Embed Size (px)
Citation preview
Social Media and Security Risks
http://www.isaca.lk/ [email protected]
Parakum PathiranaPrincipal Consultant – LOLC Technologies, President – ISACA Sri Lanka ChapterMSc, FBCS, CISA, CISM, CGEIT, CISSP, ISO 27001 LA, MCP, CHFI, QCS, ITIL, CCSK
Disclaimer
• I’m employed in the #infosec industry, however not authorized to speak on behalf of my employer/ clients
• Everything I say can be blamed on the voices in your head
My credentials
• 9+ years in #Infosec field
• Tutor, consultant/ advisor, auditor, head of InfoSec
• Sectors: financial, leisure, manufacturing, advertising, gov, insurance, etc.
• Crazy about #cycling, #infosec, #socialmedia
• Still learning and not an expert at anything
• lk.linkedin.com/pub/parakum-pathirana/2/a52/2a2/
Agenda
• Key facts• Sri Lanka digital overview• Security threats• Case study• Facebook graph search• Threats arising from third party applications• TMI• Defense
Social Media Jungle !!!
Key facts
• Facebook has over 1.11 billion monthly active users, and daily active users passed 665 million 1
• Research suggests that only 14% of consumers trust advertisements 2
• Social media & Arab spring
• Impact on Sri Lanka Presidential Elections 2015
• Free wi-fi
• Impact on individuals, organizations, etc.
Sri Lanka digital overview
Attribute Sri Lanka Indonesia MalaysiaTotal population 21,675,648 251,160,124 29,628,392
Internet users 3,927,948 72,700,000 19,200,408
Internet penetration 18% 29% 65%Active Facebook accounts 2,000,000 62,000,000 15,600,000
Facebook penetration 9% 25% 53%Active mobile subscriptions 20,324,070 281,963,665 41,324,700
Mobile subscription penetration 94% 112% 139%
Percentage of mobile subscriptions that are 3G connections
13% 22% 43%
Number of active mobile broadband subscriptions
953,000 80,100,000 4,000,000
Mobile broadband subscriptions as a percentage of the total population
4.4% 32% 14%
Active social media users accessing social media on a mobile device
1,400,000 52,000,000 13,000,000
Penetration of mobile social as a percentage of the total population
6.6% 21% 44%
Security threats
• Malware distribution• Koobface - a worm masquerading as Adobe Flash Player update• Started in 2009, users were enticed to watch a funny video, then
conned into “updating” Flash• Koobface connected infected computers to botnet, served
machines ads for fake antivirus software• Estimated 400,000–800,000 bots in 2010
• Cyber stalking/ harassment
• Privacy concerns
• Impact on employment, reputation, etc.
• Concerns for organizations: brand reputation, laws and regulations
Security threats
Case Study
Case Study
•Not the first time Sir John has been left red-faced over photos posted on Facebook. • His wife, Lady Sawers, put up a picture of Sir John wearing skimpy swimming shorts on her Facebook page last May when he was appointed to the MI6 top job.
News Highlights
Facebook Graph Search
Social Networking – Local context
Cricket Sri Lanka
J.P. Morgan
Threats arising from third party applications
• Anyone can write one…No assurance on security or privacy
• No complete Terms and Conditions – either allow or deny
• Once installed, developers will have access rights to look at your profile and overrides your privacy settings!
TMI
• Lack of common sense: it’s very difficult to delete information after it’s been posted online
• Indiscreet information can adversely affect college employment, your personal life, etc.
“Connor Riley: “Cisco just offered me a job! Now I have to weigh the utility of a [big] paycheck against the daily commute to San Jose and hating the work.”
• Location services, be careful when you check-in
• URL shortner services
• E.g. bit.ly
How to defend yourself?
• Reasonable “Common sense” measures
• Use strong, unique passwords
• Provide minimal personal information: avoid entering birthdate, address, etc.
• Review privacy settings, set them to “maximum privacy”• “Friends of friends” includes far more people than “friends only”
• Exercise discretion about posted material:• Pictures, videos, etc.
• Opinions on controversial issues
• Anything involving coworkers, bosses, classmates
• Anything related to employer (unless authorized to do so)
• Be wary of third party apps
• Supervise children on social media
How to defend yourself?
• “If it sounds too good to be true, it probably is”
• Use browser security tools for protection:
• Anti-phishing filters (IE, Firefox, Chrome)• Web of Trust• AdBlock/NoScript
• Personal reputation management:
• Search for yourself online, look at the results…• Google Alerts
• Extreme cases:
• Cease using, delete accounts?• Contact law enforcement
How to defend yourself?
• Combatting url shortners• Think before you click?
Defense strategy for organizations
• Monitoring & Responding
• Formulating the necessary policy framework
• Awareness
….
Thank you
