QUESTION
The report is expected to be around 2000 words– please include a word count, but words from any quotations, paraphrasing, or bibliography should not be included in this word count. There is also an upper limit of 2500 words. Note that this report is sufficiently brief, that it is not necessary to include an executive summary or table of contents, but it is reasonable to include headings throughout the report.
Information security project on the topic “Social networking”
Please when working on this topic keep the following information in your mind. If the material went out of the following topic it would be useless. Thank you
Social networking has become much more mainstream in recent times, with moves by many organisations to engage with this media in one form or another to facilitate aspects of their business. As an example, the Australian Government has had a Gov2.0 taskforce looking at issues around the use of these technologies in government. Discuss the information security issues that may be associated with the adoption of social networking technologies by the organisation itself. What aspects of information security and/or incident response policy will likely have to change to address these threats? You should also think about the strategies that organisations might adopt to reduce the risks that the use of these technologies might pose. Note that this topic is not about the personal use of social networking by individuals within the organisation.
SOLUTION
1. Introduction
Globalization and Digital Technology has walked hand in hand over the last few decades. It has flattened the world in more ways than we could have ever imagined and this has been aptly described in Thomas Friedman’s book, the world is flat (2005). One of the greatest innovations in the rise of digital age and Web 2.0 is the advent of Social Networking.
Social Networking is one of the most commonly used term in our daily lives today so much, that a movie on the same name was launched last year featuring the rise of Facebook, the widely and the most commonly used platform in the world. Social networking is an umbrella term which refers to online social interaction amongst interest groups through platforms like Facebook, Twitter, YouTube, MySpace, Orkut, Blogs, etc. As the reach of the Social Networking has grown leaps and bounds over the last decade, marketers and enterprises have taken advantage of utilizing these platforms innovatively to reach out to masses at a fraction of a cost. Online marketing and branding is one of the least expensive mediums available today as compared to print and television (Engeseth, 2009).
Today Facebook is a household name and it has connected more than 1 billion people online globally. As per the latest data available from Facebook (2012), for recent IPO launch, they claimed to have 845 million active online users on a monthly basis, http://newsroom.fb.com/content/default.aspx?NewsAreaId=22 with more than half of them about 483 million logging in daily. This makes Facebook one of the most powerful tools to make products visible online to the maximum possible audience and enterprises. Twitter and Youtube along with Facebook have generated combined hits more than the next 10 websites put together.
But this often gives rise to the general question of whether Social Networking is a boon or a bane? Unfortunately various social networking sites have recently been cited as one of the most important online threats especially for information security.According to a report published in Channel Insider (2011), Twitter Facebook and You-Tube are the three biggest web-based social media which pose threats especially to business.
Not only organizations need to acknowledge the existing threats, but also need to develop a frame work to address it so that in times of disasters, there is a ready-made mechanism to be put in place. Australian Government’s initiative of creating Gov2.0 taskforce is a good example which looks into issues related to information security associated with the adoption of social networking technologies and how to counter it.
2. Major Security Issues
The impact of Social networking on enterprises can be gauged from the fact that Facebook profiles have been integrated into the CRM offering for Salesforce, Lotus Notes has Linkedin as a plugin and various dashboards have integrated twitter so that a single click can forward the latest updates to thousands of followers. This has not only given the enterprises an edge in reaching consumers but can at times backfire when malware and worms infect the organizational systems and choke networks through these social networking sites.
In a survey report conducted by Sophos in 2009, the findings suggest that firms using social networks have seen an increase in spams and malware attacks by 70%. The report also cites that the number of businesses which were targets for various attacks increased sharply from 33.4% to 57% over the entire year which clearly leads to the conclusion that captive users especially enterprises are emerging as a clear target for malware and other threats.
In another Websense Threat Report of 2010, it states that as much as 60% of the social networking sites are vulnerable to online security threats which can lead to a variety of issues from identity thefts to divulging personal information and hacking into enterprise data. The main motive for the hackers to target social networking sites is because these social networking sites are inherently rich in user information and personal data and multiple vulnerabilities; simply put, the opportunities and rewards are too great for the hackers to desist from hacking social networking sites which indirectly puts the enterprises at risk.
As the internet technologies and the landscape is evolving, so are the online security threats. More and more threats are seen every day which is using a different modus operandi leading to security breaches.
