Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

3/28/2013
05:29 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Study Reveals 8 in 10 Companies Suffered Web-Borne Attacks

New Data Shows Phishing, Spyware and Keyloggers are Extremely Disruptive to Businesses, and Large Companies are the Most Vulnerable to Data Loss and Malware

BROOMFIELD, Colo., March 28, 2013 /PRNewswire/ -- A new Web security study finds that the vast majority of organizations that allow employees to freely access the Web are experiencing high rates of malware threats, including phishing attacks, spyware, keyloggers and hacked passwords. Conducted by Webroot, a leader in delivering Internet security as a service, the study reveals that Web-borne attacks are impacting businesses, with the majority of them reporting significant effects in the form of increased help desk time, reduced employee productivity and disruption of business activities. To mitigate these significant business risks a properly layered defense with effective endpoint and Web security and monitoring needs to be in place.

(Logo: http://photos.prnewswire.com/prnh/20121016/LA94090LOGO)

Top-level corporate study findings:

-- 8 in 10 companies experienced one or more kinds of Web-borne attacks in 2012 -- 88% of Web security administrators say Web browsing is a serious malware risk -- Phishing is the most prevalent Web-borne attack, affecting 55% of companies The study, which surveyed Web security decision-makers in the United States and United Kingdom, found an overwhelming 79% percent of companies experienced Web-borne attacks in 2012. These incidents continue to represent a significant threat to corporate brands. Results show that almost all of the Web security administrators agreed that Web browsing is a serious malware risk to their companies. Despite the obvious awareness of the risks, only 56% of participants said they had implemented Web security protection and more than half of companies without Web security had Web sites compromised.

"Protecting against Web-borne malware should be a high priority for all organizations since once inside a network, the propagation of malware can take down the entire company, effectively disabling an organization," said Sara Radicati, President and CEO at Radicati Group. "Finding a balance between providing employees Web access and ensuring corporate information security requires a solid Web security solution and is an essential requirement for companies to avoid this costly liability."

The major trends that are driving businesses and information technology today--mobility, social networking, BYOD and cloud computing--are also making organizations more susceptible to security attacks. More than ever, cybercriminals are taking advantage of these Web-based vulnerabilities, making the threat landscape more challenging. According to the results, phishing represents one of the fastest-growing causes of breaches and data loss as cybercriminals become progressively adept at luring users into divulging sensitive corporate data.

"It's no surprise that the latest study shows that attacks are increasing in frequency, complexity and scale. Organizations need to implement layered defenses from the endpoint to the network to understand not only what is happening but where the attacks are manifesting from and when," said David Duncan, Chief Marketing Officer at Webroot. "Given that instantaneous attacks are morphing constantly and are eluding traditional detection mechanisms, organizations require a cloud-based solution that is effective in this new environment, as well as easy to deploy, quick to respond and flexible to address today's sophisticated cyber-threats."

What can organizations do?

The new "Web Threats Expose Business to Data Loss" report provides a comprehensive analysis of the current Web-based vulnerabilities, and includes steps to reduce the risks associated with this rapidly changing threat landscape. The full report is available at http://www.webroot.com/web-security-report-2013.

About the Research

In 2012, Webroot commissioned a study to measure the prevalence of Web-borne attacks and identify factors that mitigate the consequences. The scope of the research included companies with 100 to 4,999 employees that currently have a Web security solution or plan to implement one in 2013. From December 20 through December 24, 500 Web security decision-makers (404 in the US and 96 in the UK) completed the online survey hosted by Qualtrics. Research Now provided respondents from their online panel of IT and business executives, and Lawless Research provided quantitative data analysis. The margin of error for the study is +/- 4.4 percentage points at the 95 percent level of confidence.

ABOUT WEBROOT

Webroot is bringing the power of software-as-a-service (SaaS) to Internet security with its suite of Webroot SecureAnywhere® offerings for consumers and businesses. Webroot also offers security intelligence solutions to organizations focused on cyber-security, such as Palo Alto Networks, F5, Corero, SOTI, NEC, FancyFon and others. Founded in 1997 and headquartered in Colorado, Webroot is the largest privately held security organization based in the United States. For more information, visit http://www.webroot.com or call 800.772.9383. Read the Webroot Threat Blog:http://blog.webroot.com. Follow Webroot on Twitter: http://twitter.com/webroot.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Computer Repair Whiteplains NY
50%
50%
Computer Repair Whiteplains NY,
User Rank: Apprentice
4/1/2013 | 6:11:24 PM
re: Study Reveals 8 in 10 Companies Suffered Web-Borne Attacks
The problem is that for most of the companies, security is an afterthought, instead of being a priority.
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16863
PUBLISHED: 2019-11-14
STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.
CVE-2019-18949
PUBLISHED: 2019-11-14
SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration.
CVE-2011-1930
PUBLISHED: 2019-11-14
In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.
CVE-2011-1145
PUBLISHED: 2019-11-14
The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.
CVE-2011-1488
PUBLISHED: 2019-11-14
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent withi...