By The PhishLabs Team | November 22, 2019
Every second, 5,787 tweets are published. Every minute, 300 hours of video are uploaded to YouTube. These are just two of the more popular social networks, and among these data points are the occasional references to a specific organization, its brands, and even customers or employees.
For many, these brands have a marketing, communications, or even customer service team dedicated to interacting with people on social channels to ensure their reputation remains intact and flag any concerns, too. However, as these platforms continue to grow, so does the abuse from threat actors, and marketing teams are not equipped to handle it.
There are several reasons for this: marketing-driven social platforms are not designed to monitor for cybersecurity risks, digital threats need a rapid response but there are a lot of false positives, and marketers are not trained against malicious social engineering like phishing attacks nor technical attacks that contain malicious code.
Understanding Social Media Cybersecurity Threats and Digital Risks
Not all digital risks are created equal. One day, a threat actor may target a brand’s employees and customers by impersonating said brand in an attempt to steal their credentials. The next day, an angry ex-employee could publish a threat against the company, and the day after a current employee could accidentally share private company data to a code repository.
Ultimately the most common cybersecurity and digital risks associated with social media are:
- Credential theft
- Propagating attacks
- Data dumps
- Romance scams 419 Scams (Nigerian prince)
- Intelligence gathering (for account takeover and spearphishing)
And, while marketing listening apps or software may pick some of these activities up, typically there is no process in place for handling them or they may not even be aware of what it is. Because of this, the threat is ignored or the response time is delayed. When this happens, the alert falls into a haystack and filtered out as it does not meet the goals of the marketing team.
New tweet about a product? Marketing has that covered. Someone is disparaging the brand due to a negative experience? Marketing can handle it. An angry person starts threatening an executive? It’s something that happens hundreds of times a day on these unfiltered networks, and in many cases, they are laughed off and lost in the alert haystack.
Plain and simple, different teams have different priorities, and a security team has to clear hundreds if not thousands of social alerts to find validated digital risks.
The Growing Alert Haystack
According to a recent report, five times as many SOC analysts this year believe their primary job responsibility is focused on reducing the time it takes to investigate flagged alerts.
“70% of respondents investigate 10+ alerts each day (up from 45% last year) while 78% state that it takes 10+ minutes to investigate each alert (up from 64% last year). In addition, false-positives remain a struggle, with nearly half of respondents reporting a false-positive rate of 50% or higher, almost identical to last year.”
In total, that’s about 15 minutes of wasted effort per false positive, and all of this effort adds up quickly. Now, it’s important to note that it’s not wasted effort, as all potentially malicious analysis is important in a process designed to find true threats; however, it is obviously an efficiency concern. Mix this in with a marketing team that is not equipped to handle these threats, and the review period is only extended further. Multiply it by the number of forums, blogs, social media sites, and the other social sites that get used by 42% of the global population each day, and you have a lot of false positives.
For teams with their own internal SOC, a simple process that results in social media managers quickly forwarding on suspicious alerts is a good first step, but ultimately security teams still need their own solutions.
The example above shows a representation of how PhishLabs handles social media threats. Our automated Digital Risk Protection platform constantly compiles data points from more than 6,300 social media sources, refines them and filters them, and then ultimately a threat analyst confirms the validity of the threat. Because of this approach, our partners receive none of the false positives and only intelligence around social media threats targeting their brand, customers, or users.
One of the largest hurdles a security team will face is the lack of time. In fact, around 49% of surveyed team members stated that time and a lack of skills available are the biggest barriers to threat hunting.
Lastly, security teams may also be great at creating and sharing memes, but the same argument can probably be made about not letting them run your social accounts, either.