Enterprises are not prepared for the security threats posed by Web 2.0 technologies, because they use insufficient web filtering and have failed to train users and make employees aware of potential risks, a Forrester Research survey found.
Bandwidth is also being sucked up by employees using Web 2.0 staples such MySpace, YouTube, RSS feeds, Google Maps, blogs and wikis, often for non-business purposes. This unofficial use of Web 2.0 applications along with their inherent security threats complicates the decision-making processes for corporations that want to safeguard data while embracing collaborative technologies in ways that enhance productivity.
"Organisations are struggling to maintain a balance between the need to regulate Internet usage and making effective use of what the Internet and Web 2.0 has to offer," Forrester states in a new report commissioned by the vendor Secure Computing.
Forrester surveyed 153 IT and security professionals at enterprises with at least 1,000 employees about their concerns and approaches to dealing with Web 2.0 risks. One-third of the organisations reported data leaks that caused significant problems, while more than half are extremely concerned about viruses and Trojans.
Almost every official surveyed thinks they are prepared for web-borne threats, but a look at their actual practices shows they are not, Forrester reports.
Most enterprises primarily use gateway URL filtering and antivirus scanning for web security, but zero-day attacks must be caught using behavioural and heuristics-based detection. Only one out of four enterprises use behavioural analysis to detect zero-day malware, and 37% use heuristics-based detection, Forrester's survey found.
"Despite the fear for malware and its disruptive consequences, organisations are not doing enough to protect themselves," the report states.