SOCIAL NETWORK
Cybersecurity for Social Networking Sites Issues, Challenges, and Solutions
The main purpose of social networking sites is to connect people and organizations. It has also developed many business opportunities for companies and firms. Social media has introduced significant changes in the way people communicate. Social networking sites bring out a specific concern related to the privacy and security of the user. The security and privacy of these sites mainly focuses on malware detection as it appears to come from a trusted contact, users are more likely to click on the link. The social networking sites have formed applications in many areas like-
If you want to Gain In-depth Knowledge on Cyber Security, please go through this link Cyber Security Online Training
Social e-commerce: social networking sites can be used for promotions and advertisements for e-commerce portal owners.
Branding: The social media provides a better platform for companies to attract customers for more business opportunities.
A. Issues
As the growth of social networking sites has brought various benefits it also has brought various security concerns. It also provides a
vulnerable platform to be exploited by the attackers. Some issues associated are as follows.
1) Misusing Identity: The attacker impersonates the identity of any user results in misusing identity. The attackers attack through the applications in which they ask for granting permission for accessing the information provided in Social Networking Sites.
When a user allows doing so, they will gain access to all the information and that information can be misused without the knowledge of the user.
2) Threats from using 3rd Party Applications: These applications seek permission from the user to access personal information for all the various games and apps. The user grants the app a certain level of permission concerning the user’s information. And some of these applications which are playing at the foreground may download a malware on the user’s computer or phone without their consent.
3) Trusting Social Networking Sites Operators: The contents that user uploads or posts on social networking sites, the information is available with the networking operators. The operators can save account data even after deletion.
4) Viruses, Phishing Attacks and Malwares: Viruses and malware often find their way onto your computer through those annoying ads. After gaining access to the network, the attacker can access or steal confidential data by spreading spam mails.
5) Legal Issues: Posting contents that are offensive to any individual or community or country. There are legal risks associated with the use of social networking sites like leaking confidential information on sites or invading someone’s privacy.
6) Tracking Users: It can cause physical security concerns for the user, as the third parties may access the roaming information of the user by collecting the real-time update on the user’s location.
7) Privacy of Data: Users share their information on social networking sites and can cause privacy braches unless proper security measures are applied. For example, everyone can see the information of a user if the user’s default setting is ‘public’. More Info At Ethical Hacking Online Training
Accepting requests from unknown people can also create a security threat.
B. Risks and Challenges
With the increase in the number of users accessing social networking sites, has opened new routes for the attackers to gain access to the accounts of the individuals. The more Information that is posted creates a new threat on the privacy and security of the user.
Social Sites are growing rapidly posing new risks for individuals and organizations in this modern world of technology. And some of the challenges are as follows-
1) Phishing Attacks: It is a technique for accessing sensitive information. The attackers make fake web pages that look like the legitimate ones and ask users to enter their credentials and the user gets in trouble when the user enters the credentials.
Kaspersky Lab’s statistics exposed that the fake social sites imitating Facebook user’s accounts for nearly 22% of phishing attacks in 2014. According to Kaspersky Lab, phishing is a major threat in Russia and the Europe as the number of attacks has increased in this region, up 18% to 36.3 million attacks in Q3 2015 as compared with the same time period last year. For example, A Moldovan man ran a phishing scheme that ended in a loss of $3.5 million for a western Pennsylvania drilling firm.
A school district was almost tricked by the same scam into sending almost a million dollars. The email contains malware in a zip file attachment
2) Identity Federation Challenges: It is a technique used to share user credentials across multiple domains. For example, many sites offer users to log in by their Facebook account so that it is more convenient to the user and the user does not have to make multiple accounts across different sites. It may seem convenient but the user does not have the knowledge about on how and to what extent their personal information can be shared among third party applications.
3) Malwares: Malwares are the programs that are installed in the user’s devices without the knowledge and consent of the user.
This spreads fast and infects the devices. 390,000 malicious programs are registered every day by AV-Test Institute (AV-TEST, 2016). It causes security defects in the software viruses, worms, and Trojan horses are examples of malicious software. Attackers can gain access to the personal information of the user by monitoring the activities of the computer and the computer can also be controlled or can engage in mass attacks without the knowledge of the user as malwares can steal the identity of the user and malwares can also crash the computers. Also, hackers can install forms of adware that can cause endless pop-up ads on the user’s machine such as-
a) ‘LOL’ Virus: This virus spreads through chat function of Facebook. This virus is sent to the user stating “lol” with an attachment. And when the user clicks on the link a malware is downloaded to the user’s system. The virus infects the system and spreads through the network gaining access to the user’s information.
b) Zeus: This is a Trojan that spreads by clicking on the link. And when a user clicks on the link it scans all the files on the user’s system and steals the important information. The specialty of this Trojan is to steal bank credentials of the user.
4) Click Jacking Attacks: also called UI redress attacks. Where the Trojan in web pages asks the user to click on the malicious link, and a malware is planted onto the system. This is common in Facebook with the name like jacking that is when a user likes a page, a picture or a video the user is trapped by the attackers. This type of attacks are done to do malicious attack or to make some page popular.
Take your career to new heights of success with an Ethical Hacking Training
RECOMMENDATIONS
In this section, some recommendations are given to secure the information of the user
A. For a Company some policies should be made for mails so that the mails are not confused with any other spam mails or phishing
B. Good quality of anti-virus should be used both by the individual user and the company so that it can filter and block the
malicious website
C. Authentication should be done at every level of the web sites to avoid attackers from access gain of the user’s personal information
D. Cryptography based techniques should be used to ensure the security of the user’s information provided on social networking websites. Group key exchange, data mining, encryption are some of the examples which can be used to enhance the security on social media
E. Training and educational programs should be done by the government to spread the awareness about cyber security. The Government should conduct publicity campaigns and programs which includes seminars, contests, exhibitions about cyber security
F. Social Networking Sites which has the privacy security setting discusses the tools which available to make the account more secure. Like Facebook’s privacy settings where the privacy basics are subdivided as-
1) Who-can-see-my-stuff: This is priority setting for the Facebook users where the user can limit the audience who can see the posts from the user. Public posts should be avoided for security
2) Login-Alerts: This setting allows the user to get a notification when anyone logs into their account from an unrecognized device or browser.
3) Third-party-authentication: This is the new setting added to the Facebook which enables to generate Facebook security code to authenticate any third party app
4) How others interact with the user: This helps the user to manage how other people’s activity affects the user’s profile. And the user can manage tags, ‘unfriend’ or ‘block’ someone.
G. Web Browser Security Settings
1) User should keep browsers up to date and automatic updates should be enabled for the browser.
2) Block plug-ins, pop-ups, and phishing sites.
3) Set browser not to store passwords.
4) Disable third-party cookies.
5) Browser-Specific Settings:
a) Firefox: install the NoScript add-on
b) Safari: Disable Java
c) IE: Set up security zones.
CONCLUSION
As growing popularity of the Social Networking Sites these have become a prime target for cyber-crimes and attacks. Cyber-crime is becoming a widespread and posing a major threat to the national and economic security. Both public and private institutions in sectors of public health, information, and telecommunication, defense, banking, and finance are at risk. So the organizations should take proper security measures to be cyber-crime safe and the users should protect their personal information to avoid and identity theft or misuse. The cyberspace is becoming a significant area for cyber-crimes and terrorist to attack on crucial information. So, there is a need for universal collaboration of nations to work together to reduce the constantly growing cyber threat.
