Protecting Executives from Social Media Risks in 2021
Social media platforms have allowed business leaders and executives to connect, engage, and inspire customers and other brands. Twitter, Facebook, LinkedIn, and other social media apps and sites have become essential tools to help brands build their presence and increase their reach.
However, this advancement is not without cost. Social media has also expanded the threat surface and exposed organizations to various digital risks. And I’m not just talking about disgruntled employees leaking some Slack screenshots to get back at their boss. I’m talking about $1 trillion worth of losses, which was the estimated amount of damage incurred by cyberattacks during 2020 – many of which involved social media and executives.
How are executives responding to these threats? Are they even aware of them? What are security teams doing about it?
Executive Social Media: A Major Target
Executives are major targets for bad actors. Case in point: 130 prominent individuals and accounts became victims of a coordinated social engineering attack on Twitter last summer.
The scam – which involved the hacked accounts of Warren Buffet, Elon Musk, Bill Gates, and more – urged followers to donate Bitcoin to a link in exchange for double the amount they donated. The team at Twitter managed to shut down the attack and apprehend the suspects, but by then, they had already scammed $100,000 worth of Bitcoins from unsuspecting victims.
Studies reveal that executives are indeed aware of the dangers of social media and how these dangers would affect their businesses:
- 78% of executives say that the C-Suite will be the most likely victim of social media attacks and phishing.
- 84% of C-level industry leaders have become the target of at least one cyber attack.
- By 2024, Gartner predicts that 75% of CEOs will be held responsible for security breaches.
About 1 out of 3 executives are most worried about impersonations and fake accounts, according to a recent survey. Meanwhile, 25% worry about the possibility of account takeovers. In general, about 70% of execs fear massive damage to their brand and reputation in the event of a successful social engineering attack.
Executive Protection: What Makes it Difficult?
The challenge, however, is this: despite all the danger, digital risk management efforts from organizations are still lagging.
Another survey reveals that only 25% of enterprise leaders and cybersecurity professionals count “executive social media accounts” as a major digital risk factor. That leaves 75% of organizations unbothered about this concern. Moreover, only about half will invest in executive protection tools and technologies this 2021. The remaining 44% won’t and will continue to be at risk.
What makes these numbers worse is the fact that there doesn’t seem to be a consensus regarding who should be in charge of these risks:
- 29% of organizations believe CISOs are in charge of executive protection.
- 28%, on the other hand, think it’s the marketing/communications team’s responsibility.
- Meanwhile, 19% would let an external agency deal with it.
- Worst of all, about 10% have no idea who should own the risks at all.
The icing on the proverbial cake? It turns out, CEOs and executives themselves forego the protection measures set for them. 76% of executives admit to sidestepping security protocols in exchange for speed. That speedy accomplishment can potentially cost organizations hundreds of thousands of dollars in brand and reputation damage.
In other words, the risks are real, but a lot of companies are not taking them seriously.
3 Key Features to Protect Executives
The only way companies can protect executive social media accounts from digital threats is by leveraging solutions built specifically to handle such challenges.
Why custom-built security and compliance solution? Simply because traditional ones aren’t up to the job. For one, the volume and velocity of data traveling between these cloud channels will be impossible to flag and check via manual means.
Moreover, people like to keep their privacy intact. No one, especially not executives, wants a monitoring program that scrutinizes their private messages and conversations – even if its purpose is to detect threats.
With that in mind, organizations need a solution that utilizes the following features:
- Threat visibility with privacy considerations – A cybersecurity and compliance solution must possess the capability to onboard and protect executive accounts while maintaining the privacy of their conversations and missives. The solution must be capable of scanning, flagging, and quarantining malicious links and payloads and tracking account activity without exposing private messages.
- Real-time threat detection – A effective solution must implement 24-7-365 monitoring and protection, inspecting every attachment, file, and link share across executive social media accounts. No digital stone left unturned.
- Incident response – Not only must monitoring be real-time, flagging, quarantining, and reporting cyberattack attempts and incidences should happen in real-time, as well. The solution should forward IOC notification details to SIEM/SOC for evaluation, and social attacks should be reported to the EDR.
Social media has become a key factor to a company’s success in terms of networking and brand-building, but the threats that come with it are very real. Still, with the help of the right approach and the right solution, companies can protect their executives from the dangers of social media while reaping its benefits.