Web 2.0 Breaches Cost Businesses $1.1 Billion - InformationWeek
Mobile // Mobile Applications
10:53 AM
[Ransomware] Taking the Mystery out of Ransomware
Dec 07, 2016
Lost data. Systems locked down. Whole companies coming to a grinding halt. When it comes to ransom ...Read More>>

Web 2.0 Breaches Cost Businesses $1.1 Billion

McAfee finds business professionals value social media and collaboration, but have well-placed concerns about maintaining security and company reputation.

Strategic Security Survey: Global Threat, Local Pain
(click for larger image and for full photo gallery)
While conceding its value to corporate initiatives, many business professionals have voiced their concerns about security threats associated with Web 2.0. This concern is perhaps with good reason, since more than 60% of those surveyed reported losses associated with Web 2.0 averaging $2 million, a new McAfee-commissioned study found.

One main reason for these breaches, which collectively totaled $1.1 billion, was employee use of social media, according to the report, which was conducted by research firm Vanson Bourne and authored by faculty affiliated with the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University.

In their efforts to reduce Web 2.0-related risks, almost half the organizations surveyed block Facebook, and one-third restrict employee use of social media, the study said. One-quarter monitor use and 13% completely block all social media access, the McAfee study found.

Half of the 1,000 global decision makers polled said they were concerned about the security of Web 2.0 applications such as social media, microblogging, collaborative platforms, web mail, and content sharing tools. And 60% voiced concerns about the potential loss of reputation as a result of Web 2.0 misuse, found the report, "Web 2.0: A Complex Balancing Act -- The First Global Study on Web 2.0 Usage, Risks, and Best Practices."

"Web 2.0 technologies are impacting all aspects of the way businesses work," said George Kurtz, chief technology officer for McAfee, which Intel recently acquired. "As Web 2.0 technologies gain popularity, organizations are faced with a choice -- they can allow them to propagate unchecked, they can block them, or they can embrace them and the benefits they provide while managing them in a secure way."

In fact, more than 75% of businesses are using Web 2.0: About half of those surveyed use Web 2.0 applications for IT functions; about one-third have adopted these technologies for sales, marketing, or customer service; and 20% are using Web 2.0 apps for human resource or public relations. Three-quarters of respondents who use Web 2.0 believe the technology could create new revenue streams for their organizations, 40% to 45% of businesses said Web 2.0 improves customer service, and 40% said it enhances effective marketing.

Despite security challenges and concerns, about 33% of companies surveyed do not have a social media policy and almost 50% lack a policy for Web 2.0 use on mobile devices, the study found.

Of those that have addressed security worries, 79% increased firewall protection, 58% added greater levels of web filtering, and 53% implemented more web gateway protection since introducing Web 2.0 applications to their companies, according to the report. Forty percent of respondents budget specifically for Web 2.0 security solutions, the study said.

"The best protections are those that don't get in the way of getting work finished, because users are not tempted to circumvent those controls. As not all information needs to be protected in the same way, and not all users are going to interact with Web 2.0 technologies in the same manner, defenses should be tailored to fit the circumstances of use," said Eugene Spafford, founder and executive director of the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll