That's the best part about it. If you look at social networking and Web 2.0 whether it's LinkedIn, Twitter, blogs or Facebook you can gather all this information. It's network reconnaissance and network footprinting putting a picture together of a company you are attacking.
But now they are taking it to a new level which is [to] understand the social interactions companies have, who does what and who talks to whom. Once we understand that we can target it, and then drive into the technology level. If you look at people's blog posts or LinkedIn you have a pretty good understanding of the technologies they have in use and who does what for a company. It is pretty easy to map out who does what for any of the larger companies.
So is it stretching the point to say that whenever someone in your business uses a social networking site or communicates via a blog it provides just that little bit more intelligence to the bad guys?
Everyone has an online persona now. If you are online in some fashion you have an online persona. You don't just get online but have the equivalent of a financial track record in the IT world. Your reputation is being built over time.
Given that we can't roll back or un-invent social networks and businesses find these tools extremely valuable how do we give organisations greater levels of protection? What practical steps can they take?
The biggest challenge we face is the social and human aspect. Whatever you put out there you need to be aware, it's like putting it on a postcard. If you put details about your social life or family online, that can be used in some fashion. The average consumer and the Generation X person is putting all that information out there, but you have to refine your [online] persona.
People have to understand that their information is out there, and we have to mitigate that loss of privacy and put in other controls on how that data is used.
