Facebook security and privacy pitfalls
by Mirko Zorz - Wednesday, 12 March 2014.
Should the CISO be concerned about what type of information employees are posting on Facebook?

Every CISO should be concerned about the types of information employees are sharing on Facebook and other social networks as well. Facebook, in particular, offers a really open environment where people’s private life and jobs interfere on a regular basis. As soon as a Facebook user fills in his personal information regarding his employer, he is no longer just sharing his personal details, but also corporate information. The ability to search through people’s friend lists and timelines, the wide variety of open profiles and the fast propagation of pictures and messages are all vulnerabilities that the CISO should consider.

The CISO is not only technically supervising the company’s security, but also has to put in place a strategy to maintain the corporation’s vision while protecting the technology. The CISO should keep in mind that Facebook is a fruitful environment for cyber-crime business and this could directly affect his work. Imagine how bad a targeted attack could affect the entire company after an employee falls for a social engineer, for example.

The role of a CISO is continuously evolving, so he should always keep up with the trends as his employees do. Maybe in a few years he will be concerned about appropriate standards and controls of micro-blogging platforms focusing on viral videos or of online newspapers created by employees themselves.

What threats do you expect to seriously evolve in the next five years, and what should users be on the lookout for?

I have been carrying out research on social network security for a couple of years and I’m astonished to discover that users continue to fall for the same types of scams and vulnerabilities despite the mitigation of the media, security companies and experts. However, I expect a wider number of cyber-criminals to create fake profiles for targeted attacks as focusing on a smaller and weaker prey could eventually bring them more money.

Users should be on the lookout for scams promising new promotions, vouchers and freebies, including new tech apparitions. They should also keep an eye on messages promising morbid details and videos of celebrities that have passed away. Facebook ads are also a dangerous environment that will probably be exploited heavily in the next five years too.

Spotlight

Email scammers stole $215M from businesses in 14 months

Posted on 29 January 2015.  |  In 14 months there have been nearly 1200 US and a little over 900 non-US victims of BEC scams, and the total money loss reached nearly $215 million.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Jan 30th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //