Internet-borne Threats Pose More Risk: IDC

Researchers at IDC released a new research report, according to which, web-based attacks continue to propagate. Brian Burke, Security Analyst at IDC, says that these attacks are expected to grow in variety and sophistication in the coming days, as reported by EWeek SecurityWatch on April 30, 2009.

Mr. Burke also highlighted that there would be increased dangers from attacks involving Web 2.0 applications, particularly social-networking websites.

According to him, cyber criminals are using the Web more and more to spread their malware as well as to commit financial fraud, identity theft and corporate spying. Burke added, as enterprises use Web 2.0 applications in large numbers, the risk of more attack vectors and greater security problems rises.

Furthermore, IDC's research revealed that a large percentage of organizations (66%) are presently using a minimum of one Web 2.0 application although 70% of all organizations regard Web 2.0 as seriously entailing data loss. These organizations know hackers and virus writers are increasingly taking advantage of the complexity and popularity of Web 2.0 websites to attack as many users as possible.

According to IDC, a common misunderstanding among people is that e-mails account for the largest security threat online. But the Company's research revealed that the percentage of organizations with at least 500 employees that suffered worms/viruses due to malicious e-mails is equivalent to the percentage of similar organizations that suffered infection due to Internet surfing.

In fact, the danger of infection on computers is around 5 times more for organizations that permit their employees to use the Internet without monitoring or hindrance.

Additionally, the security researchers state it is an important concern that hackers are increasingly attacking legitimate websites. About 50% of the infected websites carried code, which IDC identified as 'Mal/Iframe.' The authorized websites were probably at first compromised through server vulnerabilities that enabled SQL injection, whereas some through their policies that permitted HTML-contained blog posts led to infection on web pages.

Consequently, IDC advised organizations to reframe their defense measures in terms of protection from concealed malware on regular websites that could lead to hacking or other crime.

Related article: Internet Threat Volumes Overwhelm Security Companies

» SPAMfighter News - 5/7/2009