More than half of the world’s population, 58.4% or 4.62 billion people, use social media.
Related: Deploy human sensors to stop phishing.
And while it’s amazing for keeping in touch with friends, organizing gatherings, and sharing important messages, it’s also the reason we’re facing a cybersecurity crisis.
A record 847,376 cybercrime complaints were reported to the FBI by the public, according to the 2021 FBI Internet Crime Report– a 7% increase from 2020. This is now attracting the attention of elected leaders like Senator Mark Warner and Senator Marco Rubio.
They recently called the Federal Trade Commission (FTC) to investigate TikTok and parent company Byte Dance on its data processing. But why is social media such a catalyst for harmful behavior?
As the founder of the leading cybersecurity company OccamSec, I’ve seen with my own eyes how and why social media is a weak point for even the most cautious people and businesses. Here are the top three reasons.
Social media lends itself to social engineering. What is it exactly ? Well, old-fashioned social engineering is when a criminal phones someone pretending to be the CEO of your company, say, saying they’ve lost a document you need to send . You send it, and that person has a lot of private company information. Social engineering has moved from face-to-face or phone-to-phone to social media and the internet.
Social media provides an effortless manipulation mechanism. You create a profile on a platform, start making friends with people, and then you can access more of those people’s connections because you start looking more legit. So when someone contacts you and you have common contacts, it’s easier to ask for personal or company information. This amplifies their confidence and simultaneously suppresses gut instinct.
If you met someone in a bar who said, “Hey, I work for the same company as you, give me access to your computer,” you’d say, “No.” Your instinct would be that this guy is just scary.
In social media, it is removed. If I connect to you, you connect to me; then we have more mutual connections. From an attacker’s perspective, it lends itself massively to data harvesting, which makes it easier to manipulate people because it removes the face-to-face element.
There is this concept of attack surface in hacking. So if you think of your house, you have the doors, the windows, and maybe a skylight. If I’m a thief, that’s your attack surface. I increase the attack surface by adding more windows, a garage and a yard.
What social media does, if you’re a business, is it opens up your attack surface wide. Now every employee posts online and can be reached. So, for example, if I want to hack Sony, I’ll go to LinkedIn, search for Sony, and get everyone who works there. Then I can watch TikTok, Instagram and Facebook, discover my interests and friends, and be able to connect and get information eventually.
Convenience is key
Convenience trumps safety. A CEO needs to get a document sent on vacation and doesn’t have his laptop. So it’s just sent to his phone. There is an immediate security breach due to convenience. Additionally, you have been proven to get a dopamine response from social media, which leads to a cybersecurity risk. There are so many people on social media that it is easy for criminals to cross this surface.
Ultimately, companies and individuals need to consider what they are exhibiting. But, unfortunately, cybersecurity is hard to maintain unless you stay away from all social media. However, if we adopt certain European privacy laws, we may be able to enjoy better protection. Understanding the risks posed by social media, from social engineering to an increased attack surface, is the first step for organizations to take control of their cybersecurity to keep their employees and their business safe.
About the essayist: Mark Stamford is the founder and CEO of OccamSec. He started playing with computers when he was 8 years old and has over 20 years of experience in technology operations, including cybersecurity. He previously worked at UBS and KPMG.
*** This is a syndicated blog from the Security Bloggers Network of The Last Watchdog written by bacohido. Read the original post at: https://www.lastwatchdog.com/guest-essay-a-breakdown-of-the-cyber-risks-intrinsic-to-ubiquitous-social-media-apps/