The following is an Executive Summary from a keynote I gave recently to an international business group focused on security issues. The major themes will be explored in detail here soon.
Traditional approaches to the security implications of social media tend to focus on social networks as vehicles for software virus transmission, and potential risks such as stalking and identity theft. Further attention should be placed on the data contained within emerging social graphs, which through sites such as Facebook can reveal both objects (e.g., people, photos, events, and pages) and the connections between them (e.g., friend relationships, shared content, and photo tags). Criminal networks are learning to exploit such information, allowing much more sophisticated forms of social engineering to be used in identity-based fraud. However, criminals may also be vulnerable to exposure through the information contained in social graphs, and the use of such data should be understood by investigators.
The spread of social networking services also has important implications for privacy, transparency and security through the convergence of social media and mobile devices with Internet access, location awareness and digital imaging capabilities. Social media adoption enables a wide range of self-organizing behaviors, which is shifting power away from traditional institutions, and into the hands of interconnected users. While the range of novel social services incorporating these capabilities is difficult to predict, future erosions to privacy and threats to security are just as likely to come from the sharing activities and security practices of other users as they are from governments or service providers. Significant divides over appropriate levels of sharing, transparency, privacy and connectivity will continue to emerge on both inter-cultural and inter-generational levels. Bridging these gaps will present ongoing challenges to global businesses with multi-generational workforces.
For organizations that resist the temptation to block access to these services at work, social media offers enormous opportunities for learning and information sharing. Social media can also lend unprecedented speed and scale to customer education and relationship building. Organizations seeking to benefit from a shift in economic activities based on knowledge stocks to knowledge flows should understand both the network structure and psychological drives behind the recent burst of social media activity. One important element in adapting to competitive and criminal pressures should be sustained efforts to harness social media based knowledge flows, and proactive efforts to define best practices and norms of participation within these digital environments.