SAN DIEGO, Oct. 6, 2011 /PRNewswire/ -- A new "Global Survey on Social Media Risks" released today reveals a dangerous gap in corporate social media security. 63 percent of more than 4,000 respondents in 12 countries said that social media in the workplace represents a serious security risk — yet only 29 percent report having the necessary security controls in place to mitigate it. More than 50 percent of respondents report an increase in malware due to social media use.
Today's research, conducted by the Ponemon Institute© and sponsored by content security provider Websense, Inc.® (NASDAQ: WBSN), is believed to be the first study that determines what IT and security practitioners throughout the world think about the security risks that are associated with employee use of social media.
The dynamic social web is qualitatively different from the older static web. It requires an IT security defense that goes beyond signature and fixed-policy web technologies (like antivirus and firewalls), because while they are necessary defenses, they are not sufficient. And yet, while 73 percent of respondents identify secure web gateways as an important way to reduce social media threats, a full 27 percent — more than one quarter — still don't.
For example, imagine a new link is posted to a popular social network and it directs users to a site that downloads or leads to data-stealing code via obfuscated JavaScript. Organizations need security technology that can analyze links as they appear, because the link path is new and doesn't have a recognizable signature or known payload. New technologies like social media, cloud services, and mobility require real-time content security, which analyzes information on the fly, as it's created and consumed.
Even with the risks, social media presents a large business opportunity for collaboration, reduced expenses, and more efficient processes. While organizations believe that bandwidth has been diminished due to social media, companies that block social media are in danger of being left behind.
The study surveyed 4,640 IT and IT security practitioners in Australia, Brazil, Canada, France, Germany, Hong Kong, India, Italy, Mexico, Singapore, United Kingdom, and the United States with an average of 10 years' experience in the field. 54 percent are supervisors or above and 42 percent are from organizations with more than 5,000 employees.
Key findings
- The rapid spread of social media may have caught many organizations off guard. 63 percent agree that employee use of social media puts their organizations' security at risk. In contrast, only 29 percent say that they have the necessary security controls — such as secure web gateways — in place to mitigate or reduce the risk posed by social media.
- Malware attacks have increased because of social media usage, and it's growing. 52 percent of organizations experienced an increase in malware attacks as a direct result of employee use of social media, and 27 percent say that these attacks recently increased more than 51 percent. The United States, United Kingdom, Brazil, Germany, and Singapore report the highest increases.
- Only one of the three technologies that respondents favor can block advanced malware and data theft attacks. Respondents identified antivirus/antimalware (76 percent), endpoint security (74 percent), and secure web gateways (73 percent) as important protections. But only secure web gateways with real-time content analysis and data loss prevention can block advanced malware and data theft attacks, many of which seek entry through social media.
- Even if they have a policy that addresses the acceptable use of social media in the workplace, 65 percent say that their organizations do not enforce it or they are unsure. The top three reasons for not enforcing these policies are: lack of governance and oversight (44 percent); other security issues are a priority (43 percent); and insufficient resources to monitor policy compliance (41 percent).
- Organizations believe that IT bandwidth has been diminished as a result of social media use. The top two negative consequences of an increase in social media use were diminished productivity (89 percent) and reduced IT bandwidth (77 percent), which increase costs. Just under half (47 percent) believe exposure to inappropriate content is a negative consequence.
- 60 percent of employees use social media for at least 30 minutes per day for personal reasons. The United States, United Kingdom, France, Italy and Mexico have the highest use of social media for non-business reasons. Organizations in Germany have the highest use of social media for business purposes. Regional variations are often compounded by higher local bandwidth costs, which shifts the priority of this concern throughout the globe.
- Countries most likely to see social media as important to meeting business objectives are the United Kingdom, Germany, Hong Kong, India, and Mexico. The countries with organizations that are less likely to see the importance of social media are: Australia, Brazil, and Italy.
- Countries most likely to see social media as a serious threat to their organizations are Canada, Hong Kong, and Mexico. Countries least likely to see social media as a threat are France and Italy. Organizations in Germany have the most confidence in their ability to address the social media threats.
Quotes
"Blocking or ignoring the social media business opportunity just isn't an option. Social media is the new communication platform being fueled by the cloud and mobile technologies that employees are bringing to the workplace," said Tom Clare, Websense senior director of Product Marketing. "While antivirus and firewalls are traditional pillars of a security defense, a new security pillar is required for dynamic web content classification, advanced threat blocking, and data theft protection."
He continued, "Organizations need to develop social media acceptable use policies, set appropriate quotas, and most importantly, use security that examines the content and context of social media sites in real time. Sites like Facebook, Twitter, YouTube, and LinkedIn change too rapidly to rely on traditional background analysis and security software update cycles. That's why Websense developed the TRITON™ real-time content security solution that can analyze individual pieces of content on these social media sites and protect your organization from modern malware and data theft, plus policy controls to preserve bandwidth."
"We asked thousands of IT security professionals and most respondents agree that the use of social media in the workplace is important to achieving business objectives," said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "However, they believe social media puts their organizations at risk and they do not have the necessary security controls and enforceable policies to address the risk. It's also clear that malware attacks are increasing as a result of social media use."
Multimedia Elements:
A full copy of the Websense "Global Survey on Social Media Risks" can be downloaded at www.websense.com/social-media-risks
Click to view the Websense "Global Survey on Social Media Risks" video.
Click to download a visual infographic of the Websense "Global Survey on Social Media Risks." Click to download a statistical infographic of the survey.
Click to read a blog post on the Websense "Global Survey on Social Media Risks" and best practices for social media security.
Click to share the Websense "Global Survey on Social Media Risks" on Facebook.
Click to share the Websense "Global Survey on Social Media Risks" video on Facebook.
Click to share on Twitter: New survey finds malware attacks up because of social media http://ow.ly/6OmOB @Websense
Websense Links:
Facebook: "Like" Websense.
Twitter: Follow @Websense.
About Websense, Inc.
Websense, Inc. (NASDAQ: WBSN), a global leader in unified web security, email security, and data loss prevention (DLP) solutions, delivers the best content security for modern threats at the lowest total cost of ownership to tens of thousands of enterprise, mid-market and small organizations around the world. Distributed through a global network of channel partners and delivered as appliance-based software or Security-as-a-Service (SaaS), Websense content security solutions help organizations leverage web 2.0 and cloud-based communication, collaboration, and social media, while protecting from advanced persistent threats and modern malware, preventing the loss of confidential information, and enforcing internet use and security policies. Websense is headquartered in San Diego, California with offices around the world. For more information, visit www.websense.com.
Follow Websense on Twitter: www.twitter.com/websense
Join the discussion on Facebook: www.facebook.com/websense
Websense Media Contact:
Patricia Hogan
Websense, Inc.
(858) 320-9393
[email protected]
SOURCE Websense, Inc.
Share this article