Only 5% of Americans used social media less than 20 years ago. This number has risen to 72% in recent years thanks to the pervasiveness of social media sites like Facebook, Twitter, Instagram, TikTok, and numerous more. People’s use of social media isn’t limited to fostering relationships inside their social circles. They’ve developed into a potent instrument for corporate and individual identity construction. As a result, social media has become a breeding ground for criminal activity. More than a quarter of all reported fraud in 2021, according to the US Federal Trade Commission (FTC), had its genesis in some form of social media.
9 Tips To Cybersecurity Training: Keep Your Employees (and Your Business) Safe on Social Media ;
1. Businesses love social media
Figures from the past year show that social media advertising has increased by 53%, and that doesn’t even take into consideration the increased spending that businesses are doing to create and disseminate content. They’re trying to get their customers more involved by promoting online content, including videos, memes, podcasts, and blogs.
Marketers are engaging in this practice on tried platforms like Facebook and Twitter and newer ones like TikTok. A different survey found that in 2022, marketers will broaden their content investments to include live streaming, long- and short-form video content, and live audio chat rooms. TikTok, Instagram, YouTube, and LinkedIn have become their primary focuses for allocating resources.
2. Social media Cybersecurity risk increases
As these social media advertising methods become more widespread, there is an increase in Cybersecurity risks. Whether an organization uses social media to amplify its brand or its executives and employees leverage social channels to bolster their professional brands, these marketing platforms have become fertile ground for a wide variety of cyberattacks and scams.
Cybercriminals, fraudsters, spies, and activists exploit the resulting vulnerabilities as more businesses adopt social media platforms. According to Verizon’s report on data breaches for 2022, the human factor was responsible for 82% of the security incidents. This fact “puts the person square in the heart of the Cybersecurity estate,” as the report puts it. Attackers utilize social engineering to get victims to visit malicious websites, download harmful files, enter sensitive information, pay money, and more.
Because cybersecurity awareness training seldom focuses on social media, many employees and executives are unaware of its dangers. It’s a problem in every sector and every kind of workplace. Every company should take note of the following social media dangers.
3. Compromised biometrics
Sharing high-resolution photographs and videos pose a long-term threat to individuals and company executives because it provides ammunition for breaking biometric protections, according to a report by TrendMicro. The paper notes that when we share high-definition personal media footage, we unwittingly expose important biometric patterns, such as facial or eye characteristics, that fraudsters could utilize to evade facial recognition or fingerprint scanners. A recorded sound that could compromise voice-recognition biometrics is also a potential vulnerability.
Unlike a password, you cannot alter biometric information if it is compromised. How could we change our fingerprints or irises? These “passwords” are permanent; once compromised, an attacker has access to them for many years.
4. Deep fakes
Similar to how criminals may use biometric data to create convincing voice cloning and deepfake videos, threat actors could similarly use social media content by executives. Various cybercriminal activities can be powered by deepfakes fueled by social content.
The FBI issued a report warning that deepfakes will be used by cybercriminals and foreign agencies. The agency anticipates a rise in the usage of deepfakes across the spectrum of malicious actors due to the widespread availability of low-cost and free AI tools that may be used to create this synthetic content.
5. Industrial espionage
Social networks are a treasure trove for anyone actively or passively conducting surveillance due to the wealth of personal and professional information people post there. Many types of adversaries fall into this category, from corporate spies and foreign governments to common criminals looking to further their social engineering schemes.
Based on the information companies make available, criminals can learn a great deal about high-profile executives or corporate activities, such as companies they frequently do business with, people they communicate with, or places they often visit. If spies can contact their targets using false identities, they can inflict considerable harm on them. Spies are employing fraudulent profiles on “an industrial scale” to extract information from highly situated professionals, according to a recent warning issued by the UK government.
6. Account Takeover
Analysis from the Identity Theft Resource Center (ITRC) shows that the number of social media accounts compromised by hackers has increased by almost a factor of 1,000 in the past year. Corporate accounts are the most desirable targets since hackers can utilize them in financially rewarding frauds or disgrace the brand.
7. Business Email Compromise (BEC)
Attackers can use corporate and executive social media as the ultimate instruments for carrying out a business email compromise (BEC) using techniques such as deepfakes, social media reconnaissance, and social media account takeover. For their BEC schemes, criminal actors often rely on indications provided by social media.
For instance, criminals use sophisticated BEC assaults via deepfakes to steal money. There have been other high-profile cases of this tactic, including one in which a deepfake of a CEO’s voice was used to convince a German company’s financial representative to wire a considerable quantity of money to a bogus contractor.
8. LinkedIn recruitment scams
Cybersecurity experts shouldn’t be surprised that bad actors are sniffing around LinkedIn, looking for a way to exploit the hiring and recruitment process. The FBI’s Internet Crime Complaint Center (IC3) warned in the summer of 2022 about criminals manipulating the online interview process by combining deepfake videos with stolen personally identifiable information (PII) and other techniques to impersonate applicants.
9. Keep your employees and business safe on social media
Social media attacks can harm your business, even if most of your staff uses them sparingly. If your employees’ devices or accounts get penetrated by one of these methods, the attackers have a footing within your firm to begin a full-scale assault. Due to the prevalence of BYOD policies in today’s remote workplaces, every attack can compromise highly confidential business data and information that could lead to the collapse of an entire company.
Tracking all your social media accounts might be a full-time job. The use of social media by companies and organizations for promotional purposes is on the rise. Employees must interact with their fan base as part of their job responsibilities. Pictures and movies put a friendly veneer on a corporation.
The most important thing a CISO can do to ensure the Cybersecurity of their organization’s data is to ensure that their employees are well-educated on the Cybersecurity risks and proper procedures associated with using social media. “As the number of digital tools used expands, users need to be increasingly savvy on how to use them and use them safely,” notes Inspired eLearning. It’s not enough to tell workers not to do something; they must also understand how that behavior might affect the company (and their privacy).
Anastasios Arampatzis is a retired Hellenic Air Force officer with over 20 years’ worth of experience in managing IT projects and evaluating cybersecurity. Anastasios’ interests include among others cybersecurity policy and governance, ICS and IoT security, encryption, and certificates management. Anastasios has written for many publications and is currently a writer for Bora.