Over the past few years the consumerisation of IT has become just one more thing for the IT department to ‘manage’. The birth of social media and growth of sites such as Twitter and Facebook have seen the use of these channels seep into the working day – and on to business technology devices. Belonging to a social network has become almost as prevalent as having an email address. Indeed, many organisations see the value of social networking, and are increasingly using sites as part of their HR and marketing initiatives, as well as for customer service, and product research and development. Yet, while the business benefits of social networks have been discussed at length, a potentially more damaging impact of social networking – the danger it poses to data security and indentify theft – has been at worst ignored and at best unchecked. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe The Web Hacking Incidents Database 2009 Bi-Annual Report showed an increase of 30 per cent in web attacks compared to the first half of 2008. Social networking sites accounted for 19 per cent of hacking attacks, making it the most targeted vertical. These figures vividly illustrate the threat to organisations from their employees’ use of social networks. With users accessing personal networks at work and business networks at home, the line between the two worlds is becoming increasingly blurred. A user’s password for their Facebook account is more likely than ever to be the same as the one they access their business network with. Worryingly for businesses, it has never been as easy for hackers to access corporate information. Today, they have access to much easier and lower-tech tools with which they can crack passwords, steal user identities and compromise personal web accounts and organisations’ networks. Growing threats such as password guessing, social engineering, Denial of Service attacks, SQL injections and brute forcing passwords – along with malware and phishing – are making it harder for IT departments to protect their organisation’s users, network and data. To demonstrate how easy that is, just Google “brute force passwords” and within the first five results you can watch a password-cracking YouTube tutorial. The Twitter hack in July 2009 is still one of the best examples of how easy it can be for hackers. In this case the hacker – without using any technology – guessed the password to a user’s Yahoo! account. Once in, they found Twitter’s company information in the person’s email account and used it to hack Twitter, stealing highly confidential company documents – including the CEO’s credit card details and staff PayPal logins – that were stored in GoogleApps. Social engineering is also on the increase and it too dodges past security measures such as blanket-bans to exploit the human factor. The situation below shows how a social engineering attack could unfold: Using false Twitter and LinkedIn profiles, and posing as a member of the IT department, a hacker lures an employee to be their ‘friend’Using information found on their new ‘friend’s’ profile, the hacker goes about gathering potentially useful informationWithin this new ‘friend’ group, the hacker identifies potential target employees – a new member of staff, for example The hacker then targets employees whose email addresses they have acquired, enabling the hacker to carry out a number of attacks, such as phishing From there the hacker compromises the target further and starts to profile additional attack streams such as webmail, SSL/VPN and online CRM This scenario is not outlandish, as many of us will know people who accept people as ‘friends’ and ‘contacts’ that they have no real knowledge of. So, how can businesses tackle these myriad threats? While it would be easy for businesses to ban social networking, these sites are just a few of the many applications businesses use that utilise Web 2.0, so a blanket ban would not combat the risks presented by these sites. Instead, organisations should face-up to the variety of threats social media poses by introducing policies and defences to manage this risk and prevent hacks. In addition to adopting new generation anti-virus and malware applications and producing ‘best-use’ guidance for employees on social networking in the workplace, organisations should look to combat the root cause of these threats: the password. As demonstrated, many businesses are only as secure as a single password. The way to best mitigate the threats outlined above is to introduce more robust security measures, with one of the most effective being two-factor authentication (2FA). By replacing vulnerable static passwords with a PIN and One-Time-Password generating token, organisations can take away the hackers’ opportunity to gain access to their networks and data. When used as part of a robust security policy, 2FA allows organisations to use 21st century security measures to see off 21st century threats. Pic: Webtreatscc2.0 Related content opinion The changing face of cybersecurity threats in 2023 Cybersecurity has always been a cat-and-mouse game, but the mice keep getting bigger and are becoming increasingly harder to hunt. By Dipti Parmar Sep 29, 2023 8 mins Cybercrime Security brandpost Should finance organizations bank on Generative AI? Finance and banking organizations are looking at generative AI to support employees and customers across a range of text and numerically-based use cases. By Jay Limbasiya, Global AI, Analytics, & Data Management Business Development, Unstructured Data Solutions, Dell Technologies Sep 29, 2023 5 mins Artificial Intelligence brandpost Embrace the Generative AI revolution: a guide to integrating Generative AI into your operations The CTO of SAP shares his experiences and learnings to provide actionable insights on navigating the GenAI revolution. By Juergen Mueller Sep 29, 2023 4 mins Artificial Intelligence feature 10 most in-demand generative AI skills Gen AI is booming, and companies are scrambling to fill skills gaps by hiring freelancers to make the most of the technology. These are the 10 most sought-after generative AI skills on the market right now. By Sarah K. White Sep 29, 2023 8 mins Hiring Generative AI IT Skills Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe