Web 2.0 security issues are costing firms millions says McAfee

The report concludes that 60% of businesses worldwide have lost an average of around £1.3 million as a result of corporate use of web mail, social media applications and similar software.

According to McAfee, malware infections via social media were the most common cause of financial loss, followed by viruses, information leaks and spyware.

On top of this, the study says that about one in seven businesses had seen legal repercussions from disclosure of sensitive information, which leaked out mainly over social media.

McAfee's CTO George Kurtz is all but damning in his comments on the report, noting that Web 2.0 technologies are impacting all aspects of the way businesses work.

"As Web 2.0 technologies gain popularity, organisations are faced with a choice – they can allow them to propagate unchecked, they can block them, or they can embrace them", he said.

This choice is reflected in the report's title – Web 2.0: A Complex Balancing Act  – which notes a recent Clearswift study as saying that UK employees are spending 50% more time on social-networking sites than they did two years ago.

McAfee says that its research shows that 40% of companies found that Web 2.0 tools led to increased productivity and better results from marketing, and 75% had bumped up their use of the technology in hopes of bringing in more revenue.

On the other hand, 13% of firms in the report ban all Web 2.0 activity and another 81% limit the use of at least one tool due to the security risks involved, says McAfee.

For example, notes the report, Facebook is blocked by approaching 50% of all those surveyed. Despite this, almost one in three have not introduced a social media policy in the workplace.

So what is the solution? McAfee's report says that as new threats and problems emerge, it is vital that all users in the organisation are made aware of how to protect resources.

Social media, it observes, require a new level of digital literacy, and organisations need to educate employees about the risks and benefits of accessing and participating in these contexts.

And it's against this backdrop that the report says that organisations must acknowledge the 21st century work practices of employees that are global, mobile, and constantly connected.

"Policies and technology solutions must be device independent, whether access comes from the desktop, laptop, handheld, or even wearable or embedded devices, and must be location independent as well", says the study.

"As we enter the second decade of the 21st century, the landscape of communication, information and organisational technologies continues to reflect emerging technological capabilities as well as changing user demands and needs", it adds.

What’s hot on Infosecurity Magazine?