The fictionalized Facebook origin movie The Social Network shows the website beginning as a way for people to keep tabs on what their friends are doing. Later, Facebook added features to see what your friends liked, including websites and applications. Sounds innocent enough. But in the real world, do friends accidentally infect you with viruses and worms, steal your money, get you turned into a zombie or exploited by botnet herders and their mules?
The "friends" metaphor quickly breaks down. But on social networks, you only have friends. Why not enemies? According to data security firm Imperva, "if you ask users who contemplate installing a Facebook application, their measure of trust is often the number of other users who have already signed up for the application. Clearly, anyone with an army of drone accounts can easily influence such decisions."
In other words, your friends, or your friends' friends, may be fake, and this poses a security risk, both for consumers as well as business data. But is the business world paying attention?
According to Gartner Group analyst John Pescatore, there's little enterprise alarm over social networking security, or a lack thereof. At a recent Gartner conference, for example, he was peppered with questions about securing smartphones or the public cloud for enterprise use, but nary a query over securing the social network -- despite the recent box-office success of The Social Network.
When it comes to social networks' security model, he's also not impressed. "Facebook and MySpace apps continue to send user data flying out the door. No surprise, really -- advertising-supported IT exists to supply advertisers with detailed user information," he said.
That could explain the lack of alarm on Facebook's security page. Rather than warning users about active exploits -- or leaving a digital paper trail pertaining to attacks that have been affecting Facebook users -- it settles for bland admonishments about how to stay secure and offers Facebook's thinking behind its latest security and privacy tweaks.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.