Advertisement

Blog

Is Social Networking Increasing Cyberthreats?

In the category of “stating the obvious,” a bulletin warning that cyberattacks are on the rise rates pretty close to the top. However, a midyear report issued by the security solutions provider SonicWALL highlights some disturbing trends to which businesses should pay attention. One of them: Corporations are seeing an increase in cyberattacks stemming from employee use of social networks.

“Employees innocently surfing dating sites via a mobile device or PC, that are in fact fake sites, or clicking on offers on Facebook such as a free McDonald's meal that are click-jacking scams, can have a catastrophic impact on data security, business continuity, and profitability,” Boris Yanovsky, SonicWALL vice president of software engineering, said in a press release.

Many businesses figured this out some time ago and now block employee access to social networking sites. But just as many corporations — or more — are incorporating social networking into their business plans. According to SonicWALL, scams such as “click jacking” on Facebook and malicious links sent via Twitter make businesses more vulnerable to intrusion or data theft.

Of course, it always behooves a security services provider to make things sound dire. Here are some additional findings from the midyear bulletin:

Mobile-based threats have risen significantly over the last six months. While these threats are not as widespread as computer-based threats, cybercriminals have found workarounds to attack mobile phones on any platform…
With the growth of the Android Market, there has been an increase in rogue applications affecting thousands of users…
As social media has become part of the fabric of social and work-life, constant access to sites by employees from the corporate network is creating new levels of vulnerability…
The U.S., Canada and Taiwan are the most heavily hit countries for worldwide threat-related traffic…
New and familiar viruses continue to infect computers and networks worldwide. Top malware threats in the first half of 2011 were fake anti-virus malware, including a new variant consisting of fake desktop utilities.

Among these threats, I think the use of social networking will create the biggest dilemma for businesses. On one hand, companies are using it to create buzz, bond with customers, keep employees engaged, and stay current with all kinds of news and events. Media and public relations companies are almost requiring social networking to be integrated into marketing plans, and it's an inexpensive way for small businesses to advertise.

But if employees' casual use of Facebook is inviting security breaches, will companies increasingly ban social networking during work hours? And if they do, can they justify its use for business while denying employees access?

I know a lot of high-tech companies are experimenting with Facebook and Twitter, and I'd like to hear your feedback. Are these threats being overblown, so security companies can sell more services and software? Or is there real risk associated with the increased use of mobile computing and social networking? Let us know at EBN.

30 comments on “Is Social Networking Increasing Cyberthreats?

  1. AnalyzeThis
    September 7, 2011

    I'm of the opinion that it's a wise move to ban Facebook use in the enterprise. Now of course you make exceptions for your marketing, customer service, and PR folks who need to use it for promotional/advertising-type use.

    But there is little benefit to enabling your accountants or designers to waste time at Facebook at work. Hardcore Facebook users not only waste a lot of time on the site on a daily basis, but they're also quite likely to fall for the click jacking scams you mention.

    If you work for a company which does not have especially tech-savvy employees, I think blocking Facebook makes a ton of sense. That being said, employees can still waste time on Facebook via their phones, but at least you partially weed out another potential security threat. Plus there's the whole issue of employees sharing confidential information, etc.

    Anyhow, of course there's an increased risk due to social networking. And no matter what you do you will not be able to eliminate all threats: even if you do a blanket ban of Facebook, people can certainly use alternative sites and fall for the same scams.

    So maybe I'm just biased because I'm not that big of a Facebook fan. Oh well!

  2. Clairvoyant
    September 7, 2011

    I certainly agree with the statements that threats are on the rise. Social networking sites and applications can increase the potential of threats getting onto users computers if the user is not careful and using anti-virus and anti-spyware applications. Also, personal information is easier to gather with these sites.

  3. _hm
    September 7, 2011

    Cybrthreats are not as much harmful as is the lost productivity. In general 30% productivity is lost in this social networking and other internet usage. It is applicable to one and all – from President to to junior engineer. It is difficult problem to solve.

     

  4. Parser
    September 7, 2011

    Facebook and Tweeter are used by business and the same tools become destructive. Sounds to me like a “kitchen knife”. It is used to prepare food and it can be a crime tool. There will be no solution to the usage of Facebook and Tweeter, however companies may start strongy collaborate with them to make the usage safe. 

  5. JADEN
    September 7, 2011

    The continuous growth of social networking sites is an attack distribution platfrom and a change in attckers' infection tactics.  With social engineering trick, cyber criminals also tricked the users into spreading their codes and links, the links would lead to malicious sites that have fake antivirus systems, other malware, or philshing sites, or a surveys that would give cyber criminals access to private information.

