Social media is under attack — at least according to the latest report from data management solutions provider NexGate. The report, which analyzes more than 30,000 Fortune 100 social media accounts, suggests our most popular networks are particularly vulnerable to social spam and could be the source of the next big data breach.
According to the report, there are three main security threats when it comes to Fortune 100 social media accounts:
- Unauthorized accounts: accounts created without the permission of the head of social media.
- Content threats: often contain malware links, phishing lures, spam pornography and hate speech.
- Account Hijack: a daily occurrence in which accounts are hacked or hijacked to steal customer information, distribute malware or “embarrass brands.”
Forty percent of Facebook accounts and 20 percent of Twitter accounts claiming to be for a Fortune 100 company were unauthorized. Most of these accounts were offering “free” giveaways. NexGate found up to 330 such accounts per Fortune 100 brand.
The report indicated that Fortune 100 companies in the finance category have the most unauthorized accounts: 55 percent for Facebook and 25 percent on Twitter. Thirty-five percent of news accounts on Facebook were unauthorized, and 10 percent on Twitter news accounts were not official. Entertainment accounts were 25 percent and 15 percent unauthorized, respectively.
While some unauthorized accounts are created by employees and fans of brands, the report indicates that 20 percent of all Fortune 100 affiliated accounts are “protest accounts.” These accounts are “bound to occur and people certainly have the right to create them,” according to the report. However, “protest accounts provide a platform with a potentially very wide reach for a small number of people to broadcast negative, biased and potentially false information about the brand.”
Social spam is also a huge threat. According to the report, content-based threats are becoming more common and have increased 658 percent since mid-2013, and content-based threats are becoming more common. Social spam is pretty much the same as email spam, but social media creates a more efficient delivery mechanism for:
- stealing customer data
- damaging the brand
- manipulating markets, and
- perpetuating internet cons schemes
Account hijacks send social media teams into a panic and result in major recovery costs. Recovery includes PR damage control, changing passwords, “de-provisioning users and de-provisioning applications.” The report also indicates that with an average of 320 social media accounts and more than a dozen authorized applications, Fortune 100 companies have a massive amount of infrastructure to recover. President Obama, The Associated Press, Jeep, CBS, FIFA, Microsoft and Burger King are some of the biggest names to have been hijacked.
NexGate says that the new communication medium requires a new approach. The report recommends taking the following steps to combat the onslaught of technology enabled security threats:
- Map the company’s social footprint and limit the number of authorized users to reduce the number of “spear phishing” and account hijack targets.
- Identify and develop a plan for dealing with unauthorized accounts.
- Monitor accounts for malicious or inappropriate content and respond quickly to mitigate damage.
- Establish clear organizational roles for identifying and responding to social media threats.
- Develop an acceptable use policy for both the internal and external community.