Takeaways from this post:
- Executives have embraced social media channels for brand-building and thought leadership.
- However, they are exposed to serious social media threats, and their companies know it.
- Impersonation, account takeover, and executive phishing are all of major concern.
- Companies need software solutions that can offer maximum protection without constraining executives’ social media freedom.
Social Media: A Universal Executive Play
In our survey, 100% of executives said they had adopted social media as a business tool. 39% of them utilize platforms like LinkedIn and Twitter to build and forward their brands; 32% use these cloud channels to showcase their thought leadership.
56% of respondents predict that social media will become increasingly important as a tool for executive communications by 2021, making it a major priority for future investments. 48% of businesses already spend 50-100 hours a month on social media for executive communication purposes.
The clear takeaway from these percentages is that social media channels are a major part of executives’ everyday digital life. And this will only increase in the coming months.
Guide: Learn how to identify
and prevent social engineering attacks
Social Media Threats: A Clear and Present Danger
Despite this enthusiasm for social media, our poll clearly revealed that companies are acutely aware of the dangers posed by social media threats.
Many executives have been at the receiving end of cyber attacks and threats. The volume and frequency of these attacks, as well as their growing sophistication, make executives among the weakest links in the cybersecurity chain. In one of our earlier surveys, 1 in 4 of enterprise IT officers and cybersecurity experts said that executive social media accounts are a major risk factor for their enterprise.
In our 2021 executive protection poll, companies ranked the biggest social media threats to their company as follows:
- Impersonation/Fake Accounts: 32% of companies viewed this as the biggest danger
- Account Takeover: 27% of companies viewed this as the biggest danger
- Executive Spear Phishing: 22% of companies viewed this as the biggest danger
Protecting Against the Major Social Media Threats
How can companies protect against these threats? There are some macro answers here. Security and compliance need to work together. Presently, only 18% of business organizations consider cybersecurity a board-level priority; this has to change. However, when it comes to these specific threats, companies need to react in specific ways:
More than once, Bitcoin scammers have netted thousands of dollars’ worth of cryptocurrency by pretending to be Tesla CEO Elon Musk on Twitter. This is just one high-profile example of executive impersonation, which can seriously damage a brand. Even if the hackers are at fault, the blowback can fall on the company being impersonated.
Impersonation is such a scourge that social media networks like Facebook and Twitter perform regular purges to rid their channels of billions of fake accounts. Impersonation and fake accounts can hurt an executive's reputation and chip away at the trust people have for corporate leaders.
To protect themselves, companies need to be able to protectively scan the surface and dark web for impersonators, and initiate takedowns.
Account takeovers typically occur due to faulty security protocols and poor cybersecurity practices on the part of employees. It is a form of identity theft where fraudsters and insiders access social media accounts using compromised credentials and pose as the actual user. External and unauthorized parties gain access to social media accounts through employees falling prey to social engineering and other social media attacks.
Recent data reveals that 33% of organizations experience 1-10 corporate account takeover attempts in a year; 19% say they’ve dealt with 11-25 attempts, while 16% faced 26-50 takeover attempts.
Account takeovers can be devastating. Best case scenario is some serious brand reputation damage. Worst case scenario is the exfiltration of the most sensitive company data, and the initiation of financial attacks.
To protect themselves, companies need to be alerted to all unusual account activity, and have the power to recover accounts and revert them to their previous state.
Executive Spear Phishing
The growing use of social media exponentially increases the threat of executive phishing (or whaling). Executive phishing is highly sophisticated. Messages are personalized, and executives are tricked into opening malicious files that can contain devastating ransomware.
Research conducted by BlackHat found that 66% of executive phishing messages delivered through social media DMs were opened by their recipients. Executives easily fall prey to these social media attacks because they can't distinguish the threat without extensive cybersecurity training or experience.
Today, about 41% of information leaked online comes from social media accounts. That's a significant jump from 25% in 2022. The risk of information leaks through social media intensifies when account users grant access to multiple unauthorized parties, intentional or not.
Poor social media practices such as poor security controls and over engagement in social networks makes it easy for bad actors to gather information that can help them breach a legitimate user's account.
Other forms of social media threats include:
- Fake giveaways
- Affiliate scams
- Fake friends/followers
To protect themselves, companies need round-the-clock scanning of all executive messages, and the proactive detection and quarantining of potentially threatening interactions.
Whitepaper: Learn more about social media benefits and risks,
and how to mitigate them
Guarding Against Social Media Attacks
Successful mitigation against the growing threats of social media lies mainly in people. Educating your employees and even your executives to recognize potential attacks via social media and respond immediately can help shield your organization from all sorts of social media security risks for businesses. Invest in cybersecurity seminars to equip workers with the knowledge to identify risks stemming from social media and cyberspace in general.
Companies are fully aware of how bad a successful cyberattack against their executives could be. In the event of a hack, 70% of respondents said their both company’s brand and reputation would sustain massive damage. Half of respondents also believe that it would drive down shareholder value.
These fears are not exaggerated.
To protect executives from potentially damaging social media threats, companies must onboard tools that can protect executive accounts, wherever they are. The right security solution will possess the following features:
- Full visibility of the threat surface
- Real-time risk detection of threats in social media
- Analysis and sandboxing of malicious/suspicious files
- Detection of impersonated accounts
- Detection and purging of high-risk accounts and followers
- Dark web monitoring
But remember: Executives put a premium on productivity. This means security tools have to be lightweight and effectively invisible. 76% of CEOs admit to relaxing security protocols on applications they use to speed up their tasks. They want protection, but they place more value on productivity, efficiency, and convenience.
Platforms need to be robust, but they can’t place any drag on social media activities. Companies should look carefully at their options and make sure that the tools they choose strike this balance.
If you are interested in learning more about the SafeGuard Cyber solution, you can take a quick 5-minute tour.