Malware attacks up due to social media

63 percent of more than 4,000 respondents in a new Ponemon Institute survey said that social media in the workplace represents a serious security risk — yet only 29 percent report having the necessary security controls in place to mitigate it.

More than 50 percent of respondents report an increase in malware due to social media use.

The dynamic social web is qualitatively different from the older static web. It requires an IT security defense that goes beyond signature and fixed-policy web technologies (like antivirus and firewalls), because while they are necessary defenses, they are not sufficient. And yet, while 73 percent of respondents identify secure web gateways as an important way to reduce social media threats, a full 27 percent — more than one quarter — still don’t.

For example, imagine a new link is posted to a popular social network and it directs users to a site that downloads or leads to data-stealing code via obfuscated JavaScript.

Organizations need security technology that can analyze links as they appear, because the link path is new and doesn’t have a recognizable signature or known payload. New technologies like social media, cloud services, and mobility require real-time content security, which analyzes information on the fly, as it’s created and consumed.

Even with the risks, social media presents a large business opportunity for collaboration, reduced expenses, and more efficient processes. While organizations believe that bandwidth has been diminished due to social media, companies that block social media are in danger of being left behind.

Key findings:

The rapid spread of social media may have caught many organizations off guard. 63 percent agree that employee use of social media puts their organizations’ security at risk. In contrast, only 29 percent say that they have the necessary security controls — such as secure web gateways — in place to mitigate or reduce the risk posed by social media.

Malware attacks have increased because of social media usage, and it’s growing. 52 percent of organizations experienced an increase in malware attacks as a direct result of employee use of social media, and 27 percent say that these attacks recently increased more than 51 percent. The United States, United Kingdom, Brazil, Germany, and Singapore report the highest increases.

Only one of the three technologies that respondents favor can block advanced malware and data theft attacks. Respondents identified antivirus/antimalware (76 percent), endpoint security (74 percent), and secure web gateways (73 percent) as important protections. But only secure web gateways with real-time content analysis and data loss prevention can block advanced malware and data theft attacks, many of which seek entry through social media.

Even if they have a policy that addresses the acceptable use of social media in the workplace, 65 percent say that their organizations do not enforce it or they are unsure. The top three reasons for not enforcing these policies are: lack of governance and oversight (44 percent); other security issues are a priority (43 percent); and insufficient resources to monitor policy compliance (41 percent).

Organizations believe that IT bandwidth has been diminished as a result of social media use. The top two negative consequences of an increase in social media use were diminished productivity (89 percent) and reduced IT bandwidth (77 percent), which increase costs. Just under half (47 percent) believe exposure to inappropriate content is a negative consequence.

60 percent of employees use social media for at least 30 minutes per day for personal reasons. The United States, United Kingdom, France, Italy and Mexico have the highest use of social media for non-business reasons. Organizations in Germany have the highest use of social media for business purposes. Regional variations are often compounded by higher local bandwidth costs, which shifts the priority of this concern throughout the globe.

Countries most likely to see social media as important to meeting business objectives are the United Kingdom, Germany, Hong Kong, India, and Mexico. The countries with organizations that are less likely to see the importance of social media are: Australia, Brazil, and Italy.

Countries most likely to see social media as a serious threat to their organizations are Canada, Hong Kong, and Mexico. Countries least likely to see social media as a threat are France and Italy. Organizations in Germany have the most confidence in their ability to address the social media threats.

The study surveyed 4,640 IT and IT security practitioners in Australia, Brazil, Canada, France, Germany, Hong Kong, India, Italy, Mexico, Singapore, United Kingdom, and the United States with an average of 10 years’ experience in the field. 54 percent are supervisors or above and 42 percent are from organizations with more than 5,000 employees.

The complete survey is available here (registration required).