Lessons to take from recent attacks on Facebook and Twitter
Recent attacks on social media sites, Facebook and Twitter, have revealed why security is becoming a problem in a society and economy that increasingly stores personal and business data online.
Today, businesses rely on workers to use technology to carry out their job responsibilities, and trust that their workers will protect company sensitive data. While they may not intentionally disclose information to unauthorised parties, cyber-criminals have developed ways to entrap workers so that a mere click of a mouse can put the company in jeopardy.
For example, Facebook recently endured what was described to be, a “sophisticated attack”, where malware was uploaded onto the computers of several Facebook employees when they visited a mobile developer site that was compromised. Reports suggest that the same group of hackers targeted leading computing technology company, Apple, earlier this week in an attempt to acquire corporate secrets.
In January, Twitter was also the victim of cyber espionage, resulting in the theft of 250,000 usernames, passwords and email addresses. The attack left to question what the future may hold for compromised Twitter account holders though no damage is yet present.
In light of this, businesses need to consider the impact data leakage can have. Proprietary Information (PI) (such as internal corporate data and contact lists) or Personally Identifiable Information (PII) (such as credit card details) stolen in such circumstances can later be used by an attacker for reconnaissance purposes.
For the owner of the information, other than being bothered by telemarketers for instance, impacts can be as serious as identity theft or harassment such as cyber stalking and cyber bullying.
Privacy breaches of this nature, though not directly the fault of the company, can also result in them paying fines, penalties and costs to repair the damage. In the long-term, companies may lose customer confidence which may lead to the very loss of customers and revenue.
The main attack vector for cyber-criminals today is social media. With a growing number of businesses using social media to promote their products and services and connect with their customers, cyber-criminals have found the perfect entry point into a business’ network.
Unfortunately, since social media sites are served as web pages, it makes them vulnerable to any type of web application attack.
Two distinct ways an attacker can strike a business is by using social media as a vehicle for malware or by attacking social media itself. In the former, links are distributed under false pretences, compelling an employee to click on it without realising the danger that lies behind the link.
To avoid such circumstances, businesses can protect themselves with standard anti-malware tools such as anti-virus or other end-point protection methods. However, this may not always be successful, especially since security products can be exploited; and new and more sophisticated bugs are being created everyday.
The latter is more difficult to protect because businesses do not own or control the systems involved in managing social media sites like Facebook and Twitter.
With spam, social engineering and malware attacks on the rise, businesses would benefit from hiring computer security consultants who can help devise a long-term plan to protect company data.
At a very basic level, businesses need to perform a thorough risk assessment that will help identity the risks involved with using digital technologies, the probability of threats occurring, impact on the business should the threat occur and how best to repair the damages.
There are also security awareness training programs like the Symantec Security Awareness Program that aims teach employees to practice proactive, security-conscious behaviour.