Vulnerability of social media in digital society: Strengthening cyber security defences

Panashe Chigunwe, Certified Information Systems Auditor (CISA) Exam Passer at ISACA.
Panashe Chigunwe, Certified Information Systems Auditor (CISA) Exam Passer at ISACA.

In the rapidly evolving digital era, the way we communicate and interact has undergone a profound transformation. Social media platforms have become integral to our lives, connecting people across the globe and providing a platform for sharing information, opinions and experiences. However, this digital connectivity also comes with its own set of challenges, particularly in terms of cyber security. Despite efforts to address these issues through training and awareness campaigns, social media remains a significant weak point in our defence mechanism against cyber threats. In this press release, I will explore the vulnerabilities of social media in digital society and discuss the importance of strengthening cyber security defences to protect users from potential attacks on social media. 

The advent of social media has revolutionised the way we communicate. It has enabled individuals, organisations and communities to connect and engage with one another in real-time, transcending geographical boundaries. The instantaneous nature of social media facilitates the rapid dissemination of information, making it an invaluable tool for sharing news, events and ideas. However, this ease of communication also presents significant risks – risks that have been neglected by many cyber security professionals who have labelled it unprofessional and informal. Social media platforms serve as treasure troves of personal information, making them prime targets for malicious actors. Attackers can exploit the abundance of readily available data to carry out social engineering attacks, manipulating users into divulging sensitive information or performing actions that could compromise their security. By leveraging personal information shared on social media, attackers can convincingly impersonate individuals or gain unauthorised access to personal accounts, leading to identity theft, financial fraud or even corporate espionage. Indeed, identity theft and misrepresentation on social media platforms, such as LinkedIn, pose significant risks to individuals and can have detrimental effects on their personal and professional lives. This phenomenon has become increasingly prevalent in digital society, impacting the way employers perceive candidates, potentially closing opportunities and impeding progress.

As a norm if not a requirement, social media platforms often require users to create profiles that showcase their personal and professional information. LinkedIn, in particular, is widely used as a platform for professional networking and job searching. Unfortunately, this wealth of personal data makes it an attractive target for identity thieves. Identity theft involves malicious actors assuming another person's identity, often by creating fake profiles or hacking into existing ones. Once they gain control, these impostors can use the stolen identity for various illicit purposes. For example, they may engage in fraudulent activities, deceive individuals into sharing sensitive information, or tarnish the reputation of the victim by posting inappropriate or misleading content. Employers who rely on LinkedIn profiles for candidate assessment may unknowingly encounter these false representations, leading to negative perceptions of genuine individuals.

In the digital world, social media platforms play a crucial role in shaping an individual's professional reputation. Potential employers, investors and business partners frequently turn to platforms like LinkedIn, Facebook and Twitter to assess a candidate's qualifications, skills, professional achievements and even lifestyle. However, the misrepresentation of one's identity or accomplishments can mislead and deceive those who rely on this information.

If an individual's profile is compromised or manipulated by an impersonator, it can result in severe reputational damage. Employers who encounter misleading or falsified information on a candidate's profile may develop a negative perception of their credibility and integrity. As a result, opportunities for employment or investment may be closed off, leading to setbacks in professional growth and progress.

In addition to identity theft and misrepresentation, social media platforms, including Facebook, have experienced various forms of cyber attacks and data breaches that further emphasise the vulnerabilities of these platforms in the digital society.

One prevalent form of cyber attack on Facebook is malicious tagging, “99 others”. Attackers exploit the platform's tagging feature to spread spam, malware, explicit content or fraudulent content. They create fake accounts or hijack legitimate ones to tag unsuspecting users in posts or comments that contain malicious links or harmful content. This technique aims to deceive users into clicking on these links, leading to potential data breaches, identity theft or the compromise of personal devices.

Malicious tagging can not only compromise the security of individual users, but also tarnish the reputation of businesses or organisations when their brand accounts are targeted. Such attacks can lead to a loss of trust, financial repercussions and damage to the overall user experience on the platform.

Social media platforms have been subjected to various types of cyber attacks and data breaches, highlighting the critical need for improved cyber security measures.

