ITAI and CySec

Social Media Security Risks and Mitigation Techniques

Social media has gained immense popularity with deep penetration into our society and has become an essential part of everyone’s life. Social media has redefined communities and has opened new vistas for interaction among people across the globe. The term ‘global village’ coined for the internet revolution has actually been realised with the advent of social media. On the one hand it is believed that social media has increased connectivity where people can interact with each other beyond political and geographical boundaries but on the other hand it is a well-known fact that use of social media has compromised our privacy. Privacy concerns are just the tip of the iceberg, as a matter of fact there are much more serious issues concerning social media.


China has developed their indigenous social media platforms like, WeChat, Tencent QQ, which are available globally and providing the same, rather better services than U.S. social media platforms are providing elsewhere in the world. Their domestic social media platforms are fulfilling their requirements in a much better way as these custom-built platforms are designed, modified and upgraded, keeping in view the customs, culture and needs of Chinese people. By using Chinese social media platforms, not only is the data of Chinese users staying within China and not going into the hands of western world but at the same time Chinese users are contributing to Chinese domestic economy. Chinese model of domestically developed social media platforms can be studied in detail and may be employed in our country to address the privacy and security concerns.


There are cybersecurity threats and other concerns related to hacking, cyberbullying, cyberstalking, clickjacking, online frauds, scams, data breaches, identity thefts, fake profiles, surveillance, damage to users‘ reputation, personal health and safety issues, time wastage and online addiction etc. Social media is used as an effective propaganda tool to spread misinformation and rumours using fake news, photos, and videos. Social media is also used to exploit our ethnic and religious divides. Cyber criminals and terrorists are using social media to spread their ideology, hate speech, recruitment and veiled messaging. When comparing the overall advantages and disadvantages, it appears that there are more disadvantages than the advantages, although this point is debatable and depends on the usage, and thus varies from person to person.

Social media generally refers to websites and applications that facilitate social networking and developing virtual communities using computers and mobile phones. A number of social networking sites are available, most popular of these include, Facebook, YouTube, Twitter, LinkedIn, and Flicker etc. Most popular social networking applications include, WhatsApp, Messenger, Instagram, Viber, Line, Snapchat, WeChat etc. Facebook is the most popular social networking site with more than two billion monthly active users followed by YouTube with around 1.9 billion monthly active users. If we talk about social networking applications WhatsApp is the leader with around 1.5 billion monthly active users followed by Messenger with around 1.3 billion monthly active users. Interestingly, Facebook owns WhatsApp and Instagram too. In Pakistan Facebook is the most popular social networking site followed by YouTube and Twitter, whereas WhatsApp is the most popular social networking application.


In our case the social media vulnerabilities under discussion are further enhanced because of limited or no control of state apparatus over them. Most of these services are being run from outside Pakistan.


Users are unknowingly giving their personal and organisational information on social media. People are willing to be tracked and giving away a lot of their personal and private information. They are presenting their complete personality profile, thinking, intentions, sentiments, routine activities, likes and dislikes etc. Interestingly, a fair number of these social media users have sufficient knowledge about cybersecurity but are not aware about the seriousness of the issue. It is thus very important to create awareness among users which is a continuous process as people need to be regularly reminded about the security issues over the internet and social media. Knowledge is linked with information, facts, skills, in-depth theoretical and practical understanding acquired through education and experience but are mainly linked with external events. On the other hand, awareness is referred to internal states such as feeling and emotions, consciousness and may not require deep understanding. It is thus important to create awareness among users who may already have sufficient knowledge but still lack sufficient awareness. Friends and family members of any individual may also be sharing a lot of information without his/her knowledge. Information may illegally be accessed and acquired by hackers using social engineering tricks, which is an exploitation of weaknesses in human psychology.



Social media users must share minimum data on social media websites as these sites cannot be trusted and there is no guarantee that the data is secure. Even if the service providers are not sharing the data intentionally, enough security mechanism may not be in place to protect the users’ data. There are incidents where users’ personal data from these sites had been hacked and the service providers were neither able to protect the data nor were they able to inform users about their data that had been stolen.
Cyber criminals and hackers target people using social media as people are generally not aware or complacent about the cyber threats they may encounter. People do not take care of their personal, private and important information such as usernames, passwords, e-mail addresses, phone numbers, bank account details and other identity related information. This information may be accessed by hackers and can be used for malicious activities. Hackers may trick users by social engineering attacks in order to get the information. 
Terrorist organisations are using social media platforms to recruit people as they can see people having inclination towards them from their profiles, sentiments and feelings from their posts. Terrorists are using these networks for propaganda, spreading and imposing their thoughts or ideology, fundraising, planning and executing terrorist activities, and communication. Terrorist organisations can easily target young and innocent minds.        
In our case the social media vulnerabilities under discussion are further enhanced because of limited or no control of state apparatus over them. Most of these services are being run from outside Pakistan. Our data is lying out of this country and we have no authority over it. We must immediately ask the people managing these social media platforms for ‘data localisation’, which means that our data must reside in our country. At present our local laws are not applicable to these social media service providers. It is also a bitter fact that we are very weak in cyber legislation; formalisation and implementation of comprehensive cyber laws has been long-awaited. Cyber criminals are using sophisticated tools and technologies whereas our investigating agencies lack such expertise. There is a need to make effective cyber, privacy and data protection laws to protect personal information and data of social media and other online users. As per International Telecommunication Union (ITU) report published in 2018, Pakistan is ranked 94th out of 155 in Global Cybersecurity Index (GCI), which is significantly lower in the region comparing India (47), Iran (60), Bangladesh (78) and Sri Lanka (84). The situation of cyber wellness of Pakistan as per ITU report is not very encouraging and needs significant improvement. There is no national cybersecurity policy or national cybersecurity framework for implementing internationally recognised cybersecurity standards. We, as a state, lack apparent roadmap for cybersecurity governance, national agency for cybersecurity, agency or framework for certification and accreditation of cybersecurity agencies and professionals, national CERT (Computer Emergency Response Team), standardization program and framework for cooperation etc. The only significant step in this area is the Prevention of Electronic Crimes Act (PECA) which was approved in 2016 but is under many controversies on account of freedom of expression and therefore the issue of national cybersecurity has moved to the background.   


