The Sophos Security Threat Report examines existing and emerging security trends and has identified that criminals are doubly exploiting social networks, using them first to identify potential victims and then to attack them, both at home and at work. In Sophos’s opinion, Web 2.0 companies are concentrating on growing their user base at the expense of properly defending their existing customers from Internet threats.
The report reveals that IT teams are worried that employees share too much personal information via social networking sites, putting their corporate infrastructure – and the sensitive data stored on it – at risk. The findings also indicate that a quarter of organizations have been exposed to spam, phishing or malware attacks via sites such as Twitter, Facebook, LinkedIn and MySpace.
“What’s needed is a period of introspection – for the big Web 2.0 companies to examine their systems and determine how, now that they have gathered a huge number of members, they are going to protect them from virus writers, identity thieves, spammers and scammers,” said Graham Cluley, senior technology consultant at Sophos. “The honeymoon period of these sites is over, and personally identifiable information is at risk as a result of constant attacks that the websites are simply not mature enough to protect against.”
Stats and findings at a glance
- 22.5 million different samples of malware – almost double the level of June 2008
- Two thirds of businesses fear that social networking endangers corporate security
- New web infections – one new infected webpage discovered by Sophos every 3.6 seconds (four times faster than in first half of 2008)
- 40,000 new suspicious files examined by SophosLabs every day
- United States hosts the most malware on the web (39.6 percent)
- U.S. computers relay the most spam (15.7 percent)
- 89.7 percent of all business email is spam.