How the Web Can Destroy Your Company

By Brian P. Watson  |  Posted 11-28-2007

Web applications may be all the craze in the today's technology world, but they might be a company's worst enemy, a new report reveals.

Improperly protected Web-based programs, along with workers who fall prey to attacks like phishing, pose new threats to corporate IT security, according to an annual report by the security training organization SANS Institute.

The news may well come as a shock (or a severe red flag) to IT security pros, who are constantly grappling with securing new systems, applications and devices. The continued rise of Web tools requires additional security precautions, but in many cases, security software vendors have not yet developed effective safeguards.

And the new threats put more pressure on CIOs and IT executives, as companies increasingly look to build or buy Web-based applications to increase efficiency and collaboration and cut spending.

According to SANS, hackers have been exploiting vulnerabilities in Web applications to infect other connected computers or steal data from an unguarded computer, SANS reports. Those vulnerabilities emerge, often, from faulty coding by developers. To combat the threat, SANS recommends a number of firewall and scanning tools designed specifically for Web-based tools.

SANS also reports that, all too often, "gullible" employees fall for scams in unsolicited emails, following instructions that allow outsiders to break into corporate systems. These scams can be targeted at obtaining bank account numbers and passwords, or to steal sensitive customer or corporate data.

SANS urges companies to test their employees by sending benign phishing emails and revoking staffers' access if they take the bait. Training and monitoring are also recommended.

Read the full report here.