Fearless Security Blog

Facebook is the Borg...

And it is taking over our networks.   Ok, maybe I’m being melodramatic but I don’t think I’m totally off base.  I’m going to stake out a controversial opinion here; one that most likely will rub many of my Facebook-loving techie brethren the wrong way.  Some may likely call me a Luddite, a technological dinosaur, whatever.   And I have to make a statement in interest of full disclosure.  I’m a Facebook user.  And I like it fine for personal interaction.  But it also scares me with its knowledge of who I know or have known.  And what it tells others about me. I also find the implications for corporate networks very troubling.

 Let’s look at some statistics.  According to the website www.checkfacebook.com, Facebook is closing on 500 million active users, if it hasn’t already hit that mark.   That’s half a billion people; more than the population of this country by two thirds. There are 125 Million users in the US alone. That’s almost half the population, a formidable load for any network.  And here’s the bad news.  It is estimated that up to 60% of users do their Facebooking from work.   Facebook itself has claimed that the average user is on the site 30 minutes a day.  So if there are 500 million users, using it 30 minutes per day and 60% of those are at work; that’s 150 Million hours of Facebook surfing that our corporate networks have to soak up.  I don’t know how much bandwidth the average Facebook session uses, but we can assume at least some of those users are either viewing or uploading photos.    Now statistics can lie so we conducted an informal survey of our customers and found that the site was consistently among the top five most visited on almost every network we analyzed.  And based on web surfing logs, it was using up 40 hours per week at companies with an average 50 person staff. Our results pretty closely matched the published stats. 

 Now, ignoring the network complications; put on your operations hat. Using the numbers in our example above, at forty hours per week, that an extra person per 50 that would need to be hired to get past the productivity “Facebook tax”. That’s stunning when you think about it.

If that doesn’t give you pause, consider the security implications. Facebook is all about sharing information and connecting you with friends of friend of friends (and old High school flames too, but that’s a whole other topic for another day).   Facebook’s CEO Mark Zuckerberg is famous for his laissez-faire attitude toward sharing all kinds of personal information, as if that were the cure for all social ills.  Check out www.youropenbook.or if you want to see the kind of information that is available via Facebook without even being a user.  Not exactly the philosophy of most corporate networks, right?   Because of this, Facebook has become the new breeding ground for ID thieves and cyber fraudsters who want to gain access to your information and use it in some malicious way.   It’s a favorite for social engineering ploys, conning unsuspecting users into loading malware onto their computers.  And this could be happening on your corporate network .  We all know that our network defenses are only as strong as its weakest point.  An unsuspecting accomplice on the inside is all that it takes to breach our firewalls, intrusion systems and other electronic protections.

I’m not counseling that you block Facebook totally from your network, though many of my highly secure customer networks like banks already do so.  All I am saying is be aware of the costs and risks.   And put in controls and extra countermeasures in place if you can’t block it outright.  I know the Borg is here to stay and we can not avoid it.  Eventually it may become an integral part of the web, where every company has a page and its use in corporate communications is a given.  But the longer we can put off that day, till it becomes more secure and software is designed to control it, the better.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.