Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/17/2021
10:00 AM
Jim Zuffoletti
Jim Zuffoletti
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Enterprises Wrestle With Executive Social Media Risk Management

Survey indicates enterprises have a lot of work to do reduce cybersecurity risks around executive social media use.

In December 2020, SafeGuard Cyber polled 600 enterprise leaders to learn more about how businesses are approaching digital executive protection. We learned a lot. The survey shed light on the degree to which companies are pursuing a secure executive social media strategy and where their biggest cybersecurity fears lie.

We also learned a great deal about executive social media risk management. There is much work to do in terms of how risk is owned, distributed, and managed across departments. On the whole, risk management roles seem unclear or poorly defined. Companies need much more collaboration than we are currently seeing.

Related Content:

Multivector Attacks Demand Security Controls at the Messaging Level

Special Report: How IT Security Organizations Are Attacking the Cybersecurity Problem

New From The Edge: Cybercrime 'Help Wanted': Job Hunting on the Dark Web

Companies Know the Risks
Executives are targets — much bigger targets than standard employees. They have access to sensitive and valuable information, control over critical systems and operations, and a major influence on brand value. Bad actors know this, which is why 84% of execs have been the target of at least one cyber campaign. In addition, 78% of IT experts believe that bad actors will likely intensify their campaigns against corporate executives in the coming months and years.

Companies know that their executives are targets. In our digital risk survey, we found that 25% of enterprises cite executives' personal social media as a major risk factor to the company's overall security. And they know that the consequences of an executive cyberattack would be severe. In our poll, 70% of respondents said their company would suffer brand or reputational damage. Half of the respondents predicted potential risk to shareholder value.

One in three enterprises are most fearful of impersonation or fake accounts. One in four are most worried about the possibility of an account takeover.

However, despite awareness of the threats, the sophistication of executive social media risk management is lagging.

The Challenges of Social Media Risk Management
Email security doesn't require a complex risk management approach. You onboard the right software, with the right filters, and you apply it to every company inbox. You're set.

The new generation of cloud channels is very different. Tools like Twitter and LinkedIn live across multiple devices. They cross between professional and personal spheres. They generate interactions at unprecedented volume and velocity — and out of the box, security teams have no visibility. Today, all executives leverage social media, and they are bombarded by social media cybersecurity threats.

Security teams know that banning these tools isn't an option. Why? Because people will use them anyway. Companies know this; our digital risk survey revealed that 52% of businesses rank the use of unsanctioned channels as their main business security challenge. In one report, 76% of CEOs admitted to skirting their organization's security protocols to accelerate their tasks. Only 45% of CEOs say they are actively engaged in their company's cybersecurity management.

This means that to develop effective social media risk management, companies need a clear plan. However, right now, there isn't even a consensus on where responsibility for cybersecurity lies. Our digital risk survey discovered this when we asked about the organizational level at which security and compliance are a critical concern:

  • 70% of enterprises cite their IT department.
  • 46% cite a director or manager.
  • 37% say the C-level is responsible.
  • 30% say the CISO is the one in charge.
  • 18% say the board is the level where the responsibility lies.

This doesn't bode well for executive social media protection in general. It shows that risk is understood in a variety of ways, with no industry standard. Our poll confirms that roles seem unclear or poorly defined with regard to social media risk management:

  • At 29% of enterprises, the CISO owns the risk.
  • At another 28%, marketing or communications owns the risk.
  • At another 19%, an external agency shoulders the burden.

Worst of all? Almost 10% don't even know who owns the risk.

Collaboration Is the Key
In a sense, this distributed approach to risk gets at a truth: Social media risk management cannot belong solely to one department.

Cloud channels touch every department: Marketing, sales, HR, even recruitment. Digital risk in this space is complicated, and different departments may need to own different forms of risk. Cross-team responsibilities must be clearly defined, even before developing a robust strategy for protecting executives on platforms like Twitter and LinkedIn.

Companies need to realize that social media risk management is a collaborative effort that must be carefully developed before it is put into action. Teams also need tools that can provide visibility into potential threats, such as detection of bad actors trying to forge social connections and spear-fishing (or whaling) attacks on executives.

Jim Zuffoletti has been a founder of startup organizations as both an entrepreneur and an intrapreneur for the past 25 years. Jim is CEO and founder of SafeGuard Cyber, a digital risk protection company securing brands, VIPs, and team members in the new world of social media ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31476
PUBLISHED: 2021-06-16
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the han...
CVE-2021-31477
PUBLISHED: 2021-06-16
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-...
CVE-2021-32690
PUBLISHED: 2021-06-16
Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. This...
CVE-2021-32691
PUBLISHED: 2021-06-16
Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information (name, birthday, gender, etc). This includes all app functionality within th...
CVE-2021-32243
PUBLISHED: 2021-06-16
FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).