social media and security risks
TRANSCRIPT
![Page 1: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/1.jpg)
Social Media and Security Risks
http://www.isaca.lk/ [email protected]
Parakum PathiranaPrincipal Consultant – LOLC Technologies, President – ISACA Sri Lanka ChapterMSc, FBCS, CISA, CISM, CGEIT, CISSP, ISO 27001 LA, MCP, CHFI, QCS, ITIL, CCSK
![Page 2: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/2.jpg)
Disclaimer
• I’m employed in the #infosec industry, however not authorized to speak on behalf of my employer/ clients
• Everything I say can be blamed on the voices in your head
![Page 3: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/3.jpg)
My credentials
• 9+ years in #Infosec field
• Tutor, consultant/ advisor, auditor, head of InfoSec
• Sectors: financial, leisure, manufacturing, advertising, gov, insurance, etc.
• Crazy about #cycling, #infosec, #socialmedia
• Still learning and not an expert at anything
• lk.linkedin.com/pub/parakum-pathirana/2/a52/2a2/
![Page 4: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/4.jpg)
Agenda
• Key facts• Sri Lanka digital overview• Security threats• Case study• Facebook graph search• Threats arising from third party applications• TMI• Defense
![Page 5: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/5.jpg)
Social Media Jungle !!!
![Page 6: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/6.jpg)
![Page 7: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/7.jpg)
![Page 8: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/8.jpg)
Key facts
• Facebook has over 1.11 billion monthly active users, and daily active users passed 665 million 1
• Research suggests that only 14% of consumers trust advertisements 2
• Social media & Arab spring
• Impact on Sri Lanka Presidential Elections 2015
• Free wi-fi
• Impact on individuals, organizations, etc.
![Page 9: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/9.jpg)
Sri Lanka digital overview
Attribute Sri Lanka Indonesia MalaysiaTotal population 21,675,648 251,160,124 29,628,392
Internet users 3,927,948 72,700,000 19,200,408
Internet penetration 18% 29% 65%Active Facebook accounts 2,000,000 62,000,000 15,600,000
Facebook penetration 9% 25% 53%Active mobile subscriptions 20,324,070 281,963,665 41,324,700
Mobile subscription penetration 94% 112% 139%
Percentage of mobile subscriptions that are 3G connections
13% 22% 43%
Number of active mobile broadband subscriptions
953,000 80,100,000 4,000,000
Mobile broadband subscriptions as a percentage of the total population
4.4% 32% 14%
Active social media users accessing social media on a mobile device
1,400,000 52,000,000 13,000,000
Penetration of mobile social as a percentage of the total population
6.6% 21% 44%
![Page 10: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/10.jpg)
Security threats
• Malware distribution• Koobface - a worm masquerading as Adobe Flash Player update• Started in 2009, users were enticed to watch a funny video, then
conned into “updating” Flash• Koobface connected infected computers to botnet, served
machines ads for fake antivirus software• Estimated 400,000–800,000 bots in 2010
• Cyber stalking/ harassment
• Privacy concerns
• Impact on employment, reputation, etc.
• Concerns for organizations: brand reputation, laws and regulations
![Page 11: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/11.jpg)
Security threats
![Page 12: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/12.jpg)
Case Study
![Page 13: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/13.jpg)
Case Study
•Not the first time Sir John has been left red-faced over photos posted on Facebook. • His wife, Lady Sawers, put up a picture of Sir John wearing skimpy swimming shorts on her Facebook page last May when he was appointed to the MI6 top job.
![Page 14: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/14.jpg)
News Highlights
![Page 15: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/15.jpg)
![Page 16: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/16.jpg)
Facebook Graph Search
![Page 17: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/17.jpg)
Social Networking – Local context
![Page 18: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/18.jpg)
Cricket Sri Lanka
![Page 19: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/19.jpg)
J.P. Morgan
![Page 20: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/20.jpg)
Threats arising from third party applications
• Anyone can write one…No assurance on security or privacy
• No complete Terms and Conditions – either allow or deny
• Once installed, developers will have access rights to look at your profile and overrides your privacy settings!
![Page 21: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/21.jpg)
TMI
• Lack of common sense: it’s very difficult to delete information after it’s been posted online
• Indiscreet information can adversely affect college employment, your personal life, etc.
“Connor Riley: “Cisco just offered me a job! Now I have to weigh the utility of a [big] paycheck against the daily commute to San Jose and hating the work.”
• Location services, be careful when you check-in
• URL shortner services
• E.g. bit.ly
![Page 22: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/22.jpg)
How to defend yourself?
• Reasonable “Common sense” measures
• Use strong, unique passwords
• Provide minimal personal information: avoid entering birthdate, address, etc.
• Review privacy settings, set them to “maximum privacy”• “Friends of friends” includes far more people than “friends only”
• Exercise discretion about posted material:• Pictures, videos, etc.
• Opinions on controversial issues
• Anything involving coworkers, bosses, classmates
• Anything related to employer (unless authorized to do so)
• Be wary of third party apps
• Supervise children on social media
![Page 23: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/23.jpg)
How to defend yourself?
• “If it sounds too good to be true, it probably is”
• Use browser security tools for protection:
• Anti-phishing filters (IE, Firefox, Chrome)• Web of Trust• AdBlock/NoScript
• Personal reputation management:
• Search for yourself online, look at the results…• Google Alerts
• Extreme cases:
• Cease using, delete accounts?• Contact law enforcement
![Page 24: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/24.jpg)
How to defend yourself?
• Combatting url shortners• Think before you click?
![Page 25: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/25.jpg)
Defense strategy for organizations
• Monitoring & Responding
• Formulating the necessary policy framework
• Awareness
![Page 26: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/26.jpg)
![Page 27: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/27.jpg)
….
![Page 28: Social media and Security risks](https://reader036.vdocuments.net/reader036/viewer/2022062419/55a521f71a28abaf348b478c/html5/thumbnails/28.jpg)
Thank you