Fortune 100 Social Strategies Beset by False Accounts and Malicious Links

Security experts have urged Fortune 100 firms to rethink their social media strategies after revealing that unauthorized accounts, content-based threats and account hijacking are widespread.

Proofpoint’s Nexgate division analyzed the 32,000 social media accounts associated with the Fortune 100 between July 2013 and June 2014 to compile its State of Social Media Infrastructure, Part 2 report.

It found that the average firm had 320 accounts on various platforms, but that many were false. The report said that 40% of of Facebook accounts claiming to represent a Fortune 100 brand, and 20% of Twitter accounts, were unauthorized.

In addition, 2.29 accounts per firm indicated that they had probably been hijacked, while social spam on accounts grew a staggering 658% since mid-2013.

However, more concerning for the firms involved are the content-based threats hidden within accounts linked to Fortune 100 companies.

Proofpoint claimed that out of the 32,000 studied, it found 1.8 million “security and inappropriate content incidents.” These included spam, profanity and adult language, bullying and hate speech.

What’s more, 99% of malicious links led to phishing pages or malware downloads, with 72% of those links leading to compromised sites found on accounts targeted at children.  

The top risky links apparently led to spam, pornography and gambling sites.

Proofpoint claimed that social media security in the enterprise has historically suffered because the platforms themselves are not designed for business use, and that they’ve been largely managed by marketing, beyond the corporate perimeter and out of the control of the IT department.

The security vendor recommended corporates first map their social footprint to create an inventory of legitimate accounts, before identifying and requesting the removal of unauthorized accounts.

Firms should also monitor accounts for malicious and inappropriate behavior and respond immediately, as well as drawing up a company-wide acceptable use policy for social media.

Kevin Epstein, vice president of advanced security and governance, argued that firms should treat social media security like email.

“Corporations need to put in place formal policies, supervisory capabilities, and technology to automate the process of locating and examining content and accounts to find unauthorized, defamatory, and malicious activities and content,” he told Infosecurity

“The first step, of course, that many organizations have yet to take, is simply acknowledging the challenge – that social media is a significant area of security risk, and needs a corresponding level of attention and investment.”

Mark James, security specialist at Eset, argued that employees are vital to a successful social media strategy.

“Staff need to know what they can and cannot do on Facebook and fully understand how attacks happen and what to look out for,” told Infosecurity.

“Your staff are the best people to monitor your Facebook activity and make sure they have someone to report inaccuracies to or any types of strange behavior.”

Fraser Kyne, principal systems engineer at Bromium, added that the two most important issues for firms are to protect their brand on social channels and guard against malicious threats.

“The first issue is one for policy, education and enforcement. It’s a process issue. The second one, however, can be solved with technology,” he told Infosecurity.

“It requires the use of innovative malware prevention tools that focus on allowing businesses to use social media safely, while isolating any threats that they introduce. Micro-virtualization is a tangible example of this.”

What’s Hot on Infosecurity Magazine?