2.1 Phishing
Phishing has moved from traditional web medium to social networking sites where it mimics a big brand and directs users to a phony website compromising user privacy. One example was a request from Facebook via email to provide the authentication details and to make it look more legitimate, it was posted in Facebook as well. Various worms and malware have directed users to malicious sites in the guise of directing users to valid merchant or enterprise websites in the Facebook. The WebSense Report also highlights that tricksters are enticing innocent users in Facebook and Twitter to give up their personal information by luring them the gifts of iphones or other big brand products.
2.2 Blogging
Another innovative social medium is are blogs like WordPress which allows users and brands to connect but are not effectively designed to counter large scale security threats. There was massive injection attack in 2011 wherein 250,000 injections occurred. Many of these blogs which contain information for enterprises or are enterprise blogs unwittingly infect the user systems when the users visit these blogs.
2.3 Malware
Threat models are continually evolving and hackers are working hard to make the content more believable. Pages which can be loaded in Facebook via iFrame can be used for phishing attacks and these can be made to look exactly alike like that of an enterprise fan page in Facebook for example Blackberry or Toyota or SolBeer which have thousands of users following them. These pages can be directly targeted so that the infection or malware spreads more rapidly as was the case with various celebrities like Justin Timberlake and Lady Gaga, on whose wall, malicious links were uploaded which were clicked by millions of users unwittingly. The same can happen to any enterprise having a large fan following in the networking site.
Twitter only allows 140 characters to be types. This forces up-loaders to be innovative to shorten sentences and URLs. URL shortener used in Twitter to save character limit often hides malicious links and allow hackers to takes it advantage. Also it has other web 2.0 and API related vulnerabilities which allow hackers to advantage of and propagate worms as per the Channel Insider 2011 report.
3. Threat Response &Policy
The most important aspect which any organization today has to take care of is creating a policy and charter governing the usage and application of Social Media. This will clearly outline the do and donts of social networking, the purpose and scope so that all employees, marketing team and sales are familiar with the policy and the penalties to be imposed if the code of conduct is not adhered to. This is a multi-pronged approach and enterprises need to dedicate effort and money to reap the benefits of threat reduction in Social Media in the long run.
Enterprise is responsible for the protection of its content and prevention of security breaches from leaking sensitive information. Strong firewalls need to be in place. But since vast number of the sites today are categorised as social, it really becomes a challenge to filter the useful sites from non-useful ones. Old ways of URL filtering is not suitable anymore simply because of the fact that it might cost an enterprise a missed opportunity if the right platform is blocked. Anti-virus is also not entirely effective to block most of the threats in social networks since it scans the files for basic viral signatures which are missing in the URLs. This gives rise to three basic tenets of security protection which are User Acceptance Policy (UAP), malware detection & prevention, data security & protection.
3.1. User Acceptance Policy
In a study conducted by Jander (2009) shows that only 13% of the total of 400 odd enterprises survey use record management plan for social networking sites whereas another 53% respondents highlighted and that there are no existing policies in place, leaving another 33% unsure if their enterprises decide to have a plan in place. This clearly demonstrates the need to have a policy in place.
Since the content is the key and it changes on a real time basis, it is important not to block entire URLs are not suggested, but the related content which are not required. The policy should take into account the right to access the required sites and material so that the productivity is not hampered by stopping good traffic and bad traffic is selectively blocked to prevent threats.
This requires analysing content to a granular level on a real time basis. There are a lot of enterprise applications available now-a-days which takes care of the same. One such example is websense. This allows the users to visit URLs and browse sites but block specific objectionable content as per enterprise policy for example Facebook can be easily accessed but not specific applications within Facebook like Farmville. This leads to the most important fact that it is the enterprise and enterprise along which needs to fairly decide and determine what content is accessible to the users without compromising security or information leaks.
3.2. Malware Detection & Prevention
Real Time protection for enterprises is a must to prevent any malware from jeopardising the enterprise security. Most of the phishing and other malicious websites look real and legitimate, which ultimately trap unsuspecting users, leading to security breach and leak of confidential information. Browser vulnerabilities and antivirus definitions are now being bypassed to attack and steal user information. It is ultimately the responsibility of the enterprise to protect the data and other confidential information which otherwise has an adverse impact on trust, loyalty and brand value.
