A recent study by access management vendor Cerby has highlighted the security vulnerabilities present in major social media platforms despite some positive steps towards improving security measures. The study focused on Twitter, Facebook, Instagram, TikTok, and YouTube, and identified a lack of support for enterprise-grade authentication and authorization technology as a major area of concern.
The report emphasized the importance of implementing cross-environment authorization technology such as Simple Cloud Identity Management (SCIM) and Security Assertion Markup Language (SAML) to strengthen the security of social media networks. The absence of these standards leaves political figures and businesses vulnerable to security risks, including credential reuse attacks. Furthermore, the report pointed out that the scores for security controls had remained unchanged from 2022 to 2023, highlighting a misalignment concerning enterprise-grade security controls within these platforms.
While there were some positive aspects of security controls, such as the support for the FIDO2 framework by Facebook, YouTube, and Twitter, which uses authenticators like smartphones or hardware security keys for two-factor authentication, the study also revealed that these platforms remain vulnerable to different types of account takeover.
The study also assessed access privilege management across the social networks and found that it was generally strong, with no company rating lower than three out of five on the six-point scale used in the report.
The overall positive outlook for social media security should not distract organizational users and the platforms themselves from making continual improvements, especially with major elections in the US and EU on the horizon.
Despite the strides made by platforms like Facebook in implementing improved privacy controls and support for more secure two-factor authentication technology, the study indicates that there is still work to be done to address the vulnerabilities present in social media networks. The importance of adopting enterprise-grade security controls and standards like SCIM and SAML cannot be overstated, particularly in light of the risks posed by credential reuse attacks.
As the use of social media continues to play a significant role in political, business, and personal communications, the need for enhanced security measures becomes increasingly urgent. With the ever-present threat of account takeovers and unauthorized access, the study underscores the importance of prioritizing security improvements across all major social networking platforms.
In conclusion, the study by Cerby serves as a reminder that while progress has been made in certain areas of social media security, there are still significant vulnerabilities that need to be addressed. The continued focus on enhancing security controls and implementing enterprise-grade standards is essential to protect the privacy and security of users on these platforms.