Can You Trust Social Media and Teams? (No)

The early days of social media was such an innocent time. An easy way to update a large group of friends on what you are up to and what you are interested in. And a way to stay in touch with people you don’t see in person any more. Even the early Facebook creeping of ex-partners and crushes seemed innocent and mostly harmless. It worked because we had inherent trust in the system. We believed that people were who they said they were — and we knew them in real life before social media.

Over time, we began to connect with people we only know through social media. And we have to blindly trust what they say is truth. This is a fertile field for sowing misinformation and fraud. Anyone can pretend to be anyone on a social media platform. That threat actor from the other side of the planet, can pretend to be your former neighbor from the street you grew up on. How would you know? At some level we still trust the systems, but they have proven incapable of earning that trust. They are motivated by growth and put no effort into authentication.

When Microsoft Teams first came out, it functioned more like an extension of corporate email / instant messaging. You could only communicate with people in your organization so it was relatively secure and trustworthy. Then the Covid pandemic happened. People needed effective ways of working from remote locations, with people outside the organization. Applications like Zoom and Slack became instantly popular for their openness and Microsoft chased their success by reworking Teams to be the ubiquitous tool it is now. And much like the social media platforms, they lost the inherent authentication capabilities. You can either restrict Teams to your organization — and struggle as your users use less secure competitor products — or you can allow users to use Teams with unknown people outside your organization. What’s the worst that can happen?

Unauthorized users listening in on private corporate meetings (has anyone connected to your Teams meeting with their camera turned off?) Pr0n bombing where an unauthorized participant shares their screen of illicit content. And now fake IT support calls!

Imagine your users receive a Teams call from someone claiming to be from IT Support. The user is asked to install some software to assist in troubleshooting and the IT support person is there to share screens and help the install process. Would your users be suspicious or thankful that they are getting such good IT support? If you outsource your IT support, does it look like the support team is from a different company anyway? How would your users determine who they can trust and who is malicious?

Until we get viable authentication and authorization tools and processes, we have to rely on the users. And unfortunately they still trust the systems.

https://www.thestack.technology/ransomware-attacks-via-teams

sbiswanger
06 Feb 2025
Comment 0
  • Categories
    •

    Leave a Comment

    Your email address will not be published. Required fields are marked *

    News & Blog

    Related Posts

    It’s not about Security. It’s about Trust.

    Menu

    Solutions

    Menu

    Contact

    Copyright © 2024 Biswanger Consulting Group Inc. All Rights Reserved