The situation of cyber wellness of Pakistan as per ITU report is not very encouraging and needs significant improvement. There is no national cybersecurity policy or national cybersecurity framework for implementing internationally recognised cybersecurity standards.


Social media has given a new dimension to propaganda warfare, an essential segment of hybrid warfare which is actively used by our enemies in ‘fifth generation warfare’. Social media contents can very easily be manipulated for malicious purposes. Fake news and propaganda is a serious issue on social media which will be more serious in the coming days as more sophisticated supporting tools will be available. Artificial Intelligence (AI) tools can be used to generate fake sounds, images and videos which are indistinguishable from real ones. Social media has been maliciously used during the Iranian Green Movement in 2009, England riots 2011, Arab Spring, Libyan Civil War 2011 and U.S. elections.
Social media platforms are apparently providing free services. However, in this business you are not the customer, actually you are the product as your information and data is being sold. National Security Agency (NSA) whistle-blower Edward Snowden tweeted in March 2018 that Facebook is a surveillance company that sells its users’ personal data. He is of the opinion that surveillance companies have been actually renamed as social media who are collecting user information and conducting surveillance of the entire world through social media. We are well aware of Facebook-Cambridge Analytica data scandal where the company illegally harvested and sold data of about eighty seven million Facebook users without their consent during U.S. presidential elections. Heavy fines have been imposed on Facebook in U.S., UK and EU for their inability to protect users’ data. 
This is a fact that anyone on social media is just like an unpaid agent working voluntarily for intelligence agencies monitoring social media, as people are providing real-time information in the form of comments, newsfeed, photos, and videos etc. from all over the world about their feelings, likes, dislikes, activities, emotions, psychological and religious trends, not only about themselves but about their families, friends and entire surroundings. Social media intelligence (SOCMINT) has emerged as a new and powerful source of open source intelligence used by secret services. 
All social media platforms provide configurable security settings which may restrict other people to see a user’s personal information, posted photos and videos etc. It is always recommended not to continue with default security settings and always make the settings strict as per the needs. Social media platforms may cause spread of malicious software which may not only access the users’ personal and confidential information but may also infect their computer or smartphone to be a part of botnet.
Here are certain recommended actionable items which must be ensured by social media users to improve their security and remain safe over the internet and social media:
• Do not continue with default security settings. Always set the settings to restrict other users from seeing your personal information and posts including photos, videos and comments.
• Do not make your private life public by sharing private information over social media. Remember, the cyber world is full of cybercriminals, hackers and people with malicious intentions who are not recognisable. Give minimum essential personal information and unnecessary personal information should be removed from your profile.
• Do not accept friend requests from unfamiliar people as this could be a fake request from some hacker or cybercriminal using a fake account. Even in the case of known people it is always better to confirm authenticity of such requests by other means. Impersonation is common and your friend’s account could have been hacked or may have become a victim of identity theft. 
• Avoid clicking the links received by e-mails or popups. A link appearing to be legitimate may be dodgy and a trap.
• Always use the best cybersecurity practices while using internet and social media platforms.
• Do not post pictures that give information about your organisation or your official role.
• Do not post pictures with the geotagging feature switched on. Modern cameras attach a lot of metadata (e.g., date, time, place etc.) with each picture which can be retrieved and used for malicious purposes.
• Do not use unnecessary status updates for each activity.
• Your personal and private life and your relations must remain private. Do not expose such information unnecessarily to the public.
• Use strong access control and authentication mechanism. Use: two-factor authentication, strong/secure passwords, updated antivirus, anti-malware, antispyware and firewalls.
• Social media is full of misinformation. It is an effective propaganda tool to spread disinformation with the support of fake news, videos, photos and messages. Don’t believe everything to be true and don’t be a part of this propaganda campaign by forwarding any unauthentic news or material. 
• Not all social media accounts are authentic and real. There are a large number of fake paid bots and hijacked accounts.




If we look at Chinese social media scenario, U.S. social media platforms like Facebook, Twitter, YouTube, Instagram or WhatsApp are not available and access to these otherwise popular social media platforms is completely blocked yet the country has the most active environment for social media. China has developed their indigenous social media platforms like, WeChat, Tencent QQ, which are available globally and providing the same, rather better services than U.S. social media platforms are providing elsewhere in the world. Their domestic social media platforms are fulfilling their requirements in a much better way as these custom-built platforms are designed, modified and upgraded, keeping in view the customs, culture and needs of Chinese people. By using Chinese social media platforms, not only is the data of Chinese users staying within China and not going into the hands of western world but at the same time Chinese users are contributing to Chinese domestic economy. Chinese model of domestically developed social media platforms can be studied in detail and may be employed in our country to address the privacy and security concerns. Domestic social media platforms will definitely add to our economy too.



To protect our social media users we must develop relevant policy, strategy, laws and regulations at national level. Social media service providers shall be asked to keep our users’ data within our own country. As soon as possible, our own indigenous social media platforms shall be developed and deployed. Awareness of users is very important, especially in a country where literacy rate is around 58% whereas more than 76% of the population is cellular mobile user.


E-mail: [email protected]

Read 212 times


Share Your Thoughts

Success/Error Message Goes Here
Note: Please login to your account and leave your thoughts on this article.

TOP