Webroot recently surveyed IT security personnel at 803 small to medium-sized businesses (SMBs) in the US, UK, and Australia and found that although their companies believed they were adequately protected against web-based threats, the number of successful attacks they faced told an entirely different story.
Nearly half of the companies surveyed (49.8%) were in the US, with 73% of those responding saying web-based threats are more significant than those coming via e-mail. A further 80% of companies believe malware delivered via Web 2.0 applications to be the biggest threat they face in 2010.
Although 8 of 10 companies acknowledged the web-based threats they face, almost three-quarters thought they had sufficient security safeguards in place. Nonetheless, 65% of the companies polled experienced a web-based attack over the past year, including spyware, viruses, hacking, and compromised websites.
What the data show, Webroot noted, is an apparent gap between perceived protection against web-based threats and the actual number of attacks these organizations face.
The report from Webroot, which outlined results of its online survey, said the company’s researchers have seen a “steady migration by the online underground”, as attacks continue to shift toward various web delivery methods.
Larger organizations, which tend to use more Web 2.0 applications in the workplace, suffered from more frequent web-based attacks according to the survey. Seventy-one percent of these larger companies (greater than 500 seats) experienced a web-based virus or worm attack, versus 59% for smaller companies, indicating a relationship between the use of web-based applications and increased exposure to threats.
Preventing web-based threats was achieved at a marginally better rate for companies that employed third-party security as a service (SaaS) tools. The Webroot survey showed that, depending on attack vector, companies that used web-based SaaS enjoyed anywhere from a 2–12% decrease in the number of attacks, with the biggest benefits coming in the areas of virus/worm, phishing, and site compromise prevention.
Comments
josephadeo says:
12 August 2010
Quite interesting data, especially that 80% who feel that malware is a significant threat. That's certainly why at VeriSign we've added a daily malware scanning service to our SSL packages -- the idea being that encryption of data points is only part of the story, the rest is in authentication and protection from hacker interference. All of this, however, is designed to protect the sites and their customers, but the same rules apply to SMBs internally, which is why I'm not surprised to see the popularity of cloud tools gaining momentum. T'would be nice, however, to see Google's cloud, and several others, encrypted with extended validation ssl and protected by more strenuous anti-malware technology. We shall see how this security hole pans out.
Note: The majority of comments posted are created by members of the
public. The views expressed are theirs and unless specifically stated are not those
Elsevier Ltd. We are not responsible for any content posted by members of the public
or content of any third party sites that are accessible through this site. Any links
to third party websites from this website do not amount to any endorsement of that
site by the Elsevier Ltd and any use of that site by you is at your own risk. For
further information, please refer to our Terms & Conditions.
Comment on this article
You must be registered and logged in to leave a comment
about this article.