By Mobina Riazi, CTA Intern
Cyberattacks and security breaches are often reported as the endpoint of technical failures, but in reality, they’re often the opening act in a much larger narrative of social disruption across the internet. Social cybersecurity is the study of how individuals, embedded within social and digital networks, can be compromised, influenced, or manipulated through information and communication technologies. As an emerging and inherently interdisciplinary field, social cybersecurity remains loosely defined. This blog provides a holistic overview of the evolving research landscape—highlighting how the field is beginning to map the connections between cyber threats and social media.
Social media platforms often serve not only as vectors for data exfiltration, via tactics like malware, pretexting, and phishing, but also as areas for intrusion, including privacy erosion, information exploitation, and social engineering. Many areas of research in social cybersecurity trace the exploitation of social platforms back to technical vulnerabilities – vulnerabilities that are often amplified and exploited for financial, political, or other forms of social gains. These research areas include:
Information Manipulation
- Disinformation and misinformation
- Synthetic Media (i.e. Deepfakes, Artificial Intelligence)
- Censorship
- Propaganda frameworks
- Spam
- Information warfare
- Diffusion
Adversarial Actors and Techniques
- State-sponsored networks
- Bots, cyborgs, trolls
- Adversarial networks
- Fraudulent behavior
- Extremism and terrorist content
- Hacktivism
- Spam
- Algorithmic amplification
- Narrative laundering
Detection, Analysis, and Enforcement
- OSINT/SOCMINT (Open Source Intelligence / Social Media Intelligence)
- Sentiment and trend detection
- Opinion mining
- Media characteristics
- Forensics and cybercrime detection
- Privacy rights
- AI-driven threat detection
- Cross-platform coordination
Even as this research progresses, however, the seriousness of the threat demands an immediate response. Organizations, researchers, and end users are each playing a key role in combating the cyber threats emanating from social media platforms.
Organizations
For social media platforms, malicious exploitation typically falls under Trust & Safety and/or Content Policy Guidelines. Addressing these issues often requires collaboration among engineers, legal experts, and threat analysts to tackle challenges such as harmful content, inauthentic behavior, fraudulent networks, and scam campaigns. Platforms have increasingly begun publishing detailed analyses of potential security risks and malicious activities, focusing on how attackers exploit vulnerabilities on social media. For example, Meta releases a quarterly Adversarial Threat Report, which provides security updates and insights into evolving threats on its platforms, highlighting malicious activities including Coordinated Inauthentic Behavior (CIB), Brigading, Cyber Espionage, and Mass Reporting.
However, the social dimension of cybersecurity is increasingly evident in the growing trend of threat intelligence reports being produced and amplified not only by platforms like Meta, but also by cybersecurity organizations and independent researchers. Organizations such as the CyberPeace Institute, FS-ISAC, the Center for Threat-Informed Defense, and the National Cybersecurity Alliance (NCA) go beyond technical defense, publishing detailed APT reports that trace attacks across social platforms and shape how cyber threats are publicly understood, politically framed, and addressed. These organizations work to enhance transparency and collective defense across sectors to address the evolving impact of cyber threats in both digital infrastructure and social environments. For example, the CyberPeace Institute focuses on the broader consequences of cyberattacks, especially those targeting civilian infrastructure and nonprofits, publishing reports that detail harms extending beyond monetary and physical damage to include human, social, and environmental impacts. Other organizations, such as the Center for Threat-Informed Defense—affiliated with frameworks like MITRE ATT&CK—map adversarial behaviors and provide standardized terminology and techniques to assess how cyberattacks, including but not limited to influence operations, are structured and executed across digital environments. These approaches help reframe cybersecurity not merely as a technical issue, but as one fundamentally tied to humanitarian concerns.
Researchers
While organizations typically begin with technical threat detection, then trace these threats forward as they manifest and spread across online platforms, researchers often start by examining online phenomena—such as deepfakes, bots, and narrative laundering—and work backward to uncover the cyber forensics. Thus, while organizations engage in social cybersecurity as an extension of their technical threat analysis, their scope often overlooks the “in-between” spaces —interactions that occur across platforms, throughout the broader internet, and on fringe or unregulated platforms. Researchers engaged in the domain frequently draw upon a diverse and interdisciplinary skill set, encompassing threat analysis, open-source intelligence (OSINT), social media intelligence (SOCMINT), network analysis, digital forensics, and scholarly research in digital media and political communication.
Organizations like Institute for Security and Technology (IST), the Aspen Institute’s Cybersecurity & Technology Program, CREST, and Election Infrastructure ISAC reflect this blended expertise—bringing together technical investigation with broader sociopolitical inquiry. While the IST convenes experts across cybersecurity, policy, and media to tackle complex threats such as ransomware and influence operations—highlighting how cyberattacks shape public narratives and geopolitical dynamics—entities like CREST provide ethical certification for technical investigators whose forensic work underpins the threat intelligence essential to understanding sophisticated cyber threats in broader social context.
Users
While platforms, organizations, and researchers all play critical roles in detecting and mitigating cybersecurity threats, users themselves are also active participants in this ecosystem. Especially on social media users are not just passive recipients of content; they engage with, amplify, and sometimes unknowingly partake in cyber attacks like phishing campaigns, malware, ransomware, and DDoS attacks that aim to damage, steal, or disrupt digital systems. In many cases, threat actors exploit users’ trust, social connections, and emotional responses to embed their operations within everyday social interactions. Organizations like the Global Cyber Alliance, Cybercrime Support Network, and No More Ransom! play a vital role in educating and equipping users to recognize and defend against a wide range of cyber risks. At the Cyber Threat Alliance, we recognize that improving global cybersecurity depends on sharing high-quality threat intelligence among organizations and researchers as a way of empowering users and driving meaningful platform and policy reforms that strengthen the technical and social security of cyberspace.