By The PhishLabs Team | July 17, 2018
As a marketer I am all too familiar with how social media can benefit or damage a brand.
On the one hand, social media offers an easy and (sometimes) free way to communicate with customers, prospects, and partners that many brands have used to great advantage. But on the other hand, it’s yet another source of potential threats to an organization’s infrastructure and reputation.
And for the most part, the threats posed by social media are fairly obvious. Bad reviews, negative coverage, leaked data, and social engineering attacks are all fairly predictable by-products of a medium designed to bridge the gap between instant messaging, blogging, and mainstream media outlets.
But what happens when social threats aren’t so predictable? Many organizations don’t realize that social media can also be a breeding ground for highly targeted and co-ordinated malicious activity. From brand imposters to boycotts and protests, these hidden social threats can cause substantial damage to your organization’s infrastructure, personnel, and reputation.
Hidden Threat #1: Reputation Damage
A brand’s reputation means everything. Without the trust of your customers or prospects, maintaining or growing your business will be an uphill battle.
Typically the job of maintaining brand image is left to marketing teams to manage, but non-security professionals are simply not equipped to cope with the brand threats posed by social media; all it takes is a disgruntled former employee, an unhappy vendor, or someone with malicious intent to whittle away at your brand’s reputation online.
Example: The disgruntled ex-employee
Not all employees leave on good terms, and unfortunately disgruntled former employees have the potential to cause major problems for their ex-employers. From spreading misinformation or insulting your brand online to more serious threats against (or abuse of) individuals within your organization, social media provides an easy means for former employees to “strike back” against any perceived unfairness they may feel.
A good recent example involves Tesla, where a former employee apparently stole several gigabytes of confidential data and leaked details of the company’s production line to the media.
Hidden Threat #2: Planned, Focused Attacks
Social media provides an ideal platform for cyber criminals to attack organizations and their employees. Common tactics include:
- Harvesting information about individual employees to fuel sophisticated social engineering campaigns
- Compromising employees’ social media accounts for the purpose of launching further attacks and/or password reuse
- Planning disruptive activities such as boycotts, protests, or even hacktivism
Example: You’re on the hit list
There are plenty of reasons why your organization might be an attractive target for cyber criminals. Perhaps you’re in a heavily attacked industry such as healthcare of finance. Maybe you’re a leader in your field, and possess valuable research and technologies. Maybe you just look like an easy target.
Whatever the reason, cyber criminals are highly likely to use social media in some capacity as a way to target your organization. Whether they use it to plan their attacks (or even announce their intentions) or to harvest employees’ personal data for use in social engineering attacks, the threat posed to your organization is very real.
Hidden Threat #3: Physical Threats and Incidents
Sadly, not all digital threats stay entirely in the digital world. Social media platforms make it easy for individuals to threaten organizations or their employees, and there’s often no way of knowing whether a threat is legitimate or not.
Example: Threats of violence
Remember our Tesla example from earlier on? Turns out it had a less-than-ideal conclusion.
A Tesla spokesperson commented to Newsweek: “Yesterday afternoon, we received a phone call from a friend of Mr. Tripp telling us that Mr. Tripp would be coming to the Gigafactory to ‘shoot the place up.’ Police have been notified and actions are being taken to enhance security at the Gigafactory.”
Fortunately, after a brief investigation, law enforcement deemed the threat to not be credible, but these types of threats are more common than you might think, and can be hugely disruptive and worrisome.
Securing Against Hidden Threats
So what can you do to mitigate the hidden threats of social media? The easy answer is to simply “be vigilant,” but that doesn’t quite cut it — Social media activity is at an all-time high, and finding credible threats to your organization can seem almost impossible.
Here are three steps you can take to start identifying and mitigating serious threats from social media:
1) Put Resources in Place
Marketing teams simply aren’t qualified or equipped to identify or handle social media threats, so this must be accepted as a security function. Whether you handle it in-house or outsource it, it’s vital that you take social media seriously as a source of threats, and that you allocate resources to minimize the risk it poses.
2) Monitor… Constantly
Monitoring social activity will enable you to identify and mitigate new threats before they damage your assets or reputation. But we’re well past the days when monitoring social media platforms could be done manually. The volume of social traffic is such that effective monitoring can only be completed by dedicated, trained personnel in collaboration with powerful threat tracking technologies.
3) Have an Action Plan
If you’ve been following our blog for a while, you’ll already know that we advocate a risk-based approach to cyber security. There is simply no better way to protect your organization than to identify your most significant threats, and allocate your resources accordingly.
Responding to the hidden threats of social media is no different. Conduct a risk assessment to identify the social threats you’re most likely to face, and put together a plan for how you will respond if and when those threats arise.
To find out how PhishLabs’ social media monitoring service can help protect your organization’s infrastructure, employees, and reputation, visit our service page.