1

Social Media Security Challenges

Aleksandr Yampolskiy, Ph.D.(Gilt Groupe)

3

What is Social Media?

Benefits of Social Media

Reach out to customers quicker Brand recognition

Recruiting

Risks of Social Media5

Twitter XSS bugMyspace Samy worm

Facebook spear-phishingFacebook page of MI6 chief’s wife

Pros/Cons of Social Media

6

To summarize:

Positive benefits- Recruiting efforts through LinkedIn- Gilt brand expansion (Facebook, Twitter)- Blogging about latest fashion trends- Get the message out faster and to more people

Negative risks- Expands the network perimeter- Makes social engineering easier- Potential for data leakage- Malware, phishing, spoofing

Our solutions1. Heavily based on policy and training• Include a chapter in InfoSec policy about Social Media.• Define what social media is (blogs, networking sites, facebook, etc.)• Define what’s allowed to post and what’s not (no confidential info, no

negative comments about compettiors, etc.)• Who does the policy apply to? (everyone? Just pr or marketing?)

2. Permissive posture. Track usage of sites at firewall level but don’t block them.

3. These are just web 2.0 apps. So same rules apply.• Phishing prevention• Secure coding principles

4. Remind employees to use different personal passwords and corporate passwords.

7

8

Sample Threat Matrix For Social Media

Data leakage

on Twitter

Facebook malware

Spear-phishing

9