Companies face a growing threat from industrial spies
who use social networks to engineer attacks against
them.
This was one of the main findings of the
European
Network and Information Security Agency (Enisa) which today
published a position paper that details the threats and risk
reduction strategies related to the use of social network websites
(SNSs).
Enisa has called for a review and reinterpretation of European
data protection legislation. "SNSs present several scenarios which
were not foreseen when current legislation (especially data
protection law) was created. The regulatory framework governing
SNSs should be reviewed and, where necessary, revised," it
said.
The Enisa paper details 15 threats and 19 recommendations to
mitigate the risks.
"Social engineering attacks using SNSs are a growing and often
underrated risk to corporate IT infrastructure," Enisa said.
Companies also face threats to their reputation from
profile-squatting (where a third-party forges a corporate website)
and defacement of their actual websites.
Top threats to individuals are the creation of digital dossiers
of both primary and behavioural use of data by third parties, the
use of face recognition technology to link identities across sites,
and content-based image retrieval, it said.
Enisa recommended an education and awareness raising programme
to highlight the risks and avoidance techniques, and called for a
review and reinterpretation of the regulations governing data
protection.
Enisa executive director Andrea Pirotti said social network
sites (SNSs) are a win-win and have created wealth worth billions.
But, he said, "Users are often not aware of the size or nature of
the audiences accessing their information. The sense of intimacy
created by being among digital friends often leads to a 'digital
hangover' - disclosures and digital "memories' that cannot be
forgotten the morning after."
Report editor Giles Hogben said, "Since the commercial success
of an SNS depends heavily on the number of users it attracts, there
is pressure on SNS providers to encourage design and behaviour
which increase the number of users and their connections."