Enterprise-grade authentication remains an Achilles heel of the social media world, but security is improving in other areas, according to a report by access management provider Cerby. Credit: 1 Facebook is the most secure social networking site among the major players, thanks to improved privacy controls and support for more secure two-factor authentication technology, but the social media sector as a whole remains vulnerable to different types of account takeover. According to a study released Tuesday by access management vendor Cerby, the biggest area of concern common to the five platforms it studied — Twitter, Facebook, Instagram, TikTok and YouTube — was poor support for enterprise-grade authentication and authorization technology. Cerby said that support for cross-environment authorization technology like Simple Cloud Identity Management (SCIM) and Security Assertion Markup Language (SAML) would go a long way toward securing social media networks more effectively. “Without these standards, political figures and businesses are vulnerable to several security risks, including credential reuse attacks,” the report said in part. “The unchanged nature of these scores from 2022 to 2023 highlights a misalignment concerning enterprise-grade security controls within these platforms.” The news was brighter for other types of security controls. Facebook, YouTube and Twitter all support the FIDO2 framework, an open standard that uses authenticators like smartphone or hardware security keys to provide two-factor authentication — an improvement over time-sensitive passcodes sent via SMS. Access privilege management was generally strong across the social networks studied by Cerby, with no company rating lower than three out of five. (The report uses a six-point scale to rate the social platforms across six different criteria, with a zero meaning no support and no roadmap for incorporating a particular feature, and five indicating full, mature support.) Ahead of major elections in the US and EU, the broadly positive outlook for social media security shouldn’t distract organizational users and the platforms themselves from making continual improvements. “The significant need for progress in enterprise-grade authentication and authorization across social platforms remains challenging,” the report said. “These platforms broadly fall into the nonstandard application category, needing more support for common security standards like SAML and SCIM, leaving politicians and businesses adrift in turbulent waters with minimal oversight from IT and security teams.” Cerby offered three major pieces of guidance for political leaders and businesses looking to employ social media in the safest way possible. First, password managers integrated with corporate identity providers should be used to minimize the dangers posed by reused or weak passwords. Second, the strongest possible two-factor authentication methods should be used — the company suggested hardware-based security keys like YubiKey. Finally, integrating social media platforms with existing SSO platforms like Azure Active Directory or Okta can help centralize management of credentials and access tokens. Related content brandpost Sponsored by CyberArk Understanding APIs and how attackers abuse them to steal data Properly securing APIs will help your organization defend against cyberattacks, drive operational efficiencies, satisfy audit and compliance requirements and enable innovation. By John Walsh, senior product marketing manager at CyberArk Jun 24, 2024 5 mins Cybercrime brandpost Sponsored by CyberArk Why identity security Is essential to cybersecurity strategy Identity security as the foundation of cyber resilience, ensuring organizations are well-equipped to protect against cyber threats. By Claudio Neiva, CyberArk’s Field Technology Director (LATAM), PAM and Identity Security Jun 24, 2024 6 mins Cybercrime news Car dealerships face continued disruption as CDK works to restore hacked systems Despite initial attempts to restore services, a secondary cyber incident on Wednesday evening caused further disruptions, necessitating another shutdown. By Gyana Swain Jun 24, 2024 4 mins Hacker Groups Ransomware news New RAT digs into Android phones to steal data and encrypt files Outdated phones infected with Rafel RAT can allow threat actors to access, encrypt, and exfiltrate sensitive user information. By Shweta Sharma Jun 24, 2024 4 mins Android Security Malware PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe