How to prevent privileged accounts takeover on social media

Cynthia Lee, Regional Director of ASEAN, CyberArk

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

There are estimated 2.08 billion active social media accounts in the world and the popularity of social media shows no signs of stopping. As of 2014, Singapore has the world's second highest social penetration rate at 59 percent, more than double the global average of 26 percent.

There is little doubt social media is playing an increasingly important role in an enterprise's marketing strategy — it helps build brand awareness, provide a new level of customer support, and launch new products quicker than ever before.

Social media hacks on the rise
However, social media also poses a costly security risk. As hackers become more sophisticated, they are becoming adept at stealing social media credentials and taking over accounts, as witnessed by hacks of several large corporations over the last year.

When a corporate social media account is compromised, unauthorised content can be viewed by millions of people across the world within seconds, causing untold damage.

In the United States, Burger King's Twitter account was compromised in 2013. During the hack, the company's Twitter account was made to look like McDonald's with a post that said Burger King had been sold to McDonald's. This attack served as a wakeup call for all organisations that hackers are on the prowl for access into social media accounts.

Cybercrime is costing Singapore an estimated S$1.25 billion annually, according to a June report from Center for Strategic and International Studies. With more frequent attacks of this nature, it is imperative that organisations take measures to prevent hackers, as well as disgruntled employees or associates, from hijacking accounts and posting damaging content.

The overlooked threat: Shared privileged accounts
One reason why it is so easy for hackers to hijack social media accounts is because of the sheer volume of such accounts and the large number of people managing them. It's common to find enterprises having hundreds of social media accounts on Twitter, Facebook, YouTube, LinkedIn, and other platforms with unique accounts for different product lines, languages, countries, and stakeholders (such as consumers, partners, and stockholders).

These accounts are typically set up as shared privileged accounts, meaning that teams of people throughout an organisation can post information to these accounts on a daily, hourly, or at a more frequent basis. The passwords are often shared casually among the teams, making them easy targets for hackers and malicious insiders.

Next, the security on these accounts is often lax, because people posting on social media accounts do not typically have access to financial or customer information that is traditionally deemed to be of higher value. Companies may not even know who has access to their social media accounts. To make matters worse, the same password is frequently used across multiple accounts and are rarely changed.

1  2  Next Page