Social media is generally portrayed as a fast way to lose data, leak information, and ultimately end up in trouble. But social media isn’t only another pain point for the security community – it also has a lot of real assets for us, some of which have dramatically changed the way I do my job. It’s a maddeningly multifaceted issue, with many layers on both sides of the coin.
I wanted to start this post by talking about the positive contributions social media has given the security industry – the sharing of knowledge, community, etc. – but then last week’s LinkedIn breach pushed social media privacy concerns right back to the forefront.
The LinkedIn breach shows how difficult controlling all the necessary considerations can be when you’re forming and enforcing a social media security policy. You can monitor or limit employee use at work, scan regularly for malware, and educate employees on safe social media practices, but something else can go wrong – like the social network itself mishandling your password. You’re basically playing Whack-a-Mole.
But like most new technologies, there’s a business benefit that can’t be ignored: Collaboration, communication, the transfer of data, etc. – all of which can help security pros do their job better.
Sourcefire’s Jennifer Leggio, one of several influencers I’ll be joining on a panel at the Gartner Security & Risk Management Summit this week, is well-known as a pioneer for security in the social realm. She was one of the first to talk security on Twitter, and essentially the first of a core group of 1,000 to 1,500 of us that really make the community buzz. Over the last few years, so much data has been exchanged, so many connections have been made, it’s really brought the community together. If anyone in that group needs assistance and puts out a cry for help, people can get connections and information almost instantly.
In fact, the BSides community would not be where it is today without the relationship-building and broadcasting capabilities of social media. The privacy concerns are legitimate, but because of social media, finding ways to address and solve those problems might be easier.
In the end, there’s no clear answer on whether social media is good or bad for security – it’s one big gray area. The best thing we can do is mitigate the risks, and leverage the assets. To hear more about this topic, pop by the Tenable booth (# 83) or join us for the panel discussion on Wednesday, June 13 at 8:30 A.M. ET at the Potomac Ballroom C. Hope to see you there.