Web 2.0 proving sticky for corporate security

With the Web becoming central to the way companies do business, cybercriminals are taking increasing advantage of Web 2.0 and social networking sites to launch attacks, according to Christian Christiansen, vice president for security products and services for IDC.

The Web isn’t the benign resource for information that people once saw it as, said Christiansen, who spoke recently at Kaspersky Lab’s Surviving CyberCrime Event in Waltham, Mass. “One of the things that’s happened that’s disconcerting, and it’s been growing over the last 10 years, is the blending of people’s private lives with their corporate lives,” he said.

Employees’ personal lives – their online shopping habits and interactions with friends and families – get intermingled with the interactions they have at work with customers, fellow employees, partners and suppliers, he said. “So that creates a perforated perimeter where there isn’t a hard, fast separation between the corporate world and the personal world,” he said.

The latest threats to network security now are coming from collaboration and Web 2.0 environments – where employees casually click on links that could lead them to malware – and they come from the wide variety of devices that may be accessing private as well as corporate networks, he said.

“We’re seeing a change in the threat environment. Instead of the threats, the malicious code, being distributed as e-mail attachments, we’re seeing more and more that they’re being embedded in Web 2.0 links,” he noted. “In the past, what you saw was an immediate effect. Now we’re seeing much greater levels of subterfuge and much more sophisticated attacks.”

To better avoid potential problems, IT departments need to control user behavior, the types of devices being used to access information, the applications being used and content contributions.

“Risk reduction requires policy managements and layered protection at the gateway to the Internet as well as at the endpoint [desktops, laptops and servers],” he said. “You need a whole series of checks and balances.”

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now