RSA Conference 2011: Social networking sites will be the new vector for advanced attacks

Policy, education and technology are the best tactics to ensure a secure and open corporate social networking strategy.

Speaking at the RSA Conference in San Francisco, senior consultant at Mandiant Frank Nagle, looked at notable social networking faux pas that have caused embarrassment and problems for organisations such as MI5 and the Israeli army, and commented that social engineering attacks are now beginning to resemble 419 email scams.

Calling it an 'advanced persistent threat on the social networking site', Nagle said that attacks via LinkedIn, Facebook and Twitter had now become nation-sponsored, particularly with the Robin Sage incident an example of how this could be accomplished.

He said: “By using social networking and social engineering, you can do research on people and figure out how who get to talk to. You can use IM or email to get a foothold, get them to download a malicious link and there you go.”

A statistic he mentioned was that companies who do allow access to social networking sites such as Facebook suffer a productivity loss of 1.5 per cent per year, and he encouraged the adoption of policy, education and technology as a way to allow social networking access but in a secure fashion.

He said: “Policy needs to be realistic as people will find a way around it and you also have to create reasonable consequences for abuse of this. Educating people is also important, social networking sites do have persistent problems and you need to report when bad things happen. Education does work and telling people how real world attacks do happen will help.

“Blocking sites is not the best idea, using technology to throttle the bandwidth and enforce policy is helpful. Also consider communicating on in-house social networking sites that make it easy to stop people leaking data outside the organisation.”

He concluded by saying that social networking sites 'are not always evil' and when you engage employees to be wary, they will know that policy is there to protect themselves and the organisation. “Threats are now very broad and open and this is a new attack space so you have to keep that in mind,” he said.

Sign up to our newsletters