Securing Your Social Media Strategy Otavio Freire CTO and - - PowerPoint PPT Presentation

Securing Your Social Media Strategy

Otavio Freire

CTO and Co-Founder Social SafeGuard Visiting Scholar University of Virginia Executive Lecturer Darden Business School

www.socialsafeguard.com, Tysons Corner, VA

SocialSafeGuard.com

• Discuss how social media has emerged as a new attack vector
• Review how social media exposes companies to risks from cybercriminals, hackers

and other bad actors who can impersonate a company, a brand, or an employee

• Review the types of risks Legal Firms and their Clients face on social media
• Discuss a framework to minimize risk
• Offer a framework to prepare for social media risk readiness
• Discuss new trends in Social Media Security Risk

Overview for Today

Marketing

Social Media Threat- Legal Firms and their Clients challenges exploded in ’16 with multiple functions and employees going social creating new risk

Source: Comscore

2007 2008 2009 2010 2011

Social Users Email Users

1.1 billion

social users

Social Revolution: Social Networking Has Surpassed Email for Communications

2015

Social media risk is now an urgent matter

• Disruptive technology trends such as mobile and social wreak havoc on

information security

• Comprehensive approach is needed to keep up with disruption of social

channels

Proliferation of Channels

• 40% of employees check their social media accounts in the workplace more

than 10X per day

• 50% of corporate executives use daily 2-3 social networks

Consumption Spike

• Security professionals struggle to meet cyber challenges

employees using social are even harder to control.

• Regulatory bodies stepping up enforcement and fines (See appendix)

Increasing Risk Profile

• Every industry is affected by the problem
• Global issues with customers on all continents
• Regulated companies have the most complex situation

Wide ranging concern

Sources: Forrester Wave, “Social Media Risk Management”, 2015, Forrester, “Social Archiving”, GRC 2020 award Socialnomics.net, Gen Y 2015 Report, Social Media in the Workplace, www.generationirony.com

Companies are feeling the pain of Social Media failure

See appendix for examples of catastrophic risks and losses

“By 2018, organizations that monitor and analyze a broad spectrum of employee activities will experience 50% fewer insider data breaches than organizations that monitor internal communications only.”

Source: Gartner, Market Guide for Employee Monitoring and Analytics, March 29, 2016, Andrew Walls.

Enterprises Losses

• SPAM and Phishing
• Corporate Espionage
• Identity Theft
• Financial Loss
• Social Account Takeover
• Privacy Invasion
• Regulatory violations & fines (FDA,

HIPAA, FINRA)

• Business reputation

Notable social media failures

• FINRA sanctions financial firms – regulatory agency fines FinServ leaders for violating

social media rules.

• OIG Investigate's Veteran's Affairs use of Unauthorized Social Network– US Gov’t

investigator cites agency for failure to put proper compliance controls in place and for security vulnerability.

• Allstate “Mayhem” premieres a Social Media Failure at Super Bowl XLIX - Billions of

viewers see the potential impact of inappropriate disclosure on social media.

• CENTCOM is breached via social media.
• Bank of America hacked through Social Media Social presence levers account

takeover.

• Iranians indicted for cyber attack through Social Media fake accounts. Affected banks

include JP Morgan, Capital One.

• The Wall Street Journal reported that two major US law firms had been hacked –

social media engineering could have been used

8/5/2016 7

Why is Security vital for Social?

• Cisco Report - #1 threat to corporate network breach is Facebook.
• Trend Micro – 5.8% of all tweets are malicious – 29 million per day.
• McAfee – Employees experience cybercrime on social more than any other

business platform including email

• Norton - 40% of people have fallen victim to social media cybercrime
• Barracuda research - 92% of social media users report receiving spam, 54% have

received phishing links and 23% have received malware.

• Frost & Sullivan – 43% of information security professionals rated social media as

a top of high concern.

• Proposed US Budget for 2017 Includes $19 billion for cybersecurity same amount

as NASA.

8/5/2016 8

SocialSafeGuard.com

Remediate Prioritize Risks Risk Analysis Asset Mapping

 Identify all social assets across

selected networks.

 Identify / classify threats for

action

 Initiate monitoring or take-down

requests and monitor for conclusion

Protect your legal practice and your clients in a 4 step approach

 Process assets and using

advanced algorithms and map threats

Start by Mapping key social media attack surface and its risks

 What is your current risk

exposure?

 Where are you risks

concentrated?

 What are the trends?  What types of risks do you face

in social?

“Risk insights are the new holy grail” – Nick Hayes, Forrester, Tech Radar Report

Understand the risks -Fake Social Accounts and Pages have become a serious issue

Wrong Category No Likes / Followers Minimally completed profile Page Not Verified Frequent Religious Views Posted to Page

Impersonation for Social Engineering is Growing

 Would you have connected with

them?

 Do they work at your company?  Does their profile appear

complete?

 Does their profile appear

accurate?

SocialSafeGuard.com

Account hacking is a major source of security news



Notification and freeze if your social account changes



Algorithm driven detection of account hacking



Restore immediately to previous state



Removal of any malicious content posted by hackers

Need to monitor the different types of social

Internal Collaboration Tools Public Social Networks Social Media Management Platforms Social Business Applications

14

communities

But don’t get in the way of the users…

Easy to use and deploy:

Works like antivirus software with no new interface needed for users

Secure, no maintenance: Expansion is simple:

Private cloud architecture scales to enterprise customer’s need Choose the people, social networks, profiles documents, and apps to protect

Comprehensive on Day 1:

Takes action against security risks by industry, out-of-the-box

Brand Manager, Major Pharma

“Social SafeGuard is the protection we’ve been waiting for”

8/5/2016 15

SocialSafeGuard.com

Future Threat Trends

Facebook, LinkedIn, Twitter and others were designed to deliver malware. Attackers discover a user's location, contacts and job function, among other information. Social data used to develop campaigns aimed at stealing sensitive information, creating fake profiles and conducting criminal activity

However, before you begin to implement social media security an operating model is needed...

1

• The CISO (Chief Information Security Officer) should involve legal, human resources,

marketing, IT and other relevant departments in a planning phase that defines the objectives of the social media security mitigation program.

2

• An analysis looking at areas representing the greatest risk should review and prioritize current

security exposures and the “new” network.

3

• Policies that address the requirements of security, (and regulatory agencies if relevant) need to

be created along with policies on acceptable social media behavior, codes of conduct and an explanation of how oversight will take place.

4

• A program roll out should first focus on the departments, teams and individuals that produce

the greatest volume of social media data and the most risk. That roll out should be accompanied with comprehensive training throughout the organization followed by close monitoring, so process improvements can be made continuously.