Guest Contributor, Steven Luber
The following story warns of safety consciousness as new technologies gradually take place in our lives. During World War II, the U.S. Department of War (the predecessor to the DoD) circulated posters with the message: “loose lips, sink ships” in an effort to cut down on over-sharing.
The updated version? “Loose tweets, sink fleets,” according to new U.S. Air Force counter-intelligence efforts.
And other governments are taking note.
In May 2015, Chinese military officials issued directives against the use of smart watches, fitness trackers, and “device[s] that could record high-definition audio and video, take photos, and process and transmit data,” fearing the accidental release of military and state secrets.
Their caution would prove prescient.
In January 2018, it became public knowledge that the popular fitness app Strava accidently revealed the location of clandestine military facilities around the world.
The San Francisco-based company published its Global Heat Map in November 2017, detailing over one billion user activities, consisting mainly of running and cycling routes. Inquiring readers quickly discovered that it was possible to identify precise paths, as well as individual user data, in and around secure military instillations. In one particularly-glaring case, open-source researchers were able to identify physical security vulnerabilities at the headquarters of Taiwan’s Missile Command.
Human error - be it oversharing on a fitness app or flippantly tweeting sensitive information - will create vulnerabilities in even the most security-conscious organizations.
For example, in early 2019 the Russian Parliament passed what is commonly known as the “anti-selfie” law. The decision came shortly after investigative journalist groups were able to use pictures uploaded to social media to positively identify individual Russian servicemen in eastern Ukraine.
Human beings can be your greatest strength or your greatest vulnerability.
Concerns that were once solely the domain of military and government organizations are now everyone’s concerns.
Private companies face the risk of having their personnel tracked by all manner of criminal actors using the same techniques demonstrated above.
Every Instagram picture, Facebook post, and geo-tagged tweet can be used to identify not only one’s present whereabouts, but also behavioral patterns, business or personal contacts, and various other forms of personally identifiable information, or PII.
You can invest in the best technological defenses that money can buy, but without security-conscious personnel you will always be fighting an uphill battle. This is the reason why you need to invest in security awareness for employees.