Untangling the State of the Web
By Samuel Greengard
Over the last decade, the Web has evolved into a central hub for business interaction. However, the growing complexity of today's online environment is creating new and different challenges— particularly those revolving around digital security. Cloud security firm Zscaler's first quarter “State of the Web” security research report offers a glimpse at how the online environment is changing.
The company examined approximately two hundred billion transactions from millions of users across the globe and identified a number of trends in its quarterly “State of the Web” report. One of the most prominent issues: changing patterns surrounding social networking. During the period, Facebook accounted for 41 percent of Web 2.0 traffic, down from 43 percent in Q4 2011 and 52 percent for the same period last year. On average, this represents a 2.8 percent drop in Facebook use per quarter.
Meanwhile, Twitter use is on a slow and steady rise, up from 5 percent in the first quarter of 2011 to 7 percent for the first quarter of 2012. Overall, social networking sites accounted for 4 percent of policy blocks within the enterprise by the end of Q1, up from 2.5 percent at the beginning of the quarter.
"There is less personal browsing and social media activity going on at work—partly because of cutbacks in staffing and partly because of changing attitudes about the use of social media," notes Mike Geide, senior security researcher for Zscaler ThreatLabZ. In addition, he says that organizations are increasingly tapping into social media for business purposes and using it in different ways than individuals.
Not surprisingly, mobile traffic continues to rise, both on WiFi and business networks. Zscaler reports that Apple device usage in the enterprise surged to 48 percent of overall mobile traffic, while Android declined to 37 percent. The corresponding numbers for the fourth quarter of 2011 showed iOS accounting for 40 percent of mobile traffic and Android 42 percent.
Geide says that, overall, malicious content on the Web is increasing. During the first quarter, Zscaler detected an alarming rise in SQL injection attacks such as LizaMoon. "Some of the malware campaigns are massive and many involve legitimate Websites," he notes.
In fact, nearly 10 percent of the sites that Web users suspected were malicious and reported to the firm turned out to malicious. Another 10 percent were rated suspicious. Unfortunately, "Users are slow to update browser plug-ins, and attackers recognize this fact and take advantage of it," Geide explains.
Outdated plug-ins continue to serve as a particularly ripe attack vector. In addition to the Flashback Trojan on the Mac—it infected approximately 650,000 computers—Zscaler found that 35 percent of installed Adobe Shockwave plug-ins and more than 60 percent of Adobe Acrobat plug-ins were outdated. Outdated Java plug-ins stood at 5 percent. Geide sees exploits increasingly repurposing existing threats to circumvent antivirus software, which uses signature matching.
"There is a general and ongoing rise in malware,” Geide concludes, “and there’s a need for a sharper focus on security."