Email is threat actors’ primary vector for attacking enterprises, but social media is another channel that’s getting leveraged. Spoofing an executive’s account is one way to get employees to fall for a request to forward sensitive corporate data.
To meet that threat Rogers Communications on Wednesday announced a new service for corporate subscribers called Social Media Security, which identifies and lets administrators takes action against potential threats or hacks to profiles on a business’ social media channels such as customer scams, piracy, account take-overs and impersonations.
It uses the service of Baltimore-based ZeroFox Inc., which monitors social media and digital channels for business risks including malicious posts, profiles, content and false accounts.
“A cyber attack on a social media profile has the potential to cost a business millions of dollars, or worse, lasting reputational damage,” Nitin Kawale, president of Rogers’ Enterprise Business Unit, said in a statement. “We’re focused on providing customers with cyber security solutions that protect their business and customer data, and Social Media Security by Rogers is the latest in a portfolio that we’ll continue to expand this year. We are committed to providing these solutions as a service, which means our team of experts manages the day-to-day so customers can focus on growing their business.”
“Social media is without a doubt, a core business application – and securing the business, customer and employee engagement across social media platforms is now a priority for security teams and business owners everywhere,” ZeroFox CEO James C. Foster, said in a statement. “Through our relationship with Rogers Communications, Canadian businesses can now get the leading social media security solution from ZeroFOX delivered by their trusted communications services provider. The problem ZeroFOX and Rogers is solving is part of an evolving security challenge that modern businesses face and one that is costing companies over $1.2 billion globally.”
There are a wide range of social media scams, including pasting malicious and shortened URLs in feeds, phishing requests, phony quizes and phony requests for cash from friends or relatives. But as organizations turn to social media such as Twitter and Facebook for customer service vehicles there are also more reports of attackers spoofing those sites to harvest customer accounts and spread malware. Criminals have been known to harvest names of frequent hotel customers from social media, then offer phony loyalty cards.
In an interview this morning Stewart Cawthray. general manager of enterprise security for Rogers’ Enterprise Business Unit, noted that businesses are increasingly using Twitter, Facebook and LinkedIn to reach out to customers — and criminals have also spotted the trend. “So we’re seeing a rise in threats that are being perpetrated through social media channels.”
These attacks aren’t new: In 2015 Cisco Systems pointed out that Facebook scams were a popular way of accessing enterprise networks. In 2010 Trend Micro warned about Twitter spam.
Cawthray said that while Rogers offers a number of security solutions this vector wasn’t being protected, so went looking for partners and chose ZeroFox. Among the advantages of its service is that it has links to a number of social media platforms, allowing administrators to take down links and malicious content by clicking a button on a customer portal, he said.
The Rogers service is aimed at medium-sized companies and up, and is based on the number of “entities” to be monitored. An entity can be a brand, an account or a person’s name. Pricing starts at $2,000 a month for 30 entities and 50 takedowns.
There is a period for tuning the system to lower the odds of false positives. Organizations don’t have to subscribe to other Rogers services to sign up for Social Media Security.
Asked for comment about its offerings a spokesperson for Bell Canada said, “Security is a core element of our service offering and our professional services risk management consulting team works directly with each business customer to tailor security solutions to best meet their unique needs, including for social.”
