Social networking sites are a threat to online security, and Facebookis the worst offender, a report from Sophos states.
The number of businesses hit by malware and spam attacks throughsocial networks rose by 70 percent in 2009, the report found.More than 72 percent of businesses believe employees’ behavior onsocial networking sites could endanger security.
The issue of social networks is rife with contradictions — althoughsocial networking sites help malware authors spread their attacksrapidly, they have also been instrumental in spreading knowledge ofdisasters and political turmoil worldwide.
Facebook’s attitude is typical of the dichotomy plaguing the issue. Onthe one hand, it has tied up with McAfee to improve users’ security;on the other hand, company cofounder Mark Zuckerberg has recently stated that he thinks the desire for privacy online is fading.
The Sophos 2010 Threat Report
Over 2009, companies widely adopted social networking techniques such as blogsand social networks like Facebook and MySpace to connect withcustomers and spread the latest company news or product offerings tothe public, according to the Sophos report.
About 2 percent of all online clicks in 2009 through 4,000 Cisco Websecurity appliances were on social networking sites, Sophos found.Facebook alone accounted for the majority — 1.35 percent. “Thebusiness world would be foolish to ignore such a high level ofactivity and such a potentially lucrative resource,” the report reads.
However, that lucre comes at a cost: 61 percent of respondents to asurvey Sophos conducted in December 2009 believe that Facebook is theworst security threat of all the social networking sites. More than 72 percent ofthe respondents to Sophos’ survey believe that employees’ behavior onsocial networking sites could endanger the security of their business.
Social network logon credentials have become as valuable as emailaddresses because people are more likely to open a message when itappears to come from a friend, Sophos warned. People should be wary ofwhat information they post on social networking sites, Sophos said.
Creatures of Light and Darkness
Like just about everything else, social networking sites are a mix of badand good elements. Although they can constitute a threat to security, they alsoprovide valuable outlets for business to connect with their customers.Salesforce.com and Google both allow application developers usingtheir platforms to create Facebook apps, for example.
Further, social networks are often leveraged for the greater socialgood. Facebook and Twitter, for example, were instrumental in raisingawareness of the outcome of the Haiti earthquake and in efforts toraise funds for that disaster.
Twitter and Facebook were also instrumental in disseminating knowledgeof the Iranian election in May of 2009; the Iranian government clampeddown on some social networking sites prior to the election, sparking protests fromthe opposition.
On the other hand, many Facebook users have been scammed when theyresponded to fake emails from friends asking for financial help, a common grift used by Facebook hackers.
Facebook is itself torn by the contradictions. On the one hand, it’sworking hard to improve users’ security. “We work regularly withothers across the industry to identify and respond to potentialthreats to our users,” Facebook spokesperson Simon Axten pointed out.”We’re constantly working to improve our systems and processes.” Thatwork includes teaming up with McAfee to integrate a scan and repairtool into Facebook’s own security processes.
However, social networking sites are fighting an uphill battle.”Security is an arms race, and our teams are always working toidentify the next threat and build defenses for it,” Axten toldTechNewsWorld.
On the other hand, Facebook CEO Mark Zuckerberg stirred up a hornet’snest recently when he said, in effect, that the importance of onlineprivacy online is fading.
The contradictions around social networks in general, and Facebook inparticular, are perhaps best summed up by independent securityresearcher Gadi Evron in a post on Trend Micro’s Dark Reading blog:”Facebook, by its nature, is one of the worst security menaces evercreated,” he wrote. “But its security team is top-notch.”
Oh, Squishy Humans
Social networks have become so woven into the fabric of our lives that manybusinesses now face a distinct disadvantage if they turn a blind eye to them orforbid staff to access them. “Not only will your workerscircumvent your block and participate surreptitiously, but also yourcompetitors will sneak an advantage and get closer to your customers,”Graham Cluley, senior technology consultant at Sophos, toldTechNewsWorld.
His suggestion: Companies need to secure their users’ computers,educate their staff to use social networks more securely, and lobbythe social networking sites to implement better security.
“Implement a solution that scans every Web page and link that yourusers click on,” Cluley explained. “Run security awareness seminarsthat explain how different kinds of attacks work on social networks.”
However, technology can only provide a basic level of protection. “Theweak point isn’t the technology. It’s the squishy human sitting infront of the keyboard or the touchscreen,” Cluley said. “If attackerscan fool users into believing that they are the users’ Facebookfriends, many people will find themselves victims of social networkingattacks.”