Social Media Poses Significant Threat to Worldwide Corporate Network Security

by Matt Klassen on October 26, 2010

With pointless Facebook statuses to update, music to download, hockey pool stats to ponder, and random tweets to….tweet(?), its a surprise to me that anyone in the modern Internet-driven business world gets any work done at all. Turns out, they don’t.

A recent study conducted by next-gen firewall vendor Palo Alto Networks has found a disturbing worldwide trend, discovering that a whopping 25% of corporate Internet traffic is generated by employees accessing social networking sites. This means, simply enough, that people around the world are giving into the temptation to engage in social networking while on the job; a trend that is certainly damaging to the corporate bottom line.

But as more and more companies are discovering, the exponential rise in the popularity of social networking sites like Facebook and Twitter is not only harmful to corporate productivity levels, its harmful to corporate security as well.

The Palo Alto Networks study was based on firewall data captured from a total of 723 organizations worldwide: 275 in North America, 241 in Europe, and another 207 in the Asia-Pacific region. While the impact on corporate productivity is beyond the purview of Palo Alto and its impromptu firewall-based study, what is clear is that users are taking control of the corporate network by using social networking tools that clog up expensive bandwidth and expose corporate networks to significant security threats.

While social networking can have some great rewards–just ask new Calgary mayor-elect Naheed Nenshi after his social networking assisted political victory–its use comes with significant risk as well. The Palo Alto study found that while many different social networking sites were accessed, the most problematic by far was the use of Facebook 3rd party applications.

I wrote last week on the privacy issues surrounding Facebook and the use of its 3rd party applications, noting in particular the unapproved data collected by the likes FarmVille and other popular apps. So if people are up in arms about the unauthorized collection and distribution of their own personal information, just imagine how dangerous these applications are for corporate networks that contain a great deal of sensitive business information.

“The more that enterprises download Facebook applications,” says Franklyn Jones, director of EMEA marketing for Palo Alto, “the more likely they are to be attacked. For email and instant messaging services, the study found that a whopping 81% have the latent potential found allowing inbound security threats, while a slightly lower 59% create the potential for serious data leakage.

But with the popularity–and even potential profitability–rising for social networking services, one thing that corporations can’t hope for is the disappearance of this worldwide trend. In fact, as the current generation of Twitter-addicted teenagers hits the working world, look for this trend to increase substantially.

So if the use and subsequent threat of social networking sites is unlikely to diminish, the onus for controlling this growing trend lies with the corporations themselves, or more specifically, with the IT community. But the question remains, what is the best response to this growing social networking threat?

Did you like this post ? publishes daily news, editorial, thoughts, and controversial opinion – you can subscribe by: RSS (click here), or email (click here).

Written by: Matt Klassen. >. Follow > by: RSS >, Twitter >, >, or Friendfeed >

{ 3 comments… read them below or add one }

Jordan Richardson October 26, 2010 at 7:05 am

People have been wasting precious productivity hours as long as companies have had IT at the workplace, so this isn’t really anything new. One troubling recent example was that the regulators at the Securities and Exchange Committee were downloading porn while America’s financial markets collapsed.

Everything comes with some semblance of risk and nothing is free of security problems, but savvy companies know how to utilize social networking to their advantage while minimizing risk. Social networking is only a “threat” if companies (and individuals) take unnecessary risks with the medium.

Matt October 26, 2010 at 4:56 pm

I think your last line really crystalizes this current issue. Both employees and IT departments alike are ill equipped to deal with the risks posed by social networking. While the study didn’t really go into it, I would wager employees (especially the rank and file) don’t give network security any thought while they’re wasting time playing FarmVille.

Jordan Richardson October 26, 2010 at 10:19 pm

Considering that the study from Palo Alto reveals that the vast majority (88%) of employees using Facebook while on the job are browsing other profiles (only 5% are using third party apps like the “dreaded” FarmVille), I’m not overly convinced that it’s as much of a productivity or security threat as it’s made out to be.

In the case of the SEC during the lead-up to the financial meltdown, those downloading porn while they should have been minding the store were, for the most part, senior officials. And they spent up to eight hours a day downloading the content on to government computers.

Makes Mafia Wars seem like small potatoes if you ask me.

Previous post:

Next post: