The Snapchat Breach: Why The Security Gap is Widening & What Your Business Needs to Do

By

Facebook, Twitter, and now Snapchat. The gap in security continues to widen for the major social network operators as they continue to rely only on their internal teams and platforms. The problem for these networks and their users is going to get much worse before it gets better.

In the realm of IT and security, social platforms are more than just check-ins and hashtags. It’s a serious threat that can shut down your entire organization.

Adversaries are more sophisticated and capable than ever, and social media has emerged as one of the primary means of hacking into an organization. Hackers utilize information derived from social media to breach servers, send spam, poach Web traffic and sales leads, as well as target and steal intellectual property (IP). According to last year’s Verizon RISK report, 92 percent of security breaches come from outsiders. More than 75 percent of attacks are opportunistic and not difficult, the report found.

Despite the scale of the threat, existing technological and legal infrastructures are not mature enough to reliably protect organizations. In this ‘Wild West’ of cyber security, the protection of your business is in your own hands and you better be up to the challenge.

Assume You’re Breached

Roughly one in four people worldwide use social media to communicate, eMarketer found. Those users are a data reservoir for hackers, who research employees, acquaintances, status updates and other shared information to correlate data back to a target company. Ninety percent of the effort devoted to any attack comes from information gathering and reconnaissance.

Social media has simplified this so-called reconnaissance process. More vulnerabilities mean more opportunities. The market for cyber-espionage and intelligence has never been bigger. About 80 percent of the government’s national security work has been compromised and taken overseas.

In some cases, hackers are leveraging highly organized tactics to go after commercial entities, such as the Russian hacking ring that stole 160 million credit card numbers from the servers of U.S.-based companies. Each year, counterfeits and piracy—the result of IP violations—cost the U.S. $250 billion and 750,000 jobs.

Critical to Implement a Proactive Approach

Protection is paramount, yet companies have limited resources for help to combat these threats and attacks. International IP-related trade enforcement is still in its formative stage, and enforcement is unreliable at best. From a technological standpoint, company firewalls are of limited help, while the BYOD phenomenon continues to diffuse company information over uncontrolled mobile- and cloud networks. Moreover, platforms that aren’t the ‘Big Four’—Facebook, LinkedIn, Twitter and Google+—don’t have the resources to protect implement truly effective security.

Given these circumstances, it’s just a matter of time until a breach occurs. I would recommend the following three steps to protect your business and intellectual property from hackers:

1) Understand your footprint. Like it or not, you and your organization are a target for attack for the mere fact that you are connected to the Internet. Whether you manually sifting through your connections, Googling for answers or leveraging services like FriendGuard, I strongly recommend understanding your entire attack surface.

2) Plan for prevention. IT professionals bare the burden of knowing, understanding and monitoring the vulnerabilities in their networks. It is also crucial to understand where critical data is located at any given time, and how service providers, such as social media, are introducing weaknesses. BYOD complicates that need, so administrators must look to add-on services to monitor their services—a plug and play model of security—and adapt their strategies to include these partners.  

3) Plan for compromise. Do you have the proper mechanisms in place to help you conduct a post-mortem when your systems are compromised? For example, you should be logging all of your systems that integrate with social assets as well as logging the actions of your employees. Social threats target users as opposed to systems therefore it is critical to understand your user’s actions so that you can trace the compromise back to its root cause quickly and cost effectively.

System Breaches: A matter of ‘When’ Versus ‘If’

Social networks stream right into the heart of your business. With limited protections out of the box, it’s a matter of when, not if, someone will breach your systems.

As we witnessed over the last 48 hours with the Snapchat and Skype security breaches, it’s time to think differently about what ‘social security’ means in our modern world.

James C. Foster is the Founder & CEO of ZeroFOX, the Next Generation Threat Management company. Foster is an industry veteran and a world-renowned thought leader on cyber security. He’s published over a dozen books, holds patents, has spoken on Capitol Hill about the increase in international cyber threats, and is a recognized keynote speaker. Foster started his career as a civilian in the United States Navy in Annapolis, Maryland. In 2005, Foster became a Fellow from the Wharton School of Business at the University of Pennsylvania and received his Bachelor of Science in Software Engineering from Capitol College. Follow Foster on Twitter @GetZeroFOX




Edited by Cassandra Tucker
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
SHARE THIS ARTICLE
Related Articles

Can Science Outsmart Deepfake Deceivers? Klick Labs Proposes an Emerging Solution

By: Alex Passett    3/25/2024

Researchers at Klick Labs were able to identify audio deepfakes from authentic audio recordings via new vocal biomarker technology (alongside AI model…

Read More

Top 5 Best Ways to Integrate Technology for Successful Project-Based Learning

By: Contributing Writer    3/19/2024

Project-based learning, also popularly known as the PBL curriculum, emphasizes using and integrating technology with classroom teaching. This approach…

Read More

How to Protect Your Website From LDAP Injection Attacks

By: Contributing Writer    3/12/2024

Prevent LDAP injection attacks with regular testing, limiting access privileges, sanitizing user input, and applying the proper encoding functions.

Read More

Azure Cost Optimization: 5 Things You Can Do to Save on Azure

By: Contributing Writer    3/7/2024

Azure cost optimization is the process of managing and reducing the overall cost of using Azure. It involves understanding the resources you're using,…

Read More

Massive Meta Apps and Services Outage Impacts Users Worldwide

By: Alex Passett    3/5/2024

Meta's suite of apps and services are experiencing major global outages on Super Tuesday 2024.

Read More