Data Leaks and Malware Incidents Rise as Employees Embrace Web 2.0 & Collaborative Internet Applications in the Workplace

New Survey: Costs of Malware Grow to More Than $125,000 per Month for Largest Companies

BELMONT, CA--(Marketwire - October 27, 2008) - For large enterprises, the costs associated with malware now amount to an average of more than $125,000 per month. The costs of repairing malware attacks and corporate data leaks have risen along with employee usage of Web 2.0, and social media at work. These are some of the key findings in the 4th annual independent study commissioned by FaceTime Communications, the leading provider of solutions that control employee use of Internet applications and manage unified communications in the enterprise. The report also confirmed that the use of these applications is widespread with more than 60 percent of all companies surveyed having eight or more of these applications in use on their networks.

The research was conducted to determine the impact that collaborative Internet applications have on companies and organizations. Conducted by NewDiligence in September 2008, the survey of more than 500 employees and IT managers tracks the growth of Web 2.0 and employee-initiated applications that contribute to the consumerization of IT. These applications, which introduce compliance, security and data leakage risks, are in use at 97 percent of all organizations, up from 85 percent in 2007. On average, companies report 9.3 such applications in use by employees on the enterprise network. This year's study delved into the use of social media in the enterprise as well as IT's preparedness for electronic discovery requirements.

"For all four years that FaceTime has commissioned this survey, end users have claimed they have the right to download and use whatever applications they choose to help them do their jobs. This year's study also reveals their social media habits have extended into the workplace and may be contributing to security and data leakage incidents," said Frank Cabri, vice president of marketing and product management at FaceTime.

Although IT managers are appropriately concerned about the security of their networks, it's clear that Web 2.0 applications and social networking sites are in use in the enterprise, and here to stay. FaceTime enables companies to secure and control how employees use Internet applications -- IM, P2P, Facebook and other Web 2.0 applications -- rather than requiring IT to block all use of these potentially advantageous resources.

"We work with large and mid-size enterprises every day, seeing first hand that Internet applications are brought into the workplace by employees for both work and personal reasons," said Cabri. "IT managers are often at odds with employees' belief that they have the right to use whatever applications they feel they need to do their jobs, including these Internet applications that are evasive and easily circumvent existing security infrastructure. They create potential compliance, information leakage concerns as well as introducing myriad vectors for incoming malware."

While email and Web browsing are typically monitored and controlled by IT (79 percent and 65 percent respectively), the extent of the risk associated with Internet applications may be less understood. Fewer than 40 percent of IT respondents report monitoring and managing applications such as P2P and only 25 percent say they are securing and monitoring Web 2.0 applications.

The survey also revealed that fewer than half of IT managers could actively monitor and reproduce specific applications such as instant messaging (IM) communications if asked by corporate attorneys in the event of a lawsuit. In fact, 38 percent of IT managers said they have no such capabilities and only 13 percent said they could do it -- but not in any practical time frame. In 2006, the definition of what is considered electronically stored information (ESI), as defined by the Federal Rules for Civil Procedure, expanded to include IM, and other types of electronic communication. In the event of litigation, all ESI -- not just email -- must be produced as part of the e-Discovery process. Yet, only 31 percent archive IM communications.

More key findings:

--  79% of employees use social media (Facebook, LinkedIn, YouTube) at
    work for business reasons and 51% access social media sites at least once
    per day.
--  IT managers reported an average of 34 security and data leakage
    incidents per month.
--  73% of IT managers report at least one security incident as a result
    of Internet application usage; viruses, Trojans and worms (59%) are most
    common, followed by spyware (57%) for a close second.
--  37% of companies report an instance of non compliance with corporate
    or regulatory policy, while 27% report incidents of accidental or
    unintentional data leakage.
--  Despite the new Federal Rules for Civil Procedure, only 31 percent of
    enterprises store IM communications. One in four has copies of audio
    conferences (25%), while slightly fewer (20%) archive corporate Web

Unified Communications

Unified communications suites, such as Microsoft Office Communications Server and IBM Lotus Sametime, are becoming integral to the way employees work today. However, IT managers are finding that their UC rollouts don't significantly reduce employee use of consumer-oriented Web 2.0 applications and public instant messaging networks. Security and compliance controls must extend across all UC modalities in this heterogeneous environment, both enterprise-sanctioned and consumer-oriented.

Unified communications suites, which give enterprises a way to enable employees with multiple communications modalities over an IP infrastructure, exist today at about 29 percent of IT respondent organizations and an additional ten percent have deployed pilots to a limited number of users. Security, compliance and management issues are top of mind among IT managers in organizations with UC deployed.

The full report, "The Collaborative Internet: Usage Trends, Employee Attitudes and IT Impact," is available from FaceTime Communications at

FaceTime's Solutions for the New Internet

Because these collaborative Internet applications pose myriad network and information security risks, the heterogeneous network environment that they create must be understood, secured and managed by IT.

FaceTime's Unified Security Gateway (USG) is a secure Web gateway appliance that enables enterprises to control these real-time communications. USG integrates management, security and compliance of Web and Web 2.0 communications, consumer-driven applications such as public IM, Skype and P2P, and enterprise-class unified communications suites such as Microsoft's Office Communications Server and IBM Lotus Sametime. From a single platform, organizations can enable and enforce safe and productive use of these applications and protect the network against inbound malware, mitigate information leakage risks and insure that corporate, regulatory and e-discovery needs are met.

About FaceTime Communications

FaceTime Communications enables the safe and productive use of instant messaging, Web usage and unified communications platforms. Ranked number one by IDC for four consecutive years, FaceTime's award-winning solutions are used by more than 900 customers for security, management and compliance of real-time communications. FaceTime supports or has strategic partnerships with all leading public and enterprise IM network providers, including AOL, Google, Microsoft, Yahoo!, Skype, IBM and Jabber.

FaceTime is headquartered in Belmont, California. For more information visit or call 888-349-FACE. The FaceForward blog, at, offers thoughts and opinions about the changing nature of Internet

FaceTime, FaceTime Communications, IMAuditor, GEM, Facetime Unified Security Gateway, FaceTime Security Labs, IMPact Index, and the FaceTime logo are registered trademarks and trademarks of FaceTime Communications, Inc. Other trademarks and registered trademarks are the property of their respective owners.

Contact Information: FaceTime Media Contact: Emily Chamberlin A&R Edelman 650-762-2945

Taken from FaceTime's annual survey 'The Collaborative Internet: Usage Trends, End User Attitudes and IT Impact,' which shows personal and work life are blending more than ever. (October 2008) From FaceTime's annual survey 'The Collaborative Internet: Usage Trends, End User Attitudes and IT Impact.' E-Discovery rules cover any and all information that can be stored electronically - including email, instant messaging threads, Skype chats and other forms of electronic communication. FaceTime's survey shows a discrepancy between retrieval of email and IM conversations. (October, 2008)