- Security TWENTY
- Women in Security Awards
Most IT people believe social media is an easy way for hackers to gain access to corporate networks because it is often neglected in terms of security, and furthermore about a third, 36 percent even admit that their company could be breached by a hacker through one of their employees’ social media access at work.
The study from the IT security product company ESET, which looked at the attitudes of 200 IT professionals, was carried out in May 2015 and also revealed that 12 percent of organisations have already had a virus enter their network via social media. Other findings revealed that despite 56 percent of respondents revealing that their organisation does have a policy which limits social media usage, 56 percent admitted that the policy wasn’t actually enforced.
As part of the study ESET UK also surveyed 1000 employed consumers, to establish their opinion of social media within the workplace. When the consumer respondents were asked why their organisation limited social media usage, 36 percent of respondents said they believed it was to increase productivity, rather than prevent social media security threats entering the network. When consumer respondents were asked if they, or anyone they know, has had their Facebook identity stolen or attempted to be stolen a quarter of respondents said yes.
Mark James, security specialist at ESET UK, said: “Social media is often entirely overlooked within an organisation’s security posture because it is not recognised as a threat, this however is wrong. Hackers are continuously looking for ways to access corporate networks, and social media can often be an open door. Cyber criminals use social media as a way to sneak malware and exploits past corporate firewalls, and scammers also trick social media users into visiting sites which they think are legitimate in a bid to steal information. However the biggest concern is that IT professionals have no visibility into what their employees are doing on social media and if the pages they are visiting pose a threat to the organisation.”
The study found that when employed consumers were asked if they had ever liked a page of Facebook in order to win something 33 percent said yes, however when asked if they had actually won the prize only three percent said yes. Employed consumers were also asked if they would unlike a page of Facebook if they realised it was a scam and 12 percent said they would not as there would be no point.
“One of today’s biggest social media threats is like-jacking. Likejacking is a malicious technique of tricking users of a website into posting a Facebook status update for a site they did not intentionally mean to like, which then enables the spreading of hoaxes and spam. The scam is very common and it usually involves an enticing video and it directs users to a compromised website, which then tries to install malware on their computer. Like-jacking is a big threat to consumers and they should be cautious about what they are liking on social media sites as it can be a lot more harmful that they would think, added James.