If you ask cybersecurity execs where the biggest risk to their companies lies, 41.33% will tell you it’s marketing tech. At least, that’s what research provider Pollfish contends in its October 2020 report of 600 American professionals. Not just any martech, though: 25.67% are specifically worried about executives’ personal social media accounts.
The concern is for good reason. Those in the industry three years ago may remember a picture from Twitter of a Hawaii Emergency Management Agency employee standing by his computer with system passwords on Post-it notes behind him. The photo was taken by the Associated Press, then shared online. Whether it led to a January 13, 2018, alert that incorrectly warned Hawaiians a ballistic missile attack was coming, who knows. It doesn’t take a social media expert to know the photo was a bad idea.
Be it pictures or posts or anything else people share, Harman Singh, founder of risk assessment startup Cyphere, calls social media “low hanging fruit” for hackers—a great “test of [a] company’s security awareness and policies.” If a company is sloppy with best practices in one way, it might be vulnerable in others.
Enterprise social media is typically run by marketing, a department that can sometimes have more clout than security with its own seat in the c-suite. Marketing and security don’t always connect or necessarily even get along. Singh points out that a “difference in vision” affects the way the two approach their jobs: Marketing wants as much information about the company out there as possible; security holds it back. “Marketing department[s] often find it hard to talk to techies in their language and vice-versa,” Singh says.
How threat actors exploit social media