|Topic:||Web 2.0 technologies: trustworthy or a threat?|
|Organisation:||YOU Broadband & Cable India Ltd|
E.V.S. Chakravarthy is the CEO of YOU Broadband & Cable India Ltd. He has been the head of YOU since its inception in 2001. YOU entered the digital cable business through a series of alliances and joint ventures that consolidated cable operators in Mumbai, Bangalore, Delhi and Vizag and is planning to add broadband and Internet telephony in a triple play approach. Mr Chakravarthy is a qualified Chartered Accountant and has almost two decades of experience in the cable and broadband industry.
The enormous popularity of social networking sites is giving rise to increasing concerns about information security. Vast quantities of personal information are stored on such sites and present a tempting target for hackers and spammers. Organisations have to do a lot more to protect themselves by deploying comprehensive unified threat management solutions that include firewalls, identity-based security, intrusion prevention systems, anti-virus and anti-spam.
Associated Press recently reported the case of a Georgia family who logged onto their Facebook account from a mobile phone and were given access to an account belonging to a complete stranger. The error was due to a carrier routing problem and is just one example of information security flaws that have far-reaching implications for everyone on the Internet. Information security is becoming a major concern with the rising popularity of social networking sites. Organisations need to look seriously at data loss prevention and reputation management strategies. Over the past few years web 2.0 technologies and social media sites such as Facebook, Twitter, Orkut, MySpace, LinkedIn and a few others have become popular. If the Internet reduced distances then social networking sites (SNS) have reduced them further. Such has been the impact of SNS in our lives that posts and comments on these sites have even become news fodder for print and TV media. SNS reiterate the time-tested truth stated by Aristotle centuries ago – man is a social animal. Only this time the reiteration has been much more profound than ever seen before. Technology together with the human need to socialise beyond boundaries has made this possible. According to Wikipedia: “A social network is one that focuses on building and reflecting social networks or social relations among people, e.g. who share interests and/or activities. Most of them are web based.” SNS networks are built on certain shared needs or requirements of the group accessing the site. Connections across a variety of such networks allow access to more knowledge and opportunities. Since they are needs-based, SNS are different from conventional human relations and hence cannot replace real friends and real relations. However, from a purely personal or professional perspective these networks can be quite beneficial as they act as strong reference points. Thriving market The growth of SNS usage in India depends on access to broadband Internet technologies and devices. With 8 million broadband and 14 million Internet users, the scope for networking sites to grow is immense. However it’s the mobile space with over 350 million users that can take networking in India to a different level. While PCs and laptops continue to be the main access points for SNS, an emerging trend is the use of mobile phones. Equipped with Internet-browsing capabilities, recent mobile devices have provided users access to sites such as Facebook and Twitter. Globally, these sites are accessed on mobile devices as they are easy to operate with minimal content. The ability to stay connected with friends on the move gives mobile Internet the edge. One interesting and key aspect of SNS is that they are predominantly driven by youth, both men and women, who are tech-savvy and keen to try out new things on the net. Given the young ages of the users, much personal information gets shared on SNS. Installing content filtering software from reputable firms can help parents control their children’s online activities, block objectionable content and prevent them from interacting with strangers on SNS. How big is the InfoSec threat? Suffice to say, the threat is as huge as the opportunity itself. It is interesting to note that SNS and blogs are now the fourth most popular online activity ahead of personal email. Member communities are visited by 67 per cent of the global online population, and time spent there is growing at three times the overall Internet rate, accounting for almost 10 per cent of all Internet time according to Nielsen Online. An enormous amount of data and information is accumulating each day on major social networking sites: • Facebook: 300 million active users, 50 million mobile users; • LinkedIn: 50 million users, over 7 million unique users every month; • MySpace: 40 billion page visits a month; and • Twitter: 50 million active users, over 750,000 unique mobile users. It would be very risky to ignore the looming threat represented by such huge volumes of data. In addition, the collaboration and sharing made possible by web 2.0 technologies brings along a specific set of risks, online security being the most challenging. Such a large and varied user base combined with vast quantities of personal information presents a tempting target for hackers and spammers. Given their enormous size, it’s not surprising that McAfee Labs’ forecast for 2010 predicted that SNS would be the platforms of choice for emerging threats. Cyber criminals will use more complex Trojans and botnets to build and execute attacks, and leverage HTML5 to create new threats. The amount of malware created is increasing exponentially – a 500 per cent increase between 2008 and 2009. In a recent report, IT security and data protection firm Sophos has revealed an alarming rise in attacks on users of social networks such as Facebook and Twitter by cyber criminals. Interestingly, one of Facebook’s major attractions and unique selling points at its introduction was its security feature that restricted access to private information. Ironically, today it is the worst offender according to Sophos. Data from the Sophos 2009 Survey illustrate the rise in malware and spam in the past 12 months: • Some 57 per cent of users report they have been spammed via SNS, a rise of 70.6 per cent from 2008. • About 36 per cent reveal they have been sent malware via SNS, a rise of 69.8 per cent from 2008. • More than 72 per cent of businesses believe employees’ behaviour on SNS could endanger security. Clearly SNS are not as cool as they appear to be. The dramatic rise in attacks over the past 12 months indicate that social networks and their millions of users have to do a lot more to protect themselves from organised cyber crime or risk falling prey to identity theft schemes, scams and malware attacks. Employee behaviour on SNS Monitoring employees’ online behaviour, especially while accessing SNS, is challenging as the risk of sensitive data being shared on these sites becomes significant. With nearly three out of four businesses believing they are at risk due to employee behaviour, this is a challenge that cannot be ignored. An irresponsible act by an employee can have a serious impact on corporate reputation. Loss of trust is the last thing an organisation ever wishes to face. These are sufficient reasons to strengthen our IT security seat belts and fortify our IT infrastructure with robust firewalls and unified threat management solutions. Restricting employee access to SNS could well be an option for some organisations. A dual benefit of this policy could be enhanced employee productivity. ASSOCHAM in its recent Social Development Foundation Survey pointed out that surfing SNS during office hours leads to 12.5 per cent of human resource misappropriation. Orkut and Facebook top the list with over 60 per cent of the survey respondents admitting to wasting 45 minutes to one hour every day visiting these sites. In short, accessing SNS during office hours has both risk and productivity issues. Action points Internet Service Providers (ISPs) are the main gateways that enable users to access SNS. As a key component in the access mix they are doing their bit to ensure online security. However, before we arrive at an opinion about the role of ISPs, it should be understood that they do not have complete control of all the information on the Internet. As access providers, though, ISPs understand the criticality of data security and most of them provide anti-virus and anti-spam solutions in association with firms such as Trend Micro and McAfee. These might not be enough for some organisations which recognise the need to beef up their security infrastructure to ensure that their networks are safe. They would do well to deploy comprehensive unified threat management solutions that include firewalls, identity-based security, intrusion prevention systems, anti-virus and anti-spam to secure their business critical information. Enterprise-wide stringent IT and information security policies that monitor and restrict employee online activities will mitigate security issues to a large extent. For all this to happen the way it should, awareness and action are vital. Ignoring potential damage to corporate reputation is a risk too far.