Threat Actors Begin with Social Media Intelligence Gathering
Reconnaissance is where any given attacker is most likely to spend the majority of his or her time. After all, most cyber attacks begin as some form or other of social engineering or intelligence gathering, thus requiring the attacker to collect and analyze detailed information on his targets in order to gain access to their system. Where do hackers go to collect and weaponize social media intelligence? It’s the same place where all of us go, public social media.
Consider Forrester’s Nick Hayes explanation in a blog post, “For the most part, social media doesn’t create wholly new cyber threats, but it does substantially amplify the risks of existing ones.”
According to Hayes, social media is a cyber weapon to contend with for the following reasons:
- Major social networks [including Facebook, Twitter, LinkedIn] can’t secure fully their own environments – let alone yours.
- Social media scams are highly-effective and lucrative.
- Cyber criminals weaponize social media and its data.
Social Media Exponentially Amplifies Digital Risk
- To learn about their targets, threat actors are collecting everything they can. Social media is a treasure trove of intelligence.
- False accounts are cheap, easy replaceable and prolific. Not one social network can keep up with the volume of abuse.
- People fall time and again for scams such as counterfeit sales, fake brands, and other fraudulent schemes. These are easy wins for threat actors.
- Malware has a new, highly socialized, transmission vector. Everything moves fast and viral. Threat actors understand this concept and exploit short attention spans to the fullest.
We live in a world infused by social media. It is likely that you and most of your employees have some kind of social media presence. And it’s likely that your company relies in some way, even primarily, on social media to amplify marketing efforts and improve customer engagement. Finally, it is likely that your customer base assumes both of the former truths. Bad actors take advantage of all of the above. Threat actors will weaponize public and overshared social media to the fullest.
Digital Presence or Not, You Need to Monitor Social Media For Risk
Here’s a tricky reality: even if you, your employees, and your company make a conscious decision to remain disengaged from social media for whatever reason, bad actors will take advantage of common assumptions to falsify your presence. Bottom line: In today’s world, regardless of your level of engagement, social media creates corporate risk. This means security, IT, marketing, and other key executives must factor the risk of weaponized social media into operational strategies.
You get the point.