suffered web-borne attacks
BROOMFIELD -- A broad-ranging Web security study commissioned by Broomfield-based Webroot confirms what many of us have known for some time: companies with remote users and liberal Web access policies are increasingly open to cyber-attacks and malware threats. What the study does show, however, is just how much those problems have grown.
Webroot recently released two reports spawned by the research showing that 8 in 10 companies experienced one or more kinds of Web-borne attacks, and half of the surveyed companies with a remote workforce had their websites compromised in the last year alone. Website assaults included phishing attacks, spyware, key-loggers, hacked passwords and SQL injection attacks, as well as new types of mobile attacks, including the use of e-mail, SMS and mobile Web browsers aimed at recording and stealing data.
The widely-known Internet security company says the study reveals that Web-borne attacks are having a severe impact on businesses, including increased help desk time, reduced employee productivity and disruption of business activities. The firm has released two reports culled from the data: "Web Threats Expose Business to Data Loss" and "Remote Users Expose Companies to Cybercrime." Among the key findings:
- 8 in 10 companies experienced one or more kinds of Web-borne attacks in 2012
- 88% of Web security administrators say Web browsing is a serious malware risk
- Phishing is the most prevalent Web-borne attack, affecting 55% of companies
- 64% of companies allow remote access to servers for 25% to 100% of employees
- 90% of companies agree that managing the security of remote users is extremely challenging
- 71% of Web security professionals who say managing remote users is highly challenging experienced Web-borne phishing attacks in 2012
The study surveyed Web security decision-makers in the United States and United Kingdom. Results show that almost all of the Web security administrators agreed that Web browsing is a serious malware risk to their companies. Despite the obvious awareness of the risks, only 56% of participants said they had implemented Web security protection and more than half of companies without Web security had Web sites compromised.
"It's no surprise that the latest study shows that attacks are increasing in frequency," says David Duncan, Webroot's Chief Marketing Officer. "Given that instantaneous attacks are morphing constantly and are eluding traditional detection mechanisms." The major trends that are driving businesses and information technology today — mobility, social networking, BYOD and cloud computing — are also making organizations more susceptible to security attacks, he says. More than ever, cybercriminals are taking advantage of these Web-based vulnerabilities, making the threat landscape more challenging.
Survey results show that phishing represents one of the fastest-growing causes of breaches and data loss as cyber-criminals become progressively adept at luring users into divulging sensitive corporate data.
The remote users study reveals that half of the surveyed companies with a remote workforce had their websites compromised in 2012. It also shows that more than a third had passwords hacked and twice as many companies with remote users were victims of SQL injection attacks. According to the report, companies with 25 percent or more of their workforce using remote access experience higher rates of Web attacks due to a lack of protection measures.
"Vulnerabilities in mobile Web browsers pose a major threat to mobile device security," Duncan says. He says the report includes steps to secure browser controls and reduce the risks associated with mobile browsing.
Webroot commissioned the study in 2012 to measure the prevalence of Web-borne attacks and identify factors that mitigate the consequences. The research included companies with 100 to 4,999 employees, with 500 Web security decision-makers in the U.S. and the U.K. completing the online survey.