Phishing attacks involve the use of deceptive tactics, such as fake login pages or e-mails, to trick users into revealing their login credentials. Attackers leverage social engineering techniques, often exploiting personal information shared on social media, to create convincing phishing campaigns. Once obtained, these credentials can be used to gain unauthorised access to user accounts or launch further attacks.

Account hijacking refers to the unauthorised takeover of user accounts. Attackers may use various methods, such as brute-force attacks, password re-use or social engineering to gain access to accounts. Once compromised, attackers can misuse the account for spreading malware, engaging in fraudulent activities or launching spam campaigns.

Social media platforms store vast amounts of personal data, making them attractive targets for data breaches. These breaches can occur due to vulnerabilities in the platform's security infrastructure, insider threats or targeted attacks. When data breaches occur, sensitive user information, including usernames, passwords, e-mail addresses and even private messages, may be exposed. Such breaches can lead to identity theft, phishing attempts or other forms of cyber crime.

In this era, social media platforms often integrate with third-party applications and services. However, the security practices of these third-party developers may not always be stringent, resulting in vulnerabilities that can be exploited by attackers. Unauthorised access to user data through compromised third-party apps poses a significant risk to user privacy and can lead to data breaches.

Another pressing concern in the realm of social media is the weaponisation of disinformation. The rapid spread of false or misleading information through social platforms can have profound consequences for individuals, communities and even nations. Malicious actors leverage social media algorithms and networks to propagate fake news, incite social unrest or manipulate public opinion. The extensive reach and speed of social media amplify the impact of disinformation campaigns, posing a significant threat to democratic processes and social cohesion.

As a cyber lawyer, an attorney of digital affairs, I have put measures in this article to enhance safe interaction and communication.

Individuals must exercise caution and adopt best practices to protect their online identities. This includes regularly monitoring their social media profiles for any signs of unauthorised access or tampering, using strong and unique passwords, enabling multi-factor authentication and limiting the amount of personal information shared publicly.

Employers and other stakeholders should implement robust verification processes when assessing candidates or individuals through social media platforms. Relying solely on profile information may not provide a comprehensive view of an individual's qualifications and accomplishments. Cross-referencing information, conducting background checks and reaching out directly to confirm details can help mitigate the risks associated with misrepresentation.

Social media platforms should have streamlined mechanisms for reporting suspicious or fake profiles. Timely and efficient reporting enables platforms to take swift action to investigate and remove fraudulent accounts. Moreover, fostering collaboration between social media platforms, law enforcement agencies and cyber security experts can aid in developing proactive strategies to identify and prevent identity theft and misrepresentation.

Social media platforms bear the responsibility of ensuring the security and integrity of user profiles. Implementing advanced security measures, such as user verification processes, automated detection of suspicious activities and robust account recovery mechanisms, can significantly reduce the risk of identity theft and impersonation.

Promoting digital literacy and cyber security awareness is paramount. Users must be educated about the risks associated with sharing personal information online, the tactics employed by social engineering attackers and the importance of verifying information before sharing it. By fostering a culture of responsible digital behaviour, users can become the first line of defence against cyber threats.

Social media platforms must invest in robust security measures to protect user data. Implementing stringent access controls, encryption protocols and advanced threat detection mechanisms can significantly mitigate the risk of unauthorised access and data breaches. Regular security audits and vulnerability assessments are essential to identifying and patching any weaknesses in the system.

Governments and regulatory bodies should develop comprehensive frameworks to govern social media platforms. These frameworks should address issues such as data privacy, accountability and transparency. Collaboration between industry stakeholders, policymakers and cyber security experts can lead to the creation of effective guidelines and regulations that protect users while maintaining the openness and accessibility of social media platforms.

A concerted effort is required from both the public and private sectors to enhance cyber security collaboration. Sharing threat intelligence, best practices and incident response strategies can help organisations detect and respond to emerging cyber threats effectively. Additionally, fostering partnerships with cyber security firms and academia can facilitate the development of innovative technologies and solutions to address evolving challenges.

Social media has undeniably transformed the way we communicate and interact with one another. However, this digital connectivity comes with inherent vulnerabilities that one has to look out for and get protected on.

Share

Editorial contacts

Robin Williams
Cape Regional Director
Atikah Hendricks
Marketing and Events Coordinator
events.coordinator@isaca.org.za