Reddit: A Double-Edged Sword for Cybersecurity Awareness

Reddit and I have a complicated relationship. I used to use it a lot when I was younger, but I stopped because it is so easy to waste spend hours of your day on the app. So I bid Reddit farewell 🙁 and tried to live a normal life without it. It worked for a while, but then the curious person in me downloaded it again, and the same thing happened; I was back in the Reddit Rabbit hole.

To make this time more productive and justify the amount of hours spent, I decided to link my return to Reddit to my job and investigate how Reddit could be both a good tool for spreading cyber security awareness and a platform used by malicious actors….. hence the title of this article.

First, for those of you who are unfamiliar with the app. Reddit is a social news aggregation, web content rating, and discussion website. Users submit content to the site such as links, text posts, images, and videos, which are then voted up or down by other members. The content that receives the most upvotes rises to the top of the page and can be seen by a larger audience.It is organized into thousands of communities called subreddits, which are dedicated to specific topics or interests. Subreddits can be created by anyone, and they cover a wide range of topics from news and politics to hobbies and entertainment.

So it makes sense if you follow me that some subreddits cover cyber security.

Here are a few of them for those of you who are interested:

• r/AskNetSec: provides a forum for asking questions about information security and network security from an enterprise standpoint. With over 150k members, you can get a lot of information security expertise in one place.
• r/blackhat: provides a library of hacking techniques and research on the most recent attacks, as well as links to both free and paid hacking tutorials and courses.
• r/computersecurity: offers a compiled list of links to IT security news, articles, and tools, as well as a forum for discussing cyber security issues.
• r/cybersecurity101: the place to go for discussion of basic cybersecurity and privacy issues from a home, family, and personal standpoint.
• and of course r/cybersecurity: handles questions from professionals as well as students aspiring to be cyber security professionals.

For a more complete list, check this website.

Now that we’ve all agreed on what Reddit is have joined the most interesting subreddits, let’s look at why I chose to call it a double-edged sword.

To begin, in my case, I believe Reddit helps me stay current on current cyber topics and new developments in the field. It was also a simple and convenient way to get started in cyberspace. If I wasn’t sure about something cyber-related, I’d post it in a subreddit and wait for other users to respond with links, resources, and tips. As a result, it is unquestionably a good platform for cybersecurity professionals and enthusiasts to share knowledge and insights on a wide range of cybersecurity topics (what training should you get, how to secure a wifi connection, etc.). Many subreddits offer advice, tips, and best practices for staying safe online. Users can learn from experts to better understand cybersecurity concepts. Furthermore, because cybersecurity threats and attacks occur on a regular basis, staying current on the latest developments is critical, making Reddit the ideal platform for sharing cybersecurity-related news articles and current events, which can help raise awareness of the risks and provide insights into how to mitigate them. Furthermore, it promotes debate and participation. This fosters an environment in which users can share ideas, share experiences, and learn from one another. Users can improve their understanding of cybersecurity and contribute to the development of best practices for staying safe online by participating in these discussions.

So that’s the good side of the sword; now let’s look at the bad side. Reddit, like any other social media platform, can be used for social engineering, in which cyber criminals use psychological manipulation to trick users into disclosing sensitive information. This can happen as a result of phishing attacks, in which users are lured to fraudulent websites or click on malicious links, resulting in the disclosure of sensitive information. Malicious links are a real problem; some users may post links to websites that contain malware or other malicious code. This can put users’ devices at risk. Finally, because Reddit is a user-generated content platform, not all information shared on the site is accurate or reliable. Some users may post inaccurate or misleading information, leading to poor decisions or ineffective measures to protect their personal information.

So, that was the end of this article; it was brief, but it serves as a reminder that social media, in this case Reddit, can be a valuable tool for cybersecurity education if we are aware of the risks.