Cybercriminals are everywhere, especially on social media. In fact, 3.5 billion of the 1.5 trillion profits from cybercrimes each year comes from social media platforms, according to a landmark study, “Into the Web of Profit,” sponsored by Bromium. In the study, Dr. Michael McGuire examined the role of social media platforms in the cybercrime economy and how common cybercime is across these websites.
Cybercrime on platforms such as Facebook, Twitter, Instagram and YouTube is gaining momentum. Data from the ICC shows crimes involving social media grew more than 300-fold between 2015 and 2017 in the U.S. Furthermore, Web of Profit researchers estimate that more than 1.3 billion social media users have had their data compromised within the last five years.
Here are a few key questions the study answered that are relevant to business leaders looking to guard their organizations against cybersecurity threats.
Where do you find cybercrime on social media?
Cyber criminals often use deceptive ads and links. Cybercrime is successful on social media because people are 40 percent more likely to click on links on those channels than on other platforms. Traces of cybercrime are often in plain sight on social media, with advertisements visible for hacking tools and services, botnets, along with invitations to join digital currency scams.
However, not all the cybercrime is that easy to spot. Criminals sometimes disguise their intentions through persuasive ads that can convert and engage users on social media, using malware to deliver cyptojacking schemes.
Why are cybercriminals using social media?
Criminals have turned to the social media platforms because of how easy it is to share and amplify their messages. The platforms offer up to 20 percent more potential malware delivery methods – e.g. through updates or shares, add-ons, plug-ins, and more. Plus, users’ extensive connections make it easier to distribute malware to a wider audience. Algorithms that amplify messages and the ease with which you can potentially persuade other users make social media channels ideal for cybercrime.
What kind of risk does cybercrime on social media pose to businesses?
The study mentioned earlier found that one in five businesses have been infected with malware from social media. Additionally, spear phishing attacks waged on social media platforms have a 30 to 60 percent success rate.
Employees who use social media at work put the company at risk, but that doesn’t mean you should completely ban the platforms. Just social media can prove profitable for criminals, it can also serve as a valuable platform for businesses. In fact, 73 percent of businesses use Facebook as their main channel to promote their brand and reach new customers.
How can businesses avoid cybercrime on social media?
Here are a few key facts and tips to keep in mind to protect your company from cybercriminals on social media.
Banning isn’t the solution. Although your initial reaction might be to ban social media in the workplace, employees will likely take risks to circumvent security measures, which could lead to a higher chance of attack.
Embrace social media and get savvy. Its important to understand how criminals exploit social media users and to educate your employees about the risks involved in using social media. Embrace the use of social media at work and build a comprehensive security strategy that encompasses it.
Build robust defenses. Establish robust security defenses to fend off cyberattacks on social channels. One way to do that is using browser isolation. When an employee accesses social media it will be isolated, and the user PC will be clean. Our partner, Bromium offers isolation browser tools that can help. An isolation strategy also includes files and browsers.
Contact our team today to learn more about how to protect your business from social media cybercrime. Our IT security experts are available to assist you and leverage our extensive partner network to assist in finding solutions and services that meet your specific business needs. Call us today at 877-599-3999 or email firstname.lastname@example.org.