Why Social Media Data Breaches Should Push C-Suites to Change Their Digital Risk Approach

Google's announcement that it's shutting down Google+ because of a data vulnerability is the latest example in a series of shocking social media privacy scandals. These recurring issues demonstrate just how difficult it is to secure a large, complex system, or protect subscribers and corporate customers from a multitude of other cybersecurity threats. Here are some recent headlines:

While this may be unnerving for the billions of consumers using these platforms, this situation should be alarming to the boards of companies that rely heavily on social media advertising and customer engagement activities to fuel business growth. The stakes are high, if indicated by the level of social media advertising spend, which is forecasted to reach US $68 billion globally in 2018.

Cyber threats unleashed through social media data breaches and account contamination include:

  • Malicious attacks - Bad actors target digital assets with direct account takeovers, malware, phishing re-directs, or bot attacks
  • Brand Impersonation - Bad actors intent on scamming customers set up fake accounts, divert revenues, and conduct other fraudulent activities, all at the expense of the brand
  • Brand & Reputational Damage - Often the target of bad actors for social engineering campaigns or digital sabotage; angry customers intent on revenge, or even innocent posts, can result in brand damage
  • VIP Exposure - Often high profile executives are targets of impersonations, spear-phishing (aka whaling), bot attacks, doxxing campaigns, and more
  • Data Loss & Data Privacy Risk - Sensitive information accidentally/deliberately leaked can results in IP loss, unauthorized financial disclosures, and privacy violations (PII, GDPR, HIPAA); all of which can result in heavy penalties & litigation exposure
Each of these threats can have a measurable impact on a company's bottom line. CEOs, CMOs, CISOs and other corporate officers have a real dilemma: they can’t ignore the positive transformative power of social and digital networking engagement, nor can they tolerate negative headlines, brand damage, and potential revenue fallout of a major social media cyber attack -  or even persistent exposure to the underlying vulnerabilities. Who is at fault when the company fails to secure their digital channels? It is seldom just a security issue or a marketing issue, but a corporate-wide issue. Major incidents have a way of democratizing the shared responsibility across all corporate officers.

The Tipping Point

Perhaps, the Google announcement is finally the tipping point? Although Google+ had been struggling, it was not shut down for low usage. It was shuttered for a major data vulnerability. 

The time has come for companies to proactively build the cyber security capabilities necessary to protect their organizations from the persistent vulnerabilities in social media, and to assure the sovereignty of their digital properties. Security teams routinely invest in additional defenses for email systems, and no company has ever concluded when faced with email attacks that the solution is to shut down email and just live without it. (Reverting to homing pigeons and smoke signals make for funny jokes in breach meetings, but are not to our knowledge carried out). Given social media's impact is often better than email for customer acquisition and engagement, why not just protect it?

As CMOs and CISOs remain some of the most critical stakeholders for social and digital networking engagements, we recommend a teaming approach to put an effective digital risk defense solution in place.

Start with this process:

  1. Initiate Digital Risk Assessment - Kickoff project (CMO & CISO to co-sponsor)
  2. Map Digital Footprint - Determine active social/digital channel engagements; may include social, collaboration, mobile, and/or back office cloud applications (CMO-led)
  3. Survey User Activity - Conduct due diligence to confirm channel usage, sanctioned or permissible employee accounts, and flag unauthorized users including former employees and third-party agencies (CISO-led)
  4. Identify Vulnerabilities - Investigate existing risk exposures, prioritize vulnerabilities and channel coverage requirements (CISO-led)
  5. Determine Solution Requirements - Understand operational considerations for time-to-threat detection and time-to-threat remediation. Agree on budget and obtain sign-off on investment plan (CMO & CISO - jointly)
  6. Select Solution & Deploy - Place channels under governance of digital risk protection solution (CISO-led)
When you are ready to initiate your project, SafeGuard Cyber can assist the process with a free digital risk assessment. Contact us today. 
About the author
Kevin Walter

Kevin Walter

Kevin Walter manages product marketing at SafeGuard Cyber. Prior to joining us, Kevin served in senior product management and strategy roles for various information management product portfolios at MicroFocus, HPE, EMC and Legato Systems.

Subscribe to our blog for the latest in digital risk news, security tips, and business transformation

Contact SafeGuard Cyber