Social media security issues pose threat to election campaigns

A new report from access management platform Cerby highlights the critical need for best practices for businesses and political leaders to secure their accounts as the November 2024 US elections quickly approach.

Researchers analyzed social media platforms Facebook, Twitter (X), Instagram, TikTok, and YouTube across six key security parameters. The report provides detailed insights into gaps in their support for enterprise-grade authentication and authorization.

Each platform's security is rated on a scale of zero to five. Security categories rated include 2FA methods, enterprise-grade authentication and authorization, role-based access control (RBAC), privacy, enterprise-ready security, and account usage profiling.

The average score across all platforms has slightly improved from 2.54 in 2022 to 3.02 in 2023, marking an 18.9 percent enhancement. For the second year in a row, Facebook takes the top prize with an overall score of 3.74. YouTube is second at 3.15. Third is X with 2.95, followed by Instagram at 2.78, and TikTok at 2.5.

"Social media has become a political battleground, with billions influencing and being influenced on pivotal issues," says Cerby's chief trust officer Matt Chiodi. "Our report underscores a marginal security improvement across platforms, yet the lack of enterprise-grade authentication and authorization remains alarming. These are not just technical gaps but potential conduits for account takeovers and misinformation campaigns. As voters head to the polls today, the urgency for a collaborative effort among political leaders, enterprises, and social media platforms to fortify the security infrastructure has never been clearer."

Among the findings, Twitter has significantly improved 2FA by supporting the phishing-resistant FIDO2 standard, scoring a perfect five and joining ranks with Facebook and YouTube. On privacy controls there's been an average increase of 25 percent, primarily driven by Facebook's significant improvements. Facebook's score jumped from 1.5 to 3.5 due to solid enhancements, specifically with time-based third-party access -- an essential safeguard against retained access.

Enterprise-grade authentication and authorization has seen no change since last year, however, with adoption of standards like single sign on (SSO) remaining low. This lack of integration can leave political and business leaders vulnerable to credential reuse attacks and account takeovers, resulting in large-scale disinformation campaigns, particularly during elections.

The full report is available from the Cerby site.

Image credit: maxxyustas/depositphotos.com