From our personal to our professional lives, today most of us use social media in one form or another. Till now, the majority of organizations have focused primarily on the best ways to use social media to advance their business goals while guarding against employee misconduct. But with the substantial increase in the amount of sensitive data flowing across social media platforms, organizations should be asking whether or not social media makes their network environments more susceptible to both internal and external cyber threats. In this post I explore some of the key ways in which social media is changing the cyber security landscape and offer best practices for organizations looking to increase their “social security.”
Whether we’re talking about Facebook, Twitter, Linkedin or YouTube, hackers are exploiting social media in the following ways:
1. Increased vulnerability – From the increased availability of sensitive information to the potential for data leakage, social media sites have the capacity to make organizations more vulnerable than ever before. Man-in-the-browser attacks are quickly becoming a popular way of infecting computers from social media websites.
2. Social media as a weapon – Hackers are deploying new forms of malware that weaponize social media, converting sites into command and control servers to infect systems and carry out attacks.
3. Organization and messaging – Social media has provided a space for hackers to organize across borders and communicate not only with each other but also with the public at large. With the uptick in ideologically based attacks over the past year, social media has become the primary instrument of communication for cyber criminals worldwide.
In the wake of these threats, what’s an organization to do?
To start, companies and institutions need to acknowledge that social media is here to stay. Even companies that have gone so far as to ban social media usage at work through the use of filters and proxies cannot control what employees do on their own devices they might bring to the office. The increasing trend of BYOD is making it harder and harder for organizations to protect their network through filters alone. Instead of the zero-sum approach, organizations should have a company policy in place regarding social media usage and take the time to educate their employees on the risks (and rewards!) of social media.
Corporate policies and best practices, however, can only go so far. Organizations need to take seriously the increasing threats that may emerge via social media and ensure that measures are in place to defend against cyber attacks that hit their networks, such as zero-day attacks and potential network behavior anomalies. In addition, reputation based services will help prevent Man-in-the-browser attacks from causing network administrators ongoing headaches.
While there is no doubt that social media will continue to impact cyber security in ever-sophisticated ways, a serious level of preparedness is the first step for organizations looking to shore up their network security in the midst of an increasingly insecure environment.