Social media opens new door to cyberattacks, panel says

Malware is now No. 1 cybersecurity threat, according to survey

E-mail attachments are no longer the attack of choice of computer hackers and other individuals intent on gaining access to government and industry systems, security experts said today.

As increasing numbers of people adopt social media, those sites are becoming the new attack portal of choice and malware is now the No. 1 threat, panelists said at the FOSE 2010 trade show in Washington, D.C.

Two or three years ago, the No. 1 vector for viruses was through e-mail, primarily attachments. But today those attacks account for “the low end of single digits,” said Bob Hansmann, senior product marketing manager at Blue Coat Systems.

“The vast majority of attacks actually come through the Web, and yet it is amazing how few people actually scan their http or https, their secure connections to Web mail,” he said.

A recent survey found that the number of people who have accounts at social networking sites, such as Facebook and MySpace, is 10 percent greater than the number of people who have e-mail accounts, Hansmann added.

“That’s where all this malware is coming from,” he said. “People have to start looking beyond e-mail and do something at the gateway. You can’t trust the desktop.”

The top three IT security issues today are malware, inappropriate employee activity or network use, and issues related to remote Web access, said Andy Lausch, vice president of CDW Government, citing a recent CDW-G survey.

“The potential for incidents grew dramatically over the past year,” Hansmann said. “We saw the number of malware [incidents] double. Phishing attacks went up 600 percent in 2009.”

“We’re just seeing more attacks so we are seeing more incidents,” he said, adding that although Web 2.0 is not a new technology, it has changed the way people use the Internet.

“A lot of users don’t know how to protect themselves,” he said. He called for more education and increased spending for the new kinds of defenses that are needed, such as better URL filtering.

There’s a cybersecurity tools gap, said Stan Oien, manager of security practices at CDW-G.

Government agencies “fully need to figure out where their gaps are,” he said. “Start with an assessment. Try to get an assessment of the environment. That will give you a baseline, and in that way, you can kind of build your plan moving forward.”

“All too often I see a lot of customers and a lot of agencies that actually don’t even know where their gaps are,” Oien added. “Threats are going to be changing. They’re ever-evolving and becoming much more complex.”

The panelists suggested that agencies and contractors consider cloud computing as one way to reduce the number of cyberattacks.

About the Author

David Hubler is the former print managing editor for GCN and senior editor for Washington Technology. He is freelance writer living in Annandale, Va.


  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

    sensor network (agsandrew/

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.