Cost of Malware Growing Per Month
A new research report sponsored by messaging security specialists FaceTime Communications indicates that companies are spending more time and money on malware infections and data leakage driven by the use of Web 2.0 technologies.
According to the survey of over 500 U.S. workers compiled at FaceTime's behest by NewDiligence during Sept. 2008, the study, which focuses specifically on the growing use of so-called Web 2.0 technologies in the workplace finds that organizations are struggling to strike a balance between use of the applications and issues of security.
For the largest enterprises, the cost of handling malware alone has grown to $125,000 per month considering the expenditure of both employee working hours, dollars spent on technical response measures and remediation efforts. And, the problem can be traced in part to the rise of social networking and multimedia sites, the research contends.
The report also contends that the use of Web 2.0 applications has spread rapidly, with more than 97 percent of all companies surveyed allowing their employees some ability to access such tools, compared to only 85 percent one year ago.
In addition, some 60 percent of all the organizations surveyed said that they currently have eight or more of the technologies being somehow used on their networks. On average, the involved companies reported that they had 9.3 Web 2.0 applications in use by employees on the enterprise networks.
FaceTime, which markets gateway filtering technologies that promise to allow organizations to control the use of Web 2.0 tools on their assets, among other security features, said that it launched the annual research effort four years ago to determine the impact that "collaborative Internet applications have on companies and organizations."
The most significant problem in balancing adoption of Web 2.0 tools with IT security concerns is that users remain convinced that they should have the right to use the systems however they see fit, without considering many of the risks that can be introduced, the company maintains.
"For all four years, end users have claimed they have the right to download and use whatever applications they choose to help them do their jobs. This year's study also reveals their social media habits have extended into the workplace and may be contributing to security and data leakage incidents," Frank Cabri, vice president of marketing and product management at FaceTime, said in a report summary.
"IT managers are often at odds with employees' belief that they have the right to use whatever applications they feel they need to do their jobs, including these Internet applications that are evasive and easily circumvent existing security infrastructure. They create potential compliance, information leakage concerns as well as introducing myriad vectors for incoming malware," he said.
At the same time that organizations are allowing for more use of Web 2.0 tools, few are moving to secure the systems in any way (less than 25 percent), in particular compared to e-mail and Web browsing systems (secured at 79 percent and 65 percent, respectively).
And curiously, though they may required to do so under federal regulations, a relatively large number of organizations said that they are monitoring (38 percent) and storing (31 percent) IM-based communications.
In terms of the other Web 2.0 and security observations offered in the report:
-79 percent of responding employees use social media (Facebook, LinkedIn, YouTube) at work for business reasons and 51 percent access social media sites at least once per day.
-IT managers reported an average of 34 security and data leakage incidents per month.
-73 percent of IT managers report at least one security incident as a result of Internet application usage; viruses, Trojans and worms (59 percent) are most common, followed by spyware (57).
-37 percent of companies report an instance of non compliance with corporate or regulatory policy, while 27 percent report incidents of accidental or unintentional data leakage.
-Despite the new Federal Rules for Civil Procedure, only 31 percent of enterprises store IM communications. One in four has copies of audio conferences (25 percent), while slightly fewer (20 percent) archive corporate Web conferences.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.