Webroot® Research Finding: Web Threats are More Pervasive than Email Threats Yet Businesses Fail to Protect Against Them

Eighty-five percent of malware is now distributed through the Web; current security measures leave businesses vulnerable

Boulder, Colo., September 22, 2008

Webroot, a leading provider of security solutions for the consumer, enterprise and SMB markets, today released primary research revealing the impact of Web 2.0 on the enterprise. An overwhelming 85 percent of malware is now distributed through the Web, Webroot found, but businesses are not adequately protecting themselves against Web-borne viruses, spyware and employee behavior that lead to security breaches, loss of intellectual property and release of confidential data.

“Businesses are taking measures to protect against e-mail-based threats, but they are not yet attuned to the greatest threat vector today: Web-based threats driven by employee Web use,” Mike Irwin, COO, Webroot. “We found that Web-borne malware increased over 500 percent in 2007 as cybercriminals developed new ways to attack on-site and remote employees through personal Web mail accounts, social networking sites and other Web 2.0 applications. In the current threat environment, businesses must utilize a Web security solution that provides an additional layer of in-the-cloud protection for corporate and mobile users.”

Webroot also found that while businesses now depend on Web applications to execute critical functions including customer support, research and ad campaigns, IT professionals are not adequately aware of the Web 2.0 world or the new set of threats it has introduced. Only 15 percent of the businesses Webroot surveyed reported solid enforcement of Internet usage policies to reduce their organizations’ vulnerability. Industry research shows 49 percent of businesses allow employees unlimited access to social networking sites, which do not monitor their content for malware. Further, more than 85 percent of organizations still rely solely on desktop defenses which do not scan for malware in inbound Web traffic.

“Employees and businesses regularly use blogs, Wikis and other online information sources that are more susceptible to hackers and infections because they include content from numerous anonymous contributors, rather than one trusted source,” added Irwin. “However, awareness is only just beginning to grow among the IT professionals responsible for protecting these organizations. Nearly 30 percent of the IT decision-makers we surveyed did not know if their organization or its employees are using Web 2.0 applications. For better security, businesses must educate employees and use appropriate technology to monitor and manage their Web activity in order to minimize risk.”

Webroot studied Web-related threats and how businesses defended against them over the past 12 months. Webroot surveyed 648 Web security product decision-makers in businesses across Australia, the United Kingdom, Canada and the United States.

Key Findings at a Glance:

The Web Is Now the Number One Attack Vector

• One out of four businesses reported a Web-based threat compromised confidential information, threatened online transactions or caused a Web server outage 
• For the vast majority of respondents, Web-based threats were a greater source than e-mail-based threats for viruses and worms, spyware and security breaches

Employees’ Online Behavior Puts Businesses At Risk

• Three out of 10 organizations reported their businesses’ Web security was compromised by employees using personal Web mail accounts, visiting social networking sites and downloading videos
• Over a third of respondents estimate employees spend at least an hour per day on non-work-related sites

Employee Internet Usage Policies and Awareness Are Not Enough

• Nearly half the businesses surveyed expressed concern about data breaches• 
• One out of five respondents did not know which compliance laws apply to their business
• Only 15 percent of respondents gave enforcement of their Internet usage policy an “A”

Web Applications are Critical to Business

• Web-based applications are extremely or very important for providing customer support at nearly half of the businesses surveyed
• Forty-four percent of respondents reported access to Web-based CRM, human resources and benefits applications are extremely or very important for their business
• Using the Web for marketing purposes is extremely or very important to over 44 percent of respondents

ABOUT WEBROOT

Webroot is bringing the power of software-as-a-service (SaaS) to Internet security with its suite of Webroot® SecureAnywhere™ offerings for consumers and businesses. Webroot also offers security intelligence solutions to organizations focused on cyber-security, such as Palo Alto Networks, F5, Corero, Juniper, and others. Founded in 1997 and headquartered in Colorado, Webroot is the largest privately held Internet security organization based in the United States. For more information, visit http://www.webroot.com or call 800.772.9383. Read the Webroot Threat Blog: http://blog.webroot.com. Follow Webroot on Twitter: http://twitter.com/webroot.

©2013 Webroot Inc. All rights reserved. Webroot, SecureAnywhere, and Webroot SecureAnywhere are trademarks or registered trademarks of Webroot Inc. in the United States and other countries.

Press Room

• Reviews and Awards
• Media Resources
  • Image Gallery
  • Reviewer Information Kit
• In the News
• Press Releases
• Press Inquiries