The report delves into year-over-year trends and best practices to prevent password reuse attacks and account takeovers that can lead to widespread disinformation campaigns
ALAMEDA, Calif., Nov. 7, 2023 /PRNewswire/ — Cerby, the comprehensive access management platform for nonstandard applications, today announced its newest report, Threat Briefing: Social Media Security and Elections Volume II, a year-over-year analysis and research into social media platforms Facebook, Twitter, Instagram, TikTok, and Youtube across six key security parameters. This is the second annual report on this topic, following the research conducted by Cerby in 2022. The report provides detailed insights into gaps in social media platform support for enterprise-grade authentication and authorization and the critical need for best practices for businesses and political leaders to secure their accounts, particularly during elections.
Cerby’s researchers scored each platform’s security on a scale of 0 to 5. Security categories included 2FA methods, enterprise-grade authentication and authorization, role-based access control (RBAC), privacy, enterprise-ready security, and account usage profiling. Platforms designated with a score of 0 do not support security controls or do not have a public roadmap to implement them. In contrast, those with a rating of 5 fully support security controls, and the controls are mature. In this year’s report, Cerby added YouTube and removed Reddit to align the evaluation with the current top social media platforms.
The average score across all platforms slightly improved from 2.54 in 2022 to 3.02 in 2023, marking an 18.9% enhancement. For the second year in a row, Facebook took the top prize with an overall score of 3.74. YouTube came in second at 3.15. Taking the third spot was Twitter with 2.95, followed by Instagram at 2.78, and TikTok at 2.5. Based on the findings, researchers at Cerby are not recommending politicians and businesses avoid using these platforms but focus their efforts on platforms scoring at least 2.6 or higher.
“Social media has become a political battleground, with billions influencing and being influenced on pivotal issues,” said Cerby Chief Trust Officer Matt Chiodi. “Our report underscores a marginal security improvement across platforms, yet the lack of enterprise-grade authentication and authorization remains alarming. These are not just technical gaps but potential conduits for account takeovers and misinformation campaigns. As voters head to the polls today, the urgency for a collaborative effort among political leaders, enterprises, and social media platforms to fortify the security infrastructure has never been clearer.”
Key findings regarding security and privacy controls on social media platforms include:
- Two-factor authentication (2FA): Twitter significantly improved 2FA by supporting the phishing-resistant FIDO2 standard (a global authentication standard based on public key cryptography), scoring a perfect 5–joining the ranks with Facebook and YouTube.
- Enterprise-grade authentication and authorization: The category saw no change from last year. This finding highlights a glaring security gap and low adoption of vital standards such as SAML for authentication (single sign-on or SSO) and the System for Cross-domain Identity Management (SCIM) for automated user access onboarding and offboarding. Both are critical controls for protecting against account takeovers and individuals retaining access to high-profile accounts after they leave an organization.
- Privacy controls: An average increase of 25% was noted, primarily driven by Facebook’s significant improvements. Facebook leaped from 1.5 to 3.5 due to solid enhancements, specifically with time-based third-party access—an essential safeguard against retained access.
The report found that while the year-over-year comparison showed advancement in 2FA methods, the need for enterprise-grade authentication and authorization was concerning. This lack of integration can leave political and business leaders vulnerable to credential reuse attacks and account takeovers, resulting in large-scale disinformation campaigns, particularly during elections.
To read about the report’s findings in greater detail and learn what proactive measures political leaders and businesses can take to fortify their online presence against escalating threats that lurk within the social media landscape, download Cerby’s Threat Briefing: Social Media Security and Elections Volume II at https://www.cerby.com/social-media-security-and-elections-volume-ii.
Cerby provides identity teams with the only comprehensive access management platform for nonstandard applications. Harnessing the power of identity providers, Cerby removes the need for manual tools and compensating controls (like enterprise password managers) by automating everyday human security tasks based on single sign-on and lifecycle management cues from upstream identity providers. This allows Cerby to protect any application independent of standards support. Cerby’s patent-pending access orchestration engine is the first and only one to make passwordless authentication an immediate reality for nonstandard applications. Cerby saves time and money by automating manual tasks, like offboarding and 2FA enrollment, and providing IAM professionals with deep visibility and control of employee-onboarded applications. With Cerby, identity teams can extend access, minimize risk, and lower costs.
Since we released our offering in 2022, Cerby’s platform has enabled clients like L’Oréal, Fox, Colgate-Palmolive, Dentsu, and Televisa to detect nonstandard apps and guide business users to more secure alternatives, all while keeping everything under the umbrella of their identity provider. Visit us at Cerby.com and follow us on social at @CerbyHQ.
View original content to download multimedia:https://www.prnewswire.com/news-releases/cerby-releases-threat-briefing-social-media-security-and-elections-volume-ii-providing-a-detailed-analysis-of-security-gaps-in-social-media-platforms-301979222.html