Greetings!

Below are the findings from my research on the following questions. For each question’s answer I have the link below it from my research.

1. What were the top three social media sites, in terms of traffic, in 22-23? List them in order of popularity. 

The top three social media sites in 2022-2023 were YouTube, Facebook, and X (formerly Twitter). YouTube had 1.35 trillion visits, Facebook 216.4 billion visits, and X 112.9 billion visits.

Source: https://www.onfocus.news/most-visited-social-media-platforms-of-2023-led-by-youtube-facebook-twitter-instagram-reddit/

2. Provide a brief summary of how each social media site works and why people use it. 

YouTube is a social media platform for sharing video content. People use it to watch videos online and to share their own content. Facebook is a social media platform used for social networking and posting a variety of content, like text, images, videos, and more. People use Facebook because it is user friendly and open to everyone. X (formerly Twitter) is a social media site where users communicate their thoughts in short messages. People use X for a variety of reasons, from attention, education, self-promotion, the list goes on!

Sources: https://edu.gcfglobal.org/en/youtube/what-is-youtube/1/

https://www.lifewire.com/what-is-facebook-3486391

https://www.lifewire.com/what-exactly-is-twitter-2483331

3. What are “demographics” and why is it important in social media?

“Demographics” in social media are different audiences that use social media platforms regularly. These are important to social media because it helps the user putting out content be able to target their audience better, whether it is a marketer for a business or a content creator.

Source: https://www.ocoya.com/blog/social-media-demographics-guide

4. Explain any demographics that stand out among the three social media sites you listed above. (More popular with a specific age group, are majority of users male or female, married or single, employees or self-employed, etc.)

YouTube has a high demographic of users 25 to 34 years old, with this being 21.5% of all users. Facebook has a top demographic of users from India, with 349.7 million users. X has a high demographic of US users at 21.09%, but is followed by Japan at 10.3%.

Sources: https://www.oberlo.com/statistics/youtube-age-demographics

https://www.websiterating.com/blog/research/facebook-statistics/

https://explodingtopics.com/blog/x-user-stats#region

5. On average, how much time do users spend on each social media site during a day, week or month? 

On average, users spend 143 minutes on social media as a whole every day. On YouTube, users spend about 46 minutes a day, 10 hours and 27 minutes a week, and 23 hours and 9 minutes a month. On Facebook, users spend about 39 minutes a day, 9 hours and 24 minutes a week, and 19 hours and 43 minutes a month. On X, users spend about 30.9 minutes a day, 3.6 hours a week, and 15 hours a month.

Sources: https://www.business2community.com/statistics-pages/average-time-spent-social-media

https://www.doofinder.com/en/statistics/time-spent-on-social-media

https://blog.hootsuite.com/twitter-statistics/

6. Which of the three social media networks is growing the fastest? Why do you think that is? 

Of the three social media networks, Facebook seems to be growing the fastest. I believe that is because of its high variety of content and networking uses. Many businesses use Facebook to grow their business, which makes sense since it is one of the most used social media sites.

Source: https://blog.hubspot.com/marketing/fastest-growing-social-media-platforms

7. How are the majority of visitors accessing these three sites (computer, mobile device, tablet)?

YouTube is being accessed by mobile devices the most, with it being 70% of all YouTube views. Facebook also is accessed by mobile devices the most, with 84.5% of Facebook users. X, like the other two, is accessed the most by mobile devices, with 80% of X users.

Sources: https://thynxlabs.com/blog/youtube-user-statistics-2023

https://www.businessofapps.com/data/facebook-statistics/

https://www.reliablesoft.net/twitter-statistics/

I hope you enjoyed reading this interesting information about the social media demographics! Feel free to comment with any thoughts or questions.

~Katie

After some research, I found one concrete example of very “bad behavior” in the online space, although this example should probably be defined as much more than “bad behavior”. This example is the ransomware attack on the USA’s largest healthcare payment system, Change Healthcare. This incident began on February 21, 2024.

Who was involved?

The victim was Change Healthcare, a company that provides a widely used program that healthcare providers use to manage customer payments and insurance claims. The users across the country, especially small-sized and medium-sized businesses, were also affected. The cybercriminals were the cybercriminal gang “ALPHV/BlackCat”, which is a known Russian-speaking ransomware-as-a-service gang.

What was the outcome?

After confirming that Change Healthcare had been hit by a ransomware gang on February 29th, UnitedHealth paid a ransom of $22 million to the hackers around March 3rd-5th. The ALPHV cybercriminal gang then vanished.  Still, for several months, there was widespread disruption across the USA healthcare system. Then in April, a new ransom gang was formed by a ALPHV affiliate and threatened to publish the data stolen unless another ransom was paid from UnitedHealth. It was later revealed on May 1^st that Change Healthcare’s cybersecurity system was broken into because of a single set password on a user’s account not protected with multi-factor authentication. Finally, after nearly six months after the first incident, Change Healthcare began notifying known affected individuals by letter.