  6. Anne
    September 7, 2011

    The social networking platfroms continue to grow in popularity, and this popularity has become a fertile ground for cyber criminals.  The attackers overwhelmingly leveraged the news feed capabilities provided by social networking sites to mass distributed attacks. As the attacker logs into social networking account and posts a link to a malicious website in the victims' status area.  The social networking site automatically distributes the link to news feeds of the victim's friends, spreading the link to potentially hundreds or thousands of victims in minutes.

  7. Anand
    September 8, 2011

    Cybrthreats are not as much harmful as is the lost productivity.

    @_hm, I am not sure if you can draw conclusion like that. I recently read couple of reports which suggested employees taking small breaks (to surf internet) helps improve their productivity. So its not yet clear if socian netwok sites indeed reduces productivity.

     

  8. Anand
    September 8, 2011

    But if employees' casual use of Facebook is inviting security breaches, will companies increasingly ban social networking during work hours?

    @Barbara, I think companies should ban social networking during work hours because it might lead to secuirty breach. But what if the employee unknowingly shares sensitive data on Social networking site during non-working hours ? Then should the companies ban the employees from having social networking account itself ?

  9. FLYINGSCOT
    September 8, 2011

    Social networking is here to stay.  It provides another door into a company's IT infrastructure, much like email or internet did, and as such it must be managed.  Blocking it or banning use is a fruitless exercise.  Secure systems and employee education are key as I do not beleive it can be “policed” effectively without employee support.  I personally do not know if social networking has adversely affected our company through malicious attacks ( I expect it has) but I do know people sometimes spend too much time on personal activities as opposed to work activities.  This needs addressed by proper management of projects and staff motivation etc.  I am not an advocate for banning new techology.

  10. mfbertozzi
    September 8, 2011

    That's the point, Flyngscot. It is important to think of in terms of right trade off. All tools, generally speaking, bring positive and negative; it depends on users' usage and maybe it is a matter of education that could improve or correct personal attitude of people. Anyway topic is very up-to-date and in a such way it is also one of the key factor in the dispute between US presidential candidates.

  11. jbond
    September 8, 2011

    I have to agree with previous comments that social networking isn't going anywhere and is here to stay. In fact it seems like every few months some new form of social media appears. I don't think cyber threats through social media are as common place as the report makes them out to be, yet. Ultimately if companies choose to use social media they need to restrict the access to applicable employees.

  12. mfbertozzi
    September 8, 2011

    Exactly Jbond, approach your are describing is a possibility, but this one or any other approach has to consider rules in the matter of privacy. Clear rules about, are not definitely consolidated and strong changes are present from country to country. In addition, for instance, I was wondering for an international corporation holding several sites or branch offices across the globe, what should be right implementation.

  13. jbond
    September 8, 2011

    @mfbertozzi, you do bring up a good point about international settings. Though I do know the company my husband works for is a large international company with locations throughout the globe and they have a pretty strict policy. Many people have limited access to only a few sites. To get free access to search the web you have to get approval and show business relevance. Even then certain sites are restricted, and social media sites are some of them. This is a global IT security policy, so it doesn't matter if you're in the U.S. or over in Asia, the policy is the same.

  14. prabhakar_deosthali
    September 8, 2011

    The biggest problem with all the social networking sites is that they allow a person to become a member of that site without revealing his/her identity. The only verification is done of the valid email address. but to create your email address also you don't need to validate your true identity. So it is all virtual world where a person may not know whether the person he is having a daily chat with is really a man or a woman ,  a young girl or an old lady.

     

    With sucha virtual world out there  how can any  real world company think of using it for the real business purpose and then get its hands burnt. and then cry foul about it?

     

  15. Ariella
    September 8, 2011

    @jbond, that seems to be standard policy in financial firms. The default settings for all users blocks Facebook and LinkedIn, as well as certain other sites flagged for various reasons.

  16. dfatlz
    September 8, 2011

    As usual technology created this problem by being rolled out to the masses before adequate security safeguards and protocols were established. Even today after many companies are starting to feel real the impact from such threats there is no foolproof solution yet. The technology companies that create social networking sites have an obligation to solve his problem in partnership with their corporate clients.

    Furthermore government regulators here and abroad have a fiducial responsibility to audit such networking sites and probe for weaknesses in security protocols. This is much the same as the oversight the US govt is required to provide to banks concerning mortgage backed securities and to pharmaceutical/biotech companies prior to granting FDA approval.

    The difference is not everyone purchases securities or uses every drug available however the use of social media is already nearly ubiqitous and could threaten to grind the global economy to a halt if a major attack occurs. Already the US has lost many thousands of jobs due to IP theft. I work in high tech and have seen first hand the impact on companies large and small who already face many challenges due to the US patent system and global competition from low cost foreign copy cats.

    David Fatlowitz, MBA

  17. Adeniji Kayode
    September 8, 2011

    @Flyingscot, You actually made good points on that and i agree with you.-Should working in a company mar your relationship or communication with other people but then I advocate for proper monitoring instead.

  18. Nemos
    September 8, 2011

    “Many businesses figured this out some time ago and now block employee access to social networking sites.”

    This is the easy way and this way of solving problems love to use the I.T department of its company that facing this kind of problems. The solution is very obvious and simple ,  inform and train how to use media and what to avoid while using social media. Furthermore,, there are many new anti-virus  packages that have included the anti virus for the social media.

  19. Anand
    September 8, 2011

    “Many businesses figured this out some time ago and now block employee access to social networking sites”

    @Nemos, I agree with you that this is the most easiest way of solving this problem, but i dont think this is foolproof solution. I have seen inspite of social network sites being blocked many people use proxy to connect to those sites. So i dont think this solution is a viable option.

  20. elctrnx_lyf
    September 9, 2011

    it is tough for companies to say the social networks are banned when the organizations themselves using social networks in a big to keep in touch with customers. The best way to take care of this to train the employees to be responsible and also have up to date security systems in place.

  21. itguyphil
    September 9, 2011

    Nemos,

    More than technology, it is more about education. Users must be empowered to know what to do & what NOT to do online. If you simply try to implement technology to sove a problem, users will still find ways to 'accidentally' subvert those methods and cause the same type of problem, just in another unanticipated way.

  22. Wale Bakare
    September 10, 2011

    So it is all virtual world where a person may not know whether the person he is having a daily chat with is really a man or a woman ,  a young girl or an old lady .

    As we are all becoming enamour to the tricks of virtualization, trusted and srict identification policy should be employed to curb cyberthreats, as rightly pinpointed @jbond.

  23. t.alex
    September 11, 2011

    Right, trying to block access is not the right way. Years back, when the only mean to access internet was through the company network, blocking might be working. Nowadays, with 3G network, everyone can have access via their mobile phones. It is important users know what the risks are when they do so.

  24. hwong
    September 13, 2011

    @pocharle 

    Great point. I believe that if there is anything that people can avoid being scammed or attacked, that is to be educated. For example, if people learn not to click on some of the dubious links like ” you've just won 500,000 dollars”, then they will reduce the chances of being cyberattacked

  25. alawson
    September 14, 2011

    First of all, great article Barb. There is no doubt that the risk of Cyber attack and data loss is the main reason companies block social sites for their workers. I find this fascinating not because I think its the wrong thing to do–to be honest, I have mixed feelings about the issue. I find it fascinating instead because this risk has always been among us. Access to Web, email, etc. has always given employees the opportunity to put the company at risk. Phishing sites, virus emails, trojan programs and the like have been with us for some time and we combat this threat through education of our employees and smart protection through firewalls and the like.

    My point is that the threat is not new, its just differently branded and driven by a shift in desire by connected people to stay connected throughout the day.  Call it evolution. As the technology improves to meet the need, so must the protection software, policies, and education.

    Education is key. We tell children not to take candy from strangers. The same messages apply here.

     

  26. hwong
    September 14, 2011

    @alawson

    Companies block social sites for their workers not just due to data loss/ cyber attack  but also because it may cause workplace inefficiencies. If people are going to spend the time on facebook or tweeter, then that means they will have less time to do productive work. In addition, if they visit inappropriate sites, that will make other coworkers uncomfortable.

  27. alawson
    September 14, 2011

    @hwong — Isn't worker productivity an issue beyond Social Media? If my workers are spending their time doing anything that affects productivity negatively, that's a different issue altogether, and one that is covered by education, policies, rules, and consequences–so why not this?

    I'm not disagreeing that it is an issue, but I think Social gets a bum rap when it comes to 'productivity' when in essence, it isn't because I have allowed SM in the workplace, but because I have an employee who needs corrective discussion.  

    Major companies not just allow, but embrace social in the workplace and treat it as they would any other communication medium. In the end, it comes down to how much you trust your employees to make good decisions.

  28. Barbara Jorgensen
    September 15, 2011

    Andy–excellent point. In fact, HP's H12011 threat assessment reports that there is a drop in new vulnerabilities but a rise in attacks. In other words, the existing gaps in security are  just being breached more. I think the point about educating the workforce on the various types of scams that are out there is key. They are very subtle but very dangerous.

    Thanks as always for your perspective.

  29. itguyphil
    September 15, 2011

    Barbara,

    That is always the key. I look at it this way: You can have the most expensive & sophisticated security system in place in your house, but if you just run & open the door for a robber, it will do very little to help. Much like online exploits in the 'real' world of today.

  30. electronics862
    September 29, 2011

    Attackers are notorious for going where people are — and people are on their phone, using apps around Facebook, Twitter sites..so social networking is the place where cyberthreats are more..

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.