Survey: CIOs struggle to mitigate Web 2.0 security risks

By Enterprise Innovation Editors | Jul 3, 2009

Thumbnail: 

Websense, Inc. revealed the findings from a global survey of 1,300 information technology managers across ten countries, asking about their perceptions of Web 2.0 in the workplace, testing their understanding of Web 2.0 technologies [7] and assessing their organizations’ level of security preparedness.

Web 2.0 sites and applications allow user-generated content and comprise the majority of the top 100 most visited sites on the Internet, including search engines like Google and Yahoo, resources like Wikipedia and news sites like CNN. Key findings from the Web2.0@Work survey include:

Web 2.0 in Business is Here to Stay
With 95% of respondents currently allowing employee access to some Web 2.0 sites and applications, Web 2.0 has made an impact in the workplace and will continue to change the way organizations conduct business as more Web 2.0 applications make their way into the corporate environment. Though many Web 2.0 services were designed for consumer use rather than business use, organizations across all industries are already using them to increase collaboration and information exchange, streamline processes, engage key stakeholders and generate revenue.

IT Experiences Pressure from All Sides
Employees are clamoring for more use of Web 2.0 in the workplace, leaving IT departments to find the right balance between preventing security risks while still allowing safe and flexible access. The pressure for more Web 2.0 access is coming not from rogue employees, but rather from lines of business and top-level executives.   
 
IT Professionals Are Overconfident in Their Security
Though many organizations already allow access to some types of Web 2.0 sites and applications, a dangerous security gap exists. The majority of respondents reported feeling confident in their organization’s Web security, though they admit to not having the necessary security solutions to protect from all threat vectors. Additionally, a surprising number of respondents appear to be confused on what exactly constitutes Web 2.0 – and what they don’t know could put their organizations at risk.
Research from Websense Security Labs shows that 57% of data-stealing attacks are conducted over the Web. The nature of Web 2.0 sites, which allow users to create and post their own content, provides an easy vector for cyber criminals to launch their attacks on a large number of users. With more than 90% of organizations around the world reportedly lacking the security solutions necessary to prevent dynamic Web threats and data loss across all threat vectors, consumers should be wary of which businesses they trust with their personal data.

Say “Yes” to Web 2.0 at Work
Findings from the Web2.0@Work survey demonstrate that IT professionals around the globe are struggling to find a balance between taking advantage of the benefits of Web 2.0 while mitigating the security risks. The reality of the business environment today is that organizations can no longer simply block access to Web 2.0. With members of the “millennial” generation now in the workforce, employees not only expect access to Web 2.0, but some even use it as their preferred method of communication.
“We’ve heard from many organizations that want guidance on establishing Web 2.0 usage policies and help determining the right Web 2.0 security solutions,” said Jim Haskin, senior vice president of marketing and chief information officer, Websense. “For that reason, Websense is introducing free tools and best practice strategies to assist IT professionals in their desire to enable safe Web 2.0 access in the workplace. With our industry-leading secure Web gateway and Web 2.0 early threat detection and protection technology, Websense is uniquely qualified to help businesses say ‘Yes’ to appropriate use of Web 2.0 at work.”