Rawpixel - Fotolia

Social media and enterprise apps pose big security risks

The lack of security policies in many business applications is putting enterprise data at risk and social media apps are the biggest source of malware, a poll of IT professionals reveals

Many organisations are putting themselves at risk by not having policies in place to manage the security of enterprise applications and social media apps used by employees, a survey shows.

Although 17% of organisations are adding as many as 10 new applications into enterprise networks every day, 14% do not have policies in place to manage security, according to a poll of 217 IT professionals at Infosecurity Europe 2019 commissioned by network visibility and traffic monitoring firm Gigamon.

The survey also revealed that 26% of organisations have no idea how many applications are being added to their network each day, while 11% do not know if tools are deployed to manage their security.

“Today’s organisations are heavily dependent on applications, and employees will often use them to perform key parts of their job,” said Ollie Sheridan, security engineer for Europe, the Middle East and Africa at Gigamon. “However, it also means these applications can have access to sensitive corporate data, which could put an organisation at risk if it fell into the wrong hands.

“Organisations should therefore treat applications as part of their own network and aim to have complete visibility of their functions. Security should always be paramount when new applications are being deployed.”

Scott Crawford, a security analyst at 451 Research, told Computer Weekly in June 2018 that security threats arise because companies are using a diverse range of applications. Often, IT and security teams do not have the resources or time to identify and respond to attacks, he said.

The Gigamon survey also asked IT security professionals which applications they believe bring in the most malware to the enterprise. Social media applications were cited as the worst culprits (42%), followed by video streaming apps (17%), gaming apps (12%) and messaging apps (12%).

Social media platforms contain a variety of methods for malware to be delivered to users through adverts, shares and plug-ins, more than comparable sources, such as e-commerce, digital media or corporate websites, underlining the need for businesses to evaluate the risk that employee use of social media is posing to the organisation and how this risk is being mitigated.

One in five organisations has been infected with malware distributed via social media, according to a study commissioned by virtualisation-based security firm Bromium and carried out by Mike McGuire, senior lecturer in criminology at Surrey University.

Of the top 20 global websites that host cryptocurrency mining software, for example, 11 are social media platforms such as Twitter and Facebook.

Read more about application security

Apps, adverts and links are the primary delivery mechanism for cryptocurrency mining software on social platforms, with the majority of malware detected by McGuire mining monero (80%) and bitcoin (10%), earning $250m a year for cyber criminals.

Commenting on the study findings, published in February 2019, Gregory Webb, CEO of Bromium, said social media platforms have become near-ubiquitous and most corporate employees access social media sites at work, which exposes significant risk of attack to businesses and local governments, as well as individuals. 

“Hackers are using social media as a trojan horse, targeting employees to gain a convenient backdoor to the enterprise’s high-value assets,” he told Computer Weekly.

However, Webb said businesses must resist knee-jerk reactions to ban the use of social media, which often has a legitimate business function.

“Instead, organisations can reduce the impact of social media-enabled attacks by adopting layered defences that utilise application isolation and containment,” he said.

Read more on Application security and coding requirements