In Depth
Companies Seek Social Networking's promise, Find Peril Instead
Seventh Annual Global Information Security Survey: Social networking sites such as Twitter, Facebook and LinkedIn enhance collaboration but also make it easier than ever for your employees to share customer data and company secrets with outsiders (First of a four-part series).
By Bill Brenner, Senior Editor
October 26, 2009 — CSO —
READ THE FULL SERIES:
Part 1: Companies Seek Social Networking's promise, Find Peril Instead
Part 2: The Curse of Cloud Security
Part 3: IT Security Outsourcing in Decline; Companies Do More In-house
Part 4: Survey Says More Companies Hiring CSOs, Holding Steady on Spending
Social networking sites such as Twitter, Facebook and LinkedIn enhance collaboration and help your company connect with customers, but they also make it easier than ever for your employees to share customer data and company secrets with outsiders.
See also: Slapped in the Facebook: Social Networking Dangers exposed
That's one of the big takeaways from the seventh-annual Global Information Security survey, which CSO and CIO magazines conducted with PricewaterhouseCoopers earlier this year. Some 7,200 business and technology executives worldwide responded from a variety of industries, including government, health care, financial services and retail.
A hazardous way of life
In less than two years, social networking has gone from an abstract curiosity to a way of life for many people. When someone updates their status on Twitter, Facebook or LinkedIn, they might do it at work by day or on company-owned laptops from home at night.
What gives IT executives heartburn is the ease with which users could share customer data or sensitive company activities while they're telling you what they're having for lunch. Cyberoutlaws know this and use social networks to launch phishing scams. In one popular attack, they send their victims messages that appear to be coming from a Facebook friend. The "friend" may send along a URL they insist you check out. It may be pitched as a news story about Michael Jackson's death or a list of stock tips. In reality, the link takes the victim to a shady website that automatically drops malware onto the computer. The malware goes off in search of any valuable data stored on the computer or wider company network, be it customer credit card numbers or the secret recipe for a new cancer-fighting drug.
It's no surprise, then, that every IT leader surveyed admitted they fear social-engineering-based attacks. Forty-five percent specifically fear the phishing attacks against Web 2.0 applications.
Nevertheless, for many company executives, blocking social networking is out of the question because of its potential business benefits. Companies now clamor to get their messages out through these sites, so the challenge for CSOs is to find the right balance between security and usability.
"People are still incredibly naïve about how much they should share with others, and we have to do a better job educating them about what is and isn't appropriate to share," says H. Frank Cervone, vice chancellor of information services with Purdue University Calumet. "We have to do a better job of enhancing our understanding of what internal organization information should not be shared."
social networking
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
