16 Comments

Summary:

Today we got one of several surveys designed to strike fear into the hearts of corporate IT managers, noting that socially oriented Web 2.0 sites are now a premier target for hackers. The report, from The Secure Enterprise 2.0 Forum, says sites such as blogs, wikis […]

Today we got one of several surveys designed to strike fear into the hearts of corporate IT managers, noting that socially oriented Web 2.0 sites are now a premier target for hackers. The report, from The Secure Enterprise 2.0 Forum, says sites such as blogs, wikis and social media sites were hacked in 21 percent of the cases reported in the first quarter.

The study, which noted that Web 2.0 is a new category, detailed the hijacking of the MacRumors Twitter account to falsely trumpet that Steve Jobs had died, as well as several celebrity email and twitter account hacks. It’s scary stuff, but while social media may be a growing target for hackers, the biggest danger to a company still comes from the damage a few stupid employees can create while using the sites.

For example, the two 30-something Domino’s employees who made a video “prank” showing them stuffing cheese up their nose likely had a farther-reaching impact than a hacked Twitter account promoting misinformation that can later be proved false. Or what about the Comcast employee, who in 2006 showed up on YouTube after falling asleep on a customer’s couch while on hold for tech support? Or, in my personal experience, the snarky comment of a Time Warner Cable PR executive on Twitter that Time Warner Cable had to back away from.

So while malware, spreading disinformation, and even phishing are huge issues, the most detrimental of these are less common. The survey doesn’t break out the types of incidents within each category, but I imagine phishing happens more often in the 5 percent of hacks targeting financial sites, while disinformation and information leakage are the top hacks associated with social media. That means that instead of hackers, employers should still worry more about their employees showing up on YouTube or blasting a client (or its home city) on Twitter.

Major Categories of Attacks in Q1 2009

hackers

You’re subscribed! If you like, you can update your settings

  1. benjaminwright Tuesday, May 5, 2009

    A job is a precious thing. If abused, it can go away because the employment no longer makes economic sense. Many businesses are therefore justified in “protecting” employees from risks and temptations by blocking web 2.0 sites. http://computersafety.wordpress.com/2009/03/15/facebook-in-security/ –Ben

  2. adamjackson Tuesday, May 5, 2009

    Makes total sense. I’ve personally seen situations where a hack is resolved and maybe the CEO has to make a statement how the company is beefing up security on their systems but most of the situations involve an employee who tweeted or blogged something that, to them, seemed trivial and day to day stuff.

    Soon, that blog post cost the company millions of dollars.

  3. RODNEY OLIVER Tuesday, May 5, 2009

    Interesting comment:
    “…while social media may be a growing target for hackers, the biggest danger to a company still comes from the damage a few stupid employees can create while using the sites.”

  4. Jason Lackey Tuesday, May 5, 2009

    Rodnet – I think you nailed it. The big threat is not robotic DDOS attacks launched from the secret hacker headquarters in Bulgaria, the big threat is the clueless exec who uses his wife’s birthday or name as his password or the luckless soul who leaves roadmap.ppt or salaries.xls on a microSD card in a phone left in a taxi in Manhattan. If I put on brown overalls and got a rolling trashcan I could probably get into just about any company here in Silicon Valley and go up and down the rows in cubeland filling said trashcan with laptops, thumb drives and other stuff and nobody would say a word. Sometimes security seems like worrying about dying of some rare and exotic form of cancer when the house is on fire and a pissed off crackhead with an Uzi and a bloody machete is wanting my wallet. Cover the basics first, then worry about the corner cases.

  5. Communities and Collaboration » Bookmarks for May 3rd through May 6th Wednesday, May 6, 2009

    [...] Biggest Danger on Social Networks Isn – Biggest danger on social networks isn’t hackers, it’s dumb employees http://is.gd/x0ox [...]

  6. Yup, employees divulging info in Web 2.0 sites isn’t unheard of.

  7. Internet Marketing, Strategy & Technology Links – May 7, 2009 « Sazbean Thursday, May 7, 2009

    [...] Biggest Danger on Social Networks Isn’t Hackers, It’s Dumb Employees (GigaOM) [...]

  8. The bigger question is, what should employers do about it? Social media is here to stay, and more and more people are destined to get involved in it. The only solutions hinted upon here involve blocking access….
    As a communications professional, I think employers would do well not to prohibit participation in social media by their employees. That’s just asking for trouble. Sure, go ahead and block Twitter and Facebook from employees’ computers…for all the good that will do you. It might help with that pesky “productivity loss” statistic, but unless you can control what employees do on their *own* time with their own computers and mobile devices, all you’ll do is make them more determined to have a voice. (Employees don’t take kindly to “big brother” employer techniques, and the forbidden fruit always tastes the sweetest, anyway.)
    My recommendation is make your policies clear about who can officially speak for the company and who cannot, and about what kind of information is shareable and what is proprietary. Educate workers in how to participate responsibly in social media, whether or not they intend to talk about their work. And by all means, ensure they know the consequences of failing to follow guidelines.
    One final note to employers: If your employees love coming to work, are fully aligned with and informed about the company’s goals, and engaged in the company’s culture and mission, I’d warrant the risk of harm from their forays into social media is very slim. In fact, those employees are your greatest advocates. So when your external image or brand takes a hit from a disgruntled or misinformed worker, look to thineself first–You’re not doing your job as an employer, and you have an even bigger* internal* communications problem.

  9. I think there is a very thin line between what should be an external communication and what should be internal. The best idea is to provide complete information about Company’s communication policies.

    Working at Adobe helped me learn about this in a significant way as the management helps their teams to learn the effective way of communication to the outside world where they are involved.

    Stopping the use of facebook etc will not help much considering the way we work today, it should be more sorted out at training rather than blocking employees visiting these websites.

    -Vipul

  10. Manish Pahuja Thursday, May 21, 2009

    Social media can become another platform for disgruntled employees to spread rumors about the company they work for.

    But I feel ultimately such employees do no good to their reputations as well. Who will like to trust such a guy with a job in his company? As is the norm, every good thing has a bad side to it as well and thankfully the weeds get driven out pretty quickly…

    Manish

Comments have been disabled for this post