Story image

Exclusive: Why social media platforms are so vulnerable to cyber threats

Gemalto released the latest findings of the Breach Level Index, a global database of public data breaches, revealing 945 data breaches led to 4.5 billion data records being compromised worldwide in the first half of 2018. 

Compared to the same period in 2017, the number of lost, stolen or compromised records increased by a staggering 133%, though the total number of breaches slightly decreased over the same period, signalling an increase in the severity of each incident.

A total of six social media breaches, including the Cambridge Analytica-Facebook incident, accounted for over 56% of total records compromised. Of the 945 data breaches, 189 (20% of all breaches) had an unknown or unaccounted number of compromised data records. 

The Breach Level Index is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted. 

By assigning a severity score to each breach, the Breach Level Index provides a comparative list of breaches, distinguishing data breaches that are not serious versus those that are truly impactful. 

According to the Breach Level Index, almost 15 billion data records have been exposed since 2013, when the index began benchmarking publicly disclosed data breaches. IT Brief had the opportunity to discuss this with Graeme Pyper, Regional Director Australia & New Zealand, Gemalto. 

What are the major risks of Social media breaches, especially in light of the recent Facebook breach?

When we look at social media, we tend to immediately think of Facebook or Instagram, but there are literally hundreds of social media channels out there. In fact, there are even companies that will manage your social media accounts for you, sharing things on your behalf that they feel match your profile. The most important thing to remember is that whatever you post online may be permanently recorded and could be used in your favour or against you at any point in time. 

If you decide to leave a social media platform, there is no guarantee that your information is permanently deleted. More so, the pages that you have engaged with or responded to via an ad will have copies of your information. It is vital that every user is educated and informed of their privacy rights.

The very nature of social media is that we share information that is personal to us. A breach could result in embarrassing and potentially harmful consequences. The use of two-factor authentication on your social accounts should be the default for everyone. 

In doing this, if someone tries to access your account or reset your password, your trusted device will respond with an SMS message containing the passcode. If you receive a passcode and you have not been trying to reset your account, this is the first indication that your account could be under attack and that you need to take action.

The OAIC has recently shared guidelines around social media and following the recent Facebook breach, have launched an investigation into the sharing of information to Cambridge Analytica.

What do you think is behind the increased level of attacks?

Twelve months before the NDB came into effect here in Australia, I spoke publicly about the fact that without breach notification laws in place we were not being made aware of the true number of breaches happening here. Now that NDB and other regulations are in place we are actually starting to see the scale of the threats and more importantly the threat vectors that are most common.

ID theft remains the main reason behind the vast majority of breaches, however, companies are starting to address this by replacing default passwords and using strong authentication methods. Only last week I read about California enforcing manufacturers to remove default user accounts in their products. 

This is a different tactic and passes the responsibility back to the vendor supplying the solution. That said if the replacement accounts are considered weak when changed by the end user that would not stop a malicious person potentially gaining access.

When it comes to Cybersecurity, how do you think Australia fares? Both in terms of educating its populace on threats, and Laws/regulations that help protect data?

I like the way cybersecurity is gaining share of voice in the market, especially for end users. The National Cyber Security Strategy announced by the then Rt Hon Malcolm Turnbull is a great step in creating a framework, however, the skills needed here locally are scarce. 

Vendors can plug the gap to some extent, but nothing can be compared to skilled and experienced individuals. What we are seeing now is not different from the rest of the world, it’s just that companies are having to report on the fact they have been breached. 

Companies need to allocate more of their overall IT budget to security and cybersecurity. In a recent independent market pulse survey conducted by an industry colleague, it was found that Australian companies spend on average 6.75% of overall IT budget on security. 

To me, this is too small, and it demonstrates how companies value the information that they hold.  Equifax has spent $242m on post-breach costs which highlight the need to be proactive both in terms of being better prepared but also in understanding how to allocate funding.

Hands-on review: The ruggedly tough CAT S61 smartphone
The driveway beckoned me, so I dropped the phone several times.  Back in the study, close examination has failed to reveal a single scratch.
This Iron Man drone wants you to fly like a superhero
Iron Man must be one of the most popular superheroes of 2019 – because this year he has been transformed into a robot, and now he’s styled as his very own drone.
HP back on board with Emirates Team NZ
HP 3D print technology will supposedly help the team innovate at speed.
Do you use the Peel Smart Remote app? Delete or update it now
Peel Smart Remote could leak your personal pictures, information, and documents to an unknown server.
How printing solutions can help save the planet
Y Soft has identified five key ways organisations can become more economical and reduce their environmental impact.
Information is power when choosing electricity plans
While 90% of respondents knew their average power bill over the summertime, more than half didn’t know their kilowatt hour (kWh) price, or their monthly usage amount. 
A quick look at Haier & LG's take on the smart home revolution
Haier is going all-in on the smart home revolution – and it believes your home should be smart all the way from the laundry to the bedroom.
An 8K TV for $80,000? Samsung has you covered
8K televisions have landed in New Zealand, but they come with eye-watering price tags of up to $80,000.