In three recent posts, here and here and here, I explored the subject of business threats from social media. In those previous posts I referenced an ENISA (the European Network and Information Security Agency) white paper which outlines general threats from social networks, many of which are of a technical, infrastructure nature. Yet, many of the threats they outlined were not technically oriented. It’s those of the latter type that catch my attention. My interest lies in pointing out the informational, content threats that exist for business in the open forum that is social media. It’s this type of threat that this series of posts is about.
Today’s post references ENISA designated Threat SN.15, Corporate Espionage, summarized on page 4 of the ENISA white paper. Threat SN.15 points out that, in social networks, the nastier among us are trying to carry out what ENISA refers to as “social engineering” attacks. ENISA defines social engineering as:
A means of attack frequently used by hackers to bypass security mechanisms and access sensitive enterprise data – not by using technology (although technology may be involved), but by using the employees themselves. Data is often acquired subtly and is gathered gradually piece by piece.
The definition seems a bit thick and academic in style. I also think that the usage of the term “corporate espionage” is inaccurate. Corporate espionage refers to an active, covert program to gain critical competitive information. What ENISA discusses here is certainly an active program, but it is by no means covert. In fact, if I indeed understand their definition correctly, what they’re talking about is entirely legal. There is no “cloak and dagger” at all. ENISA is talking about intelligence exploitation.
Or more accurately let’s call it competitive intelligence, the gathering of critical information that indicates a company’s competitiveness and that is in the public domain. Some call that domain “open sources.” Social media gives us intelligence analysts opportunity to mine like never before. Let’s dig deeper into the ENISA example to see what I mean.
ENISA uses as an example of how sensitive company information may be extracted through use of social networks. Not through anything like surreptitious interaction, mind you. But simply by harvesting it. They give an example of a well-known business social network via which you may gain a look at details on employees, past and present, of a given company. Here’s a link that demonstrates what they’re talking about (ENISA cites this link in their white paper as reference number 66.) You should really take a look at this link. Go ahead. It’ll pop open in a separate window.
Did you view the link? Yes? See what I mean?
Imagine a competitor trying to assemble a company org chart. This link could be very helpful. And it’s free. Right there for the picking. When I was a young competitive intelligence analyst I would have loved to have such a resource. I could have gone home a lot earlier every day.
Is your company guilty of this kind of “intelligence gush?” If so, you best take a hard look at what your employees are doing, lest you make it just too easy for your rivals.
Food for thought. In future posts, I’ll be exploring more business threats from social media. Subscribe free to our RSS alert so you won’t miss a post.
_________________
Like this post? Tweet it! >> “Business Threats from Social Media – Part 4″ http://tinyurl.com/9kw6lx
