SOCIAL NETWORKING IN TODAY S BUSINESS WORLD

Similar documents
Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Building Resilience in a Digital Enterprise

Outbound and Data Loss Prevention in Today s Enterprise

Mobile Security / Mobile Payments

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Review Kaspersky Internet Security - multi-device 2015 online software downloader ]

Security analysis and assessment of threats in European signalling systems?

Dr. Stephanie Carter CISM, CISSP, CISA

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Education Network Security

Top 10 Database Security Threats and How to Stop Them. Rob Rachwald Director of Security Strategy

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Case Study: The Evolution of EMC s Product Security Office. Dan Reddy, CISSP, CSSLP EMC Product Security Office

Cybersecurity for Health Care Providers

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Cyber Security Issues

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

External Supplier Control Obligations. Cyber Security

Cisco Self Defending Network

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA

Client Health Key Features Datasheet. Client Health Key Features Datasheet

Cyber Security Incident Response Fighting Fire with Fire

Governance Ideas Exchange

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

CloudSOC and Security.cloud for Microsoft Office 365

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

How NOT To Get Hacked

Security Gaps from the Field

Featured Articles II Security Research and Development Research and Development of Advanced Security Technology

NEN The Education Network

BUFFERZONE Advanced Endpoint Security

EXECUTIVE REPORT ADOBE SYSTEMS, INC. COLDFUSION SECURITY ASSESSMENT

IT & DATA SECURITY BREACH PREVENTION

Vulnerability Analysis, Secure Development and Risk Management of Web 2.0 Applications OWASP. The OWASP Foundation

Cyber security tips and self-assessment for business

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

Security Policies and Procedures Principles and Practices

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

CyberEdge. End-to-End Cyber Risk Management Solutions

DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL. June 14, 2018

ITU Regional Cybersecurity Forum for Asia-Pacific

Incident Response. Is Your CSIRT Program Ready for the 21 st Century?

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and the Case For Automated Sandboxing

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

MIS5206-Section Protecting Information Assets-Exam 1

Security & Phishing

OA Cyber Security Plan FY 2018 (Abridged)

Mobility, Security Concerns, and Avoidance

Integrated Access Management Solutions. Access Televentures

Have breaches declined since the massive Heartland Payments leak in 2008? What proportion of breaches are the result of hacking?

IP Risk Assessment & Loss Prevention By Priya Kanduri Happiest Minds, Security Services Practice

A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Information Security Controls Policy

Office 365 Buyers Guide: Best Practices for Securing Office 365

Discount Kaspersky PURE 3.0 internet download software for windows 8 ]

Cyber Security Program

PEOPLE CENTRIC SECURITY THE NEW

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Mobile Field Worker Security Advocate Series: Customer Conversation Guide. Research by IDC, 2015

LESSONS LEARNED IN SMART GRID CYBER SECURITY

Security Solutions. Overview. Business Needs

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

Threat Control and Containment in Intelligent Networks. Philippe Roggeband - Product Manager, Security, Emerging Markets

United Automotive Electronic Systems Co., Ltd Relies on McAfee for Comprehensive Security

Designing and Building a Cybersecurity Program

ACHIEVING FIFTH GENERATION CYBER SECURITY

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

Incident Response Services

Securing Today s Mobile Workforce

IBM Next Generation Intrusion Prevention System

Are we breached? Deloitte's Cyber Threat Hunting

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)

CERTIFIED SECURE COMPUTER USER COURSE OUTLINE

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

DONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

# ROLE DESCRIPTION / BENEFIT ISSUES / RISKS

Cyber fraud and its impact on the NHS: How organisations can manage the risk

itexamdump 최고이자최신인 IT 인증시험덤프 일년무료업데이트서비스제공

Onapsis: The CISO Imperative Taking Control of SAP

STANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange

Department of Management Services REQUEST FOR INFORMATION

Securing Office 365 with SecureCloud

Cyber Hygiene: A Baseline Set of Practices

Cyber Criminal Methods & Prevention Techniques. By

Cyber Risks in the Boardroom Conference

Jeff Wilbur VP Marketing Iconix

3.5 SECURITY. How can you reduce the risk of getting a virus?

Cyber Resilience - Protecting your Business 1

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

Security Awareness Training Courses

CIS 5373 Systems Security

How to Optimize Cyber Defenses through Risk-Based Governance. Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model

Transcription:

SOCIAL NETWORKING IN TODAY S BUSINESS WORLD

AGENDA Review the use of social networking applications within the business environment Review current trends in threats, attacks and incidents Understand how social networking can expose corporate data Discuss strategies to help mitigate these risks Conclusion Q & A

SOURCES DarkReading.com CSOOnline.com SCMagazineUS.com ITSecurity.com FaceTime.com Forrester.com

WEB 2.0 AND INTERNET APPLICATIONS Facilitates improved communication and collaboration on the World Wide Web Evolution of the Internet as we know it today What is the internet used for today? Instant Messaging 86% Media 85% File Sharing 54% Collaboration 93% Internet Telephony 69%

WHAT ARE COMPANIES MONITORING? 1 to 99 100 to 999 1000 to 4,999 5,000 or more Corporate Email 72% 76% 77% 84% Instant Messaging 25% 36% 40% 45% P2P 28% 41% 44% 40% Web Browsing 54% 59% 70% 72% Social Networking 30% 30% 36% 42% Web 2.0 23% 26% 20% 28% None of these 21% 18% 15% 8%

