WEB 2.0 – SMBs biggest security concern for 2010
Technological advancements brings a lot of advantages but at the same time, new security problems will also emerged as a result of all these developments. Accessing applications on the web and the popularity of social networking are just two examples of advancements, the two is also presenting new security concerns to everyone – particularly for small and medium businesses (SMBs).
A recently survey conducted by Webroot shows that I.T. managers in SMB believe malware spread through social networks, Web 2.0 applications and other Web-based vectors will pose the most serious risk to information security in 2010.
As high as 80% of the respondents say Web 2.0-based malware will be a problem in 2010. In fact, seven out of 10 (73%) said Web-based threats are more difficult to manage than email-based threats. Survey respondents also identified data security and confidentiality, data loss prevention and securing mobile and laptop users as the top three priorities for Web security in 2010.
Nearly one quarter of those surveyed believe their company is very or extremely vulnerable to threats from:
– Microsoft operating system vulnerabilities (25%)
– Unpatched client-side software (e.g., Adobe Flash or Adobe Reader, Apple QuickTime, Microsoft Office, Sun Java) (24%)
– Browser vulnerabilities (24%)
– Web 2.0 applications (e.g., Facebook, Twitter, Google Docs) (23%)
The report indicated that the attacks are from viruses (60%), spyware (57%), phishing attacks (47%), hacking attacks (35%), and SQL injections of their Web sites (32%).
Managing Web 2.0 is far more difficult and challenging because these services are free and open. Employees can use web-based emails, social networking websites, P2P networking and download media files. Downloaded files can then be transferred to a portable device and then viewed in company computers where threats can be spread.
Implementing layers of security protection would help but not many SMBs actually does that due to budget constraints. There are also SMBs who rely on web-based applications like web-based emails due to lack of infrastructure. The main purpose is to simply send emails without considering the security concerns of such actions.
Some actually blocks off Web 2.0 applications and social networking sites just to prevent security breaches, but to some this is counter-productive. So what is the best solution? Implement policies on how to use these applications to keep on reminding employees about these policies. Explain to them the threats involved and make them part of the over-all security strategy of the company.
At the end of the day, it is not only the corporate data that can be compromised but personal information can also be compromised as well.