Cybercriminals are increasingly exploiting social networks to
identify potential victims and attack them, says security firm
Sophos.
Web 2.0 companies are concentrating on growing their members at
the expense of defending users from threats, according to the
firm's latest
security threat
report.
The problem is compounded by the fact social networks
tend not to provide explicit or accessible privacy guidelines
to avoid putting off potential members, according to researchers at
Cambridge University.
The Sophos research found that IT teams are worried that
employees share too much personal information via social networking
sites, putting their corporate infrastructure and the sensitive
data stored on it at risk.
The findings also indicate that a quarter of businesses have
been exposed to spam, phishing or malware attacks via sites such as
Twitter, Facebook, LinkedIn and MySpace.
The time has come for Web 2.0 companies to examine their systems
to determine how they are going to protect their huge number of
users from virus writers, identity thieves, spammers and scammers,
said Graham Cluley, senior technology consultant at Sophos.
"The honeymoon period of these sites is over, and personally
identifiable information is at risk as a result of constant attacks
that the websites are simply not mature enough to protect against,"
he said.