Was there financial loss or damage to someone’s reputation?

There was at least one known ransom paid by UnitedHealth, which was $22 million. There was a second ransom paid, but UnitedHealth would not disclose how much the ransom was or how many ransoms it ultimately paid. Many people (though the number of people affected is still unknown) had highly sensitive information stolen, including medical records and health information, diagnoses, medications, test results, imaging and care and treatment plans, and other personal information including social security numbers.

Were the criminals held accountable?

The cybercriminals have not been caught yet. The US government has a bounty of $10 million for anyone who can identify or locate the individuals behind the gang.

What practical lessons can we learn as a result of this?

The biggest lesson we can learn is to have a higher account security strength. The cybercriminals were able to break in because of one account that only used a single password and not multi-factor authentication. Because of one account’s lack of security, information for possibly tens of millions of people was stolen. After learning about this nationwide cybersecurity incident, I won’t resent having to read an authentication code from my phone or email to get into my COTC account!

Sources:

https://www.nbcnews.com/tech/security/ransomware-attack-us-health-care-payment-processor-serious-incident-ki-rcna141322

https://techcrunch.com/2024/08/17/how-the-ransomware-attack-at-change-healthcare-went-down-a-timeline/?guccounter=1

As the IT supervisor of a gourmet food retailer, my job is to prevent and manage cyber threats to the company. With its three stores, online e-commerce marketplace, and more than 35,000 customers with approximately $1 million in sales each year, the company can have many different cyber threats from a multitude of areas. In this post, I will describe five sources of digital threats to the company, five digital systems that could be exploited, and five recommendations to better protect the company’s assets.

Know your enemy: What are 5 sources/types of potential digital threats to your organization.

1. Ransomware – Ransomware comes in many different forms, but it all has the same concept: you have to pay a ransom to keep your data. Ransomware is typically the final step in a cyberattack process. The payment request is deployed after the attacker gains access to the victim’s network and data. The first step into the company’s network and data is usually a form of phishing, social engineering, or web application attack. As soon as the cybercriminal has access to the company’s data, they can begin to deploy ransomware everywhere they are able to reach in the company.

2. Security Misconfigurations – Security misconfigurations arise when security settings are not defined or implemented, or when they are set at the default settings. Often, this means the security configuration settings do not comply with the industry standards, such as CIS Benchmarks or OWASP Top 10. Misconfigurations are often seen as an easy target, since they can be easily detected by cybercriminals. Some of the most common misconfigurations are unpatched systems, broken access control, sensitive data exposure and vulnerable and outdated components.

3. Credential Stuffing – Credential stuffing happens when an attacker uses stolen credentials from one company to access user accounts in another system or at another company. The credentials are typically obtained from the dark web or in a data breach. This type of cyber threat simply involves logging into a victim’s account with their own username and password. Unfortunately, because this kind of attack is so easy, it is becoming more and more popular. The success of these attacks relies on personal password reuse by an organization’s employees. A 2019 Google survey found that 65% of people reuse passwords on multiple accounts, if not all of them. This only makes the likelihood of an attack higher.

4. Social Engineering – Social engineering is not necessarily a digital system compromise, but instead the compromise of a person, which causes them to unknowingly release confidential information to a cybercriminal. Typically, this is the first step in a multistep cybercriminal attack. Social engineering most commonly takes place in an email phishing attack, where the victim is tricked into downloading malware or giving up credentials. The most concerning factor is that many social engineering and phishing incidents are discovered by external parties. This means that when employees are falling for the cybercriminal’s tricks, they usually don’t even realize it.

5. Phishing – Phishing can happen in many ways, but it comes down to a common premise: a cybercriminal pretending to be someone you know with a message that looks real and urgent, and either asking to click a link or asking for some information (like log in credentials for an account). Maybe it looks like it is from your bank asking for your account credentials, or your manager asking for a password. Unfortunately, it is easy to spoof logos and create fake email addresses that can look real. If the victim acquiesces to the request, it can be like giving the hacker the key to the front door to the company’s data.

Know yourself: Identify at least 5 digital processes, systems, and/or functions your company has in place.

1. Email Accounts – Email accounts could be exploited by a cybercriminal using the emails (either by phishing, social engineering, etc.) to get into more digital areas of the company.

2. E-commerce Site – The e-commerce site could be exploited by hacking the site to gather sensitive information from both the consumer and the company.

