SEARCH FINANCIAL SERVICES INFRASTRUCTURE SECURITY SCIENCE INTERVIEWS

 

del.icio.us Slashdot reddit Newsvine

Web 2.0 Is Top Security Threat to SMBs in 2010

February 22, 2010

IT managers in small and medium-sized organizations believe malware spread through social networks, Web 2.0 applications and other Web-based vectors will pose the most serious risk to information security in 2010. The data is part of a new survey of 803 information technology (IT) professionals in companies with 100 to 5,000 employees in the United States, the United Kingdom and Australia.

The vast majority of respondents (80%) say Web 2.0-based malware will be a problem in 2010. In fact, seven out of 10 (73%) said Web-based threats are more difficult to manage than email-based threats. Survey respondents also identified data security and confidentiality, data loss prevention and securing mobile and laptop users as the top three priorities for Web security in 2010.

Webroot commissioned the survey to identify the threats security professionals most anticipate in 2010; the weakest links in Web security and how to guard against Web-borne threats; how employees put organizations’ security at risk; and how best-in-class companies are addressing these issues.

KEY FINDINGS FROM WEBROOT 2010 SMB SECURITY SURVEY

Threats capitalizing on vulnerabilities in browsers, software and Web 2.0 applications are a significant challenge – Nearly one quarter of those surveyed believe their company is very or extremely vulnerable to threats from:

  • Microsoft operating system vulnerabilities (25%)
  • Unpatched client-side software (e.g., Adobe Flash or Adobe Reader, Apple QuickTime, Microsoft Office, Sun Java) (24%)
  • Browser vulnerabilities (24%)
  • Web 2.0 applications (e.g., Facebook, Twitter, Google Docs) (23%)

About a quarter of SMBs have been compromised through social networking sites -- About a quarter of SMBs were compromised by employees who accessed personal Webmail accounts (23%), used social networking sites (24%), used P2P networking (25%) or downloaded media (32%).

Lack of protection: perceptions don’t match reality – Even among respondents who strongly believe that their companies devote sufficient resources to protect against security threats many reported attacks from viruses (60%), spyware (57%), phishing attacks (47%), hacking attacks (35%), and SQL injections of their Web sites (32%).

Web-based threats are more difficult to manage than email-based threats. The majority (73%) of respondents agree that managing Web-based threats is more challenging than managing email-based threats.

 Most SMBs have employee Internet use policies – 88% of SMBs have an Internet use policy, and 95% say they do something to enforce the policy. The most commonly reported way that companies report they enforce policies is explaining the policy at employee orientation (69%) and sending reminders one or more times per year (44%). In addition, more than half (56%) of SMBs have Internet use policies against visiting social networking sites.

“Businesses of all size are waking up to the reality that threats lurk in new places on the Web including Web 2.0 sites,” said Gerhard Eschelbeck, chief technology officer at Webroot. “Among our own Web Security Service customers, we’re now seeing about half restrict employee access to social networks as a preemptive strike against malware infections and data compromise, as well as impacted productivity. Because SMBs tend to have fewer layers of protection than large enterprises, we especially encourage them to keep up with the latest threat vectors by using a service that automatically stops Web-based threats, filters Web traffic and enforces Internet use policies.”

Terms of Use | Copyright © 2002 - 2010 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement