/ 25 May 2009

Social sites pose business security risks, say experts

Social network sites, such as Facebook, pose risks to the information security of businesses and other organisations, a technology law expert said on Monday.

”While social networks, like Facebook and Twitter, and blogs can be powerful enablers, they also increase organisations’ internal security challenges,” said Deloitte & Touche senior manager for technology law Reinhardt Buys in a statement.

”In today’s connected world, insider threats are greater than ever. Survey results show that exploitation of vulnerabilities in web 2.0 technologies and social engineering techniques such as pretexting and phishing are regarded as a threat to a company’s information security.”

Pretexting and phishing are methods used by fraudsters to scam consumers into providing personal information by pretending to be legitimate businesses. Pretext involves a fraudster pretending to be a business, such as an alleged bank claiming to need account details from its customer.

Phishing goes farther, not only does the fraudster pretend to be a well-known business but they also create an imitation website to capture consumer information.

Buys said these risks are increasing while budgets for internet technology security are falling.

A survey conducted by Deloitte & Touche found that about a third of respondents were reducing their security budgets while 60% believed they were not adequately meeting security threats.

The survey also found that only 6% of respondents devoted 7% or more of their IT budget to security. This is dramatically fewer than the 36% who responded positively in 2007.

”This year’s results indicate companies are explicitly scaling back, which is having a detrimental impact on all aspects of technology, media and telecommunication organisation’s security,” said Buys.

”Companies that under-invest in security now may find themselves exposed when the economy recovers.”

Buys said government has imposed regulations and penalties for businesses to protect the privacy of their consumers.

However, he added that complying with regulations might not be enough to successfully deal with security risks.

”Companies that under-invest in security now may find themselves vulnerable and unable to keep pace with the growing threats from increasingly sophisticated attacks and emerging technologies,” said Buys. — Sapa