As more people connect to social networks to share pictures and connect with friends and family, a new report is showing that spam and malware attacks targeting social users is hitting new heights.
A survey of 500 companies found a 70 percent jump in cyber-attacks via social networking sites last year, according to a new report from security firm Sophos.
Facebook topped the list as the perceived riskiest of the major social-networking sites, followed by MySpace, Twitter, and finally LinkedIn.
Those worried about the dangers of social networking sites have a right to be concerned, as many malicious attacks, spammers and data harvesters take advantage of under-cautious users, the report reads.
Companies that once discouraged users from connecting to social networks are now commonly using it themselves to disseminate information and spread PR messages. A survey by Cisco Systems showed that 2 percent of clicks through its sites have been from social networks.
This relaxing attitude towards the use of social networking in work environments is increasingly putting corporate networks at risks, the study finds.
More than 50 percent of the companies surveyed said the were spammed through social-networking sites, while 36 percent were hit with malware from those sites.
Companies also expressed concern that the actions of their employees on a site like Facebook could put sensitive corporate data at risk.
On top of the company and users themselves, some of the problem can be traced back to the social networks.
Many Web 2.0 sites have so keen on spreading their market share, they often miss or overlook security issues, the report reads. And although companies like Facebook have started putting more effort, they're also contending with a huge and growing population of users.
The truth is that the security team at Facebook works hard to counter threats on their site--it's just that policing 350 million users can't be an easy job for anyone, Graham Cluley, senior technology consultant for Sophos, said Monday.
But there is no doubt that simple changes could make Facebook users safer. For instance, when Facebook rolled out its new recommended privacy settings late last year, it was a backwards step, encouraging many users to share their information with everybody on the Internet.
Although LinkedIn was seen as the safest of the top four social networks, it's not without its share of risk.
The more inside information that a cybercrook can gather about a company, the more vulnerable that company becomes. And LinkedIn can be a prime source for revealing details about a business.
Sites like LinkedIn provide hackers with what is effectively a corporate directory, listing your staff's names and positions, Cluley said. This makes it child's play to reverse-engineer the e-mail addresses of potential victims.
Sophos recommended more subtle and granular controls, such as data loss monitoring to watch for specific types of information, and tightly configurable usage policies that can limit illegitimate use of certain sites and technologies while granting access to those who require it.