Today we got one of several surveys designed to strike fear into the hearts of corporate IT managers, noting that socially oriented Web 2.0 sites are now a premier target for hackers. The report, from The Secure Enterprise 2.0 Forum, says sites such as blogs, wikis and social media sites were hacked in 21 percent of the cases reported in the first quarter.
The study, which noted that Web 2.0 is a new category, detailed the hijacking of the MacRumors Twitter account to falsely trumpet that Steve Jobs had died, as well as several celebrity email and twitter account hacks. It’s scary stuff, but while social media may be a growing target for hackers, the biggest danger to a company still comes from the damage a few stupid employees can create while using the sites.
For example, the two 30-something Domino’s employees who made a video “prank” showing them stuffing cheese up their nose likely had a farther-reaching impact than a hacked Twitter account promoting misinformation that can later be proved false. Or what about the Comcast employee, who in 2006 showed up on YouTube after falling asleep on a customer’s couch while on hold for tech support? Or, in my personal experience, the snarky comment of a Time Warner Cable PR executive on Twitter that Time Warner Cable had to back away from.
So while malware, spreading disinformation, and even phishing are huge issues, the most detrimental of these are less common. The survey doesn’t break out the types of incidents within each category, but I imagine phishing happens more often in the 5 percent of hacks targeting financial sites, while disinformation and information leakage are the top hacks associated with social media. That means that instead of hackers, employers should still worry more about their employees showing up on YouTube or blasting a client (or its home city) on Twitter.
Major Categories of Attacks in Q1 2009