Social Media Sites - Cyber Weapons of Choice

Facebook, LinkedIn, and Twitter can't secure their own environments, let alone yours. It's time to sharpen your security know-how.

Cyber criminals run rampant across every social network today. We often see headlines about social marketing fails and celebrity account hacks, but they’re just the tip of the iceberg. Far more nefarious activity takes place across these social channels, while most organizations remain oblivious and exposed. Companies’ poor social media security practices put their brands, customers, executives, and entire organizations at serious risk.

Let’s look at the numbers. According to Cisco, Facebook scams were the most common form of malware distributed in 2015; the FBI said that social media-related events had quadrupled over the past five years; and PricewaterhouseCoopers found that more than one in eight enterprises suffered a security breach due to a social media-related cyber-attacks.

The first thing you must come to terms with is that social networks can’t secure their own environments, let alone yours. As much as they aim to mitigate security threats and terrorist propaganda on their platforms, they aren’t close to 100% effective. For example, Facebook reported that for 2015 up to 2% of its monthly average users, 31 million accounts, are false, Twitter estimates 5%, and LinkedIn openly admitted, “We don’t have a reliable system for identifying and counting duplicate or fraudulent accounts.”

Despite this, social networks remain some of the most trusted channels online. Data shows that consumers implicitly trust people’s activity on social media more so than on any other communications channel. This is why social media sites are now a treasure trove for cyber criminals: The attackers now have incredibly broad reach and can easily manipulate users and execute a variety of widespread cyber-attacks and scams, including everything from social engineering to exploit distribution to counterfeit sales to brand impersonations, account takeovers, customer fraud, and much more.

The point is that cyber criminals now weaponise social media sites and their data, leading to some of the biggest data breaches over the last few years. For example, LinkedIn was a key tool for reconnaissance (the scraping of public social data and social engineering tactics) for the cyber criminals who executed Anthem Health’s 2015 breach and its 80 million stolen records, while Twitter was an integral component of an innovative malware exploit dubbed “Hammertoss.” This technique has even been rumored to be connected to the Pentagon’s data breach last summer that took down the security agency’s 4,200-employee email server for two weeks while undetermined amounts of data were stolen.

Sinister Threats

While social media sites may not create completely new cyber threats, they do substantially amplify the risk of existing ones. From reconnaissance to brand hijacking and threat coordination, cyber criminals have been using social media to boost the effectiveness of their attacks for years. It’s clear that social media risk isn’t solely about brand and reputation damage but is a sinister cybersecurity threat that can lead to major data breaches, numerous compliance issues, and large amounts of lost revenue due to fraud and counterfeit sales, along with a slew of other risks.

So what does this all mean for your brand? Both security professionals and marketers alike should start treating social channels like the dangerous security threat they truly are, and align strategies to effectively fend against the range of cyber techniques currently in use. A first step in the right direction is to develop a framework and assess your social risk plan. Identify your most valuable social assets and customer touch points, and develop technical capabilities to continuously monitor them for signs of compromise and behavioral abnormalities.

But don’t stop there. To truly build an effective social media security plan, you need to understand your external risk environment and scour social channels for cyber threats outside of your direct control, be they doxing attempts, brand impersonations, or physical security threats to your employees or top executives. This should be done while also seeking feedback company-wide and coordinating with a range of stakeholders across legal, compliance, operations, and finance to ensure that all bases are covered.

Remember, social media is still in its infancy. Bolster your social media security acumen today so you’re better prepared for new social media exploits and innovative techniques that cyber criminals are sure to develop in the months and years to come.

Dark Reading

« How Will Terrorists Use The Internet of Things?
Are Cyber Breaches The New Norm? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

a1qa

a1qa

a1qa specializes in the delivery of full-cycle software QA and application testing services.

National Cyber-Forensics & Training Alliance (NCFTA)

National Cyber-Forensics & Training Alliance (NCFTA)

NCFTA is a trusted alliance of private industry and law enforcement partners dedicated to information sharing and disrupting cyber-related threats.

4N6

4N6

4N6 is a privately-owned firm founded with the goal of providing expert knowledge of computer forensics.

Sasa Software

Sasa Software

Sasa Software is a cybersecurity software developer specializing in the prevention of file-based network attacks.

CryptoTec

CryptoTec

CryptoTec is a provider of security concepts and encryption solutions for secure communication between decentralized computerized systems.

Simility

Simility

Simility's multi-layered fraud detection solution uses superior machine learning & device intelligence technology to safeguard your online businesses.

International Accreditation Forum (IAF)

International Accreditation Forum (IAF)

The IAF is the world association of Conformity Assessment Accreditation Bodies. Its primary function is to develop a single worldwide programme of conformity assessment.

Fudo Security

Fudo Security

Fudo Security is a leading provider of privileged access management and privileged session monitoring solutions.

Datacentrix

Datacentrix

Datacentrix provides end-to-end cybersecurity services for the operational technology (OT) and IT environments to monitor, assess and defend our customers' information assets.

Raonsecure

Raonsecure

Raonsecure is one of Korea’s leading ICT security software companies – providing a variety of PC and mobile security solutions to financial institutions, government, and enterprise.

Nigerian Communications Commission (NCC)

Nigerian Communications Commission (NCC)

NCC has established a CSIRT for the telecommunication industry to provide services and support for the prevention and management of potential cyber security related emergencies.

Black Girls In Cyber (BGiC)

Black Girls In Cyber (BGiC)

Black Girls In Cyber's mission is to increase industry awareness and diversity in cybersecurity, privacy, and STEM for women of color.

NetApp

NetApp

The NetApp portfolio includes intelligent cloud services, data services, and storage infrastructure that helps organizations manage applications and data everywhere across hybrid cloud environments.

Anatomy IT

Anatomy IT

Anatomy IT empowers healthcare providers to deliver exceptional patient care with cutting-edge technology and cybersecurity solutions.

Eleviant Tech (CTG Group)

Eleviant Tech (CTG Group)

Eleviant Tech (CTG Group) is a USA based digital transformation company with expertise in Mobile, Cloud, Web, IoT, AR, RPA, Cyberseurity and AI Technologies.

SENTRIQS

SENTRIQS

SENTRIQS advanced encryption technology is engineered to defend against the most sophisticated cyber threats, keeping your operations efficient and secure.