LinkedIn – the next bad guy

31.01.2012 by Martin Kuppinger

Last Friday, I received two identical emails from LinkedIn contacts informing me about changes in the privacy conditions of LinkedIn. Without user consent, LinkedIn is now allowed to use names and pictures of the users in advertisements. Users can revoke the permission in a simple way (see below). However, what LinkedIn has done raises the question whether the providers of today’s social networks never will learn their privacy lessons.

LinkedIn once again has shown the fundamental misunderstanding of social network providers, that all data therein is their data. However, it is the data of the users, not of the social network. There are some upcoming approaches like personal.com which change that paradigm and give users control over their data. Changing privacy policies in a way like LinkedIn just shows that they probably never will understand this.

But even when you look at what LinkedIn has done from a business perspective, it doesn’t really make sense. What is the value of using the names and pictures of users in advertisements? I don’t believe that it is a really big value. However, changing privacy policies without informing users and without asking for consent automatically has led to a lot of negative reactions, like mails LinkedIn users are sending to their contacts to inform them about this change or like press articles and blogs. To me it appears that the negative impact is far bigger than the positive outcome of that change.

LinkedIn has successfully managed to change its image from being a fairly serious network for business professionals to being just another bad guy like Facebook and the others. Maybe they will learn from the reaction of their users, but, I doubt that. It looks like the classical social networks which build their value on the understanding that everything we enter is automatically theirs, won’t ever learn that lesson. At least not until other concepts become sufficiently successful to drive them out of the market. But then it might be too late.

To change the privacy settings use the following steps:

1. Place the cursor on your name at the top right corner of the screen. From the small pull down menu that appears, select “Settings”

2. Then click “Account” on the left/bottom

3. In the column next to Account, select the option “Manage Social Advertising”

4. Finally un-tick the box “LinkedIn may use my name and photo in social advertising”

5. and Save


Ignoring it doesn’t mean that there aren’t massive cyberthreats

23.01.2012 by Martin Kuppinger

The hot topic in IT (and beyond, for many organizations) in 2012 will be Security, including all its facets such as Identity and Access Management, SIEM (Security Information and Event Management), Anti-Virus and IDS/IPS (Intrusion Detection/Prevention Systems), and all the other components. That will also give the GRC market (Governance, Risk Management, Compliance) another strong push, because GRC tools are increasingly used to define and manage security controls in a consistent way. GRC is becoming the business interface to security management, translating the complex information for the business and providing a consistent insight. This consistency is mandatory for a holistic view on increasingly complex attack scenarios.

The reason why security will be the topic in IT this year is simply that the number of attacks from the Internet is increasing. In popular terms this frequently is named “cyberwar”. However, most of it isn’t war; most of it is organized crime. So we should be careful with the term “war” in that context.  Nevertheless, there are more cyberthreats than ever before. More precisely, there are many groups of attacks on the Internet. Governments are attacking other countries – as (most likely) in the Stuxnet case. Hacker groups are attacking states and industries, as in the recent Symantec source code leak, which appears to have been an attack of an Indian group of hackers against an Indian government agency or in the recent Anonymous attack targeted against the finance industry. And many different groups, from nation-states to politically-inspired hacker groups to organized crime, are attacking companies. The reported numbers of large companies having been attacked in 2011 is coming close to 100%. There is an increasing number of attacks against SCADA (Supervisory Control And Data Acquisition)  systems, i.e. systems controlling industrial environments and the likes.

There are different motivations of attackers. There is the “war” part, which most likely runs as part of a bigger “hidden war” (think about the recent killing of an Iranian expert from the nuclear industry) for example between Israel and Iran. There are the criminals, looking for money. There are the hackers, looking for honor and glory, for acceptance, for domination; following their social or political targets, they are also attacking a lot of different targets.

Regardless of the motivations, the game has fundamentally changed during the past two years. And I’m convinced that what we see is only the tip of the iceberg – and only the beginning. However, in 2011 not only the threats have increased but also (fortunately) the awareness of organizations has increased as well. Nevertheless, there is a significant gap between the level different attackers have reached and that of the potential targets. So the potential targets have to react and invest in security.

As I’ve written in several of my other posts, especially around SIEM and the need for holistic security concepts, it is mandatory to address the growing security challenges with a holistic perspective. APTs (Advanced Persistent Threats) are proving that attacks are getting more complex and sophisticated – and that there is no way to counter them with a single layer of security.

If you want to learn more about these issues, EIC 2012 is the conference to attend. See you in Munich in April.


Services
© 2014 Martin Kuppinger, KuppingerCole