The Evolving Challenge of Security

As more and more organizations turn to Web 2.0 technologies within their business, malware writers are targeting these applications as a method of distribution. An estimated 85% of all threats are emerging from the Web identifying it as the number one delivery system for malware. At least five percent of heavily trafficked "trusted" Web sites are now harboring malware. That makes web security for businesses increasingly complex, because web filtering systems and blocking alone are unable to protect a network if they cannot detect the attacks. For businesses to keep their data and employees safe, malware protection is key.

For some organizations, blocking access to social networks might be a realistic option, but it would not address other Web security issues like phishing and pharming attacks, drive-by downloads, and user access to proxy bypass sites. With greater sophistication employed by those inflicting the attacks, we are now seeing an unparalleled number of infected PCs and networks. Research shows that 6,000 Web pages are infected every day. Four out of five of them belong to hacked inoffensive Web sites.

Hidden Malware Threats
Malware writers distribute threats using a variety of means, including Web sites, instant messaging services and email. Cyber criminals have become innovative in their approach, inserting malware into the everyday online activities of the end-user. Malware writers often utilize highly visible news stories to create illegitimate sites that fool users. End-users unknowingly infect their computers by clicking on what is believed to be an innocuous Web site or pop-up.

Other examples of hidden threats include malware writers placing an overwhelming amount of information in their End User License Agreements (EULA). Knowing that most users will ignore the lengthy and ambiguous language of the EULA, developers are able to "obtain" permission to download their malware or spyware onto a client machine.

Threats are now so sophisticated they are often disguised as legitimate traffic entering through well-established ports, allowing them to bypass traditional security defenses like firewalls and other perimeter solutions. These threats can dodge web filtering systems. After installation, most applications disguise themselves as trusted programs to evade detection and removal.

Impact to Business
The Business community is impacted by the enormous cost of malware. Estimates reflect that some form of spyware or malware has infected more than two thirds of PCs. The average cost of each infected workstation to any business is £500 (based on IT services, downtime and re-imaging). Assuming a business has fifty users, 79% (39.5) who have a an infection, at £500 per workstation, a company can expect to spend over £20K to clean all infected machines - per incidence of infection. That number does not even take into account data loss and other potential ramifications.

Future Trends and Vulnerabilities
As cyber criminals employ even more advanced techniques to avoid detection, Web-based malware will become even more difficult to detect and remove. We can not only expect the number of Web 2.0 users to grow further, but we can predict that there will be adaptations, or new creations, of social networking tools also.
Information security professionals should be considering a dynamic, perimeter Web security service that provides web filtering for inappropriate sites (sexual content, violence, etc.); filters inbound pages for spyware and viruses; supports outbound data lead prevention by scanning content; and ensures that mobile laptop users are protected to truly detect and block new and advanced forms of malware.

Jon Harwokey, understands the importance of protecting networks against malware threats, managing acceptable use policies, and ensuring industry and regulatory compliance. Delivered as a service, Webroot web security and web filtering reduce total cost of ownership, keep threats from ever reaching the corporate network, and require no additional hardware or software investment.