A new “Global Survey on Social Media Risks” released today reveals a dangerous gap in corporate social media security. 63 percent of more than 4,000 respondents in 12 countries said that social media in the workplace represents a serious security risk-yet only 29 percent report having the necessary security controls in place to mitigate it. More than 50 percent of respondents report an increase in malware due to social media use.
Today’s research, conducted by the Ponemon Institute and sponsored by content security provider Websense, Inc., is believed to be the first study that determines what IT and security practitioners throughout the world think about the security risks that are associated with employee use of social media.
The dynamic social web is qualitatively different from the older static web. It requires an IT security defense that goes beyond signature and fixed-policy web technologies (like antivirus and firewalls), because while they are necessary defenses, they are not sufficient. And yet, while 73 percent of respondents identify secure web gateways as an important way to reduce social media threats, a full 27 percent-more than one quarter-still don’t.
For example, imagine a new link is posted to a popular social network and it directs users to a site that downloads or leads to data-stealing code via obfuscated javaScript. Organizations need security technology that can analyze links as they appear, because the link path is new and doesn’t have a recognizable signature or known payload. New technologies like social media, cloud services, and mobility require real-time content security, which analyzes information on the fly, as it’s created and consumed.
Even with the risks, social media presents a large business opportunity for collaboration, reduced expenses, and more efficient processes. While organizations believe that bandwidth has been diminished due to social media, companies that block social media are in danger of being left behind.
The study surveyed 4,640 IT and IT security practitioners in Australia, Brazil, Canada, France, Germany, Hong Kong, India, Italy, Mexico, Singapore, United Kingdom, and the United States with an average of 10 years’ experience in the field. 54 percent are supervisors or above and 42 percent are from organizations with more than 5,000 employees.
Key findings (India)
- Most respondents agree that the use of social media in the workplace is important to achieve business objectives. But 64 percent of respondents believe employees’ use of social media in the workplace represents a serious security threat to the organization. However, only 33 percent believe they have the necessary controls in place to mitigate or reduce the risk posed by social media.
- Thirty-nine percent do not have a policy that informs employees about the acceptable use of social media in the workplace or are unsure if such a policy exists (24 percent). Of those organizations that do have a policy, 49 percent of respondents say the policy is enforced.
- The most acceptable uses of social media in the workplace are networking with friends inside the company (94 percent) and networking with friends outside the company (73 percent) followed by use of social network as an email or texting channel (54 percent). Least acceptable is downloading apps or widgets from social media sites (4 percent).
- Diminished employee productivity and IT bandwidth are the two most negative consequences due to an increase in the use of social media in the workplace according to 90 percent and 73 percent of the respondents, respectively. Sixty percent worry about the loss of confidential information or violation of confidentiality policies and 49 percent think an increase in virus or malware infections will be a consequence of increased usage.
- According to 48 percent of respondents, viruses and malware infections are increasing as a result of social media use and 30 percent are unsure. Technologies considered by respondents to be most important at reducing or mitigating social media threats are identity and access management, endpoint security solutions and secure web gateway.
- Social media in the workplace is used both for non-business and business purposes. 47 percent of respondents say that employees spend more than 30 minutes each day on non-business social media activities and 48 percent estimate that more than 30 minutes is spent on social media for business purposes each day.
Key findings (Global)
- The rapid spread of social media may have caught many organizations off guard. 63 percent agree that employee use of social media puts their organizations’ security at risk. In contrast, only 29 percent say that they have the necessary security controls-such as secure web gateways-in place to mitigate or reduce the risk posed by social media.
- Malware attacks have increased because of social media usage and it’s growing. 52 percent of organizations experienced an increase in malware attacks as a direct result of employee use of social media, and 27 percent say that these attacks recently increased more than 51 percent. The United States, United Kingdom, Brazil, Germany, and Singapore reports the highest increase.
- Only one of the three technologies that respondents favor can block advanced malware and data theft attacks. Respondents identified antivirus/antimalware (76 percent), endpoint security (74 percent), and secure web gateways (73 percent) as important protections. But only secure web gateways with real-time content analysis and data loss prevention can block advanced malware and data theft attacks, many of which seek entry through social media.
- Even if they have a policy that addresses the acceptable use of social media in the workplace, 65 percent say that their organizations do not enforce it or they are unsure. The top three reasons for not enforcing these policies are: lack of governance and oversight (44 percent); other security issues are a priority (43 percent); and insufficient resources to monitor policy compliance (41 percent).
- Organizations believe that IT bandwidth has been diminished as a result of social media use. The top two negative consequences of an increase in social media use were diminished productivity (89 percent) and reduced IT bandwidth (77 percent), which increase costs. Just under half (47 percent) believe exposure to inappropriate content is a negative consequence.
- 60 percent of employees use social media for at least 30 minutes per day for personal reasons. The United States, United Kingdom, France, Italy and Mexico have the highest use of social media for non-business reasons. Organizations in Germany have the highest use of social media for business purposes. Regional variations are often compounded by higher local bandwidth costs, which shift the priority of this concern throughout the globe.
- Countries most likely to see social media as important to meeting business objectives are the United Kingdom, Germany, Hong Kong, India, and Mexico. The countries with organizations that are less likely to see the importance of social media are: Australia, Brazil, and Italy.
- Countries most likely to see social media as a serious threat to their organizations are Canada, Hong Kong, and Mexico. Countries least likely to see social media as a threat are France and Italy. Organizations in Germany have the most confidence in their ability to address the social media threats.
“Blocking or ignoring the social media business opportunity just isn’t an option. Social media is the new communication platform being fueled by the cloud and mobile technologies that employees are bringing to the workplace,” said Tom Clare, Websense senior director of product marketing. “While antivirus and firewalls are traditional pillars of a security defense, a new security pillar is required for dynamic web content classification, advanced threat blocking, and data theft protection.”
“We asked thousands of IT security professionals and most respondents agree that the use of social media in the workplace is important to achieving business objectives,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “However, they believe social media puts their organizations at risk and they do not have the necessary security controls and enforceable policies to address the risk. It’s also clear that malware attacks are increasing as a result of social media use.”