A new study finds organizations may let employees use Web 2.0 technology, but they don't have the proper security tools in place to protect them from the new threats these applications pose A new study says companies are lagging seriously behind when it comes to protecting themselves from new threats in the Web 2.0 world. While Web-based threats have become more common in recent years, businesses are still focused on e-mail threats, according to the research.The study, which was released Wednesday by Colorado-based security software vendor Webroot, found three out of 10 organizations have seen their businesses’ Web security compromised by employees using personal Web mail accounts, visiting social networking sites and downloading videos. Webroot surveyed 648 organizations in the US, UK, Australia and Canada, and found over a third thought their employees spent at least an hour per day on non-work-related sites. Businesses are taking measures to protect against e-mail-based threats, but they are not yet attuned to the greatest threat vector today: Web-based threats driven by employee Web use,” said Mike Irwin, COO of Webroot, in a release on the finding. “We found that Web-borne malware increased over 500 percent in 2007 as cybercriminals developed new ways to attack on-site and remote employees through personal Web mail accounts, social networking sites and other Web 2.0 applications. In the current threat environment, businesses must utilize a Web security solution that provides an additional layer of in-the-cloud protection for corporate and mobile users.”The study notes that 85 percent of malware is now distributed through the Web and cited industry research that shows 49 percent of businesses allow employees unlimited access to social networking sites, which do not monitor their content for malware. “Employees and businesses regularly use blogs, Wikis and other online information sources that are more susceptible to hackers and infections because they include content from numerous anonymous contributors, rather than one trusted source,” said Irwin. “However, awareness is only just beginning to grow among the IT professionals responsible for protecting these organizations. Nearly 30 percent of the IT decision-makers we surveyed did not know if their organization or its employees are using Web 2.0 applications.”Webroot found that lack of knowledge was not for lack of fear. Nearly half the businesses surveyed said they were concerned about data breaches. Related content news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry news UK data regulator warns that data breaches put abuse victims’ lives at risk The UK Information Commissioner’s Office has reprimanded seven organizations in the past 14 months for data breaches affecting victims of domestic abuse. By Michael Hill Sep 28, 2023 3 mins Electronic Health Records Data Breach Government news EchoMark releases watermarking solution to secure private communications, detect insider threats Enterprise-grade software embeds AI-driven, forensic watermarking in emails and documents to pinpoint potential insider risks By Michael Hill Sep 28, 2023 4 mins Communications Security Threat and Vulnerability Management Security Software news SpecterOps to use in-house approximation to test for global attack variations The new offering uses atomic tests and in-house approximation in purple team assessment to test all known techniques of an attack. By Shweta Sharma Sep 28, 2023 3 mins Penetration Testing Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe