ISACA Now Blog

Knowledge & Insights > ISACA Now > Posts > Two sides of a coin: The social media tsunami

Two sides of a coin: The social media tsunami

| Posted at 11:45 AM by ISACA News | Category: Security | Permalink | Email this Post | Comments (0)

Nelson GibbsThe rapid evolution and expansion of social networking into the business realm has created a host of new risks and concerns—as well as new opportunities—for both organizations and individuals. Auditors and other risk professionals need to understand the risks and be prepared to address them. Like any new technology, the introduction of social media creates a window of uncertainty and a steep learning curve for organizations trying to stay ahead of their competition. The recent explosion in the use of social media for business purposes can be likened to a tsunami—an exponentially rising wave that threatens to overwhelm those who are not prepared.

Failure to understand the impact and exposure social media activities can have on individuals and companies is best illustrated with the following cautionary tale: in May of this year, Gene Morphis, CFO of Francesca’s Holdings (a publicly traded company) was terminated for social media blunders that included Facebook and Twitter posts and comments about company-related financial information and opinions. His actions exposed the company to potential SEC enforcement actions and sanctions, tarnished his reputation and cost him his job (for a more complete understanding, read this May 14, 2012 Wall Street Journal article).

There are many types of social media platforms and tools currently available, and some of the most common are listed in the table below. It is important to keep in mind that there is a continual shifting and blurring of the line between the categories, and between the design and actual use, due to evolution as the technologies are explored, developed, modified and combined to suit user needs.

Social Media

Popular Examples


Wikitravel, Wikipedia, wikiHow, WikiBooks, the TV IV


WordPress, Blogger, Technorati, xanga, scribd, livejournal

Social Networking

LinkedIn, Facebook, Friendster, Plaxo

Mashups and RSS

(Really Simple Syndication)

newsgator, Bloglines, iGoogle, FeedBurner

Presence and Microblogging

Twitter, Pownce, jaiku, Hictu!, tumblr, foursquare

Social Bookmarking and Tagging, digg, reddit, newsvine, StumbleUpon

Online Photo and Video Sharing

YouTube, flickr, shutterfly, last-fm, Slideshare, Pinterest

Eight Social Media Considerations

The various types of social media are another set of tools in an organization’s arsenal of competitive weapons, but like any weapon, social media tools can be a double-edged sword, and their capabilities and dangers should be well understood before they are deployed. What makes social media so powerful and potentially valuable is the networking effect (related to Beckstrom’s Law), in addition to the fact that it leverages connections and relationships that lie outside an organization’s direct control, allowing for rapid and decentralized influence in a collaborative environment. With that in mind, below is a list of eight unranked items to consider in order to better understand some of the likely risks (both benefits and threats) that will arise when implementing social media strategies, programs, tools and technologies.

  • Reputational—An upside is that a company may be seen as an innovator, a technological leader in the industry; a potential downside is the speed of information dissemination (whether true or not) into the environment that can overwhelm an organization’s ability to plan and respond to messaging needs.
  • Brand—On the upside, a company can easily use a combination of targeted marketing and satisfied customers to rapidly build a brand image and product loyalty; on the downside, a disgruntled customer or employee can have an outsized impact when expressing negative opinions or experiences.
  • Legal and regulatory—Social media can make it easier and less costly to meet statutory disclosure requirements; however, a company may face liability for actions or communications over which it has little or no control.
  • Financial—Unanticipated costs and expenses, including financial penalties or damages, may be incurred as a result of poorly implemented social media projects; however, there is an opportunity for a lower cost of acquiring new customers compared to traditional marketing methods.
  • Technological—Choosing the wrong solution or platform limits the ability to effectively reap the benefits of social media and can potentially result in loss of investment and negative ROI; in contrast, properly executed a social media implementation can result in a faster communication channel with existing customers and/or internal teams.
  • Operational—An entity may face increased overhead and unaligned messaging due to multiple social media projects sponsored by different functions with no integrated strategy or goals; however, they can gain an ability for individual departments and functions to quickly and inexpensively react to needs and opportunities in the environment without a significant organizational investment of time or resources.
  • Information security—Social media introduces new vectors and expanded attack surfaces for criminal and commercial espionage threats. It’s easy to exploit human nature’s tendency to extend trust without a valid basis. Offsetting that, however, is the ability to gather and aggregate data from multiple sources, which can result in better informed decision making capabilitites.
  • Copyright/intellectual property—It is faster, easier and more cost-effective to share information and ideas in a social media environment than in traditional channels, potentially resulting in reduced cycle time for iterative or collaborative processes; an opposing consideration is that information leaks may become more difficult to monitor and manage, and the original source of material may not be appropriately credited.

I hope you can join me at ISACA’s Information Security and Risk Management (ISRM)/IT GRC Conference in Las Vegas, Nevada, USA (14-16 November 2012), where I will be discussing this topic in depth. With a good understanding of the threats and opportunities provided by social media, coupled with an alignment with organizational strategies and goals, companies have a vastly improved likelihood of benefitting from the deployment of social media to enhance their competitiveness. The other side of the coin is that companies that enter into the dangerous waters of the social media tsunami without considering these factors might risk being overwhelmed by the possibilities and complexities of the technology.

ISRM Advisors LLC, USA

We welcome your comments! Please log in using the Sign In link at the top right of this page and then leave your comment in the box at the end of the post. To view all blog posts, please click on the ISACA Now link in the blue box on the left.


There are no comments yet for this post.
You must be logged in and a member to post a comment to this blog.