Monday, March 14, 2011
Facebook faces the same security threats that Microsoft did years ago?
Microsoft operating systems and applications are undoubtedly the most popular. Their wide spread use made them a soft target for computer hackers who comprised initially of individuals who abhorred Microsoft’s monopoly but recently shifted to organized and well funded criminal gangs and governments intents on cyber crime, corporate espionage and stealing military secrets. With the greatly enhanced level of funding and sophistication, building secure software and plugging security breaches in software with large attack surfaces like Windows became a significant challenge. Bill Gates mandate on building secure software over quick releases was a significant milestone in cyber security. It made the DNA of Microsoft which controlled 90% of the cyber risk focus on ensuring security over functionality and backward compatibility. It’s not perfect but it’s working.
Facebook as the dominant social networking platform is a concentrated platform of individuals and therefore the focus of cyber attention by the same set of organised criminals and governments as a medium to spam, scam, defraud, steal indentities and spy.
The mistakes Microsoft made as an emerging, dominant organization seem quite similar to the technical security issues which plague Facebook, which has suffered several high profile exposures as a result of exploited api functionality, technical vulnerabilities and unverified third party applications. Not to mention, their own internal policy to revert privacy settings. The very recent hacking of Mark Zuckerberg’s and Nicholas Sarkozy’s page is a wakeup call from a hacker we should actually reward.
Security weaknesses usually arise from two primary reasons. The first is an inherent belief that growth in marketshare is the fundamental parameter of success and secondly the inherent lack of security in the buildup of the original code which requires a massive investment to overhaul. Merely patching existing code in an expanding code base introduces further vulnerabilities.
Security risks manifest themselves overtime in a single instance of a high profile breach. Whatever the legal stance may be and the agreements signed by members to indemnify free social media platforms, there will always be that one instance which may result in a breach so large that ensuing litigations or customer dissatisfaction may pull the company under. Microsoft realized this at the expense of market share in recent years.