Social media’s become mainstream, and that’s undeniably a good thing for financial institutions in search of a new venue to leverage peer comparisons and other emerging customer service tools. But the downside is as more demographic groups get on board, the fruit starts to hang low for crooks.
Attacks on social media sites will jump in 2010, says data security firm Imperva, which lists social media breaches as one of the top five data security trends for 2010—noting that new and less technically savvy groups are more susceptible to phishing attacks and malware than segments that have actually heard the terms “phishing” and “malware.”
“It’s not so much a tech issue as a social issue, because there are new populations that can be targeted,” says Amichai Shulman, Imperva’s CTO. “If you look back two or three years ago, social media sites were usually populated by [tech savvy] young adults. That’s not the case anymore, as older people and other groups get into Facebook and other sites.”
The other trends identified by Imperva include the industrialization of hacking; a move from application security to data security as crooks look for new ways to bypass existing security measures and focus on obtaining information; an increase in password theft/grabbing attacks as it is perceived that by obtaining credentials for one app—such as an email account—the credential will also apply to other apps such as online banking and Paypal accounts; and a migration from reactive to proactive security as organizations evolve from waiting to be breached to actively seeking and plugging holes.
“The industrialization of attacks is happening so fast; and the magnitude is so huge that it’s sometimes hard to believe,” Shulman says. Imperva notes that hacking rings have grown to be so sophisticated in the past year alone, that they’ve started to resemble drug cartels in organization and division of roles.
In its crystal ball, security information and event management firm TriGEO Network also says social networking sites will be one of the biggest security threats for the new year. Michelle Dickman, president and CEO of TriGEO Security says the employees' tweets, along with other online chatter, can inadvertently hand hackers the “inside” information needed to penetrate corporate networks. Dickman says companies only have two options: block access to social networking sites or enforce strict policies.
The rest of TriGEO’s list includes: fewer breaches, but greater losses due to greater impact of those breaches; more state-level data breach laws; retailers will be the number one target for attacks; and increased vigilance from auditors, who will demand greater demonstration of security processes, risk assessment, penetration testing, employee training and policy verification.
This article can also be found at Bank Technology News.