Is it Worth it to do “Social Media”?

Within the past year Osterman Research completed a major study on the costs and benefits of social media, co-sponsored by Commvault and McAfee (2011, June).  They recognized the importance of the media for some organizations given the “sheer numbers” of people engaging in the various platforms, and the opportunities for channel build-out, market visibility, and enhanced market value from such engagement.  They also pointed out the increased potential for injection of malware into corporate systems via social media channels and encouraged companies to specify explicit policies for employees on whether or not employees are authorized to engage in social networking under the auspices of the corporate umbrella.

With respect to the “sheer numbers” they note that:

  • Facebook had 687.1 million users in June, 2011;
  • Linked-in had 70.2 million unique visitors worldwide in March 2011;
  • Twitter had 175 million accounts by February, 2011.

Carol Huang (2011, June 6) has argued that, because news media are using these platforms effectively they have become an important source of real-time international news both for major news networks, and for specialized news feeds.  In some circumstances, especially during the various uprisings in the Arab world, the social media feeds have been one of the only ways to obtain real-time information on what has been happening on the ground.

Social media marketing concept image with business icons and copyspace.But, as Osterman Research argues, with social media usage comes very specialized threat vectors.  For example, the Koobface Worm targeted Facebook, Twitter and MySpace and was used to recruit unprotected MS OS computers to a peer-to-peer botnet.  A similar threat for the Mac OS was the Boonana Worm, first reported in October 2010.  Bugat was a ZeuS-like piece of malware that “delivered a large-scale phishing attack against Linked-In (2011, June, p. 3).

A number of different vulnerabilities in the bring-your-own-device (BYOD) enterprise network are introduced through these social media platforms.  Importantly, entire networks can be compromised by worm-like malware that is introduced on a single end-point in the network.  There are also other risks to intellectual property protection and/or risks to the release of confidential or sensitive information that come from industrial espionage-type malware like, for example, Flame.

Impacts to data integrity can be significant; especially if the malware variant corrupts data or applications on the infected network.

To counter this threat, some companies are identifying specific personnel within public relations or marketing channels to manage this outreach.  The more security conscious firms are placing the outreach personnel’s’ computers in a de-militarized zone (DMZ) to avoid network infection if social media outreach personnel do come under attack.

Other firms that deal with especially confidential or sensitive data are prohibiting it entirely.

Still, some firms, especially those classified as small and medium enterprises (SMEs) have no explicit policy.  These firms are especially vulnerable to malware infection events and/or subject to mixed messages being disseminated into the public domain.  Some of these messages may not conform to corporate branding objectives and are potential to reputation damage as a result.

What does your company do?

References

Huang, C. (2011, June 6). Facebook and Twitter key to Arab Spring uprisings: report, The National. Retrieved from http://www.thenational.ae/news/uae-news/facebook-and-twitter-key-to-arab-spring-uprisings-report

Osterman Research. (2011, June). The risks of social media and what can be done to manage them. Black Diamond, WA: Commvault & McAfee.

author avatar
Jane Ginn CTIN President & Co-Founder
Jane Ginn ~ As the co-founder of the Cyber Threat Intelligence Network (CTIN), a consultancy with partners in Europe, Ms. Ginn has been pivotal in the development of the STIX international standard for modeling and sharing threat intelligence. She currently serves as the Secretary of the OASIS Threat Actor Context Technical Committee, contributing to the creation of a semantic technology ontology for cyber threat actor analysis. Her efforts in this area and her earlier work with the Cyber Threat Intelligence (CTI) TC earned her the 2020 Distinguished Contributor award from OASIS. In public service, she advised five Secretaries of the US Department of Commerce on international trade issues from 1994 to 2001 and served on the Washington District Export Council for five years. In the EU, she was an appointed member of the European Union's ENISA Threat Landscape Stakeholders' Group for four years. A world traveler and amateur photojournalist, she has visited over 50 countries, further enriching her global outlook and professional insights. Follow me on LinkedIn: www.linkedin.com/comm/mynetwork/discovery-see-all?usecase=PEOPLE_FOLLOWS&followMember=janeginn
Translate »