SC Media’s article “The £1 billion social media crimewave that has enterprises blindsided” reports on newly published research revealing massive blindspots in the defense strategy of the average enterprise: social media-enabled attacks.
The Bromium report, “Web of Profit: Social Media Platforms and the Cybercrime Economy,” states that with one in five enterprises infected by malware originating from social media, and one in eight experiencing a breach following a social media directed attack, the scale of the threat is not to be underplayed. In the UK alone, reported social media-enabled crime has quadrupled between 2013 and 2018. Globally, the research finds, the criminal fraternity is earning a staggering £2.4 billion (US$ 3.35 billion) every year.
Research at CensorNet concluded that nearly a quarter of people admitted to using social messaging apps like WhatsApp, Telegram and even Facebook Messenger to share work documents, which is often overlooked by security teams. But with social media being an essential tool to businesses, banning employees from social media to reduce the risk of these malware attacks is ‘totally impractical.’
SureCloud’s Senior Cybersecurity Consultant, Mark Wardlow, responds to the SC Media article, and discusses how both organizations and employees can best protect themselves against these types of attacks:
Enterprises can become victims in several different ways. Often attackers will use information gained from social media platforms to construct a profile of the organization and its structure which includes names of staff, and their managers. This information is then used to target individuals with a convincing back story that will be used to either extract money directly or further their insight into the company. Other cases have occurred where corporate secrets or damaging beliefs have been expressed via social media platforms which subsequently reflect poorly on the organization.
The best defense lies around educating users on the dangers associated with a social media presence, and ensure one-to-one staff reviews include an element discussing this. A popular tactic used by teachers to avoid students discovering their social media accounts is to use an alternate name, or middle name rather than their full name. This isn’t fool-proof, however, and the best defense is always to be aware of what is available to the public on your social media account, ensure care and consideration is used when posting, and beware of accepting invites from users who are unfamiliar.