Takeaways from this post:
- As the use of social media platforms proliferates, the enterprise threat surface has also expanded. This exposes executives to numerous social media cybersecurity threats.
- Enterprises know they are at risk. However, executive social media risk management protocols are often poorly constructed.
- The ownership of risks is not clearly defined. Companies often neglect to decide which departments should manage and own social media risk.
- Social media risk management requires companies to leverage collaboration across departments.
The poll also revealed some key insights regarding executive social media risk management, especially that the cross-departmental ownership, distribution, and management of risk need much improvement. In short, companies are failing to clearly define risk management roles across departments. The level of collaboration that we see today needs a substantial upgrade.
Companies Know the Risks
Compared to your average employee, executives are more susceptible to targeted attacks. Their influence on brand value and overall control of critical operations and systems, not to mention their access to valuable and sensitive data, makes them a much bigger target. Bad actors are fully aware of this; hence about 84% of execs become targets of at least one cyberattack. Moreover, 78% of IT experts think bad actors will increase the intensity of executive-targeted attacks in the months and years ahead.
However, companies are also aware of this. Our 2020 Digital Risk Survey found that 1 in 4 companies know that their executives’ personal social media accounts are major security risk factors. They are also aware of the severity of the consequences should an executive cyberattack happen: 70% believe their enterprises would suffer reputational or brand damage, and half predict a negative impact on shareholder value.
Moreover, “impersonation or fake accounts” was cited as the number one fear by 1 out of 3 enterprises. And 1 out of 4 is concerned about account takeovers.
Despite their risk awareness, companies still lack more sophisticated executive social media risk management protocols.
Social Media Risk Management and its Challenges
Managing risk on email isn’t that hard. You just onboard the necessary software, set the correct filters, then apply all of that to every company inbox. That’s pretty much it.
By comparison, the current generation of cloud channels is a different beast. LinkedIn, Twitter, and other similar platforms live outside the traditional security perimeter. Multiple instances of one platform can exist across various devices. Moreover, the line between personal and professional interactions is blurred.
Worst of all, the volume and speed of communication within them are staggering. Security teams can’t keep up. Nowadays, every executive leverages social media, but by doing so, they have exposed themselves to social media cybersecurity threats.
Banning these platforms is not a solution. People will still utilize them anyway, and companies are aware of this. Our digital risk survey found that unsanctioned channels are the main business security challenges for about 52% of enterprises. 76% of CEOs even admitted to circumventing their own cybersecurity protocols. Less than half are actively involved with their enterprise’s cybersecurity efforts.
Companies need to plan a better approach if they are to implement effective social media risk management. Right now, however, many organizations can’t even decide who’s responsible for what. When asked about which department should consider security and compliance as a critical concern, the respondents of our digital risk survey had varying opinions:
- 70% of companies think it’s the IT department.
- 46% believe it’s a director’s or manager’s concern.
- 37% think it’s the C-level’s responsibility.
- Another 30% points to the CISO of the company.
- 18%, meanwhile, believe responsibility lies on the board level.
With regards to executive social media protection, this is bad news. It implies that there is no industry standard when it comes to understanding and dealing with enterprise risks.
However, this is unsurprising when considering roles around social media risk management are often poorly constructed. As our recent poll uncovered:
- 29% of companies assigned risk ownership to their CISO.
- Another 28% assigned risk ownership to their marketing/communications department.
- Meanwhile, 19% passed the responsibility to an external agency.
What makes this worse is that 1 out of 10 is not even aware of who should be responsible.
The Key is Collaboration
Here’s the key takeaway:
- These revelations point to a bigger truth: social media risk management is not the sole responsibility of one department.
Every department, in one way or another, leverages cloud channels, from marketing to sales to HR and even recruitment. Different departments then need to own various forms of risk, given how complicated digital risk can become. Before enterprises can develop a robust strategy that protects executives from social media platform risks, they must first define and establish cross-team responsibilities.
Collaboration is key to social media risk management, and it needs careful development before getting started. Furthermore, companies also need to realize that there are solutions available to protect executives on social media, tools that offer detection and visibility around potential social engineering threats like executive whaling and spearfishing.