More than twice as many UK employees are using company networks
to access
social networking sites compared to last year, leading to
increased security risks according to
Trend Micro.
The security firm found that 27% of UK employees visited social
networking sites using company networks in its 2008 survey of
corporate end users. This compared with 11% in 2007.
Mobile workers are more likely to visit social networking sites,
according to the report. It found that 10% more laptop users
visited them than those using desktop computers.
Rik Ferguson, solutions architect at Trend Micro, said this was
exposing companies to greater security risks.
"Sites with user generated content, which also include blogs and
wikis, provide an easy way to trap users into downloading malicious
applications," he said.
In January social networking site Facebook banned the
"Secret Crush" third party application after users were tricked
into downloading spyware by a promise to identify an admirer.
Trend Micro recently discovered that more than 400 phishing kits
were targeting top
Web 2.0 sites, which typically contain user-generated
content.
"Even some of the most high-profile sites do not always have
measures in place to ensure the security of that content, making it
easier for cybercriminals to present applications or embed hidden
code aimed at stealing user information for profit," said
Ferguson.
He said any site that allows user-generated content and does not
apply the strictest possible controls is at risk of being exploited
by cybercriminals.
The problem is that sites are often reluctant to use controls
that may slow down content delivery.
According to
Trend Micro's latest threats round-up and forecast, the first
six months saw an increase in web threats, but decreases in adware
and spyware.
The web threats peaked at 1.5 million in January, representing
an increase of around 500,000 from the month before.
An increase in the use of company networks to access web-based
e-mail applications is another area of risk, said Trend Micro.
Ferguson said web mail is usually less secure than company
e-mail systems because it is vulnerable to
browser-based attacks as well as the risks associated with
traditional email.
"Unpatched versions of web browsers are the most popular means
of infection by web threats," he said. "Flaws are commonly
exploited to redirect users to phishing sites."
According to the survey, 45% of the 1,600 end users surveyed in
the UK, US, Germany and Japan sent confidential information using
web mail. In the UK, 49% of mobile workers said they used web-based
mail, which represents an increase of 19% in the past year.
Ferguson said if companies allow access to social networking
sites through their corporate networks, they need to ensure the
protection they have in place is agile enough to deal with the
dynamic threats that are commonly propagated through these
sites.