This week Raimund disucss how the human factor and social networks play a part in targeted attacks.
Thanks to Social networks it is easy to identify prime victims within Enterprises and send them a message with a poison pill, a malicious attachment or malicious link. But that’s not all. We see more and more attacks actually via a phone and based on the accents, they are conducted by sweat shops out of India.
Our UK office receptionist received a bunch of it. Luckily she works for a security company and is security aware so she didn’t reveal any information about our staff. Ask yourself what are your corporate policies regarding social networking. Is there even one? If there is one, did you clearly define what company related information would be shared? Did you conduct a social media threat awareness campaign to educate the staff about the negative effects about reveling information or about facebook clip checking?
You don’t want to stop the usage of social networks. They have their benefits but as with every cool and new, comparing to e-mail it’s a new technology, we need to learn how to manage it. How much is the user reputation negatively affective if he or she falls prey to the latest clip checking wave and all of a sudden post porn text. Telling your friends later that it wasn’t on purpose but a piece of malware. Too late! The social media reputation just went to hell.
As security professionals it’s really our responsibility to protect our company assets so education, user-awareness is key. And it’s part of our job to protect not only to protect our company reputation I believe, but also the reputation of our staff. So please start to add to your corporate policies and then start a campaign about social networks and how easy social engineering is because users simply share too much. It starts with the web world, with us as human being. We just want to trust others So in terms of key security we always have been the weakest link and we always will be the weakest link.