Web 2.0 sites are concentrating too much on growing their market share at the expense of properly defending their existing users from Internet threats.
This is according to the Sophos Security Threat Report 2010, which explores current and emerging computer security trends. It says the focus has shifted from traditional cyber attacks to the use of social networks as an attack vector, including the likes of Facebook, MySpace and Twitter.
The company reveals 57% of users say they have been spammed on social networking sites, a rise of 70.6% from last year, while 36% report they have been sent malware via social networking sites, a rise of 69.8% from 2009.
"Computer users are spending more time on social networks, sharing sensitive and valuable personal information, and hackers have figured out where money is to be made," says Brett Myroff, CEO of Sophos SA.
"The dramatic rise in attacks in the last year tells us that social networks and their millions of users have to do more to protect themselves from organised cyber crime, or risk falling prey to identity theft schemes, scams, and malware attacks."
Linked to danger
According to Sophos, while LinkedIn is considered to be by far the least threatening of the networks, it stresses it can still provide a sizeable pool of information for hackers. "Sites like LinkedIn provide hackers with what is effectively a corporate directory, listing your staff's names and positions. This makes it child's play to reverse-engineer the e-mail addresses of potential victims."
Myroff adds another example, citing how Facebook reduced its role in providing a secure system, when it rolled out its recommended privacy settings in late 2009. He says it was “a step backwards, encouraging many users to share their information with everybody on the Internet.”
Social security
The security company surveyed over 500 organisations to compile its report, with 72% citing concerns that employee behaviour on social networking sites could expose their business to danger.
Survey respondents ranked which social network they believed posed the biggest security risk, with 60% naming Facebook as the top attack vector. MySpace took second place with 18%, Twitter with 17%, and finally LinkedIn, with 4%.
The report also states that 49% of companies allow staff unfettered access to Facebook, a notable 13% rise on a year ago. "The irony is that just as companies are loosening their attitude to staff activity on social networks, the threat of malware, spam, phishing and identity theft on Facebook is increasing," Myroff says.
"However, social networks can be an essential part of the business mix today, and the answer is not to bar staff from participating in them, but to apply some 'social security' instead."
Share
