Social Media: Friend or Foe

okay everybody welcome back hope you had a great break and you had the opportunity to visit all the booths outside and maybe make some new friends but now we're going to move forward with our next speaker that's ashley powell and she is a vibrant native caymanian information security professional she holds a bachelor of business administration in cyber security summa laude from the university of texas at san antonio as well as comp cia network plus certification and a university of cape town certificate in data analysis she has had her work on digital forensics public published in the studies of big data book series so please allow me to welcome ashley powell to the stage social media friend or phone

[Applause]

okay can you guys hear me good good all right morning everyone how are y'all enjoying besides so far good good um so like she said my name's ashley and as a gen z millennial on the cusp type of girl obviously naturally i would present on social media so naturally um we all know it we all enjoy it sometimes persons more than others but in this time of prioritizing risks where does your social media posture stand so love it or hate it social media has become a pillar in our lives today social media world has become just that right its own world some people create different personas for their online presence some people create a more outgoing personality some people

will be a business or even something like an animal right it's never really it's almost like this never-ending game of grown-ups playing pretend but that doesn't mean it's all fun and games right social media can have its perks and you can build real connections with people or gain new skills or you can even sustain that business social media really is its own world and because of this we must assess what it means to safeguard ourselves in all aspects just as we would safeguard ourselves your wealth and your family in the physical world your online presence grows every day or changes every day with every click just as your physical being grows and changes every day

social media can be used against you or your business and you may question your privacy while others take advantage of your publicly available data social media will live amongst us for the foreseeable time to come so we must consider more seriously the impacts of the secondary universe as it affects ourselves our friends our family our children and especially our future now there are of course the traditional threats of malware present on social media but where isn't their malware nowadays and so i won't be focusing on that today instead i would like to emphasize the risk to you and your person so personal privacy has become a big topic in recent years when social networks were first formed

everyone was all about sharing everything that they could people post about how they're feeling towards a certain situation or they post about where they are in that moment and who they're with many people still post this revealing information on daily social media posts there's actually this entire realm of social media influencers that profit from sharing such experiences with their social networks and those are some big followings we can become invested in their lives and we feel that we can relate to their experiences or find similarities in different scenarios and this may very well be beneficial to us as a coping mechanism or something that we can help navigate a situation that is being experienced however often times you will see and

hear about those same influencers speaking on privacy or actually its lack thereof they may feel invaded when out in public or just express that they are sharing very personal details with what could be millions of people online furthermore information privacy has also become a topic of interest within social networks persons are becoming more skeptical about what permissions are granted to apps on their phones and what apps have access to what other areas of their phone such as messages or the camera but ultimately most people will give in and just accept without really reading the fine print they just want to get what's best out of the app the best experience even if that means something

suspicious that is until they find out that their information is being sold or it's involved in a breach or ironically they usually found out find out these things through other social media posts these scenarios must now be treated more seriously as legislation is created for digital privacy and data protection for example gdpr seeks to protect the personal information of all eu citizens whether they're residing in the eu or not social media platforms collect vast amounts of personal information about its users and these users expect that their information will be safe and protected and that they can choose what is visible to others on their platform from their profile security settings however consideration must also be given

to potential data breaches social media accounts are often targeted by attackers and if they get lucky that information or sometimes even that same password can be used for more critical accounts like online banking we're also seeing similar laws being proposed for reasons of online safety most recently for example are the digital services act and the digital market act which seek to provide us safer digital online space these new rules aim to instill more responsibility within online service providers and create a level playing field for competition as more companies seek to strengthen their online presence and offerings these types of policies will become more prevalent your business must be able to identify its compliance requirements and ensure

that safe and ensure safety for its customers as it develops on the contrary there's also legislation that's been in effect since the beginning of the digital boom such as the child online privacy protection act this rule was designed to protect children under the age of 13 by placing control over their information into the hands of their parents you know those annoying little pop-up messages that like take the box and acknowledge that you're over a certain age yeah we knew and we still know and we also continue to acknowledge that the digital world requires regulation but enforcing it can always be a tricky task how do you know that that user is really over the age of 18.

