Social Media And The Evolving Threat Landscape

Troy Rydman is CISO / VP of Cybersecurity of Fast.

Cybersecurity, at its very core, is a data protection discipline where we strive to protect the “soft, chewy middle” of the companies we work for, as well as our personal lives. For years, it was a perimeter in which we barracked ourselves, only striving to protect what was within our networks. However, that is no longer the case, and we must expand our scope if we wish to protect ourselves.

Today’s malicious actors are opportunists and should be seen as streams of water building up against our barricades. They are always looking for the path of least resistance, and those paths are often outside of our control. Social media is one of the primary mechanisms for entertainment, income, relationships, marketing, advertising, etc.

It is so widely used that almost every person and every company utilizes it in one way or another, often as a form of self-promotion. Our reputations frequently rely on our online presence. It can be a powerful tool, but what happens when it’s used against us as a weapon targeting our reputation?

Social media is a double-edged sword within the security community. Many of us have used it as a form of threat intelligence or to vet those we onboard. Many have also feared it as a form of data loss and unmonitored communications.

Recently, it has turned into a perfect breeding ground for impersonation and imposter scams. According to the Federal Trade Commission’s Consumer Sentinel Network report for 2020, imposter scams were the number one form of fraud with nearly 500,000 incidents, making up almost 10.6% of all fraud cases for the year.

Creating a social media account can be done within minutes and automated, depending on the provider’s account validation processes. These accounts can be created with email addresses that have lifespans measured in seconds and can be named or contain nearly anything without review or validation.

Throughout my career, I’ve seen imposter social media accounts create profiles using companies’ names with the slightest deviations in spelling, posting the exact same content as the companies, but with a malicious link or fake contact information. These imposter sites thrive by utilizing reputations already built by the company or individual and garner thousands of followers in days. These attacks affect clients, employees and companies’ reputations and degrade trust. They can be gateways for social engineering by scamming those whom companies have built trust with directly, not even needing to bypass firewalls or threat detection capabilities.

Knowing that these types of attacks are prevalent does little to slow social media imposters. By design, social media companies are not meant to hinder individuals from creating profiles or establishing connections. These companies require data from individuals that can be used for advertising and analytics, so causing delays or putting in controls is counterproductive to their business models. Because of these reasons, the tools afforded to us to combat these social media imposters are minimal.

Most social media sites don’t provide ways for users or companies to identify imposter profiles easily. They offer few services to identify accounts that might be impersonation profiles that advertise disinformation or malicious content. While you can report a site as malicious or impersonating, it can take days or even weeks for a response. Even then, your request might be challenged based on a lack of evidence of impersonation or copyright ownership.

While we can hope that social media companies will start feeling some sense of obligation in preventing imposter profiles, it most likely won’t occur without additional laws or regulations. With these companies’ advanced data analytics and profile techniques, it’s clearly within their capability to identify potential fraudsters and shut down an account within seconds. However, the risk of shutting down an account that has influence and, in turn, damaging their reputation would outweigh the reward.

Cybersecurity professionals’ scope of responsibility is expanding. They need to start focusing on threats as they evolve, which include reputational risk. I have found it challenging to combat imposters as effectively as I have other threats, but it’s not impossible — just more challenging. I want to share three things that I have done to make a difference.

• First, engage with a takedown service that is familiar with the social media attack surface. While they might not be the most effective at identifying imposters due to the lack of native integration social media companies provide, they often have established relationships with providers. When an imposter account is identified, they can usually get a quicker response than just reporting it on a website.

• Second, ensure that you have a process in which the community, clients and employees can report fraudulent sites or phishing attempts and make them as public as possible. Have a blurb on the company site or remind users to report any suspected sites through the contact function on the company’s verified social media profile.

• Third, dedicate some time to threat hunting using either internal resources or those of a managed service provider (MSP). You can see whether senior leaders have had their social media profiles cloned or identify the presence of other social media profiles using the company’s logo or trademarked material. Remember that no one will care more about your company’s reputation than you.

As cybersecurity leaders and experts, it is now time to look beyond our fortified walls to the evolving threat landscape. One thing is for sure, the threat actors we are facing are taking advantage of these opportunities whether we focus on them or not.


Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?