Considering that more than 40% of the world's population use social media and create and send several petabytes of digital content daily on social networks, it should not be surprising that these media become a frequent target for security criminals. The results of a recent survey on a number of volunteers indicate that 82% of them believed that the use of social media in business has increased the risk of cyber threats.

Although privacy risks and reduced credibility from irresponsible use of social media are more in the spotlight, cyber attacks have proven to be the biggest threat to the use of these media. The investigation also shows that Facebook، Twitter، Instagram and WhatsApp They are considered as the most risky programs. It is interesting to note that Twitter is the only program among the above programs that is not owned by Facebook. This issue may be affected by the decrease in trust in Facebook and its subsidiaries (due to the disclosure of a large amount of information records of this group in the past years).

Social media expands the attack surface beyond traditional end users.

Since opening malicious messages compared to emails Phishing It happens much more, attacks on social media platform have increased 4 times in the past years. Furthermore, social media emerged after the invention of conventional cyber defense tools (such as firewalls and end-user security). As a result, given that these endpoints are outside the scope of traditional security, it is easier for vandals to compromise them. The reason for this is that as social media and other cloud-based digital channels become more intertwined with core business processes, the attack surface expands.

Developing endpoint security protection across these channels at the account and in-app level is a new challenge for businesses. This includes protection against malicious links, content and users (regardless of how they enter the program through a desktop computer or using mobile apps on personal phones). The data is being transferred in the App and that is where the real treasure lies. App layer security or digital endpoint is the only way to monitor these channels.

Social media is an obvious target for social engineering scammers.

Compared to checking email, people today spend much more time on social media. Platforms like Facebook are fully accessible since they have the inherent feature of instant messaging and fully mobile functionality, and as a result, online social interactions for average users are more than 2 hours a day. This makes social platforms an obvious target for attackers who want to carry out a social engineering attack. In fact, many attackers use methods that mimic the behavior of legitimate businesses to gain more trust among potential victims.

Today, the use of social media in work environments has become a business requirement, and popular social media are expected to be ubiquitous and available. Unfortunately, this issue also causes vulnerability. Attackers using social engineering typically target employees and executive-level employees. These attacks are skewed towards higher-level employees, with access to a large amount of valuable data and business user accounts.

Additionally, attackers use social media to find and learn about their next targets; In a similar way to when a burglar investigates the assets of a house before attacking. The wealth of information people post about themselves on social media helps attackers build a complete profile of their potential targets. Attackers can then use this information to create trust in the form of a friend or colleague. If an attacker could somehow gain control of an account, such as an account belonging to a former employee, then his story would be more believable.

How can businesses use social media without increasing risk?

The pervasiveness of social media and the implicit trust created by these channels make them both a valuable business asset and one of the biggest threats to businesses. However, banning their use in workplaces is not possible in an era where businesses are heavily dependent on them for digital growth. Instead, information security managers must find a way to manage the risk involved in using these channels. To this end, all incoming and outgoing content must be thoroughly evaluated and unauthorized and compromised user accounts must be terminated immediately. Therefore, in order to be able to confidently use third-party platforms without adding risks, it is a critical issue to extend security policies and solutions to them.