VINT-The-Dark-Side-of-Social-Media-Alarm-Bells-Analysis-and-the-Way-Out
VINT-The-Dark-Side-of-Social-Media-Alarm-Bells-Analysis-and-the-Way-Out
VINT-The-Dark-Side-of-Social-Media-Alarm-Bells-Analysis-and-the-Way-Out
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
20<br />
aNalYSiS<br />
6 <strong>Social</strong> media a danger to cyber security<br />
To obtain a picture <strong>of</strong> what we can expect in <strong>the</strong> realm <strong>of</strong><br />
cyber attacks <strong>and</strong> crime, we sought advice from Websense,<br />
a company that has been producing security s<strong>of</strong>tware since<br />
1994. <strong>The</strong> following seven predictions, which Websense<br />
claims can be made with a large degree <strong>of</strong> certainty, are far<br />
from trivial <strong>and</strong>, unfortunately, are once again intimately<br />
linked to social media.<br />
1. At <strong>the</strong> top <strong>of</strong> <strong>the</strong> list, in huge bold letters, <strong>the</strong>re is a<br />
serious warning about naïve use <strong>of</strong> social networks <strong>and</strong><br />
social media. Websense cautions about <strong>the</strong> dangers <strong>of</strong><br />
cyber crime, <strong>and</strong> your social media identity may be more<br />
interesting than even your credit card. We have now<br />
become accustomed to <strong>Social</strong> Security Numbers <strong>and</strong><br />
credit card data being stolen <strong>and</strong> sold online, but in <strong>the</strong><br />
coming year <strong>the</strong> online mafia will intensively switch its<br />
attention for <strong>the</strong> first time to our social media IDs.<br />
2. <strong>The</strong> second warning is directly related to <strong>the</strong> first. <strong>The</strong><br />
most important blended cyber attack will come via<br />
our so-called “friends” on social media <strong>and</strong> networks.<br />
We currently have campaigns on TV against phishing<br />
e-mails, an increasing number <strong>of</strong> so-called “Advanced<br />
Persistent Threats” are also on <strong>the</strong>ir way, based on social<br />
forms. Playtime on social media is definitively over.<br />
3. OK, where are we most active on social media? That’s<br />
right, on our mobile devices. Next year we will encounter<br />
a surge <strong>of</strong> more than a thous<strong>and</strong> cyber attacks on<br />
smartphones <strong>and</strong> tablets. This has been on <strong>the</strong> cards for<br />
years, <strong>and</strong> we were ultimately hit by <strong>the</strong> first real mobile<br />
malware in 2011. Botnets <strong>and</strong> exploits have now also<br />
appeared, because, in <strong>the</strong> post-PC era, criminals <strong>and</strong><br />
hackers have switched <strong>the</strong>ir attention to mobile devices.<br />
4. In <strong>the</strong> technical domain, mobile platforms <strong>and</strong> <strong>the</strong> use <strong>of</strong><br />
Google, Facebook <strong>and</strong> Twitter mean that <strong>the</strong> so-called<br />
“safe” SSL/TLS tunnels (Secure Sockets Layer/Transport<br />
Layer Security) for corporate IT can cause a blindspot.<br />
This occurs when security tools are not capable <strong>of</strong><br />
decrypting in <strong>the</strong> tunnels. As a result, such flawed<br />
products have no idea <strong>of</strong> what is going in <strong>and</strong> out <strong>of</strong> <strong>the</strong><br />
business network.<br />
5. As an extension <strong>of</strong> <strong>the</strong> previous point, this warning is a<br />
ra<strong>the</strong>r simple one: Containment Is <strong>the</strong> New Prevention.<br />
It means that <strong>the</strong>re must be permanent supervision <strong>of</strong><br />
whe<strong>the</strong>r or not data are leaking away or are infiltrating<br />
via network connections. This is done by installing<br />
a containment zone that is constantly monitored. If<br />
unusual traffic is taking place <strong>the</strong>re, <strong>the</strong> route in or out<br />
can be closed <strong>and</strong> <strong>the</strong> data in question can be analyzed.<br />
Organizations with <strong>the</strong> proper s<strong>of</strong>tware will be right on<br />
top <strong>of</strong> <strong>the</strong> problem <strong>and</strong> <strong>the</strong> appropriate action can be<br />
automatically taken within seconds.<br />
6. <strong>The</strong>re are also sufficient external (social!) factors that<br />
form a source <strong>of</strong> concern, such as <strong>the</strong> Olympic Games<br />
in London, <strong>the</strong> presidential elections in <strong>the</strong> US, <strong>and</strong> <strong>the</strong><br />
infamous end-<strong>of</strong>-<strong>the</strong>-world predictions. This kind <strong>of</strong><br />
happening can always be used to prepare <strong>and</strong> implement<br />
large-scale cyber attacks. This will take place via search<br />
engines, but also increasingly via social media <strong>and</strong> networks.<br />
We have all underestimated this risk. At present,<br />
we still do not associate social media with cyber crime,<br />
but that is going to change forever in <strong>the</strong> near future.<br />
7. To summarize everything in <strong>the</strong> final point: <strong>the</strong> dangers<br />
<strong>of</strong> “social engineering” — a pleasant euphemism — <strong>and</strong><br />
malevolent anti-virus products will increase enormously.<br />
Particularly <strong>the</strong> so-called “exploit kits”, <strong>the</strong> s<strong>of</strong>tware<br />
packages that enable systematic attacks, will play a<br />
major role in this context. Attention will be shifted from<br />
<strong>the</strong> installation <strong>of</strong> anti-virus tools to <strong>the</strong> installation <strong>of</strong><br />
system tools, for defragmentation <strong>and</strong> a faster Internet<br />
connection, for example.