Reputation in the era of phishing and Facebook

Rarely out of the spotlight these days, Facebook’s most recent scandal saw information on 30 million users stolen at the hands of hackers. With public opinion of Facebook continuing to flux, we took the opportunity to poll businesses at the IP Expo earlier this month on the state of their cyber defences in the wake of this latest high profile attack.

When we last spoke to the tech industry, at Cloud Expo earlier this year, it was on the heels of the news that millions of Facebook profiles had been exploited for political purposes. 

Back then, trust in Facebook was understandably shaken, with more than 50% stating that they trusted the social media juggernaut less following its involvement with Cambridge Analytica. Our recent findings at IP Expo echoed this, with 41% going as far to say that they didn’t trust Facebook even before this latest story. This is all having a positive impact on individual security awareness, however, with 28% claiming to have amended their security settings since these breaking stories.

It’s encouraging, then, to see users become increasingly wary of how they use Facebook in their personal lives, but what effect has this had on businesses?

A tale of caution

For all that we’re still unsure of following the recent Facebook hack, we do know that information on at least 30 million accounts was stolen (versus the originally reported 50 million), and that the attackers had total access to a trove of personal information including usernames, email addresses and phone numbers.

For over 14 million of the accounts, however, the hackers also acquired information on relationship statuses, work and education history, religious beliefs, current city, gender, device type, recent check ins and much more. With information on workplaces included in the stolen information, it would be foolish to argue that many organisations will now find themselves in the phishing firing line - a sentiment shared among those we spoke to at IP Expo. 

More than a third agreed that the hack meant that businesses were likely to become phishing targets, with just 20% of respondents believing it could instead alert businesses to predict such an attack and (hopefully) prepare themselves. 

That being said, businesses are clearly taking stock: one in four of the 200 businesses we polled believed they had both the technology and education needed to combat any potential phishing scams. 38%, meanwhile, were confident they had the technology in place but not the user education, while on the flip side 22% believed they were properly educated but didn’t have adequate technology in place. Encouragingly, only 7% had reason to panic, with neither the technology or education in place to protect them.

The ripple effect

So what does the future hold for Facebook, in both our consumer and business lives? Those who regularly use the social media platform but haven’t reviewed their security and sharing settings should do so immediately, particularly if, like many of us, they have other apps linked to their account that could be at risk of being compromised. 

On the business front, user education and raised awareness of criminal techniques is critical in defending against potential attacks. Those regularly implementing simulation and training programs will see improved security awareness among their users, utilising simulations to empower individuals with the baseline knowledge and confidence to identify subtle phishing attempts.

Of course human resilience can only go so far. Technology in the form of effective perimeter filtering, bespoke network architecture and other tools to identify malware within the network are also vital for a robust security strategy. Businesses would also be wise not to become complacent, ensuring they remain up to date with the latest software and security updates and developments in order to maintain a sophisticated security strategy. 

If the likes of Facebook and Google find themselves victims to cyber-attacks, any one of us could be next. Every breach, every news story and every attack proves that we need to become the gatekeepers of our most valued data.

Asaf Cidon, VP of Email Security at Barracuda Networks 

Asaf Cidon

Asaf Cidon is the Assistant Professor at Columbia University and a Former SVP at Barracuda.