Interlat & Hootsuite - Protecting your Employess, Customers, and Investments in the age Social Media #LatamDigital - Evento Financiero 2018 - Sam Small, ZeroFOX, mas información de Hootsuite e Interlat aquí: http://interlat.co/hootsuite/
3. 3
CSO – SOCIAL IS A TOP 5 CONCERN
Cyber attack No. 4: Social media threats
“Our online world is a social world led by Facebook, Twitter, LinkedIn or their
country-popular counterparts. Social media threats usually arrive as a rogue
friend or application install request…Many of today’s worst hacks started
out as simple social media hacking. Don’t underestimate the potential.”
4. 4
FORBES – DELOITTE COMPROMISED VIA
SOCIAL
“The lovely and disarming ‘Mia Ash’ is a fictional female created by the
highly-active hacker crew known as OilRig, which…
SecureWorks believes is sponsored by the Iranian regime. In July 2016,
Mia's puppeteers targeted a Deloitte cybersecurity employee,
engaging him through [Facebook] in conversations about his job.”
5. 5
CISCO – SOCIAL IS #1 SOURCE OF MALWARE
“Facebook is now the #1 source of malware…Unsurprisingly, ‘social
media’ saw the largest jump from last year’s report on the list of top
24 concerns; social is now ranked #3 overall…Facebook malware
is just one example of this dangerous new confluence.”
6. 6
BUSINESS.COM – DON’T FORGET TO SECURE
SOCIAL
“Businesses already know how important security and protection is in
today's digital world. However, they often leave out social media, not
realizing how porous [social media] can be when it comes to hacks and
breaches. There are several ways in which things can go wrong.”
7. 7
SOCIAL & DIGITAL IS THE NEW RISK VECTOR
ATTACK SURFACE OVER TIME
PROTECTED
ELEMENTS
SECURITY
TECHNOLOGIES
THREATS
& RISKS
Laptops, PCs,
Devices
ENDPOINT
SECURITY
VIRUS
MALWARE
EMPLOYEES
NETWORK
SECURITY
HQ, Offices &
Datacenters
DATA EXFILTRATION
ACCOUNT
COMPROMISE
SYSTEM
COMPROMISE
BUSINESSES &
EMPLOYEES
EMAIL
SECURITY
Exchange,
Lotus, Google
PHISHING
CREDENTIAL THEFT
ACCOUNT
COMPROMISE
RANSOMWARE
BUSINESSES, EXECS
& EMPLOYEES
SOCIAL MEDIA &
DIGITAL SECURITY
Social Media
Mobile
Collaboration
Domains
SOCIAL PROFILING
VIRUS
MALWARE
RANSOMWARE
PHISHING
DATA EXFILTRATION
CREDENTIAL THEFT ACCOUNT COMPROMISE
PHYSICAL ATTACK
FRAUD/SCAMS
BUSINESSES, BRANDS, CUSTOMERS,
EMPLOYEES & EXECUTIVES
8. 8
SOCIAL IS A MAJOR BUSINESS PLATFORM
60% buying decisions made on
perception of brand vs. product or service quality
40% Increase in performance for social
brands vs. S&P 500
22.4% of total enterprise marketing
budgets spent on social in next 4 years
89% of employees active on social
media for personal AND business purposes
Major Business Investment
Critical Customer Revenue &
Retention Platform
Exposure To Targeted Attack &
Data Loss
9. 9
IMPACT OF SOCIAL, DIGITAL & COLLABORATION
83%
Global organization’s use social as
key business platform
22%
of total enterprise marketing budgets
spent on social in next 4 years
$1.2B
Annual targeted social phishing
cost to organizations
200 Million
Facebook Business Pages Alone!
<1%
Currently have protection
61% More
than all “.coms” in the world
97%
Collaboration users service
more clients
80%
Global orgs use enterprise
collaboration
28%
Employees use collaboration
to share data
<12%
Organization’s have visibility
into activity
12. 12
TACTIC #1: ACCOUNT HIJACKING
New York Post
1.8 Facebook accounts hacked
every second; 600,000 every day
Harris Poll
2 in 3 social media users have had
their accounts hijacked
14. 14
TACTIC #2: EMPLOYEE ATTACKS
Intel McAfee
Employees experience more
cybercrime on social media than
any other business platform,
including email and filesharing.
