Does Social 'Insecurity' Put Enterprises at Risk?

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Sophos is the latest security software vendor to weigh in on the malware epidemic plaguing social networking sites. In a report released today, Sophos said that 72 percent of more than 500 companies surveyed believe sites like Facebook and Twitter pose serious risks to their companies' data.

Sophos' "Social Security" report found that IT executives dealt with what they characterized as a record number of spam and malware attacks in the past year, most of which originated from Facebook, MySpace and Twitter.

According to the survey, companies are most concerned with the lack of security on Facebook, the world's most popular social networking site with more 350 million registered users.

Sixty percent of respondents said Facebook was their most feared social networking sites, followed by MySpace at 18 percent, Twitter at 17 percent and LinkedIn at 4 percent.

Despite the risks, enterprise clients are conflicted on how best to balance the risks and rewards of social media. According to Sophos, 49 percent of companies surveyed allow their employees to have unfettered access to Facebook - up 13 percent from a year ago - even though they know that much of the spam and malware infecting their networks originates on the site.

"The grim irony is that just as companies are loosening their attitude to staff activity on social networks, the threat of malware, spam, phishing and identity theft on Facebook is increasing," Graham Cluey, a senior technology consultant at Sophos, said in a statement. "However, social networks can be an essential part of the business mix today, and the answer is not to bar staff from participating in them, but to apply some 'social security' instead."

Sophisticated phishing scams

Sophos' report concluded that hackers and cyber criminals routinely target potential victims on social networks and then initiate sophisticated phishing scams designed to ferret out key personal information such as bank account passwords, Social Security numbers and answers to standard security questions.

All too often victims realize just how big of a mistake they've made just a second or two after they've made it.

"I work in the [security] industry and can admit I have been duped," VeriSign's Toby Galino told InternetNews.com. "When your guard is down, it can be incredibly quick and painful to fall prey to a phishing attack."

"And no sooner than when you click, your gut is wrenching…telling you 'Oh no. What did I just do?'"

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.