The research, sponsored by Web security and filtering company Websense Inc., found that companies still rely on traditional antivirus and URL filtering to block threats from the Internet, but fail to understand the threat of infected websites, and the loss of confidential information via social networking sites.
Although websites and Web applications have increasingly become a target for hackers to plant malware, the growing threat is still not reflected in the responses of the sample of U.K. managers. Recent research from Websense Security Labs found that 70% of the top 100 most popular websites have hosted or directed users to malicious code, phishing or fraud. In the survey, however, only 12% of respondents felt those sites posed any serious threat.
"IT and senior level managers think they are way more protected than they actually are," said Mark Murtagh, technical director at Websense. "There are clear gaps in their organisations' security postures. … IT is struggling to deliver a framework to the business to allow employees to communicate in a rich fashion, and to do it safely and securely."
He said company managements know that staff, especially younger employees, expect to be able to communicate via multiple channels, and that these applications can deliver real business benefits.
To avoid the new threats that may arise, he said, companies need to be able to analyse websites in real-time to detect infections, and they also need to analyse the content of any material uploaded to or downloaded via social networking sites. "As a business user on LinkedIn, you could easily upload company-confidential data to showcase [your activity] to other members, for instance," Murtagh added. "Once you're granted access, the systems need to kick into another gear, and you need to inspect the nature of the content stream. At the moment, that is not taking place."
Security professionals seem to be divided about the best way to proceed. At a recent London meeting of the CSO Interchange, an informal grouping of senior security managers, 31% said they still had no policy on the use of social network sites. Of those that did have a policy, 54% said they blocked them altogether. Another 32% allowed them under controlled conditions.
The group concluded that the technology would need to be embraced, but that user education, in particular, was crucial to alert them to the dangers.
The Web 2.0 and social networking analysis, sponsored by Websense, was carried out by independent research firm Dynamic Markets, and sought opinions from 1300 senior managers in 10 countries, including 100 managers in the U.K. According to Murtagh, findings showed few differences between countries.