Cisco study warns against "FarmVille"

Says popular Facebook games open enterprise networks to attack

If your employees are playing popular Facebook games at work - and undoubtedly, some of them are - they are opening up malware avenues for hackers and cybercriminals, according to Cisco. This is just one of the findings of a midyear security report delivered by Cisco this week that reiterated earlier conclusions on social media, virtualization, cloud computing and mobile device use are opening up new security threats in the enterprise.

Cisco found that 7% of a global sample of users accessing Facebook spend an average of 68 minutes per day playing the interactive game "FarmVille." "Mafia Wars" was the second most popular game, with 5% of users each racking up 52 minutes of play daily. That was followed by "Café World," which is played by 4% of users chewing up 36 minutes of wasted time per day.

Cisco says that although the loss of productivity is not a security threat, cybercriminals are believed to be developing ways to deliver malware via these games. But there may be an even more nefarious element at work trying to breach the corporate enterprise through social networks.

New threats are now emerging from terrorist organizations, according to Cisco. The US Government has even awarded grants to examine how social networks and other technologies can be used to organize, coordinate, and incite potential attacks.

This should not be surprising, as terrorists groups or those linked to them have used chat rooms in the past to plot potential attacks or recruit sympathizers.

But the real danger may lie within:  Cisco's research found that 50% of end users admitted they ignore company policies prohibiting the use of social media tools at least once a week, and 27% said they change the settings on corporate devices to access prohibited applications.

So Cisco recommends enterprises do the following:

• Enforce granular per-user policies for access to applications and data on virtualized systems;
• Set strict limits for access to business data;
• Create a formal corporate policy for mobility;
• Invest in tools to manage and monitor cloud activities;
• Provide employees with guidance on the use of social media in the workplace.

Easier said than done according to this earlier Cisco study, which found that employees are regularly looking for ways to circumvent company IT security policies to use unsupported devices and applications; currently use applications not supported by the company security doctrine; and use unsupported devices that breach security policies and lose sensitive company information.

In addition, Cisco's most recent research found that cybercriminals are exploiting the gap between how quickly they can access a vulnerability and the time it takes enterprises to deploy technologies to protect their networks:

While legitimate businesses spend time weighing the decision to embrace social networking and peer-to-peer technologies, cybercriminals are among the early adopters, using them to not only commit crimes but also to enhance their communications and to speed transactions with each other.

Seems the stone enterprises are rolling up the hill keeps getting bigger.

More from Cisco Subnet:

 

All of today's Cisco news and blogs

Cisco wants to be the standard

Wendell Odom: Tons of Answers at Networkers

Forget Apple. RIM should fear Cisco's Cius

Why You Can No Longer Afford to Consider Presence an Optional Component

The Next Generation of Routing Architecture

Hands on with the Android tablet "Cius" that Cisco announced at Cisco Live

High Availability, Headless Communists, and Other Random Thoughts from Networkers

Lieberman Cybersecurity Bill Could Change IT Procurement

Like RSS readers? Subscribe to the Cisco Subnet RSS feed

 

Follow all Cisco Subnet bloggers on Twitter.
Follow Jim Duffy on Twitter

• Cisco
• Facebook
• security
• social networks