For some brands, spending millions on social media is a form of business engagement - - a way for consumers to become familiar with their brand.

Content via Social has SEO value, which in turn gives brands search value. Everyone is searching for something.

You want your solution and product to be the most relative, right? 

LET'S DO SOME MATH - On average, each social media-engaged follower has a monetary value for the company’s revenue outcomes. When brands are looking at facebook “super fans” that have more value than a traditional follower, there is actual monetary value here. You hear all the time, " the lifetime value of a customer" right? Based on your average deal size, user engagement, there can be calculated a lifetime customer value. 

Take for example the most-followed personal brand is Portuguese footballer Cristiano Ronaldo, with over 126 million followers as of May 2020. . He is an international soccer star, but no public brand is without controversy! Cyber criminals will take attack on any public figure, for a  variety of reasons. In his case, Was it truly a cyber crime hack that leaked sensitive data in an ongoing sealed legal battle & influenced public perception? These days perception is reality, so public facing brands typically do not bounce back from these social media PII driven attacks turned PR nightmares easily . . .or cheaply. 

LET'S UNPACK THAT- Personal Brands, Corporations and non-profit groups become targets of malicious attacks for various reasons. When a high profile account becomes compromised through social engineering attacks and is infected with something like a virus, organizations don’t always know if it spreads to followers. . . However, if and when your followers start receiving spam messages from your established branded account, they will quickly lose trust and confidence in your brand!  Years and ten of thousands of dollars get spent on building up these social media accounts, earning consumer trust creating a brand folks feel good buying from, and in the blink of an eye, one hack - one comprimie- one misstep publicly and its all lost. The dreaded "unfollow" or "unsubscribe" is a marketers nightmare, now imagine if these end recipetenets information was comprised? Credit card data, PII (personally identifiable info) It's no longer just a marketing problem, its now SOC team, legal team, crisis PR, the list goes on. And that list is expensive. 

The other tricky aspect of being hacked from a corporate account is that you are not always allowed back in - many times it takes days to regain access. Sometimes even upto 70 days to completely clean up a data breach once detected. In this case, you would message your followers and do Crisis PR Management for your audiences. Put out public statements, try to soften the blow. But the truth of the severity of the attack always comes out and never looks good on the organization that they let their precious clients data leak. 

Social media use and the growth of social following also has its risks… If security measures are compromised and your brand gets hacked, your followers can no longer trust the business that they have been so avidly following.

The potential compromise to your social media following is of critical importance. The defensive approach to protecting social accounts is no longer an option with the remote environments. It's now a new environment where the only detection is basically prevention. Employees use their personal brands to promote the corporate mission, to leverage sales ,etc. There needs to be some guidelines of terms of use across social media as it relates to security. Catching things after the hack or attack vector has occurred and trying to minimize the loss just doesn't make sense anymore. Instead brands need to shore up the organization, C-suite, even vendor partner networks to ensure key personnel are not targeted and or become insider threats, to begin with! (aaahem Twitter we're looking at YOU) 

“THE FUTURE IS PRIVATE,” Mark Zuckerberg announced in 2019.

Revealing his vision to unify Messenger, Instagram, and WhatsApp in response to global consumer demand for more intimate social experiences. Instagram launched Threads, a camera-first messaging app that allows users to connect with close friends in a dedicated, private space. This seems to be the concept for Facebook Rooms - a very popular Covid Response product to keep loved one connected in quarantine. LinkedIn also debuted its new Teammates feature in 2019 to help users see more updates and content from people they work with IRL. 

This is all part of the momentum shift in social interaction that has more ‘private channels’ or smaller IRL networks leading the way in online interactions...the spotlight now shifting again to accommodate what the end user prefers, putting increasing pressure on brands, yet again, to be nimble when targeting customers and accessing their interests and engagement online. . since they are getting more guarded as cyber espionage becomes more focused on personally identifiable information that they can leverage the weakest attack surface for penetration  - THE HUMAN    

According to data from GlobalWebIndex, 63% of people say messaging apps are where they feel most comfortable sharing and talking about content. Half of the senior marketers polled in Hootsuite's 2020 Social Media Trends survey say that the shift to private social channels has made them rethink their content strategy. However, using these channels and accepting networked connections isn’t something that end-users are familiar with: Enter the Bot Universe and the Multi-Cloud Universe.

API is Under Siege. Scammers exploit API vulnerabilities to steal sensitive data, including user information and business-critical content. Modern application architecture trends — such as mobile devices, the use of cloud systems and microservice design patterns — complicate security of APIs because they involve multiple gateways to facilitate interoperability among diverse web applications.

Your Facebook friends may in fact be evil bots?! Computer scientists have unleashed hordes of humanlike social bots to infiltrate Facebook -- and they're awfully effective. These social bots masquerade as online users, adding posts that seem like they came from real people, but they secretly promote products or viewpoints, and some might use their new connections to siphon off your private information. When coordinated by a botmaster, these social bots can wreak havoc and steal information at a massive scale.

Whether the future of social media is going to be entirely private, one-to-one interactions are not likely. However, both channels will still pose a risk to individuals & enterprise alike as it relates to data security. The rise of TikTok, IGTV, and Twitch & the continued growth of Twitter show that public content discovery and consumption remains a core-use case for social media—and the data backs this up.

BUT AT WHAT COST? 

Open source risk technology and threat intelligence software can help mitigate these risk to unsuspecting users. As of today 7/16 reports have risen with a major breach of twitter, guised as a bitcoin scam. However was engineered through insider vulnerabilities from twitter employees! Major VERIFIED Accounts were hacked in mass. It was a very calculated attack. Which makes personal and professional brands think- could we be next?  

Hootsuite’s annual global study of digital habits found that public social media behaviors play a vital role for brand discovery, with word-of-mouth, adverts on social media and social media comments ranking among the top 10 sources of brand discovery! So, the top brands and businesses will still need to assume the risk of social to grow and edge out market share....

HOW TO ASSESS PERSONAL & PROFESSIONAL RISK? Take the typical sales engineer and or BDR (biz development)  sales rep - they now position themselves online as a brand advocate writing blog posts marketing the employer, while acting like an entrepreneur, public-facing like a subject matter expert that prospects will trust and want to work with.

The distinction between these two spaces will remain an interesting avenue to follow. And follow we must, as more and more these PII open source nuggets are there for the taking, waiting in the wings to be exploited by social engineering attacks! 

Worldwide, companies as a whole should see this as an opportunity, not an obstacle. The goal is to just move forward in the most secure way possible.

CAN IT BE PREVENTED? Well, prevention is the new deception as it relates to the remote workforce. In the risk mitigation space, we frequently see security folks choosing to implement new measures to shore up information and secure enterprise data, only after an attack or a breech. It’s important, especially now with the remote work happening, as mentioned - these policies and procedures are anticipated prior to a loss.

Cyber security insurance policies are now adjusting for these incidents; Social engineering is a separate supplemental policy thus needs a separate protocol for incident response. A completely separate measure for risk.

WHEN IT FALLS APART PUBLICLY-  channel partnerships are displaced and customers are lost when an entity doesn’t secure its data. So, it seems now that the minimal upfront investment for preemptive security measures, as it relates to social or open source, even dark web risk - may just be exactly what saves a business during these trying times. When revenue and internal / external network or channel partner reach is imperative - these may ultimately be your lifelines. At this point, thanks COVID-19,  all incremental revenues need to be protected in a preemptive manner. Reactive practices may make or break a business this year.