Ten Ways to Dodge CyberBullets, Part 6

This is the sixth in a series and is an update to our top 10 things that people can do to protect themselves against malicious activity we provided to our clients two years ago.

6. Social networks can be very anti-social

Don’t disclose sensitive information on web sites like Facebook or LinkedIn if you can’t be sure that you can limit access to those data. Even information that in itself is innocuous can be combined with other harmless information and used in social engineering attacks.

In 2012, it’s more than likely that we’ll see increased targeting of social networks, such as Facebook, LinkedIn, Twitter in the U.S., and Orkut and Hi5 in South America. Attackers will be looking for data they can exploit from a social engineering standpoint, but they’ll also be looking for cross-site scripting and replicable malware attacks on the web sites as well as their APIs (Application Programming Interfaces).

Data mining (both legitimate and criminal) will have a wider range of effects on individuals, and some of those effects will be far from beneficial. A notable example is Facebook’s lack of commitment to a realistic security model, which would be a very significant supplement to its rather generic security center advice. It seems to me that Facebook is encouraging its users to share as much information as possible, while essentially making them responsible for the security of their own data. This isn’t unique to Facebook, of course, or even to Web 2.0 providers in general. But some such services are grooming us to accept that it’s legitimate for an ever-wider pool of data to be used to monitor our behavior. It’s becoming harder to distinguish between appropriate and illicit use of personal data, in terms of targeting both advertised content and services, and of monitoring for security purposes by financial and governmental institutions, for instance. Lines are sometimes very blurred between legitimate and criminal data mining in some of these areas, and there are questions to be asked about validation.

Privacy tends to diminish where it’s in the way of commercial rather than political interests. So, ironically enough, there will be particular and ongoing interest in data leakage where it affects public bodies, but selling of information at the backdoor by more or less legal means will continue as it always has, though it’s starting to attract some attention. This may be less true in Europe, where data protection and other directives already give some formal weight to the principle that organizations should only hold as much personal data as they need, rather than what they want. On the other hand the U.S. may eventually take more notice of this issue and the potention for change is considerable.


About SCB Enterprises
System Solutions and Integration

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: