In the category of "stating the obvious," a bulletin warning that cyberattacks are on the rise rates pretty close to the top. However, a midyear report issued by the security solutions provider SonicWALL highlights some disturbing trends to which businesses should pay attention. One of them: Corporations are seeing an increase in cyberattacks stemming from employee use of social networks.
"Employees innocently surfing dating sites via a mobile device or PC, that are in fact fake sites, or clicking on offers on Facebook such as a free McDonald's meal that are click-jacking scams, can have a catastrophic impact on data security, business continuity, and profitability," Boris Yanovsky, SonicWALL vice president of software engineering, said in a press release.
Many businesses figured this out some time ago and now block employee access to social networking sites. But just as many corporations -- or more -- are incorporating social networking into their business plans. According to SonicWALL, scams such as "click jacking" on Facebook and malicious links sent via Twitter make businesses more vulnerable to intrusion or data theft.
Of course, it always behooves a security services provider to make things sound dire. Here are some additional findings from the
midyear bulletin:
Mobile-based threats have risen significantly over the last six months. While these threats are not as widespread as computer-based threats, cybercriminals have found workarounds to attack mobile phones on any platform...
With the growth of the Android Market, there has been an increase in rogue applications affecting thousands of users...
As social media has become part of the fabric of social and work-life, constant access to sites by employees from the corporate network is creating new levels of vulnerability...
The U.S., Canada and Taiwan are the most heavily hit countries for worldwide threat-related traffic...
New and familiar viruses continue to infect computers and networks worldwide. Top malware threats in the first half of 2011 were fake anti-virus malware, including a new variant consisting of fake desktop utilities.
Among these threats, I think the use of social networking will create the biggest dilemma for businesses. On one hand, companies are using it to create buzz, bond with customers, keep employees engaged, and stay current with all kinds of news and events. Media and public relations companies are almost requiring social networking to be integrated into marketing plans, and it's an inexpensive way for small businesses to advertise.
But if employees' casual use of Facebook is inviting security breaches, will companies increasingly ban social networking during work hours? And if they do, can they justify its use for business while denying employees access?
I know a lot of high-tech companies are experimenting with Facebook and Twitter, and I'd like to hear your feedback. Are these threats being overblown, so security companies can sell more services and software? Or is there real risk associated with the increased use of mobile computing and social networking? Let us know at EBN.
Attackers are notorious for going where people are -- and people are on their phone, using apps around Facebook, Twitter sites..so social networking is the place where cyberthreats are more..
That is always the key. I look at it this way: You can have the most expensive & sophisticated security system in place in your house, but if you just run & open the door for a robber, it will do very little to help. Much like online exploits in the 'real' world of today.
Andy--excellent point. In fact, HP's H12011 threat assessment reports that there is a drop in new vulnerabilities but a rise in attacks. In other words, the existing gaps in security are just being breached more. I think the point about educating the workforce on the various types of scams that are out there is key. They are very subtle but very dangerous.
@hwong -- Isn't worker productivity an issue beyond Social Media? If my workers are spending their time doing anything that affects productivity negatively, that's a different issue altogether, and one that is covered by education, policies, rules, and consequences--so why not this?
I'm not disagreeing that it is an issue, but I think Social gets a bum rap when it comes to 'productivity' when in essence, it isn't because I have allowed SM in the workplace, but because I have an employee who needs corrective discussion.
Major companies not just allow, but embrace social in the workplace and treat it as they would any other communication medium. In the end, it comes down to how much you trust your employees to make good decisions.
Companies block social sites for their workers not just due to data loss/ cyber attack but also because it may cause workplace inefficiencies. If people are going to spend the time on facebook or tweeter, then that means they will have less time to do productive work. In addition, if they visit inappropriate sites, that will make other coworkers uncomfortable.
First of all, great article Barb. There is no doubt that the risk of Cyber attack and data loss is the main reason companies block social sites for their workers. I find this fascinating not because I think its the wrong thing to do--to be honest, I have mixed feelings about the issue. I find it fascinating instead because this risk has always been among us. Access to Web, email, etc. has always given employees the opportunity to put the company at risk. Phishing sites, virus emails, trojan programs and the like have been with us for some time and we combat this threat through education of our employees and smart protection through firewalls and the like.
My point is that the threat is not new, its just differently branded and driven by a shift in desire by connected people to stay connected throughout the day. Call it evolution. As the technology improves to meet the need, so must the protection software, policies, and education.
Education is key. We tell children not to take candy from strangers. The same messages apply here.
Great point. I believe that if there is anything that people can avoid being scammed or attacked, that is to be educated. For example, if people learn not to click on some of the dubious links like " you've just won 500,000 dollars", then they will reduce the chances of being cyberattacked
Right, trying to block access is not the right way. Years back, when the only mean to access internet was through the company network, blocking might be working. Nowadays, with 3G network, everyone can have access via their mobile phones. It is important users know what the risks are when they do so.
So it is all virtual world where a person may not know whether the person he is having a daily chat with is really a man or a woman , a young girl or an old lady.
As we are all becoming enamour to the tricks of virtualization, trusted and srict identification policy should be employed to curb cyberthreats, as rightly pinpointed @jbond.
More than technology, it is more about education. Users must be empowered to know what to do & what NOT to do online. If you simply try to implement technology to sove a problem, users will still find ways to 'accidentally' subvert those methods and cause the same type of problem, just in another unanticipated way.
EBN Dialogue enables and encourages you to participate in live chats with notable leaders and luminaries. Not only editors and journalists, but the entire EBN community is able to comment and ask questions. Listed below are upcoming and archived chats.
Archived Dialogues
Thailand Stages a Comeback Join EBN contributor Jennifer Baljko on Thursday August 23, 2012, at 11:00 a.m. EST for a live chat on how electronic manufacturers in Thailand have shored up their supply chain to reduce the impact of future natural disasters.
Euro-Crisis: What It Means for High-Tech Firms Join EBN Editor in Chief Bolaji Ojo and Contributing Editor Jennifer Baljko on Thursday, July 12, at 10:00 a.m. EDT for a Live Chat on high-tech and Europe's economic difficulties.
Microsoft Surface: Potential Winners & Losers What are the implications for the electronics industry supply chain of Microsoft Corp.'s decision to launch its own tablet PC? Join industry veteran and EE Times' systems and OEM expert Rick Merritt on Tuesday, July 3, at 12:00 pm EDT for a Live Chat on this subject.
Join EBN contributor Jennifer Baljko on Thursday August 23, 2012, at 11:00 a.m. EST for a live chat on how electronic manufacturers in Thailand have shored up their supply chain to reduce the impact of future natural disasters.
Peter Drucker famously said "Trying to predict the future is like trying to drive down a country road at night with no lights while looking out the back window." Yet in the razor's-edge world of electronics—with a lean supply chain and just-in-time demands—the need to know the future is vital.
While no one really can accurately predict the future, we can take guidance from another Drucker saying which is the best way to predict the future is to create it.
You've heard the saying "the No. 1 supply chain risk is your people." That hasn't always been the case. But today's complex global supply chain requires a new type of multitalented employee. It's one who understands, finance, marketing, economics, is savvy with technology, graceful with relationships and can think analytically.
Where are these people? Are universities properly preparing the next generation supply chain professionals? How do train your existing workforce for these new, demanding positions?
Brian Fuller, editor-in-chief of EBN, will lead a 60-minute Avnet Velocity panel discussion that will ask and answer these and other questions swirling around today's supply-chain talent challenges.
To save this item to your list of favorite EBN content so you can find it later in your Profile page, click the "Save It" button next to the item.
If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This