While conceding its value to corporate initiatives, many business professionals have voiced their concerns about security threats associated with Web 2.0. This concern is perhaps with good reason, since more than 60% of those surveyed reported losses associated with Web 2.0 averaging $2 million, a new McAfee-commissioned study found.
One main reason for these breaches, which collectively totaled $1.1 billion, was employee use of social media, according to the report, which was conducted by research firm Vanson Bourne and authored by faculty affiliated with the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University.
In their efforts to reduce Web 2.0-related risks, almost half the organizations surveyed block Facebook, and one-third restrict employee use of social media, the study said. One-quarter monitor use and 13% completely block all social media access, the McAfee study found.
Half of the 1,000 global decision makers polled said they were concerned about the security of Web 2.0 applications such as social media, microblogging, collaborative platforms, web mail, and content sharing tools. And 60% voiced concerns about the potential loss of reputation as a result of Web 2.0 misuse, found the report, "Web 2.0: A Complex Balancing Act -- The First Global Study on Web 2.0 Usage, Risks, and Best Practices."
"Web 2.0 technologies are impacting all aspects of the way businesses work," said George Kurtz, chief technology officer for McAfee, which Intel recently acquired. "As Web 2.0 technologies gain popularity, organizations are faced with a choice -- they can allow them to propagate unchecked, they can block them, or they can embrace them and the benefits they provide while managing them in a secure way."
In fact, more than 75% of businesses are using Web 2.0: About half of those surveyed use Web 2.0 applications for IT functions; about one-third have adopted these technologies for sales, marketing, or customer service; and 20% are using Web 2.0 apps for human resource or public relations. Three-quarters of respondents who use Web 2.0 believe the technology could create new revenue streams for their organizations, 40% to 45% of businesses said Web 2.0 improves customer service, and 40% said it enhances effective marketing.
Despite security challenges and concerns, about 33% of companies surveyed do not have a social media policy and almost 50% lack a policy for Web 2.0 use on mobile devices, the study found.
Of those that have addressed security worries, 79% increased firewall protection, 58% added greater levels of web filtering, and 53% implemented more web gateway protection since introducing Web 2.0 applications to their companies, according to the report. Forty percent of respondents budget specifically for Web 2.0 security solutions, the study said.
"The best protections are those that don't get in the way of getting work finished, because users are not tempted to circumvent those controls. As not all information needs to be protected in the same way, and not all users are going to interact with Web 2.0 technologies in the same manner, defenses should be tailored to fit the circumstances of use," said Eugene Spafford, founder and executive director of the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.