3. Security System – Whether for the company’s data, the retail stores, or the website, the security systems could be compromised by cybercriminals, especially if they are older or in the default settings.

4. Store Payment Systems (Point of Sale) – Cybercriminals can do many acts with a Point of Sale, like steal customer’s data, change prices to their advantage, and even make it that their purchase goes onto the next customer’s card.

5. Databases (Private Dedicated Servers and Cloud Servers) – Many Private Dedicated or Cloud Servers, can be hacked through phishing, weak passwords, etc., and both company and customer information can be stolen and exploited.

Develop your strategy: As the chief technology executive, make 5 recommendations that your company should adopt to be more safe, secure, and reliable.

1. Educate employees – One of the biggest things we can do in the company is to educate our employees about what they should do to prevent digital threats from penetrating into the company. Requiring cybersecurity training and creating an atmosphere of encouraging security and digital safety can help prevent digital threats in the future.

2. Regularly Update Security Systems – Not only for the security systems in the company, but also updates for computers, phones, and other devices to prevent breaches. Even missing small updates for a computer can create a hole in the security system that an intruder can use to gain access.

3. Use Strong Passwords – Making sure all passwords are strong (and also not used repeatedly) can make the company’s digital security even stronger.

4. Secure Wi-Fi Networks – Wi-Fi networks are often a common entry point for cyberattacks, so we should take steps to secure them, from using strong passwords, using the latest encryption standards, and even hiding the network to make it less visible to attackers.

5. Conduct Regular Security Audits – From within offices, to the e-commerce sites, to within the stores, we should be doing regular security audits. This can ensure that there are not any holes in digital security, and can even help make sure we stay compliant with laws and regulations.

In summary, although there are many threats to our company, there are also many ways to prevent and combat these attackers. From educating our employees and keeping a strong security, we can and will have a safe digital environment.

Sources:

https://www.forbes.com/advisor/business/common-cyber-security-threats/\

https://www.malwarebytes.com/phishing

https://www.ftc.gov/business-guidance/small-businesses/cybersecurity/phishing

https://cyberguy.com/security/cybercriminal-access-to-your-email-address/

https://thehackernews.com/2023/08/cyberattacks-targeting-e-commerce.html

https://www.securityweek.com/pos-flaws-allow-hackers-steal-card-data-change-prices/

https://proton.me/blog/cloud-hacked

https://www.portnox.com/blog/security-trends/five-easy-tips-to-help-employees-prevent-cyber-attacks/

https://futuramo.com/blog/top-ten-ways-businesses-can-increase-digital-security/

https://contabo.com/blog/how-to-protect-your-server-from-getting-hacked/

Technology changes very rapidly, how current is the information you found? 

Of the three sources I found, Canva seems to have current articles, LinkedIn Learning has graphic design courses that were released within months of this writing, and Creatnprocess is a YouTube channel continually putting out content. Depending on the kind of information (design tips vs software instruction), it is possible to be able to use older information, like for design layout and general design rules, but for software specific things, it would be best to have the most recent information as possible.

Who is posting the information? Are they an authority on the matter? How can you tell?

Canva is an actual organization putting out articles written by staff, LinkedIn Learning is similar to YouTube in a way that you can search for specific courses/tutorials, and Creatnprocess is a YouTube channel who seems to specialize in putting out videos for learning Adobe software. All three are authorities on the matter (Canva, because it is a graphic design software company, Creatnprocess, because they are a graphic designer, and LinkedIn Learning because you can see if the person putting out the course is a specialist in the subject).

What types of gatekeeping mechanisms are in place for the source you found? (i.e., is there an editor or are posts up/downvoted democratically?)

For each source:

• Creatnprocess has comments sections open for discussion and questions and can easily see if people liked the video (though with YouTube’s recent update you can’t see dislikes on any videos now).
• Canva has multiple writers for their articles so there isn’t one person’s opinion in all their articles.
• LinkedIn Learning has reviews on their courses to see how many stars they were rated and people’s comments on them.

Discuss the quality of the information. Is it well written, clear, and easy to follow?

All three are clear and easy to follow. The Canva articles are well written and get to the point without any confusion. Both the LinkedIn Learning courses and Creatnprocess usually have good instructions that are easy to follow and show what is being done on screen (And can use subtitles if you so wish!)

Finally, is this a resource you might use in the future, and if so, why?

All these are resources I may use in the future. Canva has lots of articles that may have the answer to my problem or question, LinkedIn Learning has lots of choices for information, and Creatnprocess has up to date video so there are minimal worries about whether the information is current.

Check out these sources! I personally found them very helpful.

~Katie