Love it or hate it, one thing is true: Social media applications are here to stay, at least through the foreseeable future. Gartner recently announced its five social media software predictions for 2010 and the future:
So what does this have to do with security? A lot. On Network Security Edge, Kevin Prince noted social media as a rising security threat in 2010:
Due to many publicly disclosed breaches and compromises, we saw that these sites can be very real and serious threats to organizations. There are many Trojans, worms, phishing and other attacks targeted specifically at the users of these sites. . . .Social networking sites are breeding grounds for SPAM, scams, scareware, and a host of other attacks. In June a scareware scam was spreading on Twitter with a message that simply read"Best Video" and contained a link to malware with a similar outcome to what was mentioned above.
Even if it is a relatively small number of companies turning to social media, if Gartner's predictions are correct, it is still vital that organizations create policies on what social media tools can and cannot be used. As Prince told me:
There are two sides to social networking tools. There's the legitimate business use and it has become a needed elimate to business. The other side is the social, immature aspect. Once you define what employees can do and not do, you can try to protect yourself against the "gaps" in social media. We know there are lots of worms, scams and phishing attacks. The problem is people naturally trust these sites because they are based on a network of friends or acquaintances, so people are more likely to click on a link sent by social media than through e-mail.
As a company, you need to consider blocking things you don't allow employees to use, he added. There are too many threats associated with these sites to let them go without strict corporate policy.