Consumerisation and user generated content websites remain the largest challenge for businesses and IT departments.
Speaking at the Infosecurity Europe exhibition in London, Paul Judge, chief research officer at Barracuda Networks, said that there are five innovations that create a security risk: rapid growth of the web; dynamic web applications; remote employees; new devices that connect to the web; and user generated content websites.
He said that with dynamic web applications, these have replaced executable files that may have been detected in the past, but now you do not know what is interfering with a browser and with new devices. The challenge of managing them is as great as knowing what company data is stored on a personal device.
Talking to SC Magazine, Judge claimed that a problem remains with social networks too, particularly as they are being used as a first point of call online rather than an official domain. “Spam dropped between July and December last year and my belief is rather than taking a break, the attackers are repurposing their bots for social networking sites,” he said.
“In the past bots sent spam and there was not a high yield. If you take the same bots and post on Facebook with a fake profile, tag 50 people to a picture, 1,000 people see it then it is sent to 50,000 people and this is an opportunity that makes it more profitable.
“This is what we are seeing now and what the attackers are realising is the profit margin is attractive and we are seeing creativity because as businesses see the potential in social networking sites, so does the attacker.”
Judge, who spoke on 'the dark side of Twitter' at the RSA Conference in San Francisco in February, said that it is easier to eradicate spam on Twitter as messages are restricted to 140 characters and it is harder to create a 'profile'. He said: “With Twitter they can mention you, tag you but the only person who sees it is you and this will not appear to all of your friends. Although it is easier on Twitter as it takes more effort to create a Facebook profile and you can leverage keywords.”
Judge said that companies are concerned about devices and are allowing people to use smartphones and tablets, but the challenge remains in how to lock them down.