Wombat
Employees struggle with “using
social media safely” more than any
other online activity
Barracuda
92% of employees have
experienced cyberattacks on social
Norton
36% of employees accept
unsolicited friend requests; only
11% open unsolicited emails
19. 19
TACTIC #4: FRAUDULENT ACCOUNTS
ZeroFOX
Instances of fraudulent accounts
increased 11x in the past 24
months
ZeroFOX
38% of brand impersonations drive
users to phishing pages
20. 20
Kaspersky
7.57 million victims of social
phishing annually
CISCO
Facebook is the most common
delivery mechanism for malware;
the #1 way to breach the network
RSA
Global cost of social media
phishing is $1.2 billion
TACTIC #3: SOCIAL PHISHING/MALWARE
23. 23
TACTIC #6: INFORMATION LEAKAGE
InfoWatch
Over 1,500 data leaks occur every
year and 72.8% from insiders
E&Y
The average cost per record lost is
$214, data breach is >$7M
25. 25
TACTIC #8: FRAUD & SCAMS
Cybersource
Retailers lost $3.5 billion last year
to online fraud
ZeroFOX
Scams are posted 3x faster than
they are taken down. Money
flipping scams on Instagram alone
cost banks roughly $420 million
every year.
Coupon Information Center
400,770 fake coupons / year
26. 26
IMMEDIATE RECOMMENDATIONS
1. Set up two-factor authentication for your accounts.
2. Be wary of messages and connection requests.
3. Do not post personal information on personal or professional
accounts.
4. Ensure your personal info needed to register a social media account
is hidden from everyone.
5. Use a strong, unique password and change regularly; use a
password manager to make this easy.
6. Ensure authenticity of social networks logins and links.
7. Keep your computer and browser up to date
8. Encourage friends, family, coworkers to take similar precautions on
social media
27. 27
OUR VISION
To protect people and organizations from the risks
introduced by social communication & collaboration
platforms
[The ZeroFOX Platform is] "groundbreaking"... "game-changing"...
"one of the most revolutionary platforms that exists."
-- Forbes, R. L. Adams April 4, 2017
28. 28
EMPLOYEE
PROTECTION
BUSINESS
PROTECTION
SECURITY
PLATFORM
EXECUTIVES
Adds Protection from impersonators, physical & travel
threats, credential theft, malicious links & more
END USERS
Adds Protection from credential theft, malicious links,
viruses, and abusive posts via monitoring, alerting & training
BRANDS
Protection from takeover, fake spoofing, fraud/scams,
counterfeit, violence, phishing, inappropriate use
ENTERPRISES
Protection for credential theft, insider threat & DLP, PII
leakage, compliance, physical security, & threat intel
SOCIAL MEDIA ACCOUNTS
Facebook, Twitter & LinkedIn Auto Content Moderation &
Protection from takeover, violence, phishing, scams
29. 29
MACHINE LEARNING
Artificial Intelligence Classifiers
Zero Day Protection
FoxThreats
CUSTOM RULES &
POLICIES
SOCIAL MEDIA
- Open Networks
- Closed Networks
- Enterprise Networks
WEB / DEEP WEB
- TLD Registrations
- Bin & Dump Sites
- Breach Notifications
- Custom Sites
MOBILE STORES
END USER ACCOUNTS
- Open Social
- Closed Social
- Breach Notifications
API
AUTOMATED
REMEDIATION
SECURITY
INTEGRATION
MANAGED
SERVICES
Integrate threat data into
existing security tools,
empowering existing defense
against digital attacks
Automatically remove
malicious content and profiles
from the social networks
directly
Expert digital risk analysts
provide 24x7x365 coverage
…
…
…
…
…
…
30. 30
WHAT ZEROFOX CAN PROTECT AGAINST
1 Phishing & Malware2
Account Fraud &
Takeover
3
Inappropriate Content4 5
Scams & Fraud
6
Compromised
Credentials & PII
Threats & Violence