Companies Embrace, Fear Social Media

Friday, October 21, 2011 @ 12:10 PM gHale


With all the warnings about the possible problems, there is still is a dangerous gap in corporate social media security.

A new survey shows 63% of more than 4,000 respondents in 12 countries said social media in the workplace represents a serious security risk, yet only 29% report having the necessary security controls in place to mitigate it. More than 50% of respondents report an increase in malware due to social media use.

RELATED STORIES
Cyber Threats Forecast for 2012
CFATS Reaches Stage Three
DHS: Standards Should Stymie Threats
Vast Divide over Security Perceptions, Reality

The survey, “Global Survey on Social Media Risks”, conducted by the Ponemon Institute and sponsored by content security provider Websense Inc., is the first study that determines what IT and security practitioners throughout the world think about the security risks associated with employee use of social media.

The dynamic social Web is qualitatively different from the older static Web. It requires an IT security defense that goes above and beyond signature and fixed-policy Web technologies (like anti-virus and firewalls), because while they are necessary defenses, they are not sufficient. While 73% of respondents identify secure Web gateways as an important way to reduce social media threats, a full 27%, more than one quarter, still don’t.

For example, imagine a new link posts on a popular social network and it directs users to a site that downloads or leads to data-stealing code via obfuscated JavaScript. Organizations need security technology that can analyze links as they appear, because the link path is new and doesn’t have a recognizable signature or known payload. New technologies like social media, cloud services, and mobility require real-time content security, which analyzes information on the fly, as it’s created and consumed.

The risk benefit ratio, though, to using social media needs a judgment call. Social media does present a large business opportunity for collaboration, reduced expenses, and more efficient processes. While organizations believe bandwidth diminishes due to social media, companies that block social media are in danger of seeing business go elsewere.

The study surveyed 4,640 IT and IT security practitioners in Australia, Brazil, Canada, France, Germany, Hong Kong, India, Italy, Mexico, Singapore, UK and the U.S. with an average of 10 years’ experience in the field. 54% are supervisors or above and 42% are from organizations with more than 5,000 employees.

Key findings:
• The rapid spread of social media may have caught organizations off guard. 63% agree that employee use of social media puts their organizations’ security at risk. In contrast, only 29% said they have the necessary security controls, such as secure Web gateways, in place to mitigate or reduce the risk posed by social media.
• Malware attacks have increased because of social media usage and it’s growing. 52% of organizations experienced an increase in malware attacks as a direct result of employee use of social media, and 27% said these attacks increased more than 51%. The U.S., UK, Brazil, Germany and Singapore reported the highest increase.
• Only one of the three technologies that respondents favor can block advanced malware and data theft attacks. Respondents identified anti-virus/anti-malware (76%), endpoint security (74%) and secure Web gateways (73%) as important protections. But only secure Web gateways with real-time content analysis and data loss prevention can block advanced malware and data theft attacks, many of which seek entry through social media.
• Even if they have a policy that addresses the acceptable use of social media in the workplace, 65% said their organizations do not enforce it or they are unsure. The top three reasons for not enforcing these policies are: Lack of governance and oversight (44%); other security issues are a priority (43%); and insufficient resources to monitor policy compliance (41%).
• Organizations believe IT bandwidth diminished as a result of social media use. The top two negative consequences of an increase in social media use were diminished productivity (89%) and reduced IT bandwidth (77%), which increase costs. Just under half (47%) believe exposure to inappropriate content is a negative consequence.
• 60% of employees use social media for at least 30 minutes per day for personal reasons. The U.S., UK, France, Italy and Mexico have the highest use of social media for non-business reasons. Organizations in Germany have the highest use of social media for business purposes.
• Countries most likely to see social media as important to meeting business objectives are the UK, Germany, Hong Kong, India and Mexico. The countries with organizations that are less likely to see the importance of social media are: Australia, Brazil, and Italy.
• Countries most likely to see social media as a serious threat to their organizations are Canada, Hong Kong and Mexico. Countries least likely to see social media as a threat are France and Italy. Organizations in Germany have the most confidence in their ability to address the social media threats.

“Blocking or ignoring the social media business opportunity just isn’t an option. Social media is the new communication platform being fueled by the cloud and mobile technologies that employees are bringing to the workplace,” said Tom Clare, Websense senior director of Product Marketing. “While anti-virus and firewalls are traditional pillars of a security defense, a new security pillar is required for dynamic Web content classification, advanced threat blocking, and data theft protection.”

“Organizations need to develop social media acceptable use policies, set appropriate quotas, and most importantly, use security that examines the content and context of social media sites in real time. Sites like Facebook, Twitter, YouTube and LinkedIn change too rapidly to rely on traditional background analysis and security software update cycles. That’s why Websense developed the TRITON real-time content security solution that can analyze individual pieces of content on these social media sites and protect your organization from modern malware and data theft, plus policy controls to preserve bandwidth,” Clare said.

“We asked thousands of IT security professionals and most respondents agree that the use of social media in the workplace is important to achieving business objectives,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “However, they believe social media puts their organizations at risk and they do not have the necessary security controls and enforceable policies to address the risk. It’s also clear that malware attacks are increasing as a result of social media use.”

Click here to download a copy of the survey.
.



Leave a Reply

You must be logged in to post a comment.