IT professionals may have accepted social media but they lack the tools to protect against cyber-threats
IT professionals consider social media as a positive business tool within the enterprise, but are concerned they do not have the right technology and policies to deal with the dangers, a recent report found.
The Global Survey on Social Media Risks from the Ponemon Institute surveyed 4,640 IT managers and security practitioners across the globe on the problems organisations face with increased use of social media. While respondents said they believed social networking technology played an important role within the organisation, 63 percent agreed, or strongly agreed, that these tools represented a serious security threat to their organisations. Only 29 percent said their organisations had the necessary controls in place to mitigate or reduce the risks.
The biggest risks came from employees downloading malicious apps. This could take the form of employees downloading an instant messaging client that had malware embedded, or installing apps on social networking sites that trick users into downloading malware on the system.
A little over half (52 percent) of respondents said their organisations had experienced an increase in malware attacks as a result of employees using social media. About 27 percent said the attacks had increased by more than 51 percent.
“The challenge they face is how to ensure the use of social media vehicles does not jeopardise the security of their organisations’ networks,” Ponemon Institute wrote in the report. Respondents were also concerned about the lack of controls on what employees could post online as well as the fact that employees could be exposed to inappropriate data. Malware and data control were not the only negative aspects of social media, the survey found. Respondents cited diminished employee productivity and excessive usage of Internet bandwidth as other issues.
Employees are using social media tools more often for non-business purposes than business, purposes, the report found.
More than half, or 65 percent, of respondents were unsure if the organisation had an acceptable use policy for social media, or said the policy was not enforced. While 44 percent said there was a lack of governance and oversight, 43 percent felt other security issues took precedence. Another 41 percent said there were insufficient resources to monitor policy.
About 85 percent of respondents said it was acceptable to use social media tools to communicate within the company and 55 percent felt it was acceptable to use the technology to communicate outside the company. More than half felt social networking could be used as an email or texting channel. The survey used the word “friends” instead of “colleagues” or “business partners.”
“Based on this response, we believe organisations consider social media a positive tool for encouraging collaboration and building internal relationships,” the report’s authors wrote.
Unacceptable use included downloading and watching videos during the workday or downloading apps and widgets from social media sites. Only 23 percent said videos were acceptable and 8 percent thought widgets were not a problem. Only 11 percent said it was acceptable to post “uncensored content” on social networking sites and another 11 percent said the same about posting to uncensored blogs. A mere 6 percent of respondents felt all the above activities were acceptable within the enterprise.
Security vendor Websense sponsored the study. Websense said the “dynamic social Web” requires real-time content security to analyse information as it is created and consumed. Signature and fixed-policy Web technologies such as antivirus do not provide appropriate threat protection, the company said in the report. About 73 percent of the respondents identified secure Web gateways as an important way to reduce social media threats.
Organisations need to understand the social media risks by creating a risk assessment, the Ponemon Institute recommended. Employees need to be educated about how their social media usage could affect the company and create a comprehensive policy on what constitutes acceptable usage.
Survey participants had an average of 10 years experience in the field, and more than half held positions at the supervisor level or higher. Approximately 42 percent of the participants worked in organisations with more than 5,000 employees.