Enterprise usage of Internet Explorer dropped by 10 percent over the past year, to just over 50 percent, with some organizations still clinging to IE6 despite the security risks. The bigger threat, though, lies in the fact that more than a quarter of enterprise Web traffic flows through browser extension and plug-ins -- some of which IT neglects to keep properly patched, thus making them juicy targets for hackers.
Such are the findings of the newly released Q4 2011 edition of Zscaler ThreatlabZ's "State of the Web" report, in which the security company analyzes enterprise Web traffic worldwide. The report reveals interesting trends as enterprises move more toward mobile and the cloud -- but perhaps more important, it reveals potential security holes in enterprise networks that desperately need filling.
Anyone who's been tracking browser trends of late is likely unsurprised to see that use of Internet Explorer is on the decline in the business world, as general use of Microsoft's browser has steadily declined over the past couple of years. As of Q4, Zscaler saw 53.3 percent of enterprise Web traffic driven through some version of IE, a 10 percent decline for the year. As a point of comparison, consumer usage of IE is now below 40 percent, according to StatCounter, with Chrome now ahead of IE8.
IE doesn't have any rivals nipping particularly closely at its heels in the enterprise, however. According to the report, 26.99 percent of enterprise users use Firefox; just over 5 percent use Chrome; 4.16 percent use Safari; and 0.11 percent use Opera.
Zscaler observed that usage of IE8 doubled in 2011, from 26 percent to 55 percent. Internet Explorer 9 has seen slow enterprise adoption since its release last March, but of more concern, IE6 usage represents around 5 percent of enterprise traffic. IE7 usage declined from around 38 percent to around 35 percent.
Web apps and browser extensions are now responsible for a significant chunk of enterprise Web traffic, at 27 percent, according to Zscaler. "This significant percent of non-browser traffic is not entirely surprising, as most enterprises have blocked ports beyond those needed for Web/email traffic," according to the report. "As such, modern-app designers are using those ports as viable egress points for any application, including mobile apps.
The problem, the report cautions, is that these apps and browser extensions responsible for over a quarter of all enterprise Web traffic represent a new pathway for cyber criminals to attack enterprise networks. IT has seemingly continued to overlook this threat, according to Zscaler. "Most extensions are unpatched, out of date, and at risk," according to the report.