In what appears to be yet another brazen demonstration of capability following an earlier hijack of government social media sites, a group calling itself the Syrian Electronic Army (SEA) recently hacked into the U.S. Army’s main news and public information website, positing its own message for website visitors: "Your commanders admit they are training the people they have sent you to die fighting." In response, the Army was forced to shut down the site to implement additional security measures to protect its systems.
Earlier this year, two of the U.S. military’s Central Command social media websites on YouTube and Twitter were similarly attacked and compromised. There, organization profile images were replaced by those of ISIS supporters on the official Twitter page, and two ISIS propaganda videos were uploaded to the Central Command YouTube account. Over the past several years, SEA has initiated similar attacks on the Twitter accounts of the BBC, The New York Times, 60 Minutes and the Associated Press.
While the U.S. government reported that none of the internal systems were compromised and that there was no loss of classified information, the attacks have certified the anxiety of many business leaders over the potential vulnerability of their own companies, and highlight the concerns regarding the lack of knowledge or ability to prevent such attacks. Recent surveys have confirmed that risks associated with social media, whether through external portal access or internal sabotage, are among the top concerns facing businesses in 2015.
Without question, social media has become a crucial advertising vehicle for thousands of businesses around the world. The number of Facebook, Twitter, LinkedIn and other social media users continues to grow at an exponential rate, allowing businesses access to many new customers and clients every day. The ability to maintain control over these new electronic profiles, however, has become increasingly difficult as the perpetrators become more skilled and the targets more prized. In one particularly publicized account in 2013, social media hackers changed the Twitter account name of a premiere fast-food company to that of its chief competitor and posted multiple offensive tweets. Thereafter, damage control was all that could be done.
Businesses in 2015 have become enthralled by virtually unlimited access to customers and business partners via online platforms. Unfortunately, many have focused on the potential profits arising from such undertakings without sufficient consideration for the problems that too frequently arise from the use of such platforms. Social media has become the soft underbelly of many growing businesses eager for success but unaware of its vulnerabilities. In addition to direct attacks, courthouses nationwide have been flooded by lawsuits tied to the use and regulation of social media sites. The governance of employee use of social media, ownership of content and retention of information gathered through social media are generating more litigation every day. While increased exposure may be the incentive, preventative medicine will likely prove integral to long-term success.
Such “preventative medicine” includes not only the appropriate policies and procedures on access to and use of social media, but also an understanding of the vulnerabilities created by using these online platforms. Most importantly, organizations must train their employees on these issues. Defending itself from perils arising out of social media starts at the first line of defense – the user.