Web 2.0 Is Top Security Threat | Internet & Web Security | Threat Research | Webroot

Quarter of SMBs Compromised through Social Networking Sites in 2009

BOULDER, CO - February 17, 2010

Webroot, a leading Internet security provider for the consumer, enterprise and SMB markets, today reported that IT managers in small and medium-sized organizations believe malware spread through social networks, Web 2.0 applications and other Web-based vectors will pose the most serious risk to information security in 2010. The data is part of a new survey of 803 information technology (IT) professionals in companies with 100 to 5,000 employees in the United States, the United Kingdom and Australia.

The vast majority of respondents (80%) say Web 2.0-based malware will be a problem in 2010. In fact, seven out of 10 (73%) said Web-based threats are more difficult to manage than email-based threats. Survey respondents also identified data security and confidentiality, data loss prevention and securing mobile and laptop users as the top three priorities for Web security in 2010.

Webroot commissioned the survey to identify the threats security professionals most anticipate in 2010; the weakest links in Web security and how to guard against Web-borne threats; how employees put organizations’ security at risk; and how best-in-class companies are addressing these issues.


Threats capitalizing on vulnerabilities in browsers, software and Web 2.0 applications are a significant challenge – Nearly one quarter of those surveyed believe their company is very or extremely vulnerable to threats from:

  • Microsoft operating system vulnerabilities (25%)
  • Unpatched client-side software (e.g., Adobe Flash or Adobe Reader, Apple QuickTime, Microsoft Office, Sun Java) (24%)
  • Browser vulnerabilities (24%)
  • Web 2.0 applications (e.g., Facebook, Twitter, Google Docs) (23%)

About a quarter of SMBs have been compromised through social networking sites -- About a quarter of SMBs were compromised by employees who accessed personal Webmail accounts (23%), used social networking sites (24%), used P2P networking (25%) or downloaded media (32%).

Lack of protection: perceptions don’t match reality – Even among respondents who strongly believe that their companies devote sufficient resources to protect against security threats many reported attacks from viruses (60%), spyware (57%), phishing attacks (47%), hacking attacks (35%), and SQL injections of their Web sites (32%).

Web-based threats are more difficult to manage than email-based threats. The majority (73%) of respondents agree that managing Web-based threats is more challenging than managing email-based threats.

Most SMBs have employee Internet use policies – 88% of SMBs have an Internet use policy, and 95% say they do something to enforce the policy. The most commonly reported way that companies report they enforce policies is explaining the policy at employee orientation (69%) and sending reminders one or more times per year (44%). In addition, more than half (56%) of SMBs have Internet use policies against visiting social networking sites.

"Businesses of all size are waking up to the reality that threats lurk in new places on the Web including Web 2.0 sites," said Gerhard Eschelbeck, chief technology officer at Webroot. "Among our own Web Security Service customers, we’re now seeing about half restrict employee access to social networks as a preemptive strike against malware infections and data compromise, as well as impacted productivity. Because SMBs tend to have fewer layers of protection than large enterprises, we especially encourage them to keep up with the latest threat vectors by using a service that automatically stops Web-based threats, filters Web traffic and enforces Internet use policies."

Webroot at the RSA Conference 2010

Eschelbeck will present detailed survey findings and threat research at the RSA Conference 2010 during a session Wednesday, March 3, at 4:30 p.m. PST in the Briefing Center on the Expo Hall Floor. Webroot will also be at booth number 828 in the Expo Hall.

Survey Methodology

Webroot commissioned a global study of 803 Web Security professionals in companies with 100 to 5,000 seats in Australia, the United Kingdom and the United States. The online study was fielded using Qualtrics survey software from December 15, 2009, through January 6, 2010. MarketTools and e-Rewards provided qualified respondents from their IT decision-maker panels. The results have a margin of error of ±3.4 percentage points at the 95 percent level of confidence.

About Us

Webroot delivers next-generation endpoint security and threat intelligence services to protect businesses and individuals around the globe. Our smarter approach harnesses the power of cloud-based collective threat intelligence derived from millions of real-world devices to stop threats in real time and help secure the connected world.