Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

The Social Media Train Has Left the Station – Jump on with Open Eyes

Security Risks of Social Media

Security Risks of Social Media

The question of banning social media or not is no longer on the table – the social media train has left the station. Organizations that get on board are realizing significant benefits in the new ways it offers to interact with, understand and serve the public. But social media also provides new ways for cyber criminals to perpetrate existing types of crime and opens up a new domain for criminal activity.

As security professionals, it’s our job to enable business while protecting it; embracing social media is an imperative, but we also need to mitigate the exploitation of what our organizations reveal online.

To gain the benefits that social media affords while minimizing the risks, the first step is to understand the types of social media risks. Employees, suppliers and partners can create risks such as exposure to sensitive information, oversharing, loss of brand control, non-compliance and vulnerabilities in social engineering. But even greater damage can come from third parties with malicious intent. Bad actors are using social media to launch malicious campaigns, coordinate attacks and conduct reconnaissance as well as employing it as a release mechanism for stolen content and defacement.

Opening your eyes to the risks that are specific to your organization requires asking very pointed questions that are often difficult to answer.

What confidential, sensitive or proprietary data is leaking through my boundary? As organizations adopt social media and mobile devices, the boundaries around them are blurring because of the free flow of data these technologies encourage. Much data leaked this way — either accidentally or deliberately — is highly confidential, sensitive or proprietary and therefore valuable to third parties intent on espionage and competitive intelligence. The BYOD trend exacerbates the risk as the level of protection on these devices is often inadequate.

Who is planning a targeted cyber attack against my organization – and how and when will they do it? Organizations are facing a rise in targeted cyber attacks committed by activists, criminals and nation states that use social media to conduct intensive research on targets and coordinate attacks. Countering these threats requires greater insights into adversaries, their motives and tactics.

What potentially brand-damaging information is being published online? The use of social media in supporting corporate work and engaging with the supply chain means the risk of brand-damaging material leaking onto the Internet has never been higher. Third parties may also target and spread malicious online rumors about an organization or even impersonate it, posting content that can cause serious reputational damage.

How is the security of my organization and my key employees being compromised by online material? The widespread take-up of social media means individuals now cast an even greater digital shadow across the Internet. A digital shadow is a subset of a digital footprint that consists of exposed personal, technical or organizational information that is often highly confidential, sensitive or proprietary.

Advertisement. Scroll to continue reading.

Threat actors can aggregate on-line postings to reveal a great deal of sensitive personal information about an individual, resulting in impersonation, identity theft or even physical harm. In the reconnaissance phase of the attack, attackers can even use social media platforms to piece together information from many individuals and create a detailed picture of the target organization’s IT infrastructure.

To answer these questions you need to bring together all the information your organization possess about itself such as its people, risk posture, attack surface, entire digital footprint and digital shadow. This information must be relevant and contextual, based on industry, company size and geography, and must include insights into would-be attackers.

Cyber situational awareness provides this level of information by analyzing your organization through an “attacker’s eye view” and identifying risks that are specific to your organization, including potential threats, instances of sensitive data loss or compromised brand integrity. With this perspective you can proactively mitigate risks, including those enabled by social media, and minimize potential damage. So go ahead and jump on the social media train – just make sure your eyes are wide open.

Written By

Alastair Paterson is the CEO and co-founder of Harmonic Security, enabling companies to adopt Generative AI without risk to their sensitive data. Prior to this he co-founded and was CEO of the cyber security company Digital Shadows from its inception in 2011 until its acquisition by ReliaQuest/KKR for $160m in July 2022. Alastair led the company to become an international, industry-recognised leader in threat intelligence and digital risk protection.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.