Survey: Web 2.0 threats catch enterprises unprepared

Web-based attacks, bandwidth consumption harming enterprises

Enterprises are not prepared for the security threats posed by Web 2.0 technologies, because they use insufficient Web filtering and have failed to train users and make employees aware of potential risks, a vendor-sponsored survey claims.

Security vendor, Secure Computing,commissioned the Forrester study, which suggests also that bandwidth is being sucked up by employees using Web 2.0 staples such MySpace, YouTube, RSS feeds, Google Maps, blogs and wikis, often for nonbusiness purposes.

This unofficial use of Web 2.0 applications along with their inherent security threats complicates the decision-making processes for corporations that want to safeguard data while embracing collaborative technologies in ways that enhance productivity.

"Organisations are struggling to balance the need to regulate Internet usage and make effective use of what the Internet and Web 2.0 has to offer," Forrester claims in a new report commissioned by the vendor Secure Computing.

Forrester surveyed 153 IT and security professionals at enterprises with at least 1,000 employees about their concerns and approaches to dealing with Web 2.0 risks. One-third of the organisations reported data leaks that caused problems, while more than half are extremely concerned about viruses and Trojans.

Almost every respondent thought they were prepared for Web-borne threats, but a look at their actual practices suggested they were not, Forrester claimed.

Most enterprises primarily use gateway URL filtering and antivirus scanning for Web security, but zero-day attacks must be caught using behavioural and heuristics-based detection. Only 25 per cent of enterprises use behavioural analysis to detect zero-day malware, and 37 per cent use heuristics-based detection, Forrester's survey suggested.

"Despite the fear for malware and its disruptive consequences, organisations are not doing enough to protect themselves," the report said.

Most surveyed businesses have been hit by viruses and spyware in the past year, and 12 per cent have found zombie computers within their networks.

Forrester also examined bandwidth consumption related to Web 2.0. Half the organisations surveyed claim that at least 30 per cent of their bandwidth is consumed by nonbusiness use of rich media and social networking sites like YouTube, MySpace and Facebook. One out of seven enterprise executives say they believe that sites like these consume more than half of their Web bandwidth.

Businesses claim they are also suffering decreases in employee productivity since employees log onto many of these sites for personal use.

Main challenges for businesses are personal use of social networking, user-contributed content, mobile content services, enterprise integration of Web 2.0 services via mashups and increased risk of data leaks, according to Forrester.

The research and consulting firm says enterprises should examine the adequacy of security policies and protection capabilities; improve user awareness training on Web 2.0 and other Web-borne threats; and use next-generation Web filtering technologies, like reputation services, content filtering, blended threat protection, heuristics and behavior-based detection.

"The proliferation of Web 2.0, which led to a prevalence of rich and interactive content on the Internet, has exacerbated the problem [of companies responding slowly to new threats]," Forrester writes. "Malware writers are now using the Web to propagate a plethora of new threats undeterred by traditional security means. The need for more effective Web protection has never been greater."

Secure Computing, is launching a new initiative called SWAT (Secure Web 2.0 Anti-Threat). The initiative aims to provide customers with research, tools, software and best practices for Web and messaging security, and is also driving ongoing development of the vendor's Webwasher Web.

Join the PC World newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jon Brodkin

Network World
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?