SMBs Fret Over Web 2.0 Security Risks

Social networking and Web 2.0 are two of the security headaches that are keeping IT managers at small to medium sized businesses (SMBs) awake at night, according to Internet security provider Webroot.

The data is part of a survey of 803 IT professionals in companies with 100 to 5,000 employees in the United States, the United Kingdom and Australia.

The vast majority of respondents (80 percent) said Web 2.0-based malware will be a problem in 2010. The survey found 73 percent believe Web-based threats are more difficult to manage than email-based threats.

Survey respondents identified data security and confidentiality, data loss prevention, and securing mobile and laptop users as the top three priorities for Web security in 2010. Webroot said it commissioned the survey to identify the threats security professionals most anticipate in 2010; the weakest links in Web security; and how to guard against Web-borne threats, how employees put organisations’ security at risk and how best-in-class companies are addressing these issues.

Nearly one quarter of those surveyed believe their company is very or extremely vulnerable to threats from Microsoft operating system vulnerabilities (25 percent); unpatched client-side software, such as Adobe Flash or Adobe Reader, Apple QuickTime, Microsoft Office or Sun Java (24 percent); browser vulnerabilities (24 percent); and Web 2.0 applications like Facebook or Twitter (23 percent).

About a quarter of SMBs were compromised by employees who accessed personal Webmail accounts (23 percent), used social networking sites (24 percent), used P2P networking (25 percent) or downloaded media (32 percent).

Even among respondents who said they strongly believe that their companies devote sufficient resources to protect against security threats, 60 percent reported attacks from viruses, as well as attacks from spyware (57 percent), phishing (47 percent), hacking (35 percent) and SQL injections of their Websites (32 percent). The majority (73 percent) of respondents agree that managing Web-based threats is more challenging than managing email-based threats.

Eighty-eight percent of SMBs said they have an Internet use policy, and 95 percent said they do something to enforce the policy. The most commonly reported way that companies reported they enforce policies is explaining the policy at employee orientation (69 percent) and sending reminders one or more times per year (44 percent). In addition, 56 percent of SMBs have Internet use policies against visiting social networking sites.

Gerhard Eschelbeck, chief technology officer at Webroot, said businesses of all sizes are waking up to the reality that threats lurk in new places on the Web, including Web 2.0 sites. “Among our own Web Security Service customers, we’re now seeing about half restrict employee access to social networks as a pre-emptive strike against malware infections and data compromise, as well as impacted productivity,” he explained. “Because SMBs tend to have fewer layers of protection than large enterprises, we especially encourage them to keep up with the latest threat vectors by using a service that automatically stops Web-based threats, filters Web traffic and enforces Internet use policies.”