The billion dollar (social media) cybersecurity problem

Across the globe, there are over 3 billion people that access the internet and 2 billion of them have social media accounts. It’s huge. And people are spending a lot of time on those accounts – on average, users spend three hours every day on social media. It’s not just on the consumer side. Social media platforms have become a key component of business success. Some estimates are suggesting that within the next five years, CMOs will spend over 20% of their marketing budget on social.

So what’s the problem?

Popularity! The growth of social and the popularity of the platforms – for consumers and businesses – has made social media the next cybersecurity battleground. Consider this:

· 29 million tweets everyday are malicious (Trend Micro)

· Facebook scams are the number one way to breach a corporate network (Cisco)

· The yearly cost of social media phishing is $1.2 billion (Kaspersky)

Think about that stat from Kaspersky. One type of cyberattack on social media costs $1.2 billion! We did our own research as well to dig deeper. What’s particularly interesting is that Canadian businesses do not see threats on social media as a risk to their business. We want to change this perception and make sure that businesses are protected.

It’s time for Enterprises to look at the potential risks social media poses if security measures are not considered. To help, I’ll focus on how businesses are targeted and some tips for staying protected.

Social media threat landscape

Social media blurs the lines between our personal lives and our work lives, and there are a number of different attack methods including impersonating executives and brands, hijacking accounts, and discrediting company brands. To help provide oversight into who is being targeted, I’ll break down the three main groups:

1. Employees – A business’ employees are targeted in an attempt to bypass security defenses and gain access to protected systems

2. Business Operations – To damage revenue generating activities and trust, sensitive and confidential information can be published on social channels

3. Customers – Social accounts that impersonate either the business or executives put customers at risk and damage the reputation of the business

What’s challenging for the security team is that they do not have line of sight into what employees are doing on their social media accounts and what they are engaging with. And, while Enterprises do have teams monitoring conversations online, they typically do not have teams looking at security threats.


Here’s the good news: This is solvable!

To protect your social media channels, the first step is to make sure that you’re monitoring for accounts that are impersonating executives or your brand. And, when you find them, you can work with all the major social networks to get the accounts taken down. Enabling two-factor authentication is another good method. This will go a long way to ensure that your organization’s social accounts are not hijacked. Another great countermeasure is feeding social media context (like phishing URLs) into your organization’s perimeter and endpoint security solutions. Work with security service providers, like Rogers, who specifically target social threats to your business.

Social media is such a great opportunity for businesses. You can engage with customers directly, boost your customer experience, live stream events (and, of course, much more!). What we are concerned with is making sure that your business is able to leverage social platforms safely.

I’d be interested to hear how you’re protecting your organization against social threats. Let me know in the comments section below.