Of the 73% of businesses that suffered a spyware invasion in 2006, 19% were unable to identify the source, raising the question of how organisations can thoroughly protect their networks, when they clearly haven’t identified all areas of risk. In addition, of the 57% of businesses that have banned Instant Messaging (IM) in the workplace, nearly 70% use methods to enforce the ban that are obsolete, easy to circumvent or ignore. These are just some of the findings in a survey on real-time threats carried out by Peapod, in conjunction with FaceTime Communications.
The survey of 203 UK organisations from a broad range of industries including central and local government, healthcare, financial services and manufacturing, looks at the extent of the dangers of spyware, internal usage policies and their deployment, alongside how IM technology is secured in the workplace.
Interestingly, despite the fact that spyware entering the network through IM channels is on the rise, many organisations place themselves at risk by not recognising that IM networks and aggregators are designed to evade security controls such as blocking ports. Most respondents to the survey stated that they adopt port blocking techniques to control IM, but this method is in direct conflict with how such applications work, since many IM applications are port evasive, often even tunnelling through HTTP to find an alternative route if the default one is blocked.
“As the survey shows technology is not the only answer when viewed in isolation, it is also down to the user to play a key role in ensuring that spyware doesn’t get a foothold in the infrastructure,” comments Chris Durnan, Managing Director of Peapod. “In the case of Instant Messaging this is a particularly relevant point. IM is a communications tool with some pretty emphatic benefits for those who use it correctly, but carries a nasty sting for anyone careless or ignorant.”
The survey also showed that 3 out of 4 UK organisations that do allow IM, do not consider the need to manage it, despite the fact that the law views the tool as on an equal footing with email. In addition to allowing users to release confidential documentation potentially undetected, IM can be used to form contracts or be the communication mechanism for harassment, defamation and bullying.
“It’s worrying to think that with all the focus on archiving email records that the same does not apply to Instant Messaging. With all the concerns about legal and standards compliance it’s clear that there is a huge potential for organisations to ‘catch a cold’ in the near future,” says Sarah Carter, EMEA Strategic Partner Manager of FaceTime Communications.