© 2019 SourceMedia. All rights reserved.

Need-to-know social media metrics for data security teams

In today’s modern age of unlimited information, data analysis is no longer limited to data analysts. People at every level of an organization – from interns to CEOs – rely on numbers and metrics to validate the work they are doing.

When it comes to social media metrics in particular, organizations often think that this data only matters for marketers – but likes, upvotes, downvotes and engagement numbers don’t paint a holistic picture of their social media presence. Focusing solely on social media metrics for marketing purposes misses the much darker side of these channels: the threats posed to organizations, brands and everyday users.

With that in mind, security teams need to better understand these metrics and insights as they work on building an all-encompassing security model for their companies. As corporate use of social media grows, these channels cannot be ignored by security professionals. Below are critical components for security teams to keep in mind as they’re doing so in order to gain a complete picture of an organization’s digital threat landscape.

Social and digital risks facing today’s organizations

From phishing scams, to personal information leakage, to physical location threats, organizations must know the top risks to their people and products. Understanding the unique risks facing your organization on social and their frequency will allow your security team to create an effective plan to proactively and reactively respond to these scenarios. Some of the most common risks we see include the following:

social media phone.jpg
An attendee holds a yellow Nokia 8110 4G smartphone, manufactured by HMD Global Oy, during a launch event ahead of the Mobile World Congress (MWC) in Barcelona, Spain, on Sunday, Feb. 25, 2018. At the wireless industry’s biggest conference, more than 100,000 people are set to see the latest smartphones, artificial intelligence devices and autonomous drones exhibited by roughly 2,300 companies. Photographer: Angel Garcia/Bloomberg

Corporate & executive impersonation accounts: Social engineering profiles and fake accounts spoof a company’s brand or executive persona, hijack their logo and/or messaging and try to mimic the authentic account in order to attack employees and defraud customers.

Account Takeover: An organization’s public-facing accounts are the ultimate targets for adversaries and should be safeguarded accordingly. Once in control of an account, a bad actor can do serious damage, be it slander, phishing, malware, fraud/impersonation or stock manipulation.

Watering hole phishing & malware: Attackers can reach a wide array of potential victims by planting malicious links where users are interacting and sharing online. Clickbait and other tactics can be used to prompt victims into clicking on these bad links.

Information leakage: After gaining access to employee, customer or prospect personal data, hackers can buy and sell this information on deep web discussion boards and marketplaces.

Risk remediation and resolution

Once security teams understand these risks, it’s then their responsibility to take the next step and preemptively protect their company. From content remediation reports to takedown of impersonation accounts, security professionals must ensure that these threats are fully accounted for and resolved.

To do so, teams must identify the source of the issue, whether malicious or benign, and quickly resolve the issue the second it begins to rear its ugly head. For example, companies are encouraged to issue a “takedown request” – a call to an online provider that they remove material that violates applicable law, infringes intellectual property rights or otherwise violates the provider’s terms – with a social network or other service provider. This is especially applicable for brand and executive impersonation accounts that threaten to tarnish or manipulate the public’s perception of an individual or company.

Takedown time

The response to these social media threats must not only be thorough, but timely. The longer these risks are present, the more opportunity bad actors have to cause harm. With that in mind, security teams need to be able to answer the question of how many threats were detected within their networks over the last quarter and how long it took for these issues to be mitigated, on average.

This can be accomplished through a combination of the following:

Automation: Eliminate costly, time-intensive threat hunting, manual remediation and data coverage gaps that leave organizations exposed. Automation allows for constant protection across the vast digital landscape.

Increased visibility: With the size and scope of the web, it is nearly impossible to have eyes on all parts of the digital landscape. Security teams need to cast a wide net and see beyond the company perimeter to catch threats faster, before they impact the business and employees.

New technology: Artificial intelligence-driven analysis dramatically reduces the risk of social media threats. It allows companies to implement custom policies rules, role-based administration and robust analytics.

In a landscape that’s more dangerous than ever before, these key performance statistics and social media metrics paint an accurate depiction of an organization’s threat landscape on social media and digital channels. From identified threats to remediation efforts, security teams can better protect their assets from online threats, putting the company and employees at ease.

For reprint and licensing requests for this article, click here.