Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

4/23/2013
07:34 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New Research Shows Remote Users Expose Companies To Cybercrime

Webroot study indicates that data theft is the primary goal in new types of mobile attacks

BROOMFIELD, Colo., April 23, 2013 /PRNewswire/ -- Results of new remote access security research show half of companies with a remote workforce had their websites compromised in 2012, over a third had passwords hacked, and twice as many companies with remote users were victims of SQL injection attacks.

Conducted by Webroot, a leader in Internet security as a service, the new study indicates that data theft is the primary goal in new types of mobile attacks.

Scenarios include malicious threats that use e-mail, SMS and mobile Web browsers to launch an attack, then silently record and steal data.

(Logo: http://photos.prnewswire.com/prnh/20121016/LA94090LOGO)

Top-level corporate study findings:

-- 64% of companies allow remote access to servers for 25% to 100% of

employees

-- 90% of companies agree that managing the security of remote users is

extremely challenging

-- 71% of Web security professionals who say managing remote users is

highly challenging experienced Web-borne phishing attacks in 2012 The proliferation of mobile devices for business use and the need to grant remote user access exposes corporate networks to high rates of malware threats, including phishing attacks, spyware, keyloggers and hacked passwords. While allowing such devices to access company resources aids productivity, the potential for new exploits to compromise businesses creates significant security risks to the organization and private data. Enabling remote access to corporate servers requires sensible policies and controls to ensure network security. The study, which surveyed Web security decision-makers in the United States and United Kingdom, found that companies with 25% or more of their workforce using remote access experience higher rates of Web attacks due to a lack of such protection measures.

"These days, there is so much risk involved from a corporate perspective that remote access protection must be part of all basic tool kits. Vulnerabilities in mobile Web browsers pose a major threat to mobile device security and our latest study shows that they have led to an increasing number of successful attacks in 2012," said David Duncan, Chief Marketing Officer at Webroot. "Mobile browser security is essential to reduce the vulnerabilities from websites containing malware and stop phishing attacks. This should be mandatory if employees are to have remote access to any corporate network or other corporate online resources via their mobile devices."

What can organizations do?

The new "Remote Users Expose Companies to Cybercrime" report provides a comprehensive analysis of the current mobile Web browser vulnerabilities and includes steps to secure browser controls and reduce the risks associated with mobile browsing. You can view the full report at

http://www.webroot.com/remote-security-report-2013 or visit Webroot at InfoSecurity Europe 2013, held in London in booth #D60, April 23 through 25,

2013 for a complimentary copy.

To learn how your organization can partner with Webroot to reduce security risks, contact [email protected] or visit http://www.webroot.com/En_US/partners.html.

About the Research

In 2012, Webroot commissioned a study to measure the prevalence of Web-borne attacks and identify factors that mitigate the consequences. The scope of the research included companies with 100 to 4,999 employees that currently have a Web security solution or plan to implement one in 2013. From December 20 through December 24, 500 Web security decision-makers (403 in the US and 97 in the UK) completed the online survey hosted by Qualtrics. Research Now provided respondents from their online panel of IT and business executives, and Lawless Research provided quantitative data analysis. The margin of error for the study is +/- 4.4 percentage points at the 95% level of confidence.

ABOUT WEBROOT

Webroot is bringing the power of software-as-a-service (SaaS) to Internet security with its suite of Webroot SecureAnywhere® offerings for consumers and businesses. Webroot also offers security intelligence solutions to organizations focused on cyber-security, such as Palo Alto Networks, F5, Corero, SOTI, NEC, FancyFon and others. Founded in 1997 and headquartered in Colorado, Webroot is the largest privately held security organization based in the United States. For more information, visit http://www.webroot.com or call 800.772.9383. Read the Webroot Threat Blog: http://blog.webroot.com. Follow Webroot on Twitter:

http://twitter.com/webroot.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15820
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
CVE-2020-15821
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
CVE-2020-15823
PUBLISHED: 2020-08-08
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
CVE-2020-15824
PUBLISHED: 2020-08-08
In JetBrains Kotlin before 1.4.0, there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
CVE-2020-15825
PUBLISHED: 2020-08-08
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.