September 28, 2011

NEW RESEARCH: Social Media and Social Threats, Hand in Hand

Tom Clare

I've been meeting with a lot of customers recently, and two things that keep coming up are concerns about advanced targeted attacks and how to deal with the threats that social media bring into an organization.

Now, social media has been around for quite some time; it’s not new. The new challenge is the surprising rate at which it is evolving and the fact that it is seen now as a freight train that IT can’t stop—and shouldn’t try stopping.

Marketing uses Facebook and Twitter. HR uses LinkedIn. Even customer support is looking at Twitter. And a new generation of workers can’t seem to live without constantly being connected—an expectation they bring to work with them. I’ve even had a CSO come out and say, “Even in a tough job market, my CEO says we need to do everything we can to get the best candidates out there. That means access to social media and the innovations that come with it. Basically they told me to make it happen AND keep us safe.”

We’ve been working on things to keep organizations safe on the social web for ages, but it helps to check in with the world every now and then to make sure we are on the right track in allowing safe access to social media.

With that in mind, we teamed with the Ponemon Institute to assess the social media readiness and risk profile of more than 4,000 IT and IT security practitioners around the globe, and what we found is a little surprising.

Most respondents agree that the use of social media in the workplace is important to achieving business objectives. However, they also believe that these tools put their organizations at risk. In fact, the research provides evidence that many organizations are lacking the right strategy to address the risks posed by social media tools in the workplace. Key findings include:

This increase in social media attacks is catching many organizations off guard. 63 percent agree that employee use of social media puts their organizations’ security at riskOnly 29 percent of more than 4,000 respondents in 12 countries said that their organizations have necessary social media security controls. 

Malware attacks have increased because of social media usage. Fifty-two percent of organizations experienced an increase in malware attacks as a result of employees’ use of social media. The United States, United Kingdom, Brazil, Germany, and Singapore report the highest increase.

Organizations believe that productivity has declined and IT bandwidth has been diminished as a result of social media use. The top two negative consequences of an increase in social media use were diminished productivity (89 percent) and reduced IT bandwidth (77 percent), which increase costs

This survey is the first time I’ve seen a number put to the increase in malware specifically due to social media. We know from our Security Labs alerts how frequently the latest in scams and attacks over the social web occur. I think it’s only a matter of time before that accelerates, as social media is further combined with social engineering and the bad guys start pulling data out from the organization through the open door of social media.

With rich media and lots of dynamic content on the web, you can understand why productivity and bandwidth are other top issues.

Time quotas, bandwidth management and coaching users through alerts is the area between block and allow policies that allows social media with reasonable controls. Add in real-time defenses and data theft protection, and an organization can safely use the social Web.

That way, your users, who carry with them a certain expectation of access, can get on the social web but you can use a time quota system to ensure employees remain productive throughout the day.

You can find the full survey results here.

We’ve also got a great infographic that illustrates many of the findings from the research survey.

2313.SocialMediaResearch_Infographic_WS copy.pdf

social media research infographic

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.