WHAT ARE COMPANIES MONITORING? 1 to 99 100 to 999 1000 to 4,999 5,000 or more Corporate Email 72% 76% 77% 84% Instant Messaging 25% 36% 40% 45% P2P 28% 41% 44% 40% Web Browsing 54% 59% 70% 72% Social Networking 30% 30% 36% 42% Web 2.0 23% 26% 20% 28% None of these 21% 18% 15% 8%

SOCIAL NETWORK USAGE AT WORK

SOCIAL NETWORKING SITES ACCESSED Work Related Personal Reasons LinkedIn 62% 33% YouTube 34% 55% Facebook 18% 35% Twitter 13% 11% Digg 12% 10% Del.ic.io.us 10% 9% MySpace 8% 27% Other 1% 3%

SOCIAL NETWORKING: COMMON THREATS Malware, bots, and worms Phishing attacks Social engineering

MALWARE, BOTS, AND WORMS Implied trust creates additional exposures Koobface Facebook and MySpace worm, malware Creates a message claiming a video has been found about the given user. Upon a user click, the user is directed to download a new version of Adobe Flash. Instead, malware is installed Twitter worms escalating rapidly

PHISHING Targets users to capture sensitive information Specially crafted emails or messages Malicious website links Leverages 3 rd party applications Handling of user information is often not disclosed Default privacy settings can leave user profiles exposed to extended social networks

SOCIAL ENGINEERING Disclosure of private information can Lead an attacker to guess password challenge questions Provide credibility for other targeted attacks Lead to identity theft Allow an attacker to impersonate an employee Information leakage Business information can be disclosed unknowingly via social networks

SOCIAL ENGINEERING VIOPOINT often farms Facebook for emails during testing A recent study disclosed that: Remotely exploitable network vulnerabilities declining Client-side and web application attacks skyrocketing Supports findings that Social Networking threats are reaching critical status

SOCIAL NETWORK USAGE AT WORK

IMPACT Reputation risk 37% of IT managers reported users violated policy by disclosing corporate data through social networking and Instant Messaging Employee reputation Larger organizations experience an exponential increase in eradication and remediation cost. Dated policies leave too much room for gray areas Dated technologies do not protect against Web 2.0

AVAILABLE SOCIAL ENGINEERING DATA TO TARGET EMPLOYEES

OTHER PROBLEMS Productivity loss - Over 50% of users in a business use social networking sites every day Bandwidth loss - 30 to 40% of bandwidth within a business is lost to social networking such as YouTube, twitter, etc. Risk of discrimination - Some hiring managers have advocated searching candidates personal social networking profiles Social Networking Bandwidth

TODAY S TECHNICAL REMEDIATION Web Site Address Filtering Due to the nature of social networking sites, most application layer data is not filtered URL whitelisting/blacklisting Anti-Virus May not handle zero-day web malware

POTENTIAL SOLUTIONS 1. Block social networking sites 2. Conduct security awareness training 3. Assess and update acceptable use policies 4. Enforce policy through technology (monitor and enforce web browsing and social networking site usage)

1. BLOCK SOCIAL NETWORKING SITES Facts: Pros: Cons: 62% of employee s use LinkedIn on a work asset Most social networking sites would no longer be a threat to a business Companies are increasingly dependent on using social networking for business purposes Impossible to block all social networking sites using URL IT departments may use blogging sites, Microsoft TechNet, etc. Marketing team may use Twitter or LinkedIn to discuss and promote new ideas

2. CONDUCT SECURITY AWARENESS TRAINING Facts: Pros: Cons: 37% of IT managers report that confidential information is being leaked Encourage users to be aware of information disclosure Increase social networking site security settings Create or enhance company policy to include social networks Relies primarily on the user to employ good practice

3. ASSESS AND UPDATE ACCEPTABLE USE POLICIES Facts: Pros: Cons: 51% of users access social networking sites one or more times per day Prevents: Damage to company reputation Potential for data leakage Damage to other employees Still requires good practice on the user side

4. ENFORCE POLICY THROUGH TECHNOLOGY Facts: Pros: Cons: Roughly 70% of companies are not monitoring information published on social networking sites Still allows users access to sites for business reasons Enables businesses to manage the risk of data leakage Limits malware, virus, and social engineering potential Not guaranteed to prevent every piece of data from leaving the network

RECOMMENDATIONS Define acceptable business use for social networking applications Update or change policy and decide how to enforce it Can be enforced through monitoring or blocking entirely Potentially requires updated technology to allow access to sites while monitoring and filtering Web 2.0 content Awareness training refresh Include social engineering testing results Educate users about reputation risk and about protecting themselves

BEST PRACTICES Understand how your environment uses social networking sites Utilize multilevel user policies Deploy a technology to enforce policies as they pertain to your business model Educate users and employees about the dangers social networking can present not only to a business, but to the personal well-being of users Test the effectiveness of awareness training and countermeasures through client side testing

VIOPOINT APPROACH Social Networking Threat and Risk Assessment Online survey Best practice questions to help focus time/energy Strategy discussion Business case for sites / blocking Policy gap analysis Discussions regarding acceptable use policy Awareness training refresh Critical discussion points for users

VIOPOINT APPROACH Technology assessment What technologies help enforce policy Social engineering testing Client side attacks (phishing, fake social networking, etc) Reputation risk assessment Analysis of publically available information and associated risks Nathan Ouellette, CISSP, CISM nouellette@viopoint.com

Q/A

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback