Love it or hate it, one thing is true: Social media applications are here to stay, at least through the foreseeable future. Gartner recently announced its five social media software predictions for 2010 and the future:
- By 2014, social networking services will replace e-mail as the primary vehicle for interpersonal communications for 20 percent of business users.
- By 2012, over 50 percent of enterprises will use activity streams that include microblogging, but stand-alone enterprise microblogging will have less than 5 percent penetration.
- Through 2012, over 70 percent of IT-dominated social media initiatives will fail.
- Within 5 years, 70 percent of collaborations and communications applications designed on PCs will be modeled after user experience lessons from smartphone collaboration applications.
- Through 2015, only 25 percent of enterprises will routinely utilize social network analysis to improve performance and productivity.
So what does this have to do with security? A lot. On Network Security Edge, Kevin Prince noted social media as a rising security threat in 2010:https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
Due to many publicly disclosed breaches and compromises, we saw that these sites can be very real and serious threats to organizations. There are many Trojans, worms, phishing and other attacks targeted specifically at the users of these sites. . . .Social networking sites are breeding grounds for SPAM, scams, scareware, and a host of other attacks. In June a scareware scam was spreading on Twitter with a message that simply read"Best Video" and contained a link to malware with a similar outcome to what was mentioned above.
Even if it is a relatively small number of companies turning to social media, if Gartner's predictions are correct, it is still vital that organizations create policies on what social media tools can and cannot be used. As Prince told me:
There are two sides to social networking tools. There's the legitimate business use and it has become a needed elimate to business. The other side is the social, immature aspect. Once you define what employees can do and not do, you can try to protect yourself against the "gaps" in social media. We know there are lots of worms, scams and phishing attacks. The problem is people naturally trust these sites because they are based on a network of friends or acquaintances, so people are more likely to click on a link sent by social media than through e-mail.
As a company, you need to consider blocking things you don't allow employees to use, he added. There are too many threats associated with these sites to let them go without strict corporate policy.