Facebook, Twitter Create Security Threats For Businesses: Study
Sophos' 2010 Security Report, conducted at the end of last year by security company Sophos and released Tuesday, illustrated some of the most salient threats for the upcoming year.
Among the most significant findings were that corporate networks experienced an strong upsurge of social networking traffic in 2009, which opened up new threat vectors that posed an even greater risk for company and customer data. According to the report, almost 2 percent of all online clicks for the year were for social networking sites, of which the majority -- 1.35 percent -- were for Facebook alone.
"There was a lot of focus on social media this year. That was really the big story in 2009," said Chester Wisniewski, senior security advisor for Sophos. "The number of people using social media has increased too. Now everybody has Facebook account."
By far, businesses surveyed perceived Facebook as the biggest threat. According to the study, more than 60 percent of respondents believed that Facebook presented the biggest security risk of all the social networking sites, followed by MySpace at 18 percent, Twitter at 17 percentand LinkedIn, at 4 percent.
Subsequently, Sophos researchers saw a 70 percent rise in the number of users reporting spam and malware attacks on social networking sites in 2009. More than half of all companies, almost 60 percent surveyed, said they had received spam via social networking sites and more than a third, almost 40 percent, said they had been the recipients of malware.
In addition, more than 72 percent of companies surveyed said they believed that employees' behavior on social networking sites could endanger the security of their businesses, up from 66 percent in the study for the previous year.
That belief corroborated a dramatic rise in spam on business networks, going from 33.4 percent in April to 57 percent in December.
In fact, two of the most significant Facebook threats in 2009 included the Koobface worm and the Mikeyy Mooney worm. Koobface became more prolific and sophisticated in 2009, capable of activating the account by confirming an e-mail, befriending random strangers on the site, joining random Facebook groups and posting messages on the walls of Facebook friends, according to the report.
The Mikeyy Mooney worm appeared in April, ravaging Twitter with spammed messages that redirecting users to infected Web sites.
Wisniewski said that it would increasingly be incumbent upon social networking sites to greatly enhance security infrastructure in order to keep their customers safe.
"It's up to the companies running these social media networks," he said. "They can do more to prevent malicious content from being posted. There's been some good headway in those companies starting to take some action."
Twitter, for example, has partnered with security companies, including Sophos, to scan shortened URLs through bit.ly for malicious links, he said. And Facebook has taken steps to protect against the Koobface virus.
Going forward, security experts predict that businesses will continue to be targeted by malware that emulates the Koobface worm.
Wisniewski also said that while professional networking site LinkedIn has not yet seen explosive levels of malware, it could likely be a new, unchartered threat target for phishers looking to find entry points to infiltrate a company's networkand steal financial and customer data or intellectual property.