One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8354515 |
| Date de publication | 2023-07-11 10:00:00 (vue: 2023-07-11 17:06:58) |
| Titre | Comment les médias sociaux compromettent la sécurité de l'information How social media compromises information security |
| Texte | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Today’s companies operate in a complex security environment. On the one hand, the threat landscape is growing. Bad actors are becoming more and more refined as they get access to new tools (like AI) and offerings (like hacking-as-a-service). On the other hand, companies are dealing with more sensitive data than ever before. This has prompted consumers and regulators alike to demand for better security practices. To top it all off, companies are operating in an increasingly decentralized digital model. Gone are the days of firewalls. Employees want to be able to access work from anywhere, and on their own networks and devices. This has heightened the prevalence of insider threats, making it much easier for employees to inadvertently (or intentionally) share corporate data with others. One way that insider threats have become particularly problematic is through social media. In this article, we’re taking a closer look at how social media can compromise data security for organizations — and what they can do to address this concern. The challenge with social media Depending on the platform, social media encourages users to share information about their life and experiences in varying degrees. When it comes to employees, social media can easily be a channel to discuss work-related topics, whether that’s sharing excitement about an upcoming product feature, posting a photo of a company event, or even sharing sensitive information with a colleague via private chat features. This degree of sharing — both of personal and corporate information — can pose a number of challenges for businesses. For starters, there’s a risk of accidentally sharing information. An employee could post a picture of their desk on Instagram to show off their lunch for the day or the view from their office and forget to blur the sensitive information on their computer screen. Alternatively, a software developer might seek out peers on a Reddit forum to try and solve a particular issue with their code, and inadvertently share proprietary code when asking for help. Some social media channels also allow for a certain degree of anonymity. A disgruntled employee could take to Twitter or Reddit and make corporate secrets widely available to competitors or regulators. On the other side of the equation, cybercriminals use social media platforms as resources for their attacks. These bad actors understand that people are prone to sharing information, so they access public profiles to try and glean useful information that can then be used for sophisticated social engineering attacks. In addition, they can use the likes of LinkedIn to map out an organizational structure, get access to corporate email addresses, and even identify when core individuals are on vacation. They can also review an individual’s follower or contact list, create a fake account for someone at the company that’s not on the list, and encourage the employee to share sensitive information. All of these challenges can put a business at risk of sophisticated threats including phishing and other forms of social engineering, brand impersonation aimed at tricking customers, data theft, and even large-scale data breaches. Desp |
| Envoyé | Oui |
| Condensat | — can — that’s able about access accidentally account accounts act actors addition address addresses adopt adoption ahead aimed alike all allow also alternatively anonymity any anywhere are around article asking at&t attacks author available aware bad become becoming been before below best better blur both brand breaches business businesses can can’t certain challenge challenges change channel channels chat clear closer code colleague comes companies company competitors complex comprehensive compromise compromises computer concern consumers contact content continually control core corporate could create credentials cultural customers cybercriminals cybersecurity dangers data day days dealing decentralized dedicated degree degrees demand depending desk despite details developer device devices dictate difficult digital disclosing discuss disgruntled does done easier easily educate egress email employee employees encourage encourages endorse engineering environment equation even event ever evolving example excitement expectations experiences exposed external fake feature features firewalls flag follower forget forms forum fraudulent from gamified get given glean gone growing hacking hand has have having heightened help here hire how identify identifying immediate impact impersonation important inadvertently including incorporating increasingly individual’s individuals information insider instagram instrumental intentionally issue it’s iterative keep keeping kickstarting landscape large leak learns life like likes linkedin list look loss lunch maintaining make making manager map measures media might mitigate mobile model more much need needed networks new not notoriously number off offerings office often onboarding one operate operating opportunity organizational organizations other others out own particular particularly password passwords peers people personal phishing phone photo picture platform platforms policies pose positions post posted posting potential practices practitioners prevalence prevention private proactively problematic product profiles prompted prone proprietary protect provide provided public put reddit refined regulators related resources response responsibility review risk robust said say scale scanning screen secrets security seek sensitive service services set share sharing shifts show side social software solely solve some someone sophisticated starters staying strategy structure take taking technologies than that’s theft them then there’s these things threat threats through times today’s too tool tools top topics training tricking try twitter understand upcoming use used useful users vacation varying vectors view views want way ways we’re weeks well what when where whether why widely work |
| Tags | Threat |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.