Web Threats are More Pervasive than Email Threats | Threat Research

Eighty-five percent of malware is now distributed through the Web; current security measures leave businesses vulnerable

BOULDER, CO - September 22, 2008

Webroot, a leading provider of security solutions for the consumer, enterprise and SMB markets, today released primary research revealing the impact of Web 2.0 on the enterprise. An overwhelming 85 percent of malware is now distributed through the Web, Webroot found, but businesses are not adequately protecting themselves against Web-borne viruses, spyware and employee behavior that lead to security breaches, loss of intellectual property and release of confidential data.

"Businesses are taking measures to protect against e-mail-based threats, but they are not yet attuned to the greatest threat vector today: Web-based threats driven by employee Web use," Mike Irwin, COO, Webroot. "We found that Web-borne malware increased over 500 percent in 2007 as cybercriminals developed new ways to attack on-site and remote employees through personal Web mail accounts, social networking sites and other Web 2.0 applications. In the current threat environment, businesses must utilize a Web security solution that provides an additional layer of in-the-cloud protection for corporate and mobile users."

Webroot also found that while businesses now depend on Web applications to execute critical functions including customer support, research and ad campaigns, IT professionals are not adequately aware of the Web 2.0 world or the new set of threats it has introduced. Only 15 percent of the businesses Webroot surveyed reported solid enforcement of Internet usage policies to reduce their organizations’ vulnerability. Industry research shows 49 percent of businesses allow employees unlimited access to social networking sites, which do not monitor their content for malware. Further, more than 85 percent of organizations still rely solely on desktop defenses which do not scan for malware in inbound Web traffic.

"Employees and businesses regularly use blogs, Wikis and other online information sources that are more susceptible to hackers and infections because they include content from numerous anonymous contributors, rather than one trusted source," added Irwin. "However, awareness is only just beginning to grow among the IT professionals responsible for protecting these organizations. Nearly 30 percent of the IT decision-makers we surveyed did not know if their organization or its employees are using Web 2.0 applications. For better security, businesses must educate employees and use appropriate technology to monitor and manage their Web activity in order to minimize risk."

Webroot studied Web-related threats and how businesses defended against them over the past 12 months. Webroot surveyed 648 Web security product decision-makers in businesses across Australia, the United Kingdom, Canada and the United States.

Key Findings at a Glance:

The Web Is Now the Number One Attack Vector

  • One out of four businesses reported a Web-based threat compromised confidential information, threatened online transactions or caused a Web server outage
  • For the vast majority of respondents, Web-based threats were a greater source than e-mail-based threats for viruses and worms, spyware and security breaches

Employees’ Online Behavior Puts Businesses At Risk

  • Three out of 10 organizations reported their businesses’ Web security was compromised by employees using personal Web mail accounts, visiting social networking sites and downloading videos
  • Over a third of respondents estimate employees spend at least an hour per day on non-work-related sites

Employee Internet Usage Policies and Awareness Are Not Enough

  • Nearly half the businesses surveyed expressed concern about data breaches
  • One out of five respondents did not know which compliance laws apply to their business
  • Only 15 percent of respondents gave enforcement of their Internet usage policy an "A"

Web Applications are Critical to Business

  • Web-based applications are extremely or very important for providing customer support at nearly half of the businesses surveyed
  • Forty-four percent of respondents reported access to Web-based CRM, human resources and benefits applications are extremely or very important for their business
  • Using the Web for marketing purposes is extremely or very important to over 44 percent of respondents


ウェブルートは Smarter Cybersecurityのソリューションプロバイダです。インテリジェントなエンドポイント保護および脅威インテリジェンス・サービスによって「モノのインターネット」(IoT=Internet of Things)のセキュリティを実現。クラウドベースで予測型の総合脅威インテリジェンス・プラットフォームを活用することによって、コンピュータ、タブレット、スマートフォン、そしてあらゆるデバイスをマルウェアや他のサイバー攻撃から保護しています。高い評価を受けているSecureAnywhereインテリジェント・エンドポイント保護とBrightCloud脅威インテリジェンス・サービスは、世界中で数千万台以上のエンドユーザ、企業、エンタープライズ機器を守っています。ウェブルートのテクノロジーは、業界トップリーダーであるCisco、F5 Networks、HP、Microsoft、Palo Alto Networks、RSA、Arubaなどのソリューションに採用され、高い信頼を得ています。本社を米国コロラド州に置き、北米、欧州、アジア環太平洋、日本でビジネス展開しています。Smarter Cybersecurityの詳細はウェブサイトhttps://www.webroot.com/jp/ja/ をご参照ください。