A well-thought out and managed social media presence is a must for most companies and their workforce, but too few of them think about the potential repercussions of an attack targeting it.
Social media is increasingly seen as a battleground, providing the platform for complex influence campaigns mounted by nation-states (Iran, Russia), various hacker groups to get their message out and to advertise their services, and attackers looking to trick other users into parting with sensitive information or cryptocurrency.
“Humanity is marching towards an increasingly connected society via digital means,” notes Otavio Freire, CTO at digital risk protection company SafeGuard Cyber.
“Social media is not going away, it will continue to evolve and transform. If anything, the emergence of new technologies for collaborating is speeding up and new risks are emerging alongside them. The impact of a successful attack on various digital channels can be counted in millions of dollars in terms of reputation and/or stock price loss, theft, intellectual property leaks – not to mention the unquantifiable implications of geo-politically designed outcomes.”
For all of those reasons, he believes that solutions for securing digital media channels will become ubiquitous just like antivirus software was and still is, and his company (Freire is one of the founders) aims to become a go-to for individuals and companies alike.
A unified platform for protecting digital and social channels
SafeGuard Cyber’s SaaS platform, with its extensive channel coverage (social media, mobile apps, collaboration networks, app stores, etc.), advanced AI algorithms and machine learning, has been developed to detect threats to all digital channels that belong to an organization and to defend against them.
“Our platform foils attempts by bad actors and impersonators. It prevents them from taking advantage of our clients’ organization, protects company and employee accounts from takeover attacks, and allows the clients to avoid privacy and intellectual property leaks,” he explains.
“We can quarantine malware, spam and phishing that takes place on digital and social accounts and is leveraged to gain access to an organization. We can fortify accounts against credential hacking. But, most importantly, out platform is adaptable to new risks. For example: a client’s CEO was recently involuntarily involved in a stock ‘pump-and-dump’ scheme that took place on the web, dark web and social web. This is a new type of threat and social media crisis that our platform was instrumental in solving.”
Challenges to keep in mind
When searching for solutions for minimizing social media risks, organizations have to keep in mind employee privacy, the use of non-specific technology solutions, and have to think about addressing the alert volume at scale.
“Employees find social communications a sensitive matter and they don’t necessarily want the organization to act as ‘Big Brother,’ so you need a system that is opt-in only and gives employees insights into the attack risks they face, while at the same time respecting their privacy. The winning formula? A system that pinpoints risks and is allowed by the employees to take action on behalf of them,” Freire points out.
There are technologies, policies and monitoring solutions that can help protect agains social and digital risks, but none of them is comprehensive, some are ineffective, and some can’t scale – they simply can’t process all the information and workflow of all of the social and digital channels that belong to an organization, and can’t take immediate action to suppress every risk according to pre-configured rules (while avoiding false positives).
“Attacks are in real time and they need a real-time answer – alerts without action is pointless,” he notes.
Advice for organizations
Freire’s advice for organizations with a rich social media presence that have no added security is to take a systematic, yet decisive approach to beef it up. The company does this for their clients.
“We call it ‘DART’ – Discover, Analyze, Remediate and Test,” he explains.
“The first step is to inventory, on a global basis, all of the existing company digital assets that are potentially exposed to risk. Once you understand your attack surface, analyze it for potential vulnerabilities. Armed with this understanding, create a plan to address the high-risk issues first. In a second stage, move to secure your social and digital assets while using a security solution to address the risks identified in the first stage as well as any new emerging threats. Finally, simulate attacks on assets via social channels and report findings and then expand the protection footprint as needed.”