Yesterday, Internews closed out our second Organizational Security Village! The event brought together security auditors, digital security trainers, and other experts and practitioners for a four-day program of over 25 community-led sessions exploring major themes in organizational security.
Sessions on Day 4 focused on approaches to OrgSec, OrgSec in practice, responding to advanced threats, and an introduction to digital forensics. Highlights from Day 4 of the OrgSec Village included:
- A panel conversation with organizational security practitioners working in the MENA region.
- A session focused on how teams are applying organizational security practices in situations that are volatile and unpredictable.
- An exploration of the challenges associated with and tactics for fighting back against online harassment of female journalists.
- An overview of findings from research conducted in Eastern Europe and Eurasia on the state of digital security helpers in the region.
- A session highlighting the process of incident response and investigations in small and medium-sized civil society organizations.
- An introduction to malicious document analysis.
- A discussion on government espionage in Mexico targeting human rights defenders, activists and journalists.
- The second part of a discussion on how to make our assessments more effective by better understanding our roles as assessors.
Key takeaways from the discussions included:
In the MENA region many organizations lack internal IT support and are also subjected to government surveillance and advanced phishing attacks. There are few IT professionals willing to work with civil society organizations, likely as a result of the low pay in comparison to private sector work.
When providing digital security support in volatile or unpredictable environments, practitioners must first ensure the physical, mental and emotional wellbeing of the communities with which they are working. It can be challenging to introduce new digital security behaviors when people are handling trauma and living in fear. In cases such as these, trust is just as important as expertise.
There is a clear correlation between female journalists' online safety and their psychological well being. Women who experience online harassment tend to suffer from anxiety, shame, and other mental health challenges. A useful first step is helping women understand that they are not alone in this experience nor responsible for what happened to them. Building a culture of awareness of online harassment is crucial to be able to effectively combat these attacks.
Digital security helpers in Eastern Europe and Eurasia are overstressed, overworked, and underpaid. Research shows that donors need to invest in community building and capacity-building activities (such as skill-shares and mentorship), while also funding rest and recuperation for those providing support on the ground. It is also critical that funders remain flexible and allow local partners to adapt to meet needs and ensure that support is sustainable long-term.
Digital security champions embedded within organizations can play an important role in incident response and ground-level forensics. These individuals can serve as a first point of contact within an organization, gathering relevant data about the incident and conducting initial triage to confirm if the content is malicious.
There are many different workflows to identify whether or not a file is malicious. These processes can be crucial at the triage stage of providing digital security support. The advice to “not open suspicious files” is not realistic for some professions, such as journalists, who rely on information that is often shared by individuals they do not know directly. While some antivirus software can help detect malicious files, some individuals or groups may be targeted by custom malware which would not be detected by antivirus. Utilizing more advanced workflows to analyze documents will allow you to spot malicious content that may be embedded into the file. Additionally, there are tools like CIRClean or Dangerzone which can be used to open suspicious files.
When you find evidence that individuals have been compromised, you must be mindful of how you present the findings back to them. Reporting back to community members about your findings can help build and maintain trust. It is also important to share actionable recommendations based on the findings that will help the targets minimize the damage of this attack and mitigate risks in the future.
Often there is a disconnect between organizations receiving support and organizational security practitioners. Organizations generally are looking for a more immediate “fix” or one-time solution while security practitioners are hoping to encourage long-term behavior changes. To help mitigate these sometimes competing goals, it is critical that everyone involved in an audit is open and ready to listen to others.
Thank you to everyone who participated in the OrgSec Village this week! You can find summaries for each day of programming here on the blog.