Bad search results on Google can lead an unsuspecting employee to access sites having corrupt codes. Similarly, any employee responsible for maintaining the consumer relationship online via the networking sites may unknowingly click on a bad link, which not only infects his system, but the same may get posted to the enterprise wall in Facebook accessed by thousands of loyal customers, infecting them in turns.
This requires enterprise to detect and analyse such malwares on a real time basis right from the range of the executable links to embedded codes rather than fire-fight once the hell breaks loose leading to serious reputation damage.
3.3. Data Security & Protection
Data loss can happen due to multiple factors, one common example is malware infection which is responsible mainly for stealing data codes. This has a big impact of organizations which are totally digitised and have all key processes running on applications from HR, Sales, Marketing, CRM, Production, Supply Chain, etc. It is imperative that the malware are blocked from accessing these applications which are web-based. This also includes social media interaction wherein a disgruntled employee may post sensitive information detrimental to the organization. Also information may be posted unwittingly which is a serious concern for all enterprises.
Hence for all out going traffic, the enterprise needs to monitor and screen what is being posted so that it any unwanted information is effectively blocked preventing data loss. This requires multilevel detections mechanisms to be in place along with granular level of content classification. It is in company’s best interests to take the data loss and protection seriously to prevent unexpected damages.
4. Conclusion
Social Media simply cannot be ignored by an enterprise today. Most of the sites which are popular are now the integral part of any enterprises’ marketing strategy for online segmentation, targeting and positioning of a product. To harness the full potential of such sites, enterprises need to take a head on approach to face all issues related to online threats. Online security threats are here to stay as it is the basic human trait to take challenges and break law which provides a sense of gratification to the hackers along with the sense of superiority complex and illegally gaining money in a short span.
The onus ultimately lies on the shoulder of individuals and enterprises alike to stop these threats by taking basic precautions and following a timely approach to neutralise threats. Enterprises need to have information security policies updated and circulated to all employees, having strong malware detection in place along with intelligent systems to detect posting of sensitive information online. The three steps of having an user acceptance policy, malware detection & prevention and data security & protection can vastly insulate enterprises from various online threats thereby improving information security and increasing customer loyalty keeping the trust factor intact. Various methodologies and processes like ISO27001, etc.provide detailed guidelines to IT organizations and departments regarding safeguarding data and avoid unforeseen threats in the world of IT.
To conclude, data gives rise to information which provides knowledge giving rise to wisdom – key for any enterprise to make informed decisions, providing it with a competitive advantage against its rivals. Hence data protection and information security goes hand in hand, otherwise it may spell disaster for an organization especially with the advent of social networking where unwanted detrimental information or malicious programs can be propagated with the click of a mouse causing irreparable damage.
5. References
Barnes, N. D. & Barnes, F. R. (2009), Equipping your organization for the social networking game, Information Management, Nov/Dec 2009.
“Data Loss Prevention Best Practices”, Ironport Systems Report, retrieved April 14, 2012,
http://www.ironport.com/pdf/ironport_dlp_booklet.pdf
Stone, B., Is Facebook growing up too fast, The New York Times, March 29, 2009
Eddy, N.(2011), Social media applications a threat to businesses: Report, channelInsider.com
Engeseth, S. (2009) The Fall of PR and the Rise of Advertising. Stockholm: Stefan Engeseth Publishing.
Securing the Social Enterprise, White Paper, 2011, WebSense, Retrieved April 14, 2012 from
http://www.websense.com/content/WhitePapers.aspx
Social media in the enterprise: Great opportunities, great security risks; White Paper, 2010, Sophos.com, Boston USA.
Jander, M. (2009). The Web 2.0 balancing act: Policies in place. InternetEvolution. Retrieved April 14, 2012, from
http://www.internetevolution.com/document.asp?doc_id=172026&page_number=3
Won, K., Ok-Ran J. Sang-Won L., (2010), On Social Websites, Information Systems 35, pp. 215-236.
JI33
But you can order it from our service and receive complete high-quality custom paper. Our service offers Media essay sample that was written by professional writer. If you like one, you have an opportunity to buy a similar paper. Any of the academic papers will be written from scratch, according to all customers’ specifications, expectations and highest standards.”
