Security Corner

Jan 23 2010   4:51PM GMT

Web 2.0 Security: Corporate Espionage



Posted by: Ken Harthun
Tags:
Corporate espionage
security awareness
Security policy
Security practice
User education
Web 2.0 Security

Do you block access to social networks from the office? Think this means you’re safe? Think again. You’re still susceptible to corporate espionage through your employees’ social network profiles. The Dark Reading article, “The Seven Deadliest Social Networking Hacks,” tells why:

To pull off a spear phishing attack, for example, all an attacker has to do is search for Company A’s employees on a social networking site and then pose as someone within the organization — such as the head of human resources — and email the employee addresses he finds, for example. A phony HR spear phish could look something like this, Sophos’s Cluley says: “Dear Fred Jones, Congratulations on joining XYZ Company. Click on this link to access our HR Intranet and then log in with your regular network username and password so we can update our files.”

A newbie to the company could easily fall for the ploy and hand over access to the corporate network, he says.

How can you prevent such a thing? It’s difficult at best; probably close to impossible because you have to educate your employees to never post your company name in personal profiles. It only takes one scrap of information to cause problems and the bad guys aren’t far away:

…the “six degrees of separation” rule applies on most social networks: You’re only a few hops away from a bad guy. “We know that there are bad people on these networks using them to steal information,” Cluley says. “You may be only a half a dozen hops from an identity thief if we’re all connected.”

The solution to having good security is, always has been, and always will be increasing the security awareness of everyone in the company from the janitor to the CEO. It requires a continuous educational process to instill a security mindset into people; it requires eternal vigilance on the part of those responsible for managing security. It’s not easy. When it comes right down to it, security uber-expert Bruce Schneier sums it up best:

“The user’s going to pick dancing pigs over security every time.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: