Cybercrime Gets Social

It happens every day. Employees are checking Facebook, posting to Twitter, playing Web games. You know it. They know it.

And, apparently, hackers know it, too.

That's one of the key themes discussed in the Cisco 2010 Midyear Security Report, which was published by Cisco researchers earlier today. As employees bring more of their "consumer" technology and behavior into the office, the bad guys are looking to exploit the weak spots in those noncorporate environments.

Seven percent of global users accessing Facebook spend an average of 68 minutes per day playing the popular interactive game "FarmVille," according to the Cisco report. "Mafia Wars" is the second most popular game, with 5 percent of users each racking up 52 minutes of play daily. "Caf World," played by 4 percent of users, accounts for 36 minutes of wasted time per day.

Fifty percent of end users admit they ignore company policies that prohibit the use of social media tools at least once a week, and 27 percent say they change the settings on corporate devices to access prohibited applications.

"Technological innovations are fundamentally changing the way people live, work, play, share information, and communicate with each other," says John Stewart, Cisco vice president and CSO. "Because consumers are typically the early adopters, enterprises often struggle to adapt existing polices to address their employees' preferred use of technology."

While lost productivity typically isn't the security department's problem, Cisco says, the increasing use of these personal sites and devices presents a new vector of attack for hackers who are looking to get into the corporate network.

"According to data compiled by ScanSafe, now part of Cisco, less than 1 percent of malware encounters in 2009 were driven by users clicking links in Webmail," the report says. "In the first quarter of 2010, this figure rose to 1.4 percent."

Nearly half of the "millennial" generation uses social networking while at work, according to the study, but only 32 percent say this use of the network is supported by their IT organizations. Only one in five survey respondents say their companies have policies in place for the use of social networking tools.

"Workers need to have a heightened awareness of the pain they can cause a business when they over-share information via social networks," advises Seth Hanford, Intelligence Operations team lead at Cisco. "They may be unaware that they could put customers, their own jobs, and others at risk, along with the enterprises ability to turn a profit. Executives need to clearly state the ramifications of workers actions."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.