Is it time Facebook looked at an Apple-like approach to apps?
2010 saw a dramatic rise in the number of security threats launched through social networks, a trend that will continue throughout 2011, according to a new report from Sophos.
The company’ Security Threat Report 2011 revealed that 67% of users reported receiving spam messages on social network sites, most notably on Twitter and Facebook. This figure was up from 57% the year before. Phishing attacks were up from 30% to 43% while the percentage of users reporting malware incidents went up from 36% to 40%. Sophos points out this figure is of course just for those that have spotted security threats, there are likely to be more unknowing victims.
"We’ve seen a dramatic rise in reports of hits through Facebook and Twitter," Sophos technology consultant Graham Cluley told CBR. "Cyber criminals will turn more towards social networks in 2011 simply because that’s where people are hanging out."
Businesses are wising up to the threat now as well. Just over half (59%) of companies are worried that employee behaviour on social network sites could endanger company security, while 57% think employees are sharing too much information online. Despite this more than half the companies quizzed said they imposed no restrictions at all on the use of sites such as Twitter, Facebook and LinkedIn. 82% of the survey’s respondents felt that Facebook posed the biggest risk to security.
What is positive, from Cluley’s point of view, is that fewer than half block access completely. "That can come across as very short-sighted," he said. "Your competitors are there so you should be too."
While there are plenty of technologies available to help companies protect themselves against threats from social networks, Cluley said Facebook should be doing more to protect its users. "Facebook is quite behind on security," he said. "It has no vetting process for apps that appear on the site, and that’s dangerous. To stop rogue apps it should introduce an Apple-like approach to apps. But Facebook wants all your data because that’s all it has to sell."
Respondents to the survey agree with Cluley’s idea of a stronger approach to app security on Facebook. Nearly all users (95%) said they think a "walled garden" approach would be better for security. Despite the focus on Facebook security, Sophos named the ‘onMouseOver‘ attack on Twitter as the biggest single social networking security incident of 2010. The WikiLeaks saga was the most high profile security incident of the year, Sophos said.
Cluley’s message to those in charge of security at businesses is to get ready for another busy year. The company saw an average of 30,000 new malicious URLs every day, and SophosLabs analysed 95,000 pieces of malware every day, nearly doubling the number from 2009.
"2011 will be another busy year," Cluley said. "Security bosses need to lobby for extra funds and resources because that’s what needed to protect your network and data."