Facebook, Twitter, and now Snapchat. The gap in security continues to widen for the major social network operators as they continue to rely only on their internal teams and platforms. The problem for these networks and their users is going to get much worse before it gets better.
In the realm of IT and security, social platforms are more than just check-ins and hashtags. It’s a serious threat that can shut down your entire organization.
Adversaries are more sophisticated and capable than ever, and social media has emerged as one of the primary means of hacking into an organization. Hackers utilize information derived from social media to breach servers, send spam, poach Web traffic and sales leads, as well as target and steal intellectual property (IP). According to last year’s Verizon RISK report, 92 percent of security breaches come from outsiders. More than 75 percent of attacks are opportunistic and not difficult, the report found.
Despite the scale of the threat, existing technological and legal infrastructures are not mature enough to reliably protect organizations. In this ‘Wild West’ of cyber security, the protection of your business is in your own hands and you better be up to the challenge.
Assume You’re Breached
Roughly one in four people worldwide use social media to communicate, eMarketer found. Those users are a data reservoir for hackers, who research employees, acquaintances, status updates and other shared information to correlate data back to a target company. Ninety percent of the effort devoted to any attack comes from information gathering and reconnaissance.
Social media has simplified this so-called reconnaissance process. More vulnerabilities mean more opportunities. The market for cyber-espionage and intelligence has never been bigger. About 80 percent of the government’s national security work has been compromised and taken overseas.
In some cases, hackers are leveraging highly organized tactics to go after commercial entities, such as the Russian hacking ring that stole 160 million credit card numbers from the servers of U.S.-based companies. Each year, counterfeits and piracy—the result of IP violations—cost the U.S. $250 billion and 750,000 jobs.
Critical to Implement a Proactive Approach
Protection is paramount, yet companies have limited resources for help to combat these threats and attacks. International IP-related trade enforcement is still in its formative stage, and enforcement is unreliable at best. From a technological standpoint, company firewalls are of limited help, while the BYOD phenomenon continues to diffuse company information over uncontrolled mobile- and cloud networks. Moreover, platforms that aren’t the ‘Big Four’—Facebook, LinkedIn, Twitter and Google+—don’t have the resources to protect implement truly effective security.
Given these circumstances, it’s just a matter of time until a breach occurs. I would recommend the following three steps to protect your business and intellectual property from hackers:
1) Understand your footprint. Like it or not, you and your organization are a target for attack for the mere fact that you are connected to the Internet. Whether you manually sifting through your connections, Googling for answers or leveraging services like FriendGuard, I strongly recommend understanding your entire attack surface.
2) Plan for prevention. IT professionals bare the burden of knowing, understanding and monitoring the vulnerabilities in their networks. It is also crucial to understand where critical data is located at any given time, and how service providers, such as social media, are introducing weaknesses. BYOD complicates that need, so administrators must look to add-on services to monitor their services—a plug and play model of security—and adapt their strategies to include these partners.
3) Plan for compromise. Do you have the proper mechanisms in place to help you conduct a post-mortem when your systems are compromised? For example, you should be logging all of your systems that integrate with social assets as well as logging the actions of your employees. Social threats target users as opposed to systems therefore it is critical to understand your user’s actions so that you can trace the compromise back to its root cause quickly and cost effectively.
System Breaches: A matter of ‘When’ Versus ‘If’
Social networks stream right into the heart of your business. With limited protections out of the box, it’s a matter of when, not if, someone will breach your systems.
As we witnessed over the last 48 hours with the Snapchat and Skype security breaches, it’s time to think differently about what ‘social security’ means in our modern world.
James C. Foster is the Founder & CEO of ZeroFOX, the Next Generation Threat Management company. Foster is an industry veteran and a world-renowned thought leader on cyber security. He’s published over a dozen books, holds patents, has spoken on Capitol Hill about the increase in international cyber threats, and is a recognized keynote speaker. Foster started his career as a civilian in the United States Navy in Annapolis, Maryland. In 2005, Foster became a Fellow from the Wharton School of Business at the University of Pennsylvania and received his Bachelor of Science in Software Engineering from Capitol College. Follow Foster on Twitter @GetZeroFOX
James Cham, partner at seed fund Bloomberg BETA, was at Cisco Collaboration Summit today talking about the importance of models to the future of machi…
The retail value chain is in for a blockchain-enabled overhaul, with smarter relationships, delivering enhanced transparency across an environment of …
With GDPR on the horizon, Zuckerberg in Congress testifying and Facebook users questioning loyalty, change is coming. What that change will look like,…
Organizations amass profuse amounts of data these days, ranging from website traffic metrics to online customer surveys. Collectively, AI, IoT and eve…
Hollywood has programmed society into believing satellite imaging as a magic, all-seeing tool, but the real trick is in analysis. Numerous firms are f…