Study: Companies Dive Into Web 2.0 Without Securing Risks 2

While the majority of enterprises are using Web 2.0 technology, they're not prepared to deal with the security risks that come along with it, according to a study released Wednesday.

Forrester Research surveyed 153 IT professionals and found 96% said they are not only using Web 2.0 technologies but their companies are finding value in them. The problem is that the companies may have made the leap into Web 2.0 without thinking about the security consequences. A full 90% reported that they are at the least "very concerned" about related threats.

"Today, the Internet is beleaguered with threats such as phishing, viruses, spyware, and botnets, all threatening to challenge your business operations," said Chenxi Wang, a principal analyst with Forrester, in a written statement. "Forrester's study ... reveals that most companies are slow to respond to the latest threats, or aren't sure what to do to adequately secure. We have found that most companies that have implemented any kind of Web protection have only installed URL filtering and signature scanning. Yet, malware writers are now using the Web as a primary vehicle to propagate a plethora of new threats undeterred by traditional security means. The need for more effective Web protection has never been greater."

The study, which was commissioned by security software vendor Secure Computing, showed that there's a gap between security perception and the reality.

According to Forrester, while nearly 97% of those surveyed said their companies are prepared for Web-borne threats, 68% admitted there is room for improvement. The survey also showed that 79% reported being hit with malware attacks fairly frequently. And 46% of them reported spending more than $25,000 in the last fiscal year for malware cleanup alone.

Business managers and marketing heads like the idea of the customer-generated content that Web 2.0 offers. An automobile maker, for instance, might start a social network, allowing customers to write about their experiences and post pictures and video of road trips.

The problem is that malicious hackers are increasingly focusing their attention on using Web 2.0 technologies as entries into unsecured companies. Hackers and spammers, for instance, can create their own pages on social networking sites and riddle them with malicious code to infect their social networking peers. One worm planted in a MySpace page infected more than 1 million users. And malware writers are beginning to target vulnerabilities in Ajax-based applications, which help make the Web 2.0 sites so dynamic.