2013 CHECK POINT ANNUAL SECURITY REPORT
The Rules of the Game have Changed
The rules of the game have changed. Internet applications
were once considered to be a pastime activity; a means
to view pictures from our friends’ photo albums or to
watch entertaining videos. In recent years, Internet Web
2.0 applications have evolved substantially as the likes of
Facebook, Twitter, WebEx, LinkedIn, and YouTube are
quickly becoming more prevalent in enterprises and are
increasingly being recognized as mainstream business
facilitation tools. These tools enable companies to better
communicate internally between colleagues as well as
externally with clients and partners. They also serve as an
effective and contemporary medium on which to share
and exchange information, views and opinions amongst
corporate stakeholders.
This section of our research will discuss the general risks
introduced by Web 2.0 applications and their infrastructures
followed by a focus on specific applications found in use
at the organizations we researched. Our findings will be
illustrated with actual reported incidents and examples.
Web Applications are Not Games
As technology evolves, so do security challenges. The
evolution of Internet tools introduced new security risks. A
number of useful Internet applications are used as attack tools
against organizations to cause network security breaches.
Applications such as anonymizers, file storage and sharing,
peer-to-peer file sharing, remote administrative tools and
social media have been used to exploit organizations.
There are myriads of web platforms and applications
that could be used for personal or business purposes.
Organizations need to be aware of what web applications
their employees are using, and for what purposes. Then they
should use this information to define their internal Internet
policies.
In 91% of the organizations we scanned, web applications
03
APPL ICAT IONS IN THE
ENTERPRISE WORKSPACE
In June, 2012, the US Federal Trade Commission (FTC)
charged two businesses for exposing sensitive information
on peer-to-peer file sharing networks, putting thousands
of consumers at risk. The FTC alleged that one of the
organizations, EPN, Inc., a debt collection agency based
in Provo, Utah, exposed sensitive information, including
Social Security numbers, health insurance numbers, and
medical diagnosis codes of 3,800 hospital patients, to
any computer connected to the P2P network. The FTC
also alleged Franklin‘s Budget Car Sales, Inc. of exposing
personal information of 95,000 consumers on the P2P
network. The information included names, addresses,
Social Security numbers, dates of birth, and driver’s license
numbers
18
.
In 2010, the FTC notified almost 100 organizations
that personal information, including sensitive data about
customers and/or employees, had been shared from their
networks and was available on peer-to-peer (P2P) file-
sharing networks. Any person connected to those networks
could use the data to commit identity theft or fraud
19
.
SENSITIVE DATA SHARED BY P2P FILE-
SHARING APPLICATIONS IN THE US
