In the digital age, social media platforms have become the epicenters of political discourse, making their security a matter of national importance, especially as the US gears up for the November 2023 elections. Our latest research sheds light on the security posture of top platforms, spotlighting areas needing urgent attention to safeguard democratic processes.
We assessed five platforms—Facebook, Twitter, Instagram, TikTok, and YouTube—across six key security parameters on a scale of 0 to 5, with 0 meaning they don't support security controls or don't have a public roadmap to implement them and 5 meaning they fully support them and the controls are mature. This year, we added YouTube and removed Reddit, aligning the evaluation with the current top social media platforms.
The average score across all platforms slightly improved from 2.54 in 2022 to 3.02 in 2023, marking an 18.9% enhancement. For the second year in a row, Facebook took the top prize with an overall score of 3.74. YouTube came in second at 3.15. Taking the third spot was Twitter with 2.95, followed by Instagram at 2.78, and TikTok at 2.5. However, this progress doesn’t translate to a substantial mitigation of risks, especially with the upcoming elections. Based on the findings, researchers at Cerby are not recommending politicians and businesses stop using these platforms but focus their efforts on platforms scoring at least 2.6 or higher.
Overall Scores
Key Takeaways:
- Slight Improvement, Big Concerns
- A modest increase in the overall security score from 2.54 in 2022 to 3.02 in 2023 across platforms like Facebook, Twitter, Instagram, TikTok, and YouTube was observed.
- However, this doesn't equate to substantial risk mitigation, especially concerning enterprise-grade authentication and authorization—key in preventing account takeovers and misinformation.
- Two-Factor Authentication (2FA) Shines, Enterprise Authentication Stumbles
- Twitter's adoption of the phishing-resistant FIDO2 standard, scoring a perfect 5 in 2FA, is commendable.
- Yet, stagnation in enterprise-grade authentication and authorization scores at 1.13 reveals a glaring security gap as platforms lag in adopting vital standards like SAML and the System for Cross-domain Identity Management (SCIM).
- Privacy Leaps, Yet Risks Loom
- Notable is Facebook’s leap from 1.5 to 3.5 in privacy controls, indicating a positive trend towards better data sharing and third-party access management.
- However, the lack of mature enterprise-grade authentication and authorization leaves room for credential reuse attacks and account takeovers, which can spearhead disinformation campaigns.
The road to securing social media is a two-way street, requiring not just robust security infrastructures from platforms but also well-informed political and business leaders ready to adopt the proper security measures.
As we inch closer to crucial elections in the US and EU, the need for a collaborative effort between political leaders, enterprises, and social media platforms to bolster security is not just desirable but indispensable. Legislation like the UK's Online Safety Act heralds the global recognition of this pressing issue, hinting at a potential ripple effect in legislative adjustments across the pond.
In the face of escalating cyber threats, robust password management, enhanced 2FA, and enterprise integration are the triad of security measures that can provide a strong defense. Yet, the journey toward a secure digital environment for robust democratic engagement is far from over; it has just begun.
Click here to download the full report.
