the finger pointing. The CEOs of Gab and Parler are only just learning. These and other smaller “fringe” platforms still fall below the radar for a public sector. Sites like Discord and Telegram, even more so. The corporate sector can evolve more readily.
Companies, referring specifically to corporate security and cybersecurity professionals, need to internalize the changing landscape of social media. Social dialogues do not happen tightly within a network on a single social platform available as a stream, but rather loosely woven across multiple platforms in an ocean of information. Over the next few years, the demographics of mainstream platforms will start to trend towards homogenization. Social profiles and personas will be increasingly compartmentalized and purposeful. It’s time for intelligence professionals to take notice and adapt.
Intelligence inspired by society
Security leaders need to adopt recursive, trickle up strategy making that better reflects the broad makeup of society and technology. Internal policies need to reflect that. External tactics and intelligence gathering need to leverage it too. Too often, usage statistics and demographics information intended for marketers is being used to guide intelligence strategy. These statistics are misleading when used inappropriately and can belie a problem that really lives elsewhere.
Despite low user adoption across the same swaths of the population as such mainstream platforms as Twitter, Facebook, and Instagram, sites like Parler, Gab, and Discord are gaining their fair share of solid engagement. It is in the likely milieus that conversations see a return to the authenticity enjoyed on more popular sites in the early days. Often tied by affinity and opinion rather than proximity, they are arguably as important. As gaps in visibility, they can be dangerous.
#Security leaders need to adopt recursive, trickle up strategy making that better reflects the broad makeup of society and technology. #respectdata
Click to Tweet
Over the past few months, it’s become clear that public sector intelligence has fallen short at keeping up the pace. In 2021, companies should aim to exceed it. It’s hard to speculate now what might have happened differently if certain organizations had had access to better intelligence, but it could not have hurt.