Social networks, the perfect target for cyberattacks

The numbers indicate it. According to data from National Cybersecurity Institute of Spain (Incibe), 64% of Spanish SMEs have suffered some type of computer attack in the last year. At a global level, the panorama is equally alarming according to Check Point Software, which indicates a 75% increase in cyberattacks during the third quarter of 2024 compared to the same period in 2023, and 15% more compared to the previous quarter. . A percentage that not only reveals the magnitude of the problem, but also the urgency of implementing effective protection measures. In this context, social networks, so present in the daily lives of millions of people and organizations, are one of the great drains for cyber threats.

Although the main objective of cybersecurity is to protect access and confidentiality in digital environments, cyber threats are very varied and constantly evolving and, therefore, it is not only about protecting against unauthorized access, but also about preventing attacks. If we focus on the social media environment, indicates Mario García, general director of Check Point Software for Spain and Portugal, the most common threats they face are ‘phishing’ and ‘spear phishing’ attacks, where Cybercriminals pose as trusted people or companies to trick victims and steal sensitive information. Another common practice is the distribution of ‘malware’ or ‘ransomware’ through seemingly harmless links that infect systems.

Prioritize training

For José Manuel Moreno, director of cybersecurity at NTT Data, the human factor continues to be the weakest link in the cybersecurity chain. Employees, often unintentionally, are responsible for facilitating access to data and social networks are fertile ground for these attacks. Therefore, companies must prioritize cybersecurity training and awareness, especially as it relates to these environments. In addition, social networks are also used to spread fake news and manipulate public perception, something that can deeply affect the reputation of companies. It is important that both companies and users are aware of these risks and take preventive measures.

Companies must start by changing their mentality and integrating security as an essential element in the design following the principle of ‘security by default’, continues Moreno, because addressing security at the end of development is not only less effective, but also significantly more expensive. It is also crucial to subject products or services to continuous security tests that help evaluate their resilience against different types of attacks and identify vulnerabilities that may compromise not only the product, but the security of the organization as a whole.

For this reason, cybersecurity “should not be perceived as a cost, but as a strategic investment, that is, including it within the business plan, monetizing it as an indispensable component of the architecture of your operations.” In line with what analysts such as Gartner say, NTT Data recommends allocating no less than 10% of the budget to cybersecurity.

According to García, the cost of implementing good security varies, but today there are accessible options even for small businesses thanks to cloud-based solutions that offer advanced tools without the need for expensive infrastructure.

Emerging technologies like artificial intelligence are transforming cybersecurity by accelerating the detection of cyberattacks and optimizing incident response. At the same time, the Internet of Things (IoT) expands the attack surface but also drives the development of specific solutions in these environments.

On the other hand, in this context of social networks, OBS Business School professor and lawyer specialized in digital law, Ramón Miralles explains that specific challenges arise related to security and authenticity. A critical problem in these cases is corporate identity theft. «Companies should avoid publishing sensitive or strategic data on these platforms, as they can become targets for cyberattacks and even cause legal and privacy problems. “This type of negligence can have serious consequences, both operationally and reputationally.”

So what can companies do to protect themselves? Although it is true that cybersecurity has ceased to be a technical issue and has become an essential element within the business strategy, in terms of social networks, as the professor explains, users and companies can do little because the Responsibility lies with the platforms themselves. “These are the ones that should offer more robust authentication methods, such as two-factor authentication (2FA), requiring strong passwords, constant monitoring for suspicious activity, and a clear data handling policy. In short, reinforce and guarantee the security of your information systems. Because true vulnerability lies not only in the platforms, but also in our own perception of risk.

Credibility

In the face of a cyberattack, speed and coordination in crisis management are essential to preserve credibility. To do this, it is essential to have a prior action plan that allows quick and coordinated decisions to be made. This plan must identify the key interlocutors for communication, such as clients, employees and regulatory authorities, such as the Spanish Data Protection Agency, in case the security of personal data is compromised.

Reporting clearly and directly prevents the lack of information from giving rise to speculation or rumors, especially on social networks, where the flow of information can amplify the perception of the problem, explains José Manuel Moreno. In addition, carrying out drills, where work teams can practice how to respond to different scenarios, allows them to verify the effectiveness of the protection and backup systems.