No one appreciates a fair-weather friend, the kind that is only around when something is in it for them, and quick to disappear when help is needed. But fake friends are even worse, the social profiles of people who simply do not exist in the real world. However, such profiles serve as bait, whether to collect information, or send out malware, or believe it or not, corporate espionage.
But are companies paying attention? After all, these are just social sites, right? And someone else’s problem. Think again. Spear phising is one way in to the network, and it’s possible every day.
One completely bogus profile on Linkedin, for example, identified by Websense Security Labs, had 400 connections. Yet it exists only to harvest intelligence, and in this particular case, lure viewers to a dating site. The consequences can actually be far worse than accidentally visiting a crass webpage: a future, targeted cyber attack.
“The buzzwords used to be identity theft and stolen credit card numbers, now it’s intellectual property and proprietary processes that someone, usually someone overseas, wants to replicate,” said Bill Ho, President, Biscom, in an interview with Mobile Enterprise.
Say for example, a company, or even a country for that matter, extracts information to accelerate a program, whether it’s a new product or a pharmaceutical or a design mechanism. That just doesn’t save on research and development, but affects global trade.
Ask DuPont what happened back in 2007, when it accused Kolon Industries of stealing trade secrets. (A former DuPont employee gave his new employer information on how to make Kevlar.) DuPont was awarded $919 million in damages, and the former employee was hauled off to federal prison. But it took almost four years for the judgment by a U.S. District Court, not a luxury many companies have.
“People want anytime and anywhere access to their corporate information as companies continue to embrace a remote workforce,” Ho said. “But better management and control of devices is critical for enterprises and IT.”
Working with companies that have been worried about BYOD for quite a while, (providing secure file transfers for ten years actually), Biscom serves all verticals, However, according to Ho, regulated industries are more aware and active. Surely this is by default, as compliance is strictly enforced. Yet this is something that should be happening across the board, regardless of the industry.
“The trend is happening whether IT likes it or not,” Ho said, referring to the proliferation of personally owned devices and more and more access to corporate data. Yes, IT has to deal with it, along with the balancing act of providing accessibility and ensuring security. The question is how to provide what users want while staying in compliance.
Where to start? First, understand what information must be protected. What data is being used, who is accessing it? The classification and organization of data is a time-consuming exercise, but one that is imperative. “Well, I need to just protect everything,” is not the magic bullet. A range of security solutions is on the market. The review process is highly dependent on the size of the company and its workflow.
And while the CIO is looking at the comprehensive strategy, the CEO just wants to know it’s done. To that end, Biscom works primarily with the former. Ho asks each of them, “What keeps you up at night?” The answer is usually around information, how it’s being used, accessed and protected. That’s no wonder, when simple things like a fake social profile can lead to network infiltration.