New Generation of Internet Threats
New generation of Internet threats
While social networking and Web 2.0 applications are increasing our ability to collaborate, they have also fueled a new generation of Internet threats.
The nature of social networking sites enables users to build a network of contacts based on an element of trust that expands outside of a business. This allows users to easily exchange or propagate information, images and files-often without requiring identification or validating information beyond a log-in and password.
The number of incidents of malware distributed by social networking and P2P file-sharing sites is rapidly increasing. These new tools are ideal to use for social engineering-based attacks, which attackers are very quick to exploit and which put sensitive data at risk. Therefore, organizations should ensure their intrusion prevention system (IPS) goes beyond detection mode and is focusing on the real prevention of threats.
Nearly 80 percent of data loss is unintentional. This is predominantly due to employee negligence or unknowingly violating security policies written in the corporate handbook. For example, an employee might e-mail a confidential document to the wrong person or use a Web-based, P2P file-sharing site to send large files to a business partner. However, without reading the fine print, they may unknowingly lose ownership and control of sensitive data after uploading their files.
It is critical to alert employees about what constitutes sensitive information in the organization, and it's just as important to educate them on acceptable or unacceptable outlets for specific types of data classification. To reduce the risks that come with the benefits of Web 2.0 applications in the enterprise, organizations should look to implement technology solutions to help sensitize employees to risky behavior through self-learning techniques.