Social Media Sites - Cyber Weapons of Choice

Uploaded on 2016-09-21 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY-Key Areas-Social Media

Facebook, LinkedIn, and Twitter can't secure their own environments, let alone yours. It's time to sharpen your security know-how.

Cyber criminals run rampant across every social network today. We often see headlines about social marketing fails and celebrity account hacks, but they’re just the tip of the iceberg. Far more nefarious activity takes place across these social channels, while most organizations remain oblivious and exposed. Companies’ poor social media security practices put their brands, customers, executives, and entire organizations at serious risk.

Let’s look at the numbers. According to Cisco, Facebook scams were the most common form of malware distributed in 2015; the FBI said that social media-related events had quadrupled over the past five years; and PricewaterhouseCoopers found that more than one in eight enterprises suffered a security breach due to a social media-related cyber-attacks.

The first thing you must come to terms with is that social networks can’t secure their own environments, let alone yours. As much as they aim to mitigate security threats and terrorist propaganda on their platforms, they aren’t close to 100% effective. For example, Facebook reported that for 2015 up to 2% of its monthly average users, 31 million accounts, are false, Twitter estimates 5%, and LinkedIn openly admitted, “We don’t have a reliable system for identifying and counting duplicate or fraudulent accounts.”

Despite this, social networks remain some of the most trusted channels online. Data shows that consumers implicitly trust people’s activity on social media more so than on any other communications channel. This is why social media sites are now a treasure trove for cyber criminals: The attackers now have incredibly broad reach and can easily manipulate users and execute a variety of widespread cyber-attacks and scams, including everything from social engineering to exploit distribution to counterfeit sales to brand impersonations, account takeovers, customer fraud, and much more.

The point is that cyber criminals now weaponise social media sites and their data, leading to some of the biggest data breaches over the last few years. For example, LinkedIn was a key tool for reconnaissance (the scraping of public social data and social engineering tactics) for the cyber criminals who executed Anthem Health’s 2015 breach and its 80 million stolen records, while Twitter was an integral component of an innovative malware exploit dubbed “Hammertoss.” This technique has even been rumored to be connected to the Pentagon’s data breach last summer that took down the security agency’s 4,200-employee email server for two weeks while undetermined amounts of data were stolen.

Sinister Threats

While social media sites may not create completely new cyber threats, they do substantially amplify the risk of existing ones. From reconnaissance to brand hijacking and threat coordination, cyber criminals have been using social media to boost the effectiveness of their attacks for years. It’s clear that social media risk isn’t solely about brand and reputation damage but is a sinister cybersecurity threat that can lead to major data breaches, numerous compliance issues, and large amounts of lost revenue due to fraud and counterfeit sales, along with a slew of other risks.

So what does this all mean for your brand? Both security professionals and marketers alike should start treating social channels like the dangerous security threat they truly are, and align strategies to effectively fend against the range of cyber techniques currently in use. A first step in the right direction is to develop a framework and assess your social risk plan. Identify your most valuable social assets and customer touch points, and develop technical capabilities to continuously monitor them for signs of compromise and behavioral abnormalities.

But don’t stop there. To truly build an effective social media security plan, you need to understand your external risk environment and scour social channels for cyber threats outside of your direct control, be they doxing attempts, brand impersonations, or physical security threats to your employees or top executives. This should be done while also seeking feedback company-wide and coordinating with a range of stakeholders across legal, compliance, operations, and finance to ensure that all bases are covered.

Remember, social media is still in its infancy. Bolster your social media security acumen today so you’re better prepared for new social media exploits and innovative techniques that cyber criminals are sure to develop in the months and years to come.

Dark Reading

« How Will Terrorists Use The Internet of Things?
Are Cyber Breaches The New Norm? »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Blue Solutions

Blue Solutions

Blue Solutions is a consultancy-led, accredited software distributor who provides IT solutions and support to small and medium enterprises.

Allen & Overy

Allen & Overy

Allen & Overy is an international law firm. Practice areas include Cybersecurity and Data Protection.

IoTium

IoTium

Secure Cloud Managed Software Defined IoT Networks. IoTium simplifies establishing and managing secure network infrastructure for Industrial IoT.

Guardian360

Guardian360

The Guardian360 platform offers unrivalled insight into the security of your applications and IT infrastructure.

European Recruitment

European Recruitment

European Recruitment is an award-winning, international recruitment agency specialising in niche technology areas including Cyber Security.

NetKnights

NetKnights

NetKnights is an independent IT security company which offers services and products for strong authentication, identity management and encryption.

Lirex

Lirex

Lirex offer consulting and outsourcing services, complete design, construction and maintenance of ICT solutions and systems including cybersecurity.

Ensconce Data Technology (EDT)

Ensconce Data Technology (EDT)

EDT’s focus is on providing solutions to properly sanitize Solid State Drives (SSD) and Magnetic Drives (HDD) before they are disposed or redeployed.

Gluu

Gluu

Modern Authentication for Digital Enterprise. Organizations around the world trust Gluu for large-scale, high-security identity & access management.

Octo

Octo

Octo, an IBM company, is a technology firm dedicated to solving the Federal Government’s most complex challenges, enabling agencies to jump the technology curve.

Framatome

Framatome

Framatome Cybersecurity portfolio is directly inspired by its unique experience in nuclear safety for critical information systems and electrical systems design.

Managed IT Services

Managed IT Services

Managed IT Services is a managed IT Services Company offering a diverse range of Cyber Security services and IT solutions.

Zeva

Zeva

Zeva solves complex identity and encryption challenges for the federal government and corporations around the globe.

Avalon Cyber

Avalon Cyber

Arm your organization in the fight against cyberattacks by partnering with the experts at Avalon Cyber.

Token

Token

Token is changing the way our customers secure their organizations by providing passwordless, biometric, multifactor authentication.

Panasonic Automotive Systems

Panasonic Automotive Systems

Panasonic Automotive Systems brings together security technologies and human resources cultivated across an extensive range of businesses into the automotive field.