160 likes | 274 Views
Social Media Risk. John Rostern Managing Director May 18, 2012. Social Media Use. Over 800 million Users - 425 million Mobile Users Over 150 million Users 140 million ‘ ‘ ers sending 340 million tweets per day
E N D
Social Media Risk John RosternManaging DirectorMay 18, 2012
Social Media Use • Over 800 million Users - 425 million Mobile Users • Over 150 million Users • 140 million ‘ ‘ers sending 340 million tweets per day • 20 million Users – increased 5 million in 16 months 13 million U.S. Facebook users do not use or are unaware of privacy settings – Consumer Reports, May 2012
Social Media is Pervasive & Connected So What? • Company Affiliation • Title • Work History • Personal and/or Work eMail • Current Projects/Interests • Personal eMail • Education / Alumni • Political & Religious Affiliations • Information on Spouse and/or Children • Record of Travel • Daily Routine • Religious Affiliations
Engineering Social Media • The Art of Deception • Kevin Mitnick • Secrets and Lies • - Bruce Schneier
Org Chart v0 1 – Iselin, NJ Michael Durney Vice Chairman Finance 194 Wood Ave. S., Iselin, New Jersey 08830 (732) 452-8000 Kenneth Shea Executive Director Global Tech Infra Chris Karadimas SVP Daniel Nealis SVP Tech Risk & Control Tim Noble Vice President Ron Debate Financial Director Euro Tax Mgr Peggy Yu Operations Mgr HR
A Social Engineering Tale… • Search for employees of the target company • Harvest company and personal eMail addresses • Create an ‘Org Chart’ of employees on • Look for common connections and try to get introduced • Search for names of employees discovered on • Harvest personal eMail, personal information, background, family information, etc. from • Create ‘Face-phishing’ eMail based on profiles • Create Phishing eMail(s) for company accounts based on job profiles Then it becomes scary…
Key Questions to Ask… • How much ‘exposure’ does your organization want to have in social media? • Who is authorized to speak on behalf of the organization? • Have you provided clear guidance to your employees regarding social media? • How does your organizatioensure that only ‘public’ information is made public? • Do you monitor social media for information about your organization?
Takeaways • Be aware of information about your company in cyber-space • Build awareness among staff about responsible information sharing in social media • Do not assume that ‘blocking’ access to social media sites is an effective control • Develop and communicate policies regarding the use of social media • Distribute ‘approved’ language regarding the company for use by employees on their profile(s) • No piece of information is inconsequential when combined with other data • John Rostern • Managing Director, East Region • john.rostern@coalfire.com