Social Media Security Challenges Aleksandr Yampolskiy, Ph.D. (Gilt Groupe)
Quick Survey <ul><li>Do you have a Myspace account? </li></ul><ul><li>Facebook? </li></ul><ul><li>LinkedIn? </li></ul><ul>...
What is Social Media?
Benefits of Social Media Reach out to customers quicker Brand recognition Recruiting
Risks of Social Media Twitter XSS bug Myspace Samy worm Facebook spear-phishing Facebook page of MI6 chief’s wife
Pros/Cons of Social Media <ul><li>To summarize: </li></ul><ul><li>Positive benefits </li></ul><ul><li>Recruiting efforts  ...
Our solutions <ul><ul><ul><li>Heavily based on  policy and training </li></ul></ul></ul><ul><ul><ul><li>Include a chapter ...
Sample Threat Matrix For Social Media Data leakage  on Twitter Facebook malware Spear-phishing
Social media security challenges
Upcoming SlideShare
Loading in...5
×

Social media security challenges

1,453

Published on

This talk describes the benefits of social media as well as its security challenges. It also outlines sample defenses that companies can adopt. It was given at CSO breakfast club in NYC.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,453
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
44
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Social media security challenges

  1. 1. Social Media Security Challenges Aleksandr Yampolskiy, Ph.D. (Gilt Groupe)
  2. 2. Quick Survey <ul><li>Do you have a Myspace account? </li></ul><ul><li>Facebook? </li></ul><ul><li>LinkedIn? </li></ul><ul><li>Have you ever searched for something on Wikipedia? </li></ul><ul><li>How about Google? Yahoo? </li></ul><ul><li>Do you read blogs? </li></ul><ul><li>Does your company engage in social media marketing? </li></ul>
  3. 3. What is Social Media?
  4. 4. Benefits of Social Media Reach out to customers quicker Brand recognition Recruiting
  5. 5. Risks of Social Media Twitter XSS bug Myspace Samy worm Facebook spear-phishing Facebook page of MI6 chief’s wife
  6. 6. Pros/Cons of Social Media <ul><li>To summarize: </li></ul><ul><li>Positive benefits </li></ul><ul><li>Recruiting efforts through LinkedIn </li></ul><ul><li>Gilt brand expansion (Facebook, Twitter) </li></ul><ul><li>Blogging about latest fashion trends </li></ul><ul><li>Get the message out faster and to more people </li></ul><ul><li>Negative risks </li></ul><ul><li>- Expands the network perimeter </li></ul><ul><li>Makes social engineering easier </li></ul><ul><li>Potential for data leakage </li></ul><ul><li>Malware, phishing, spoofing </li></ul>
  7. 7. Our solutions <ul><ul><ul><li>Heavily based on policy and training </li></ul></ul></ul><ul><ul><ul><li>Include a chapter in InfoSec policy about Social Media. </li></ul></ul></ul><ul><ul><ul><li>Define what social media is (blogs, networking sites, facebook, etc.) </li></ul></ul></ul><ul><ul><ul><li>Define what’s allowed to post and what’s not (no confidential info, no negative comments about compettiors, etc.) </li></ul></ul></ul><ul><ul><ul><li>Who does the policy apply to? (everyone? Just pr or marketing?) </li></ul></ul></ul><ul><li>2. Permissive posture. Track usage of sites at firewall level but don’t block them. </li></ul><ul><li>3. These are just web 2.0 apps. So same rules apply. </li></ul><ul><li>Phishing prevention </li></ul><ul><li>Secure coding principles </li></ul><ul><li>4. Remind employees to use different personal passwords and corporate passwords . </li></ul>
  8. 8. Sample Threat Matrix For Social Media Data leakage on Twitter Facebook malware Spear-phishing
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×