Companies face a growing threat from industrial spies who use social networks to engineer attacks against them...
This was one of the main findings of the European Network and Information Security Agency (Enisa) which today published a position paper that details the threats and risk reduction strategies related to the use of social network websites (SNSs).
Enisa has called for a review and reinterpretation of European data protection legislation. "SNSs present several scenarios which were not foreseen when current legislation (especially data protection law) was created. The regulatory framework governing SNSs should be reviewed and, where necessary, revised," it said.
The Enisa paper details 15 threats and 19 recommendations to mitigate the risks.
"Social engineering attacks using SNSs are a growing and often underrated risk to corporate IT infrastructure," Enisa said. Companies also face threats to their reputation from profile-squatting (where a third-party forges a corporate website) and defacement of their actual websites.
Top threats to individuals are the creation of digital dossiers of both primary and behavioural use of data by third parties, the use of face recognition technology to link identities across sites, and content-based image retrieval, it said.
Enisa recommended an education and awareness raising programme to highlight the risks and avoidance techniques, and called for a review and reinterpretation of the regulations governing data protection.
Enisa executive director Andrea Pirotti said social network sites (SNSs) are a win-win and have created wealth worth billions. But, he said, "Users are often not aware of the size or nature of the audiences accessing their information. The sense of intimacy created by being among digital friends often leads to a 'digital hangover' - disclosures and digital "memories' that cannot be forgotten the morning after."
Report editor Giles Hogben said, "Since the commercial success of an SNS depends heavily on the number of users it attracts, there is pressure on SNS providers to encourage design and behaviour which increase the number of users and their connections."