Organisations are failing to protect themselves adequately from threats posed by the Web 2.0 world.
While Web-based threats have become more common in recent years, businesses are still focused on e-mail threats, according to study carried out for security vendors Webroot.
The survey looked at 648 organisations in the US, UK, Australia and Canada, and found over a third thought their employees spent at least an hour per day on non-work-related sites.
Businesses are taking measures to protect against e-mail-based threats, but they are not yet attuned to the greatest threat vector today: Web-based threats driven by employee Web use," said Mike Irwin, COO of Webroot.
"We found that Web-borne malware increased over 500 percent in 2007 as cybercriminals developed new ways to attack on-site and remote employees through personal Web mail accounts, social networking sites and other Web 2.0 applications. In the current threat environment, businesses must utilise a Web security solution that provides an additional layer of in-the-cloud protection for corporate and mobile users."
The study notes that 85 percent of malware is now distributed through the Web and cited industry research that shows 49 percent of businesses allow employees unlimited access to social networking sites that do not monitor their content for malware.
"Employees and businesses regularly use blogs, Wikis and other online information sources that are more susceptible to hackers and infections because they include content from numerous anonymous contributors, rather than one trusted source," said Irwin.
"However, awareness is only just beginning to grow among the IT professionals responsible for protecting these organisations. Nearly 30 percent of the IT decision-makers we surveyed did not know if their organisation or its employees are using Web 2.0 applications."