Facebook’s Massive Crash Was a Wake-up Call. Don’t Let the Next Digital Crisis Catch You Unprepared

Facebook, Instagram and WhatsApp all disappeared from the internet for almost an entire day thanks to a system error. The crash was a shocking demonstration of just how dependent upon social platforms and digital technology we really are — and how potentially disastrous that dependency could be.

Today, every company and every individual within a company is a digital dependent. But few recognize the many dangers associated with their level of digital dependency. As a society, we’re wildly unprepared for things in the digital world to go wrong, which is a crisis waiting to happen.

Instagram and Facebook are key sources of traffic for more than 200 million small businesses. Business owners can devote their entire marketing budget just to Facebook advertisements. Others are completely dependent upon Instagram and Facebook for their income, and some recorded thousands of dollars in losses during the outage. Being wiped off the map when the internet goes down is a potentially tragic loss for small business owners, but there are, in fact, much greater threats to consider.

Facebook’s own struggle to get back online neatly demonstrated some of the risks enterprises and other large organizations take when they rely too heavily on social media and other cloud platforms for internal, and external, communications and logistics. The outage compromised most of the internal systems employees use in their day-to-day work, and Facebook had no backup systems in place. It is likely that many other organizations are similarly vulnerable.

We live more and more of our personal and professional lives through online and interconnected apps, sites and services. This phenomenon has exploded since the beginning of the COVID pandemic, and it is likely to persist going forward.

This doesn’t just mean we can’t live and work without these tools; it also means we are exposed to the unique risks that only our use of these tools could create. Social platforms like Zoom, Microsoft Teams and Slack have rapidly become critical infrastructure for many businesses; Zoom saw unprecedented growth during the pandemic, when video calls were one of the only ways to effectively communicate with coworkers. Microsoft Teams has 75 million workers using it daily to communicate for work. Slack has 12 million.

That doesn't just create hypothetical risks to workflow, revenue or connectivity; it exposes organizations to a growing cyber crime epidemic, exemplified by the Solar Winds hack and the dramatic rise in ransomware attacks on businesses. The digital dependency of both employers and employees creates a complex security liability, representing a cyber attack surface with as many points of entry for attacks that can result in a data breach as there are users and devices.

Cybercriminals are not afraid to make use of this expanded attack surface. Slack’s security has been repeatedly breached. “Benevolent” hackers showed that it was possible to take over a user’s computer using Zoom without the victim even clicking anything. Zoom was also involved in a class-action lawsuit alleging it had skimped on security. And at least 30,000 businesses were hacked just this year via compromised Microsoft email servers.

But cybercriminals don’t just target the apps and services themselves; more commonly, they will go after employees and users directly, leveraging users’ on-going reliance on these tools to exploit individual vulnerabilities, perpetrate attacks and install malware. This is how the massive corporate data breaches occur that we read about every day.

These kinds of attacks are a more serious threat than you might think. “Spear phishing” and malware attacks are remarkably common — and remarkably effective too. Nearly half of employees say they have made a mistake at work that probably compromised their workplace’s digital security, and a quarter say they’ve clicked on a scam email. In fact, almost all, or 95%, of digital attacks on corporations are the result of successful phishing.

Social media like Facebook and corporate social platforms like LinkedIn offer hackers new attack opportunities because they bring access to sensitive and useful information on a silver platter. Ninety-three percent of U.S. workers use social platforms to both post and broadcast job opportunities and updates, a habit that gives hackers ample information to design their next spear phishing attack against an employee and his or her employer.

Social platforms like Facebook and LinkedIn are lucrative resources for data thieves and hackers. Facebook, for instance, stores vast troves of sensitive personal information about its users — and has been successfully hacked before, to the tune of 50 million compromised accounts. And that’s all information about employees that no employer would want in the hands of a malicious actor dedicated to exploiting every individual technology user’s unique risks to make their next big score.

The digital solutions we depend on in our personal and professional lives for connection, efficiency and workflow do genuinely make our lives and jobs easier and better. But they also render each of us, and the businesses we work for, vulnerable to an untold number of security threats that we simply can’t afford to ignore.

Tom Kelly is president and CEO of IDX, a Portland, Oregon-based provider of data breach and consumer privacy services such as IDX Privacy. He is a Silicon Valley serial entrepreneur and an expert in cybersecurity technologies.