Security Watch | Matt Hines » Web 2.0 security concerns abound

October 01, 2007 | Comments: (0)

Web 2.0 security concerns abound

TAGS: Security

A lack of comprehensive security tools designed to stop Web-based threats continues to be a problem among businesses, according to a new survey published by Forrester Research and Secure Computing on Monday

According to the study -- which was based on interviews conducted by Forrester with roughly 150 IT pros -- companies of all sizes continue to adopt a larger number of Web-based applications, in particular so-called Web 2.0 technologies such as online collaboration and file-sharing tools, yet few have done anything to protect themselves against the growing volume of attacks that seek to piggyback on the systems.

First off, even though most companies (97 percent) consider themselves prepared for malware threats, a majority (79 percent) admit that they are still falling prey to attacks on a "frequent basis," with a relatively large number (68 percent) conceding that they have "room for improvement."

Meanwhile, despite the fact that 96 percent of the organizations questioned said that they see a significant value in adopting Web 2.0 applications, less than 5 percent reported that they have taken any specific security measures to help protect users of the technologies -- many of which are controlled by third parties, such as Facebook or YouTube.

At the same time, companies clearly recognize the potential for Web 2.0 applications to become channels through which they might have sensitive or valuable data walk out the proverbial door. Roughly 92 percent of the respondents said that outbound data leakage prevention (DLP) is a part of their Web-filtering strategy, with 58 percent ranking it as an "extremely important" business concern.

In terms of aligning their defenses, companies seem less responsive. Forrester said that "most" enterprises are still dependent on security tools designed to keep traditional attacks at bay, while few have made the move to begin defending against newer threats.

Looking at related spending, the report finds that 46 percent of those interviewed said that malware remediation cost them over $25,000 in the last fiscal year.

Overall, only 33 percent of those interviewed for the study said that they have data leakage prevention capabilities in place today, while 57 percent of those surveyed indicated a belief that restricting access to social networking and rich media sites could "visibly increase" employee productivity.

So, it would seem that everyone agrees that user-driven technologies are very valuable in some way, yet few are doing anything to protect themselves against their use. Forrester said that this trend shows a "noticeable discrepancy" between how well prepared businesses perceive themselves to be, and how vulnerable they may really be.

"We have found that most companies that have implemented any kind of Web protection have only installed URL filtering and signature scanning," Chenxi Wang, a Forrester researcher involved with the study said in a report summary. "Malware writers are now using the Web as a primary vehicle to propagate a plethora of new threats undeterred by traditional security means. The need for more effective Web protection has never been greater."

Among the recommendations offered to companies in the report to help close the apparent gap:

-Employ new technologies that do a better job handling Web 2.0 threats, including reputation services, blended attack protection, behavior-monitoring tools, outbound content control systems and applications-usage controls.

-Re-examine security policies to account for new threats and employ additional training measures to get the word out on the attacks.

"Companies really need to adjust their policies for the Web 2.0 world in general, Internet use policies should include social Web sites, blogs, and the other varieties, and this has to be spelled out specifically," said Paul Henry, Secure Computing's vice president of technology evangelism. "Beyond that, these companies simply need stronger technical safeguards; a lot are barely protecting against the initial generations of Web-based threats that we've seen."

Posted by Matt Hines on October 1, 2007 10:11 AM

RATE THIS ARTICLE: