How Social Media Changed Cybersecurity
Blog / How Social Media Changed Cybersecurity
Today we're fortunate to have Rosey Jadeson explore the impacts that Social Media is having on Cyber
The rise of social media has changed the way the internet’s bad actors conduct their operations. Organisations are even more vulnerable due to the plethora of private information that is accessible to those who intend to harm them.
(image credit: rawpixel.com)
A 2022 survey recorded 39% of businesses in the United Kingdom as cyber-attack victims. Phishing attempts have been marked as the most common form of attacks, with 83% of respondents experiencing these, while more sophisticated attacks such as malware, denial of service or ransomware were also reported. Another threat companies need to watch out for is social media.
Over the past decade social media has become a huge tool for companies, yet there is a strong argument that it has become too intrusive. Tech pioneer Jaron Lanier in his book Ten Arguments for Deleting Your Social Media Accounts Right Now labels social media as dangerous due to how users are under continual surveillance. This made social media very attractive for hackers as there are multiple entry points to a company or individual’s account. In this post we will look at how social media has changed cybersecurity.
Cyber attackers can aggregate personal data
Personal data, such as parents’ or pets’ names, schools, or childhood jaunts can be used by cyber attackers as a gateway to accessing more sensitive details. This happened in 2019 when Facebook experienced a cyber-attack affecting 530 million subscribers with phone numbers and email addresses compromised due to a breach of a third-party feature.
Oversharing exposes individuals to phishing
Employees who overshare work details, such as photos and posts, are at risk because it gives attackers plenty of material to start posing as them. This is spear phishing, a type of phishing that targets a specific person to gain access to the whole organisation. Scammer Evalda Rimasauskas was able to do this from 2013 to 2015. She posed as the director of a fake version of tech company Quanta to steal $100 million from two other tech companies.
Data breach and malware
Organisations need to be cautious of the apps employees download on company devices as malware could be used to take over social media accounts. In April, a malware called Electron-bot was found embedded into several apps and games distributed through app stores. Once downloaded, it will use your social media accounts and use them for the promotion of their affiliated sites for monetary gain.
How to mitigate cybersecurity threats on social media
Strengthening the overall cyber infrastructure of an organisation should be prioritised in a more long-term approach. However, while you are scaling up your cyber defences, here are some tips on minimising cyber-attack risks.
Set rules for your organisation
All organisations that use social media should have a social media policy to guide employees. Social media guidelines may include rules on how to talk about the company, avoiding third-party apps that ask for personal information, using strong passwords, and the protocols to execute in case of suspected breaches. A social media policy is not only beneficial for cybersecurity, but also the public relations and marketing spheres.
Train employees in responsible social media use
Quite a lot of businesses couple their social media handbooks with online or in-person training. Our post Should Employee Training Include Cybersecurity? discusses how everyone from the bosses to the employees can strengthen their security by conscientiously using the internet. Bad social media habits are, after all, just habits, so it may take some time to unlearn them but it’s possible to adjust online behaviour and usage.
There is no single solution to counter the rise of cyber-attacks, but a more comprehensive approach with different, interlocking methods will is the best protection for organisations in the long run.
Fancy reading something else - what takes your fancy?ai atlassian best-practices ciso climate-change cloud covid19 crime crypto culture customer-success cybersecurity data-protection development dlp employees gdpr insider-threat malware office365 remote-working security semafore slack social-media technology