Social media can be great for many things. It can keep you connected to friends and relatives far away, help you find like-minded individuals, and provide access to valuable tips from experts. After all, it’s why 4.62 billion people (or 58.4% of the world’s population) use social media. But, if you’re a business owner, that amount of social media activity can pose a major cyber security risk.
As the founder of the leading cyber security firm OccamSec, I’ve seen countless times how social media is a weak point for even the most careful companies. In fact, between November 2020 and October 2021, there were almost 24,000 cyber security incidents worldwide that affected businesses big and small. But why are these popular platforms so dangerous? Here are three reasons.
Easy access to employees
Trying to gain access to company information via its employees is nothing new. The practice is called social engineering. Before social media, a criminal would find someone who worked at a company, call them, and pretend to be the CEO asking for a document or information that he lost. Then, believing the caller, the employee would send the private information opening up the business to a significant data breach.
Today, the tenants of social engineering are the same; it’s just the mechanisms have shifted. Instead of using the phone, the criminal can use social media and the internet. How? Well, all they have to do is create a profile on a platform (i.e., LinkedIn) and friend connections. Once there are mutual connections, the criminal looks more legitimate. This increases the level of trust while simultaneously removing that gut instinct you might have on the phone or in person. Then they can easily reach out and ask for company information.
No employee would hand over intel to a stranger who simply came up to them and asked for company information. But social media takes away that instinct thanks to virtual connections. A criminal can manipulate someone easier since the face-to-face element is gone.
Hackers use the term attack surface when describing how easy a target will be. Again, you can understand how it works by looking at classic criminal behavior. For example, if a robber is trying to steal something from a home, they will look at how many different entries there are—doors, windows, a garage, etc. The number of access points increases as the number of windows, skylights, etc., increases.
Social media is very similar to criminals looking to gain entry into a company’s information. Since nearly every business employee has an online presence, they all become possible points of entry, increasing the attack surface. In fact, it blows it wide open.
For instance, if a hacker wants to breach P&G, he can log on to LinkedIn, search for P&G, and find nearly every person that works there. Then, they can find those employees’ TikTok, Instagram, and Facebook pages to learn about their friends and interests. That information can help them connect to these people and eventually get information. Since the attack surface is so large, this can be done thousands of times and increases the chances of the criminal getting the intel they desire.
Tapping into psychological weakness
Sadly, it’s been scientifically proven that scrolling through social media causes our brains to release dopamine and serotonin. And when you get likes or a follower, it perpetuates that addiction. Unfortunately, a criminal can use that psychology to his advantage.
Going back to the point of social engineering, connecting with someone on social media—and their connections—will psychologically make that person feel more valued. Someone is interested in you enough to want to follow your day-to-day activities and interests, right? That gives you a dopamine and serotonin rush. That person (aka criminal) then comments or likes specific posts, feeding that social media addiction. Over time, that rush leads to an individual’s trust, even if they are a stranger. Now, vital information is in danger of being compromised.
In the end, social media remains a weak point even if a company takes every precaution necessary to protect in-house information. But, understanding those risks created by social media—easier access to employees, increased attack surface, and tapping into psychological weakness—can help companies better prepare for an information breach.