Alameda, CA – November 7, 2023 – Cerby, the comprehensive access management platform for nonstandard applications, today announced its newest report, Threat Briefing: Social Media Security and Elections Volume II, a year-over-year analysis and research into social media platforms Facebook, Twitter, Instagram, TikTok, and Youtube across six key security parameters. This is the second annual report on this topic, following the research conducted by Cerby in 2022. The report provides detailed insights into gaps in social media platform support for enterprise-grade authentication and authorization and the critical need for best practices for businesses and political leaders to secure their accounts, particularly during elections.

Cerby’s researchers scored each platform’s security on a scale of 0 to 5. Security categories included 2FA methods, enterprise-grade authentication and authorization, role-based access control (RBAC), privacy, enterprise-ready security, and account usage profiling. Platforms designated with a score of 0 do not support security controls or do not have a public roadmap to implement them. In contrast, those with a rating of 5 fully support security controls, and the controls are mature. In this year’s report, Cerby added YouTube and removed Reddit to align the evaluation with the current top social media platforms.

The average score across all platforms slightly improved from 2.54 in 2022 to 3.02 in 2023, marking an 18.9% enhancement. For the second year in a row, Facebook took the top prize with an overall score of 3.74. YouTube came in second at 3.15. Taking the third spot was Twitter with 2.95, followed by Instagram at 2.78, and TikTok at 2.5. Based on the findings, researchers at Cerby are not recommending politicians and businesses avoid using these platforms but focus their efforts on platforms scoring at least 2.6 or higher.

"Social media has become a political battleground, with billions influencing and being influenced on pivotal issues," said Cerby Chief Trust Officer Matt Chiodi. "Our report underscores a marginal security improvement across platforms, yet the lack of enterprise-grade authentication and authorization remains alarming. These are not just technical gaps but potential conduits for account takeovers and misinformation campaigns. As voters head to the polls today, the urgency for a collaborative effort among political leaders, enterprises, and social media platforms to fortify the security infrastructure has never been clearer."

Key findings regarding security and privacy controls on social media platforms include:

  • Two-factor authentication (2FA): Twitter significantly improved 2FA by supporting the phishing-resistant FIDO2 standard (a global authentication standard based on public key cryptography), scoring a perfect 5–joining the ranks with Facebook and YouTube.
  • Enterprise-grade authentication and authorization: The category saw no change from last year. This finding highlights a glaring security gap and low adoption of vital standards such as SAML for authentication (single sign-on or SSO) and the System for Cross-domain Identity Management (SCIM) for automated user access onboarding and offboarding. Both are critical controls for protecting against account takeovers and individuals retaining access to high-profile accounts after they leave an organization.
  • Privacy controls: An average increase of 25% was noted, primarily driven by Facebook's significant improvements. Facebook leaped from 1.5 to 3.5 due to solid enhancements, specifically with time-based third-party access—an essential safeguard against retained access.

The report found that while the year-over-year comparison showed advancement in 2FA methods, the need for enterprise-grade authentication and authorization was concerning. This lack of integration can leave political and business leaders vulnerable to credential reuse attacks and account takeovers, resulting in large-scale disinformation campaigns, particularly during elections.

To read about the report’s findings in greater detail and learn what proactive measures political leaders and businesses can take to fortify their online presence against escalating threats that lurk within the social media landscape, download Cerby’s Threat Briefing: Social Media Security and Elections Volume II here