During 2017, social media platforms were regularly used for the spread of fake news or the manipulation of public opinion. But, social media can also be used for sophisticated social engineering and reconnaissance activities, which form the basis of many attacks on the enterprise. Criminals and hackers regularly use these platforms to distribute malware, push rogue antivirus scams and phishing campaigns to lure their victims.
Wanting to find out more, Information Age – in exclusive interviews – discussed the growing threat of social media and how to mitigate the risk with two security experts: Mark James, security specialist at ESET and Lee Munson – security researcher at Comparitech.com.
In the social media era, how could a lack of social media security policies create serious risks for the enterprise during 2018?
MJ: The trouble with perceived “things” we cannot do without, is being able to draw the line between work and private. From the perspective of the tech team, one of their problems is keeping the whole company safe through policies and procedures- some of which involve clear lines and attack vectors. When you blur those lines through social media interaction in the workplace, it can be difficult dealing with the level of trust involved through people you “think” you know. For instance, if a friend through social media recommends something to watch or view, there is an extremely high chance you will do just that- after all you may have known them for years, and in person are a trustworthy and valuable friend. The trouble is, of course, being able to validate that friendship through a digital platform- a job that is not as easy as it sounds.
Why have social media platforms become such an easy target for hackers?
MJ: In my opinion, body language or lack off. If I arrive at your house and ring your doorbell, you may open the door and in a matter of seconds will have decided a number of factors: Do you know the visitor? Are they agitated? Do they look happy or sad?
However, when doing that through a digital existence, you have none of these visual qualifiers. You can, in essence, act with or assume whoever you choose- if a trust relationship exists between the two parties then you can assume that trust and use it to your advantage.
How is the problem of fake news spread via social media likely to develop in 2018
MJ: Fake news seems to be one of those events where most people don’t understand the dangers involved; because there is no actual danger as such, it’s hard to see the problems caused. Of course some of the dangers are simply the ability to push as much traffic as possible, to potentially infected websites or links. Other dangers may be influencing public or even private events, and really boils down to perception. Often more dangerous than the truth, we have come to trust our computer or mobile screens- we believe we understand the difference between fake and real news, but it’s actually a lot harder than we think, purely because often we want to believe that the platform delivering the content is trustworthy.
How can enterprises protect their organisations from the dangers of social media attacks?
MJ: Education, policies and good practices are the way forward in ensuring the right news is available. A good multi-layered, regularly updated security software is essential and ensure your defences are also layered as best as you can possibly manage- it’s always better to be over than under protected.
LM: Within the enterprise, social media policies are essential, irrespective of the risks presented by fake news. Corporations need to clearly define what is, and what isn’t, acceptable in terms of which employees have access to social media accounts and the type of information they are allowed to post or link to.
Where such a policy does not exist, there is always a grave risk that an over-eager member of staff could, in good faith or otherwise, associate the company with a news story that is either immediately inappropriate or which later turns out to be embarrassingly untrue.
For those who would propagate fake news, social media platforms are a fruitful target for a couple of reasons. First, such accounts tend to suffer from a lack of security in terms of weak passwords and a lack of two factor authentication, especially when they are personal rather than corporate in nature. Second, social platforms are extremely powerful, especially when the targeted accounts are influential, because there is a growing trend for people to consume news in these places versus the more traditional media outlets.
In the current year, fake news is likely to increase on the back of the success it has enjoyed to date. I predict the biggest area of growth will be in the political field as nation states look to exert more and more influence on sentiment and voting patterns in other countries.
Social media attacks are centred very much around people, be that influencing the influencers or hacking their accounts. For that reason, enterprise should look at staff training as well as social media and password policies if they are to minimise the risk of attack against themselves.