Facebook security and privacy pitfalls
by Mirko Zorz - Wednesday, 12 March 2014.
Should the CISO be concerned about what type of information employees are posting on Facebook?

Every CISO should be concerned about the types of information employees are sharing on Facebook and other social networks as well. Facebook, in particular, offers a really open environment where peopleís private life and jobs interfere on a regular basis. As soon as a Facebook user fills in his personal information regarding his employer, he is no longer just sharing his personal details, but also corporate information. The ability to search through peopleís friend lists and timelines, the wide variety of open profiles and the fast propagation of pictures and messages are all vulnerabilities that the CISO should consider.

The CISO is not only technically supervising the companyís security, but also has to put in place a strategy to maintain the corporationís vision while protecting the technology. The CISO should keep in mind that Facebook is a fruitful environment for cyber-crime business and this could directly affect his work. Imagine how bad a targeted attack could affect the entire company after an employee falls for a social engineer, for example.

The role of a CISO is continuously evolving, so he should always keep up with the trends as his employees do. Maybe in a few years he will be concerned about appropriate standards and controls of micro-blogging platforms focusing on viral videos or of online newspapers created by employees themselves.

What threats do you expect to seriously evolve in the next five years, and what should users be on the lookout for?

I have been carrying out research on social network security for a couple of years and Iím astonished to discover that users continue to fall for the same types of scams and vulnerabilities despite the mitigation of the media, security companies and experts. However, I expect a wider number of cyber-criminals to create fake profiles for targeted attacks as focusing on a smaller and weaker prey could eventually bring them more money.

Users should be on the lookout for scams promising new promotions, vouchers and freebies, including new tech apparitions. They should also keep an eye on messages promising morbid details and videos of celebrities that have passed away. Facebook ads are also a dangerous environment that will probably be exploited heavily in the next five years too.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Feb 8th