the security and privacy risks associated with social media still is this sort of gray area for users and businesses alike for now however these rules and more to come or be amended will continue to drive the administration of online platforms and it's definitely something that we should keep in mind as we continue to grow into this new digital age another topic that has been brought to the forefront recently is cyber warfare with countries and businesses seeing more and more digital transformation this threat has become very real for example the invasion of ukraine has created much fear around expected cyber attacks across the globe and whether in retaliation or in support it's almost mutually assured destruction and let's

make no mistake cyber warfare is just as lethal as physical war and social media plays a big role here as well organized crime units are taken to social media for recruitment after all who better to target than young adolescent minds there are anonymous chat rooms that young adults can join to interact persons around the world without having to download software or even use a credit card however before they know it these individuals become invested in a group or someone they meet with ulterior motives terrorist groups sometimes practice culture jamming or political jamming to popularize pro-terrorist messages and social media users become attracted to these messages by the perception that they're facetious it's very easy to forward a meme to a

friend or pass it along to someone else who then pass it along to someone else and soon enough it's gone viral this flow of communication can then give extremist groups more attention and influence as they use social media to display their beliefs and ideologies or other messages and content about the activities war mongering and other political tactics such as propaganda fuel the disputes and can even create more attention very soon the threats become real and people become engulfed in these radical movements the answer then is to filter social media many platforms will have policies and procedures in place for when its providers are allowed to remove a user's content or deactivate a user's account if found in violation however this is

solely at the discretion of the social media company many times you will hear of news of someone complaining that inappropriate content was not taken down quickly enough or has caused or damaged the reputation of someone or something this content and repercussions can have lasting damaging effects on persons and businesses however legislators can find it difficult to enforce administration for the fear of infringement of rights such as freedom of speech nonetheless as we become dependent on these digital on this digital realm we will start to see more legislation and regulation as its consequences see physical results influence from information on social media can have a profound effect within your your physical life what you read online does affect you in

some way whether that be consciously or not and social influence can affect the way we approach situations the way we view ourselves or even the way we treat others based on what we've seen heard or read pew research published a study in 2021 stating that about one third of all americans receive news updates via social media i'm sure that percentage stays pretty close here and came on with paper-based news taking a hit in 2020 social media is full of information whether that information is based on facts or opinions becomes harder to decipher when reading an online post there are many forms of news outlets online and it can be difficult to keep track of the facts or premise

with more and more people looking online to find the latest updates on what's happening around them and around the world the threat of activism is also heightened declassified reports from the u.s national intelligence council speak to russian state-sponsored groups attempts to influence the 2020 presidential election as well as the attempts to gain unauthorized access to elections infrastructure in 2016. iran and china are also mentioned in the report as well as several other foreign actors for attempts to influence the election outcome in 2020 facebook issued a statement regarding the company's action to curb these attempts by dismantling a network of fake russian accounts from the platform in a similar politically driven agenda data from social media platform parlor

was extracted and publicized to expose persons involved in the riot that took place at the u.s capitol building in january 2021 hacktivists can have many motives but each one will think that their cause is righteous the social implications and reputational damage that can result from a hack to this attack are far-reaching social platforms and corporate businesses must ensure that the health protection mechanisms in place to circumvent these types of attacks as well as protect the ram apart from malicious external threat actors social media also imposes a higher level of insider threat unless the platform is one like linkedin most employee social media accounts will not be know not be shown to be connected to a business

however your employees sometimes need to have access to sensitive data in order to perform their job functions and that data can pretty easily be leaked in something such as a series of 280 character limit posts and it would probably be difficult to track down or even become aware of especially if the threat actor took steps to master identity here again the reputational damage can be most impactful alternatively the breach could be unintentional social media encourages information sharing but sometimes you can share a bit too much improper disclosure of financial data or simply overkill on post can be damaging just as damaging to your brand social media can also be a space useful to digital forensic investigators with

its myriad of data and most of which being open source are publicly available the evidence derived from these platforms can be very valuable tomorrow we'll be hearing from mr john watson from the rcips digital forensic and cybercrime unit mr welcome helped me gain a deeper understanding of the considerations surrounding using social media data during investigations so firstly digital crimes can be categorized into two distinct areas their cyber cyber enabled crimes are those where the computer is used during the act of the crime think of something like fraud on the other hand cyber dependent crimes are those that can only be committed using a computer such as data theft digital forensic investigations can be conducted to discover evidence in either

