Connect with us

Hi, what are you looking for?



The Social Media Train Has Left the Station – Jump on with Open Eyes

Security Risks of Social Media

Security Risks of Social Media

The question of banning social media or not is no longer on the table – the social media train has left the station. Organizations that get on board are realizing significant benefits in the new ways it offers to interact with, understand and serve the public. But social media also provides new ways for cyber criminals to perpetrate existing types of crime and opens up a new domain for criminal activity.

As security professionals, it’s our job to enable business while protecting it; embracing social media is an imperative, but we also need to mitigate the exploitation of what our organizations reveal online.

To gain the benefits that social media affords while minimizing the risks, the first step is to understand the types of social media risks. Employees, suppliers and partners can create risks such as exposure to sensitive information, oversharing, loss of brand control, non-compliance and vulnerabilities in social engineering. But even greater damage can come from third parties with malicious intent. Bad actors are using social media to launch malicious campaigns, coordinate attacks and conduct reconnaissance as well as employing it as a release mechanism for stolen content and defacement.

Opening your eyes to the risks that are specific to your organization requires asking very pointed questions that are often difficult to answer.

What confidential, sensitive or proprietary data is leaking through my boundary? As organizations adopt social media and mobile devices, the boundaries around them are blurring because of the free flow of data these technologies encourage. Much data leaked this way — either accidentally or deliberately — is highly confidential, sensitive or proprietary and therefore valuable to third parties intent on espionage and competitive intelligence. The BYOD trend exacerbates the risk as the level of protection on these devices is often inadequate.

Who is planning a targeted cyber attack against my organization – and how and when will they do it? Organizations are facing a rise in targeted cyber attacks committed by activists, criminals and nation states that use social media to conduct intensive research on targets and coordinate attacks. Countering these threats requires greater insights into adversaries, their motives and tactics.

What potentially brand-damaging information is being published online? The use of social media in supporting corporate work and engaging with the supply chain means the risk of brand-damaging material leaking onto the Internet has never been higher. Third parties may also target and spread malicious online rumors about an organization or even impersonate it, posting content that can cause serious reputational damage.

How is the security of my organization and my key employees being compromised by online material? The widespread take-up of social media means individuals now cast an even greater digital shadow across the Internet. A digital shadow is a subset of a digital footprint that consists of exposed personal, technical or organizational information that is often highly confidential, sensitive or proprietary.

Advertisement. Scroll to continue reading.

Threat actors can aggregate on-line postings to reveal a great deal of sensitive personal information about an individual, resulting in impersonation, identity theft or even physical harm. In the reconnaissance phase of the attack, attackers can even use social media platforms to piece together information from many individuals and create a detailed picture of the target organization’s IT infrastructure.

To answer these questions you need to bring together all the information your organization possess about itself such as its people, risk posture, attack surface, entire digital footprint and digital shadow. This information must be relevant and contextual, based on industry, company size and geography, and must include insights into would-be attackers.

Cyber situational awareness provides this level of information by analyzing your organization through an “attacker’s eye view” and identifying risks that are specific to your organization, including potential threats, instances of sensitive data loss or compromised brand integrity. With this perspective you can proactively mitigate risks, including those enabled by social media, and minimize potential damage. So go ahead and jump on the social media train – just make sure your eyes are wide open.

Written By

Alastair Paterson is the CEO and co-founder of Harmonic Security, enabling companies to adopt Generative AI without risk to their sensitive data. Prior to this he co-founded and was CEO of the cyber security company Digital Shadows from its inception in 2011 until its acquisition by ReliaQuest/KKR for $160m in July 2022. Alastair led the company to become an international, industry-recognised leader in threat intelligence and digital risk protection.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights