Let’s start with an introduction to Faronics.
We’re a software company that has been around for some 15 years now. We specialise in security utilities, primarily focused on education and SMBs. They tend not to have large, sophisticated IT departments and for the most part are overworked and are looking for easy-to-use, easy-to-implement solutions, and that’s what we provide.
Faronics recently released the results of research into social media threats. What were the main findings?
We’ve been talking about some of the threats around social media for the past year now; social media has become a vital and instrumental tool for businesses and it is something that pretty much every business has to think about. But at the same time it is one of the largest vulnerabilities that can be introduced into the corporate environment.
We wanted to look into how much people actually know about social media and the extent to which they are willing to share information and link with people they didn’t know. We found that one of the biggest attack vectors for cyber criminals is spear phishing, but over half the respondents did not know what it was. Typically, it preys upon naivety and willingness to share information.
We asked what type of information people would be willing to share with people they don’t know over social media or email. The thing that shocked us was that 31% said they would share a password, bank account number and their mother’s maiden name.
Why are people so trusting?
There is always a section of the general population that isn’t security conscious; it’s not something they really think too deeply about. One of the things we’ve found with spear phishing and targeted attacks is that usually the cyber criminals will find someone they will target and find out who their contacts and friends are. At work people may well be controlled by IT policy, but in their personal lives they are very lax about security.
We found that about 33% of people would accept a request on Facebook or LinkedIn from people they don’t know, but more people would be willing to open an attachment or click on links from people they do know, so that’s what the cyber criminals focus on – they may hack into a friend’s Facebook account and send the target a message.
Then the cyber criminal has a route into the enterprise.
Nothing happens immediately after accepting a LinkedIn or Facebook request in these cases, but after a while the target will receive a message or post on their wall that contains a shortened URL. That’s dangerous because you don’t know where you’re going. It could be a poisoned website set up to drop malware onto your computer. That is usually the Trojan horse that opens a backdoor into your corporate network.
What is the security industry doing to help protect customers?
Traditional antivirus companies say they counter it by more and more frequent updates, but that just burdens the IT administrator and you’re playing catch up. Symantec did a recent study where they found there were close to 70,000 new, unique pieces of malware every day. There’s no way you can keep up.
So what’s the alternative?
We and a couple of other firms have introduced technology called application control. If you think of antivirus as being a blacklist of everything that is evil, application control does not worry about the bad staff. It focuses on what is good and permits it. So anything that is not on a control list does not run. If a zero-day threat gets past your antivirus and attempts to execute, the app control will stop it if it’s not on the list. Eventually the antivirus will catch up and remove it from the system before it does any damage.
Is this different from traditional whitelisting technology?
It is application whitelisting, but it has come a long way. It is easy for an admin to create a control list and apply that to a group of computers through a policy.