case however the evidence is usually supplementary there are many unclear lines that exist around data privacy issues and using social media data however evidence such as time stamps and gps check-in locations can be helpful to a case when building a timeline for a crime but these must be proven to be related the check-in only means that the device was present but evidence must be given to link the device the event and the person the most recent and perhaps the most notable case within the cayman islands was the conviction of freddie diaz for child pornography charges his defense was trying to prove that he was not the one downloading response downloading these images um on his

devices and instead someone else had had used his device to download them rc ips was alerted to the case by american law enforcement agencies and here's a case where we can see multiple data sources being used to correlate that evidence in fact earlier this week came out new service reported that the crown would seek a blanket ban for preventing mr diaz from accessing the internet at all it'll be interesting to watch this unfold as a person who made as for him as a person who made a living from creating social media content it must be noted however that in most digital forensic investigations the victim of the crime is usually the one who has to make the report

before investigative action can be taken other concerns around utilizing this type of data include knowledge and expense requirements however unfortunately if you're ever hit by a major attack many organizations would need to employ a cyber incident response company to assist in remediation and recovery efforts these services can become very costly very quickly the latest cost of a data breach report by ibm and the pondman institute say the average cost has increased 10 from 2019 to us 4.24 million furthermore we must also consider those ethical concerns there's a certain there are certain rules of engagement that must surround for example undercover police operations being conducted via social media but also moral concerns regarding such operations will impact privacy concerns

as this surveillance is another great area for authorities much like cyber trends it's a constant game of playing catch-up and as we learn we continue to learn more as we to best develop how to utilize social media data in investigations so we're going to split the switch a little and talk about the bright side of social media and how it can be beneficial to you so we've spoken about social media being used as an as a way to access news this can be beneficial to persons who aren't able to gather information via conventional methods and perhaps people are now consuming more information without intentionally seeking out that information scrolling on social media can expose persons to new information and even new

opportunities that may not have otherwise been discovered information is king so take advantage of what you can as long as you can and as long as you can verify its accuracy to the appropriate accident of course social networks are great for building social networks we all have experience in its the who you know circumstance so social media is a great place for staying connected with persons all over the globe we can create a space for bonding with persons we would not have otherwise been able to engage with and you can create real relationships with social benefits social media platforms also create learning programs linkedin learning has become quite popular for quick courses on a variety of topics including

management skills technical knowledge or even basic word and excel training for beginners traditional classrooms can even can use social media benefits as well such as for submitting coursework maybe for uh like a video essay on instagram or youtube and class discussion forums on spaces such as twitter there are positive lights that can blossom from these information hubs so we should treat them just as they are and now that we've heard me talk about all the considerations and implications that continue to grow around social media what can we do about it these are a few tips from myself and mr watson on how you can safeguard yourself on within social media so review your security profile settings

regularly privacy policies and settings are always changing with every update and be sure to double check what you're allowing on your profile every now and then sometimes something may be implicitly allowed until you manually turn it off and of course use protection mechanisms such as two-factor authentication and strong passwords for all accounts limit your exposure limit your post try not to delve too deep into the pressure of posting everything and anything that you find interesting keep some aspects of your life private companies should have policies around what can be shared on social media platforms including an appropriate authorization procedure limit your personal information this applies to both profile settings as well as in your posts

try to limit personal details that can be used against you in social engineering attacks limit the amount of information that can be used to identify you and be skeptical about when you're required to input any of that type of information do a quick check does the link look suspicious use techniques that you would sniff out for phishing the same the same ones can be applied here interact only with familiar persons and don't accept requests from persons that seem that they have a suspicious profile chances are your instincts are right and people create fake profiles all the time for malicious tasks you can also look into fraud detection services for companies you know such as netcraft for castle and this may be

helpful to you and your business for potential farming or other attacks that can harm the reputation of your business and these are just some of my references so in all social media is a scary comforting sharing exposing world but it's here for the long run so embrace it adopt or don't keep your business safe by practicing good hygiene and keep up to date with regulations protect yourselves and have fun [Applause]

you