A Webroot study says eight out of 10 organizations have suffered Web-borne attacks. That statistic isn't surprising until you realize almost half of those attacked didn't apply any Web protection to their networks, pointing to an easily missed channel opportunity .
As media reports have often suggested, Web-borne attacks are practically inescapable – perhaps more so than we thought. And a recent Webroot study suggests that the vast majority of organizations – eight out of 10 – that allow employees to freely access Web applications still suffer from excessive malware attacks.
Meanwhile, Web threats themselves aren't anything new. That said, they aren’t any less devastating than they were before. That suggests to security partners that although solutions that tackle Web-based malware are likely already ensconced in their portfolios, the channel will have renewed opportunities to dust off products and find creative ways to leverage new services in order to help customers bat back malicious threats for the foreseeable future.
While perhaps the bulk of media attention rests with advanced persistent threats and other targeted malware, the study reveals that Web-borne attacks are targeting organizations in greater numbers than ever before. And as a result, businesses are suffering losses. In particular, organizations regularly come under fire from common threats such as phishing attacks, spyware and keyloggers, while large organizations regularly suffer from data loss and other information stealing malware.
Among other things the study found that almost eight in 10 (79 percent) of surveyed organizations experienced one or more kinds of Web-borne attacks last year. Correspondingly, the study found that 88 percent of Web administrators say that Web browsing poses a serious malware risk. Of all the threats, phishing is the most ubiquitous, affecting 55 percent of examined companies.
Meanwhile, despite the prolonged and blatant awareness of the risks, only 56 percent of participants said they had implemented Web security protection, although more than half of companies without Web security were subjected to malware attacks on their Web sites.
"It's no surprise that the latest study shows that attacks are increasing in frequency, complexity and scale. Organizations need to implement layered defenses from the endpoint to the network to understand not only what is happening but where the attacks are manifesting from and when," said David Duncan, Webroot chief marketing officer. "Given that instantaneous attacks are morphing constantly and are eluding traditional detection mechanisms, organizations require a cloud-based solution that is effective in this new environment, as well as easy to deploy, quick to respond and flexible to address today's sophisticated cyber-threats."
What does this mean for the channel? For security solution providers, this is nothing new. In fact, it’s well established that Web-based attacks have been the bane of organizations' IT departments for the memorable past. While vendors release new solutions combatting Web threats on a regular basis, new threats continue to emerge that render many of those existing products obsolete.
That said, most security solution providers worth their salt have some form of anti-malware or Web application security offering tucked safely into their portfolio. However, these offerings of late have diminished in value with market saturation and commoditization. As a result, they're often relegated to nothing more than a layer of a more comprehensive multi-layer security solution or strategy. In short, it’s easy for solution providers to take these offerings for granted as low-margin products with little returns.
However, where there might be channel opportunity is in creating new combinations of solutions and services, and subsequently targeting those organizations that claim not to have any. Web-based threats might be status quo, but they are also rapidly evolving into sophisticated and evasive attacks that mirror a more treacherous threat landscape. And as the study suggests, there is still a wide base of organizations that fail to leverage any Web security solutions, leaving them increasingly vulnerable to attack.
The answer appears obvious. Going forward it’s likely that traditional Web-based solutions aren’t going to cut it – and will likely fall short as Web threats become increasingly targeted and complex. That gives the channel a lot of room to not only ramp up and retool Web security solutions, but pair them with their own brand of services that will ultimately achieve profitability, value and higher ROI amid a common and easily overlooked security problem.