Social media threats to business on the rise, says report

Social media threats to business are increasing, according to the first in-depth analysis covering Fortune 100 companies

Social media threats to business are increasing, according to the first in-depth analysis covering Fortune 100 companies by Proofpoint’s Nexgate social media division.

Account hijacking, unauthorised accounts and content-based threats, such as malicious links and phishing lures, are the main types of social media threats, analysts revealed.

Proofpoint's Nexgate division vice-president and general manager, Devin Redmond, said Fortune 100 companies are increasingly losing money, having their audiences attacked and experiencing damage to their brand on their own social media channels. 

“Company-affiliated social pages, profiles and accounts are the next big attack surfaces for fraud, phishing, hacking and data theft,” he said.

According to Redmond, threats to corporate social media accounts and programmes have not received the appropriate level of attention.

“Much of that is due to the lack of understanding regarding the scope and types of security threats,” he said.

The State of Social Media Infrastructure 2014, Part 2: Security Threats to the Social Infrastructure of the Fortune 100 report examines the taxonomy and types of social media security threats and their scope.

The report is based on in-depth threat analysis on the social media presence of all Fortune 100 firms for the 12-month period from July 2013 to June 2014.

Social media threats costly

Social media threats can be as damaging and costly to a brand as other corporate network compromises, digital fraud, malicious email scams and phishing attacks, the report said.

The report’s authors believe it is imperative social media professionals and IT security teams understand these threat types and incorporate security in their social media strategies.

According to the report, an average of two out of five Facebook accounts claiming to represent a Fortune 100 brand are unauthorised. This is true of one in five Twitter accounts.

Analysts revealed, on aggregate, Fortune 100 brands experience at least one compromise every day on their social media accounts.

Attacks on the rise 

Social media spam grew sevenfold since mid-2013 when the previous State of Social Media Spam report was released.

Analysts said 99% of malicious URLs lead to websites with malware or phishing attacks and 2.29 accounts per firm exhibited hijack indicators, such as malware links posted by brand managers.

Social media account hijacks have become so common Nexgate is now able to identify historical patterns that can be used to determine whether or not a hijack has occurred.

The report said the primary purpose of social media threats are to steal customer data, damage the brand, manipulate markets and perpetrate various internet scams.

Overall, the report revealed Fortune 100 companies are a prime example of the tug-of-war between the widespread adoption of new social communications and the widely unresolved security threats to social media infrastructure.

Read more on Hackers and cybercrime prevention

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

In my opinion too many people are addicted to social media. They have to be connected 24/7/365. Nothing is that important in most of our lives. It's amazing what some apps ask for permission in order to use them. Most people do not read the fine print and just hit accept.Unless companies start blocking access to social media site, I do not see this getting any better. Not only is it a risk because of some of the associated apps on theses sites, it also lost time that should have been for company business. I have seen a few employees lose their jobs over this issue in the past. 
As a software tester, I want to emphasize a very particular threat - a threat to image, reputation. Companies used to be mostly concerned about functionality and very little about usability. Users would struggle, complain, but it won't go far. That is, how it was.
Nowadays, software failures quickly end up on Twitter, Facebook, Instagram. Publishing success stories on the corporate web site won't help much if quick google search reveals hundreds of entries "this sucks!".