‘Another day, another breach’ seems to be the mantra at the moment as increasing numbers of organisations fall victim to cyber attack. The recent high-profile hack of the US Central Command’s Twitter feed by a group purporting to be ISIS demonstrates the vulnerability of anyone operating on these channels, even those you would assume to be heavily protected.
But a hacked Twitter account is far less damaging than an actual breach of sensitive data, right?
Wrong: Social media can form the gateway for hackers looking to gain access by offering a simple, potentially destructive channel into the inner workings of an organization.
Take the example of the US Central Command’s hack – this allowed the hackers to share email and home address emails of senior figures to a wide audience with relative ease. While this is hardly the most damaging of attacks, it demonstrates the power of social media to provide an easy ‘in’ to a business.
If used wisely by hackers social media can offer a huge potential for subterfuge, as once cracked (in a business setting) social media can be used to speak to employees to gather further, more valuable information. This tactic (known as social engineering) can be very effective as employees may have no idea that they are divulging information to an external party.
Social media accounts (especially in larger organizations with lots of different open social media channels) could also be used for phishing purposes; encouraging employees to divulge sensitive information by masquerading as a form of communication that they trust, or requesting them to sign up to concealed malware.
For businesses looking to protect themselves and insure against cyber attack, implementing a proper social media policy is one of the most important steps they need to take.
In the past many organizations would assume that blocking access to the internet (or social media) would help protect the business. But with the proliferation of social media use by businesses today, this tactic is not effective.
An effective social media policy including education, guidelines, and protocols to influence employee behavior is the only way to mitigate against the risk of a potential social media breach. This is one of the fundamental questions brokers should be asking their clients, before they even begin to think about the type of policy they should be offering to them. Only once these questions have been answered should brokers begin to think about the appropriate form of cover.
Christian Davies is a cyber broker at Safeonline LLP.
You may also be interested in: "The number one reason producers can't sell cyber"
"Progressive security holes put 2 million at risk"
"Top 10 global corporate risks: Allianz Risk Barometer 2015"
