Symantec.com > Enterprise > Security Response > Internet Security Threat Report > View the Report > Threat Activity Trends

Threat Activity Trends

Threat Activity Trends | Spam and Fraud Activity Trends | Malicious Website Activity | Analysis of Malicious Web Activity by Attack Toolkits | Analysis of Web-based Spyware and Adware Activity | Analysis of Web Policy Risks from Inappropriate Use | Analysis of Website Categories Exploited to Deliver Malicious Code | Bot-infected Computers | Analysis of Mobile Threats | Data Breaches that Could Lead to Identity Theft

Analysis of Web Policy Risks from Inappropriate Use

Background

Many organizations implement an acceptable usage policy to limit employees’ use of internet resources to a subset of Web sites that have been approved for business use. This enables an organization to limit the level of risk that may arise from users visiting inappropriate or unacceptable Web sites, such as those containing sexual images and other potentially illegal or harmful content. Often there will be varying degrees of granularity imposed on such restrictions, with some rules being applied to groups of users or rules that only apply at certain times of the day; for example, an organization may wish to limit employees access to video sharing Web sites to only Friday lunchtime, but may also allow any member of the PR and Marketing teams access at any time of the day. This enables an organization to implement and monitor its acceptable usage policy and reduce its exposure to certain risks that may also expose the organization to legal difficulties.

Methodology

This metric assesses the classification of prohibited websites blocked by users of Symantec.cloud Web security services. The policies are applied by the organization from a default selection of rules that may also be refined and customized. This metric provides an indication of the potential risks that may arise from uncontrolled use of Internet resources.

Data

Figure A.12. Web policies that triggered blocks, 2011. Source: Symantec.cloud

Commentary

  • 46.6% of Web activity blocked through policy controls was related to Advertisement & Popups. Web-based advertisements pose a potential risk though the use of “malvertisements,” or malicious advertisements. These may occur as the result of a legitimate online ad-provider being compromised and a banner ad being used to serve malware on an otherwise harmless website.
  • The second most frequently blocked traffic was categorized as Social Networking, accounting for 22.7% of policy-based filtering activity blocked, equivalent to approximately one in every 4 Web sites blocked. Many organizations allow access to social networking Web sites, but in some cases implement policies to only permit access at certain times of the day and block access at all other times. This information is often used to address performance management issues, perhaps in the event of lost productivity due to social networking abuse.
  • Activity related to streaming media policies resulted in 18.9% of policy-based filtering blocks in 2011. Streaming media is increasingly popular when there are major sporting events or high profile international news stories. This activity often results in an increased number of blocks, as businesses seek to preserve valuable bandwidth for other purposes. This rate is equivalent to one in every 5 websites blocked.