January 29, 2015 | Security and Risk | John Worrall
Hackers claiming allegiance to the Islamic State hijacked the Twitter and YouTube accounts of the U.S. military’s Central Command, reported The Washington Post. These account takeovers – which included the publication of a series of posts containing threatening messages, propaganda videos and military documents – are reminiscent of other social media attacks, such as those performed by the Syrian Electronic Army against the Associated Press and FIFA World Cup’s Twitter accounts.
The proliferation of social media channels and associated accounts presents a serious security threat to government and enterprise organizations alike. A recent industry study of Fortune 100 firms reveals three major issues related to social media plaguing large organizations today: unauthorized accounts, content threats and account attacks.
Most companies maintain numerous social media accounts on Twitter, Facebook, YouTube and LinkedIn, often with unique accounts for different product lines, languages, countries and stakeholders. Passwords for these accounts are often shared amongst teams. In some cases, they’re even managed by third parties. Making matters worse, the same password is frequently used across multiple accounts, and passwords are rarely changed. As a result, social media accounts are becoming easy targets for increasingly sophisticated cyber attackers due to the lack of tracking, record-keeping or accountability for each individual post.
We’ve seen just how quickly social media can tear down a brand or organization at the hands of hackers or malicious insiders. Account takeovers, such as the one reported this week, can lead to the unauthorized publishing of confidential information, such as intellectual property, legal, regulatory, and compliance violations, disclosure of personal data and identity theft. The result can be severely compromised brand reputations and significant financial loss. With more frequent attacks of this nature, it’s time for organizations to take a closer look at how they manage their social media accounts – and start treating them like the privileged accounts they truly are. The following best practices for privileged account security should be employed to mitigate social media security risks:
- Enable transparent access.
- Eliminate shared credentials.
- Automate and enforce password changes.
- Trace account activity.
- Record social media administrator sessions.
As evidenced this week, the threat is real. Now is the time to ensure your social media accounts are not an easy target. To learn more about social media and the shared privileged account, download this free whitepaper.