Companies vulnerable to cyberattack via social networks, warns security vendor
A security vendor advised companies and employees to stop sharing data on social networks, saying such a practice may do them and their companies "more harm than good."
Bitdefender said this is most urgent in the United States where many companies are hacking targets and citizens are lax in disclosing private information online.
"It’s too easy for an attacker to aggregate a database of sensitive information about a company using profile info disclosed by employees on social networks. With clues as to a target company’s hierarchy, criminals can send targeted e-mails or messages to expose an employee to unpatched vulnerabilities and malware - and breach even elaborate corporate defenses," it said.
The security vendor also said the more information a company’s employees share on social networks, the greater the chance the company will be hit by highly targeted attacks.
It advised companies and employees to "be discreet in sharing details about your private and professional life."
"Check-ins, random comments, holiday snapshots and links posted on social networking platforms offer the puzzle pieces of a life that, put together, help attackers create accurate impersonations or lures to attack against them and their employers," it added.
Bitdefender cited a study of Google+ showed 22 percent of Americans reveal their employer or occupation on Google+, more than seven times the global average of 3 percent.
In contrast, it said only 7.8 percent of Brits and 3.4 per cent of Spaniards share such information online.
The study also showed Americans tend to disclose their city of residence: 47 percent of those with Google+ accounts give that information, while only 25 percent of Brits do so.
Bitdefender also noted social network information aggregators such as findpeopleonplus.com for Google+ and Graph Search for Facebook "allow practically anyone to find a person’s age, relationship status, education, occupation and place of employment."
It warned such free tools can allow one to build a dossier on employees, even of high-profile firms like Google, Facebook or Apple.
"Such an attack begins by identifying employees – potential points-of-entry for cyber-criminals. One can easily find out their interests and what platforms and operating systems they use, then precisely target an attack to infiltrate the company," it said.
Bring Your Own Device
Further increasing the risk it the "Bring Your Own Device" policy, where it is now easier to compromise a system connected to a user’s home network.
"When the system is compromised, the attacker simply waits until it connects to the corporate network," it said. — TJD, GMA News